Malware Analysis Report

2024-12-07 02:13

Sample ID 241115-v5q7haycmb
Target https://www.steamidfinder.com/
Tags
wannacry slack defense_evasion discovery evasion execution impact motw persistence phishing privilege_escalation ransomware spyware stealer trojan worm
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://www.steamidfinder.com/ was found to be: Known bad.

Malicious Activity Summary

wannacry slack defense_evasion discovery evasion execution impact motw persistence phishing privilege_escalation ransomware spyware stealer trojan worm

Modifies WinLogon for persistence

Modifies Windows Defender Real-time Protection settings

Wannacry family

Wannacry

UAC bypass

Deletes shadow copies

Modifies Windows Firewall

Disables Task Manager via registry modification

Event Triggered Execution: Image File Execution Options Injection

Disables RegEdit via registry modification

Disables use of System Restore points

Downloads MZ/PE file

A potential corporate email address has been identified in the URL: [email protected]

Impair Defenses: Safe Mode Boot

Executes dropped EXE

Drops startup file

A potential corporate email address has been identified in the URL: [email protected]

A potential corporate email address has been identified in the URL: [email protected]

A potential corporate email address has been identified in the URL: [email protected]

A potential corporate email address has been identified in the URL: [email protected]

A potential corporate email address has been identified in the URL: [email protected]

A potential corporate email address has been identified in the URL: [email protected]

A potential corporate email address has been identified in the URL: [email protected]

A potential corporate email address has been identified in the URL: [email protected]

A potential corporate email address has been identified in the URL: [email protected]

Reads user/profile data of web browsers

A potential corporate email address has been identified in the URL: [email protected]

A potential corporate email address has been identified in the URL: [email protected]

A potential corporate email address has been identified in the URL: [email protected]

A potential corporate email address has been identified in the URL: [email protected]

A potential corporate email address has been identified in the URL: [email protected]

A potential corporate email address has been identified in the URL: [email protected]

A potential corporate email address has been identified in the URL: [email protected]

Unexpected DNS network traffic destination

A potential corporate email address has been identified in the URL: [email protected]

A potential corporate email address has been identified in the URL: currency-file@1

A potential corporate email address has been identified in the URL: [email protected]

A potential corporate email address has been identified in the URL: [email protected]

Checks computer location settings

Legitimate hosting services abused for malware hosting/C2

Enumerates connected drives

Adds Run key to start application

Checks whether UAC is enabled

Mark of the Web detected: This indicates that the page was originally saved or cloned.

Detected potential entity reuse from brand SLACK.

Sets desktop wallpaper using registry

Drops file in Program Files directory

Drops file in Windows directory

Browser Information Discovery

System Location Discovery: System Language Discovery

Event Triggered Execution: Netsh Helper DLL

Enumerates physical storage devices

NTFS ADS

Suspicious behavior: EnumeratesProcesses

Interacts with shadow copies

Checks SCSI registry key(s)

Modifies registry class

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of FindShellTrayWindow

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of WriteProcessMemory

Kills process with taskkill

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

Uses Volume Shadow Copy service COM API

Modifies data under HKEY_USERS

Suspicious use of SendNotifyMessage

System policy modification

Enumerates system info in registry

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Reported

2024-11-15 17:34

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-15 17:34

Reported

2024-11-15 17:56

Platform

win10v2004-20241007-en

Max time kernel

1019s

Max time network

1021s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://www.steamidfinder.com/

Signatures

Modifies WinLogon for persistence

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "C:\\Users\\Admin\\Downloads\\Annabelle.exe" C:\Users\Admin\Downloads\Annabelle.exe N/A

Modifies Windows Defender Real-time Protection settings

evasion trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableRealtimeMonitoring = "1" C:\Users\Admin\Downloads\Annabelle.exe N/A

UAC bypass

evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\Downloads\Annabelle.exe N/A

Wannacry

ransomware worm wannacry

Wannacry family

wannacry

Deletes shadow copies

ransomware defense_evasion impact execution

Disables RegEdit via registry modification

evasion
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\Downloads\Annabelle.exe N/A

Disables Task Manager via registry modification

evasion

Disables use of System Restore points

evasion

Downloads MZ/PE file

Event Triggered Execution: Image File Execution Options Injection

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sethc.exe\Debugger = "RIP" C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\chkdsk.exe\Debugger = "RIP" C:\Users\Admin\Downloads\Annabelle.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\opera.exe C:\Users\Admin\Downloads\Annabelle.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bcdedit.exe C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bcdedit.exe\Debugger = "RIP" C:\Users\Admin\Downloads\Annabelle.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\chkdsk.exe C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ksuser.dll\Debugger = "RIP" C:\Users\Admin\Downloads\Annabelle.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\recoverydrive.exe C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe\Debugger = "C:\\Users\\Admin\\Downloads\\Annabelle.exe" C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UserAccountControlSettings.exe\Debugger = "RIP" C:\Users\Admin\Downloads\Annabelle.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Autoruns64.exe C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\yandex.exe\Debugger = "RIP" C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSASCuiL.exe\Debugger = "RIP" C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmc.exe\Debugger = "RIP" C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dllhost.exe\Debugger = "RIP" C:\Users\Admin\Downloads\Annabelle.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DBGHELP.exe C:\Users\Admin\Downloads\Annabelle.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wmplayer.exe C:\Users\Admin\Downloads\Annabelle.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe C:\Users\Admin\Downloads\Annabelle.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\microsoftedge.exe\Debugger = "RIP" C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe\Debugger = "C:\\Users\\Admin\\Downloads\\Annabelle.exe" C:\Users\Admin\Downloads\Annabelle.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskkill.exe C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\powershell.exe\Debugger = "RIP" C:\Users\Admin\Downloads\Annabelle.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\url.dll C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\url.dll\Debugger = "RIP" C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\webcheck.dll\Debugger = "RIP" C:\Users\Admin\Downloads\Annabelle.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\microsoftedge.exe C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Autoruns64.exe\Debugger = "RIP" C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\systemexplorer.exe\Debugger = "RIP" C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe\Debugger = "C:\\Users\\Admin\\Downloads\\Annabelle.exe" C:\Users\Admin\Downloads\Annabelle.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\microsoftedgecp.exe C:\Users\Admin\Downloads\Annabelle.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mspaint.exe C:\Users\Admin\Downloads\Annabelle.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rundll.exe C:\Users\Admin\Downloads\Annabelle.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shellstyle.dll C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\control.exe\Debugger = "RIP" C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe\Debugger = "C:\\Users\\Admin\\Downloads\\Annabelle.exe" C:\Users\Admin\Downloads\Annabelle.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\powershell.exe C:\Users\Admin\Downloads\Annabelle.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\attrib.exe C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rasman.dll\Debugger = "RIP" C:\Users\Admin\Downloads\Annabelle.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe C:\Users\Admin\Downloads\Annabelle.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\chrome.exe C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mpg4dmod.dll\Debugger = "RIP" C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shellstyle.dll\Debugger = "RIP" C:\Users\Admin\Downloads\Annabelle.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\webcheck.dll C:\Users\Admin\Downloads\Annabelle.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\control.exe C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe\Debugger = "C:\\Users\\Admin\\Downloads\\Annabelle.exe" C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\opera.exe\Debugger = "RIP" C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rundll.exe\Debugger = "RIP" C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DBGHELP.exe\Debugger = "RIP" C:\Users\Admin\Downloads\Annabelle.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\systemexplorer.exe C:\Users\Admin\Downloads\Annabelle.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rundll32.exe C:\Users\Admin\Downloads\Annabelle.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DCIMAN32.exe C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\logoff.exe\Debugger = "RIP" C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe\Debugger = "C:\\Users\\Admin\\Downloads\\Annabelle.exe" C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe\Debugger = "RIP" C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gpedit.msc\Debugger = "RIP" C:\Users\Admin\Downloads\Annabelle.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Autoruns.exe C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe\Debugger = "C:\\Users\\Admin\\Downloads\\Annabelle.exe" C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rundll32.exe\Debugger = "RIP" C:\Users\Admin\Downloads\Annabelle.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cabinet.dll C:\Users\Admin\Downloads\Annabelle.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\usbui.dll C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\chrome.exe\Debugger = "RIP" C:\Users\Admin\Downloads\Annabelle.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\yandex.exe C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mspaint.exe\Debugger = "RIP" C:\Users\Admin\Downloads\Annabelle.exe N/A

Modifies Windows Firewall

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SYSTEM32\NetSh.exe N/A

A potential corporate email address has been identified in the URL: [email protected]

phishing

A potential corporate email address has been identified in the URL: [email protected]

phishing

A potential corporate email address has been identified in the URL: [email protected]

phishing

A potential corporate email address has been identified in the URL: [email protected]

phishing

A potential corporate email address has been identified in the URL: [email protected]

phishing

A potential corporate email address has been identified in the URL: [email protected]

phishing

A potential corporate email address has been identified in the URL: [email protected]

phishing

A potential corporate email address has been identified in the URL: [email protected]

phishing

A potential corporate email address has been identified in the URL: [email protected]

phishing

A potential corporate email address has been identified in the URL: currency-file@1

phishing

A potential corporate email address has been identified in the URL: [email protected]

phishing

A potential corporate email address has been identified in the URL: [email protected]

phishing

A potential corporate email address has been identified in the URL: [email protected]

phishing

A potential corporate email address has been identified in the URL: [email protected]

phishing

A potential corporate email address has been identified in the URL: [email protected]

phishing

A potential corporate email address has been identified in the URL: [email protected]

phishing

A potential corporate email address has been identified in the URL: [email protected]

phishing

A potential corporate email address has been identified in the URL: [email protected]

phishing

A potential corporate email address has been identified in the URL: [email protected]

phishing

A potential corporate email address has been identified in the URL: [email protected]

phishing

A potential corporate email address has been identified in the URL: [email protected]

phishing

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\Annabelle.exe N/A

Drops startup file

Description Indicator Process Target
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~SDA7BC.tmp C:\Users\Admin\Downloads\WannaCry.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\~SDA7C3.tmp C:\Users\Admin\Downloads\WannaCry.exe N/A

Impair Defenses: Safe Mode Boot

defense_evasion
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\MinimalX = "1" C:\Users\Admin\Downloads\Annabelle.exe N/A

Reads user/profile data of web browsers

spyware stealer

Unexpected DNS network traffic destination

Description Indicator Process Target
Destination IP 100.20.121.79 N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Microsoft Update Task Scheduler = "\"C:\\Users\\Admin\\Downloads\\WannaCry.exe\" /r" C:\Users\Admin\Downloads\WannaCry.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\UpdateBackup = "C:\\Users\\Admin\\Downloads\\Annabelle.exe" C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\UpdateBackup = "C:\\Users\\Admin\\Downloads\\Annabelle.exe" C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\UpdateBackup = "C:\\Users\\Admin\\Downloads\\Annabelle.exe" C:\Users\Admin\Downloads\Annabelle.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\Downloads\Annabelle.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\Z: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\System32\msiexec.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Mark of the Web detected: This indicates that the page was originally saved or cloned.

phishing motw
Description Indicator Process Target
N/A https://storage.googleapis.com/script.aniview.com/ssync/62f53b2c7850d0786f227f64/ssync.html N/A N/A

Detected potential entity reuse from brand SLACK.

phishing slack

Sets desktop wallpaper using registry

ransomware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\!WannaCryptor!.bmp" C:\Users\Admin\Downloads\!WannaDecryptor!.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\7-Zip\Lang\be.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\bn.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\7-Zip\7z.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\ug.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\mng.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\is.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\uz-cyrl.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\ga.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\yo.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\7-Zip\descript.ion C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\gu.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\fi.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\es.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\ka.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\ku-ckb.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\ky.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\lt.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\pt-br.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\uz.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\sk.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\sl.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\en.ttt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\hi.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\7-Zip\7z.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\nn.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\pa-in.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\da.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\io.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\ta.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\7-Zip\7zCon.sfx C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\ba.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\cs.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\ja.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\7-Zip\History.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\tt.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\uk.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\an.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\eo.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\lv.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\sr-spl.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\sw.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\co.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\fy.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\ext.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\ro.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\et.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\eu.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\sa.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\tk.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\ast.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\pt.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\ca.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\mn.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\br.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\hy.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\ru.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\7-Zip\7zG.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\bg.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\hr.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\ko.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\7-Zip\7z.sfx C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\mr.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\ne.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\7-Zip\Lang\he.txt C:\Windows\system32\msiexec.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Installer\e620c4f.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\inprogressinstallinfo.ipi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{23170F69-40C1-2701-2401-000001000000} C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSID49.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e620c53.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e620c4f.msi C:\Windows\system32\msiexec.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

Event Triggered Execution: Netsh Helper DLL

persistence privilege_escalation
Description Indicator Process Target
Key queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\SYSTEM32\NetSh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\SYSTEM32\NetSh.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\SYSTEM32\NetSh.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cscript.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\taskkill.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\!WannaDecryptor!.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\!WannaDecryptor!.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\taskkill.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\Wbem\WMIC.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\WannaCry.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\!WannaDecryptor!.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\!WannaDecryptor!.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\taskkill.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\taskkill.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters C:\Windows\system32\vssvc.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters C:\Windows\system32\vssvc.exe N/A
Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr C:\Windows\system32\vssvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 0000000004000000c4d65e62b69e8e0b0000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff000000002701010000080000c4d65e620000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff000000000700010000680900c4d65e62000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1dc4d65e62000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000c4d65e6200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\vssvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\vssvc.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Interacts with shadow copies

ransomware
Description Indicator Process Target
N/A N/A C:\Windows\SYSTEM32\vssadmin.exe N/A
N/A N/A C:\Windows\SYSTEM32\vssadmin.exe N/A
N/A N/A C:\Windows\SYSTEM32\vssadmin.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A
N/A N/A C:\Windows\SysWOW64\taskkill.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" C:\Windows\system32\LogonUI.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00 C:\Windows\system32\LogonUI.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27 C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "162" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133761664216792439" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271" C:\Windows\system32\LogonUI.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\26\52C64B7E C:\Windows\system32\msiexec.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\96F071321C0410724210000010000000\Complete C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\96F071321C0410724210000010000000 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\96F071321C0410724210000010000000\SourceList C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\7-Zip C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\7-Zip C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\96F071321C0410720000000040000000\96F071321C0410724210000010000000 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\96F071321C0410720000000040000000 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\96F071321C0410724210000010000000\SourceList\Media C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\7-Zip C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\96F071321C0410724210000010000000\LanguageFiles = "Complete" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\96F071321C0410724210000010000000\PackageCode = "96F071321C0410724210000020000000" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\96F071321C0410724210000010000000\InstanceType = "0" C:\Windows\system32\msiexec.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\96F071321C0410724210000010000000\Clients = 3a0000000000 C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Drive\shellex\DragDropHandlers\7-Zip C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\96F071321C0410724210000010000000\Assignment = "1" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\96F071321C0410724210000010000000\DeploymentFlags = "3" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\96F071321C0410724210000010000000\AdvertiseFlags = "388" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\96F071321C0410724210000010000000\AuthorizedLUAApp = "0" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\96F071321C0410724210000010000000\SourceList\Net\1 = "C:\\Users\\Admin\\Downloads\\" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files (x86)\\7-Zip\\7-zip.dll" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\96F071321C0410724210000010000000\Program = "Complete" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\96F071321C0410724210000010000000\Language = "1033" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\96F071321C0410724210000010000000\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\Downloads\\" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\96F071321C0410724210000010000000\SourceList\Net C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\96F071321C0410724210000010000000\SourceList\Media\1 = ";" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Directory\shellex\DragDropHandlers\7-Zip C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\96F071321C0410724210000010000000 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\96F071321C0410724210000010000000\ProductName = "7-Zip 24.01" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\96F071321C0410724210000010000000\Version = "402718720" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\96F071321C0410724210000010000000\SourceList\PackageName = "7z2401.msi" C:\Windows\system32\msiexec.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 723216.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 870710.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 960509.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 874971.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 695717.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\!WannaDecryptor!.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4548 wrote to memory of 4384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4548 wrote to memory of 4384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4548 wrote to memory of 1432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4548 wrote to memory of 1432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4548 wrote to memory of 1432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4548 wrote to memory of 1432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4548 wrote to memory of 1432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4548 wrote to memory of 1432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4548 wrote to memory of 1432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4548 wrote to memory of 1432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4548 wrote to memory of 1432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4548 wrote to memory of 1432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4548 wrote to memory of 1432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4548 wrote to memory of 1432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4548 wrote to memory of 1432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4548 wrote to memory of 1432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4548 wrote to memory of 1432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4548 wrote to memory of 1432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4548 wrote to memory of 1432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4548 wrote to memory of 1432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4548 wrote to memory of 1432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4548 wrote to memory of 1432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4548 wrote to memory of 1432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4548 wrote to memory of 1432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4548 wrote to memory of 1432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4548 wrote to memory of 1432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4548 wrote to memory of 1432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4548 wrote to memory of 1432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4548 wrote to memory of 1432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4548 wrote to memory of 1432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4548 wrote to memory of 1432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4548 wrote to memory of 1432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4548 wrote to memory of 1432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4548 wrote to memory of 1432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4548 wrote to memory of 1432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4548 wrote to memory of 1432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4548 wrote to memory of 1432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4548 wrote to memory of 1432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4548 wrote to memory of 1432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4548 wrote to memory of 1432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4548 wrote to memory of 1432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4548 wrote to memory of 1432 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4548 wrote to memory of 3604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4548 wrote to memory of 3604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4548 wrote to memory of 2248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4548 wrote to memory of 2248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4548 wrote to memory of 2248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4548 wrote to memory of 2248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4548 wrote to memory of 2248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4548 wrote to memory of 2248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4548 wrote to memory of 2248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4548 wrote to memory of 2248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4548 wrote to memory of 2248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4548 wrote to memory of 2248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4548 wrote to memory of 2248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4548 wrote to memory of 2248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4548 wrote to memory of 2248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4548 wrote to memory of 2248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4548 wrote to memory of 2248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4548 wrote to memory of 2248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4548 wrote to memory of 2248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4548 wrote to memory of 2248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4548 wrote to memory of 2248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4548 wrote to memory of 2248 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

System policy modification

evasion
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoControlPanel = "1" C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun = "1" C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\Downloads\Annabelle.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\Downloads\Annabelle.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr = "1" C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\Downloads\Annabelle.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\WindowsDefenderMAJ = "1" C:\Users\Admin\Downloads\Annabelle.exe N/A

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://www.steamidfinder.com/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8037e46f8,0x7ff8037e4708,0x7ff8037e4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2012,2067501388465554780,3883608085796147048,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2012,2067501388465554780,3883608085796147048,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2012,2067501388465554780,3883608085796147048,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2640 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2067501388465554780,3883608085796147048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2067501388465554780,3883608085796147048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2067501388465554780,3883608085796147048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4148 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2012,2067501388465554780,3883608085796147048,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5624 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2012,2067501388465554780,3883608085796147048,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5624 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2067501388465554780,3883608085796147048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2067501388465554780,3883608085796147048,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4808 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2067501388465554780,3883608085796147048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2067501388465554780,3883608085796147048,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2067501388465554780,3883608085796147048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2136 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2067501388465554780,3883608085796147048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2067501388465554780,3883608085796147048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2067501388465554780,3883608085796147048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2067501388465554780,3883608085796147048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6244 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2067501388465554780,3883608085796147048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6228 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2067501388465554780,3883608085796147048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6608 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2067501388465554780,3883608085796147048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6688 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2067501388465554780,3883608085796147048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7016 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2067501388465554780,3883608085796147048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2067501388465554780,3883608085796147048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7336 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2067501388465554780,3883608085796147048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7332 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2067501388465554780,3883608085796147048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7444 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2067501388465554780,3883608085796147048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7740 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2067501388465554780,3883608085796147048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7904 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2067501388465554780,3883608085796147048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8036 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2067501388465554780,3883608085796147048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2067501388465554780,3883608085796147048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8320 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2067501388465554780,3883608085796147048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8884 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2067501388465554780,3883608085796147048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8096 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2067501388465554780,3883608085796147048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8104 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2067501388465554780,3883608085796147048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8468 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2067501388465554780,3883608085796147048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8888 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2067501388465554780,3883608085796147048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6072 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2067501388465554780,3883608085796147048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8072 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2012,2067501388465554780,3883608085796147048,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5944 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x490 0x4f0

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2067501388465554780,3883608085796147048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2067501388465554780,3883608085796147048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9496 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2067501388465554780,3883608085796147048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8048 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2067501388465554780,3883608085796147048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8052 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2067501388465554780,3883608085796147048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7116 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2067501388465554780,3883608085796147048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6996 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2067501388465554780,3883608085796147048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8448 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2067501388465554780,3883608085796147048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6736 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2067501388465554780,3883608085796147048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2067501388465554780,3883608085796147048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9460 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2067501388465554780,3883608085796147048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9812 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2067501388465554780,3883608085796147048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7764 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2067501388465554780,3883608085796147048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7716 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2067501388465554780,3883608085796147048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3540 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2067501388465554780,3883608085796147048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3536 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2067501388465554780,3883608085796147048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7352 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2067501388465554780,3883608085796147048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6380 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2067501388465554780,3883608085796147048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6480 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2067501388465554780,3883608085796147048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8088 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2067501388465554780,3883608085796147048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7812 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2067501388465554780,3883608085796147048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7400 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2067501388465554780,3883608085796147048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8528 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2067501388465554780,3883608085796147048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7276 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2067501388465554780,3883608085796147048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8800 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2067501388465554780,3883608085796147048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7008 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2067501388465554780,3883608085796147048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8056 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2067501388465554780,3883608085796147048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9452 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2067501388465554780,3883608085796147048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7784 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2067501388465554780,3883608085796147048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6420 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2067501388465554780,3883608085796147048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6216 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2067501388465554780,3883608085796147048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9352 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2012,2067501388465554780,3883608085796147048,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7516 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2067501388465554780,3883608085796147048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6460 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2067501388465554780,3883608085796147048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2067501388465554780,3883608085796147048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8764 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2067501388465554780,3883608085796147048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9164 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2067501388465554780,3883608085796147048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8600 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2067501388465554780,3883608085796147048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6856 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2067501388465554780,3883608085796147048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9568 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2067501388465554780,3883608085796147048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6920 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2067501388465554780,3883608085796147048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9480 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2067501388465554780,3883608085796147048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6012 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2067501388465554780,3883608085796147048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2067501388465554780,3883608085796147048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6004 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2067501388465554780,3883608085796147048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2067501388465554780,3883608085796147048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6680 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2067501388465554780,3883608085796147048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8128 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2067501388465554780,3883608085796147048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9332 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2067501388465554780,3883608085796147048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9572 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2067501388465554780,3883608085796147048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6912 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2067501388465554780,3883608085796147048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9140 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2067501388465554780,3883608085796147048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9592 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2067501388465554780,3883608085796147048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7748 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2067501388465554780,3883608085796147048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2067501388465554780,3883608085796147048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6180 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2067501388465554780,3883608085796147048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9024 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2067501388465554780,3883608085796147048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3564 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2067501388465554780,3883608085796147048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=96 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9092 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2067501388465554780,3883608085796147048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=97 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8356 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2067501388465554780,3883608085796147048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=98 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8528 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2067501388465554780,3883608085796147048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=99 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6236 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2067501388465554780,3883608085796147048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=100 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6704 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2067501388465554780,3883608085796147048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=101 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1736 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2067501388465554780,3883608085796147048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=102 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6048 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2067501388465554780,3883608085796147048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=103 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8344 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2067501388465554780,3883608085796147048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=104 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10692 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2067501388465554780,3883608085796147048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=105 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9580 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2067501388465554780,3883608085796147048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=106 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8460 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2067501388465554780,3883608085796147048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=107 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2067501388465554780,3883608085796147048,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=108 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7328 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2067501388465554780,3883608085796147048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=109 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6904 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2067501388465554780,3883608085796147048,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=110 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,2067501388465554780,3883608085796147048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=111 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6880 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff801a2cc40,0x7ff801a2cc4c,0x7ff801a2cc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1952,i,13788984430518339325,13313109665843468172,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1948 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2104,i,13788984430518339325,13313109665843468172,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2248 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2304,i,13788984430518339325,13313109665843468172,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2472 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3184,i,13788984430518339325,13313109665843468172,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3200 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3244,i,13788984430518339325,13313109665843468172,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3236 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4596,i,13788984430518339325,13313109665843468172,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4500 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=5052,i,13788984430518339325,13313109665843468172,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5068 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=5092,i,13788984430518339325,13313109665843468172,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5252 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5160,i,13788984430518339325,13313109665843468172,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5100 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5516,i,13788984430518339325,13313109665843468172,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5528 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5716,i,13788984430518339325,13313109665843468172,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5740 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4968,i,13788984430518339325,13313109665843468172,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4892 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4436,i,13788984430518339325,13313109665843468172,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5780 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4768,i,13788984430518339325,13313109665843468172,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5748 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5768,i,13788984430518339325,13313109665843468172,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4892 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=4868,i,13788984430518339325,13313109665843468172,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5776 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5572,i,13788984430518339325,13313109665843468172,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5852 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5836,i,13788984430518339325,13313109665843468172,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4876 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5872,i,13788984430518339325,13313109665843468172,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5076 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5848,i,13788984430518339325,13313109665843468172,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5852 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=4564,i,13788984430518339325,13313109665843468172,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4852 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8037e46f8,0x7ff8037e4708,0x7ff8037e4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,14164240572981638269,12177328504524178683,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2012 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2000,14164240572981638269,12177328504524178683,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2532 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2000,14164240572981638269,12177328504524178683,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2932 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14164240572981638269,12177328504524178683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14164240572981638269,12177328504524178683,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14164240572981638269,12177328504524178683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14164240572981638269,12177328504524178683,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14164240572981638269,12177328504524178683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3680 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14164240572981638269,12177328504524178683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14164240572981638269,12177328504524178683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14164240572981638269,12177328504524178683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14164240572981638269,12177328504524178683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14164240572981638269,12177328504524178683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14164240572981638269,12177328504524178683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3624 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,14164240572981638269,12177328504524178683,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6432 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,14164240572981638269,12177328504524178683,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6432 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14164240572981638269,12177328504524178683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4548 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14164240572981638269,12177328504524178683,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6188 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14164240572981638269,12177328504524178683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6508 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14164240572981638269,12177328504524178683,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6532 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14164240572981638269,12177328504524178683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6176 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14164240572981638269,12177328504524178683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14164240572981638269,12177328504524178683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6488 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14164240572981638269,12177328504524178683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6908 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14164240572981638269,12177328504524178683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6764 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14164240572981638269,12177328504524178683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7204 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2000,14164240572981638269,12177328504524178683,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7264 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2000,14164240572981638269,12177328504524178683,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7236 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2000,14164240572981638269,12177328504524178683,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7428 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2000,14164240572981638269,12177328504524178683,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7656 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14164240572981638269,12177328504524178683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6720 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2000,14164240572981638269,12177328504524178683,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6148 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14164240572981638269,12177328504524178683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3536 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2000,14164240572981638269,12177328504524178683,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6804 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14164240572981638269,12177328504524178683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7408 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14164240572981638269,12177328504524178683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7028 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14164240572981638269,12177328504524178683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6460 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14164240572981638269,12177328504524178683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7468 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14164240572981638269,12177328504524178683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3680 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14164240572981638269,12177328504524178683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7796 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14164240572981638269,12177328504524178683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5880 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2000,14164240572981638269,12177328504524178683,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2688 /prefetch:8

C:\Windows\System32\msiexec.exe

"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\Downloads\7z2401.msi"

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\system32\srtasks.exe

C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,14164240572981638269,12177328504524178683,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6496 /prefetch:2

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Windows\System32\msiexec.exe

"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\Downloads\7z2401.msi"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14164240572981638269,12177328504524178683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14164240572981638269,12177328504524178683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7028 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14164240572981638269,12177328504524178683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6880 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14164240572981638269,12177328504524178683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7764 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14164240572981638269,12177328504524178683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7768 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14164240572981638269,12177328504524178683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6240 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14164240572981638269,12177328504524178683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7700 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2000,14164240572981638269,12177328504524178683,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1772 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2000,14164240572981638269,12177328504524178683,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5096 /prefetch:8

C:\Users\Admin\Downloads\WannaCry.exe

"C:\Users\Admin\Downloads\WannaCry.exe"

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c 166271731693185.bat

C:\Windows\SysWOW64\cscript.exe

cscript //nologo c.vbs

C:\Users\Admin\Downloads\!WannaDecryptor!.exe

!WannaDecryptor!.exe f

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im MSExchange*

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im Microsoft.Exchange.*

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im sqlserver.exe

C:\Windows\SysWOW64\taskkill.exe

taskkill /f /im sqlwriter.exe

C:\Users\Admin\Downloads\!WannaDecryptor!.exe

!WannaDecryptor!.exe c

C:\Windows\SysWOW64\cmd.exe

cmd.exe /c start /b !WannaDecryptor!.exe v

C:\Users\Admin\Downloads\!WannaDecryptor!.exe

!WannaDecryptor!.exe v

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14164240572981638269,12177328504524178683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1

C:\Users\Admin\Downloads\!WannaDecryptor!.exe

!WannaDecryptor!.exe

C:\Windows\SysWOW64\cmd.exe

cmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet

C:\Windows\SysWOW64\Wbem\WMIC.exe

wmic shadowcopy delete

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14164240572981638269,12177328504524178683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7412 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8037e46f8,0x7ff8037e4708,0x7ff8037e4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2236,7816980733786077461,6589511276335313305,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2248 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2236,7816980733786077461,6589511276335313305,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2236,7816980733786077461,6589511276335313305,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2880 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,7816980733786077461,6589511276335313305,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,7816980733786077461,6589511276335313305,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,7816980733786077461,6589511276335313305,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,7816980733786077461,6589511276335313305,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2236,7816980733786077461,6589511276335313305,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4056 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,7816980733786077461,6589511276335313305,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4052 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2236,7816980733786077461,6589511276335313305,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5500 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2236,7816980733786077461,6589511276335313305,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5500 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,7816980733786077461,6589511276335313305,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,7816980733786077461,6589511276335313305,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,7816980733786077461,6589511276335313305,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,7816980733786077461,6589511276335313305,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3464 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,7816980733786077461,6589511276335313305,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6092 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,7816980733786077461,6589511276335313305,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,7816980733786077461,6589511276335313305,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2236,7816980733786077461,6589511276335313305,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6312 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2236,7816980733786077461,6589511276335313305,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6172 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2236,7816980733786077461,6589511276335313305,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5948 /prefetch:8

C:\Users\Admin\Downloads\Annabelle.exe

"C:\Users\Admin\Downloads\Annabelle.exe"

C:\Users\Admin\Downloads\Annabelle.exe

"C:\Users\Admin\Downloads\Annabelle.exe"

C:\Users\Admin\Downloads\Annabelle.exe

"C:\Users\Admin\Downloads\Annabelle.exe"

C:\Users\Admin\Downloads\Annabelle.exe

"C:\Users\Admin\Downloads\Annabelle.exe"

C:\Users\Admin\Downloads\Annabelle.exe

"C:\Users\Admin\Downloads\Annabelle.exe"

C:\Windows\SYSTEM32\vssadmin.exe

vssadmin delete shadows /all /quiet

C:\Windows\SYSTEM32\vssadmin.exe

vssadmin delete shadows /all /quiet

C:\Windows\SYSTEM32\vssadmin.exe

vssadmin delete shadows /all /quiet

C:\Windows\SYSTEM32\NetSh.exe

NetSh Advfirewall set allprofiles state off

C:\Users\Admin\Downloads\Annabelle.exe

"C:\Users\Admin\Downloads\Annabelle.exe"

C:\Users\Admin\Downloads\Annabelle.exe

"C:\Users\Admin\Downloads\Annabelle.exe"

C:\Users\Admin\Downloads\Annabelle.exe

"C:\Users\Admin\Downloads\Annabelle.exe"

C:\Users\Admin\Downloads\Annabelle.exe

"C:\Users\Admin\Downloads\Annabelle.exe"

C:\Users\Admin\Downloads\Annabelle.exe

"C:\Users\Admin\Downloads\Annabelle.exe"

C:\Users\Admin\Downloads\Annabelle.exe

"C:\Users\Admin\Downloads\Annabelle.exe"

C:\Windows\System32\shutdown.exe

"C:\Windows\System32\shutdown.exe" -r -t 00 -f

C:\Windows\system32\LogonUI.exe

"LogonUI.exe" /flags:0x4 /state0:0xa3f94055 /state1:0x41c64e6d

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x490 0x4f0

Network

Country Destination Domain Proto
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 www.steamidfinder.com udp
US 104.26.6.218:443 www.steamidfinder.com tcp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 tags.bkrtx.com udp
US 8.8.8.8:53 c.amazon-adsystem.com udp
US 8.8.8.8:53 00917082-71e9-498e-8343-00c3df06b798.edge.permutive.app udp
US 8.8.8.8:53 cdn.privacy-mgmt.com udp
US 8.8.8.8:53 btloader.com udp
US 8.8.8.8:53 boot.pbstck.com udp
US 8.8.8.8:53 z.moatads.com udp
US 8.8.8.8:53 218.6.26.104.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 75.159.190.20.in-addr.arpa udp
GB 142.250.200.2:443 securepubads.g.doubleclick.net tcp
GB 104.78.165.146:443 tags.bkrtx.com tcp
FR 18.245.194.122:443 c.amazon-adsystem.com tcp
US 172.64.152.243:443 00917082-71e9-498e-8343-00c3df06b798.edge.permutive.app tcp
FR 18.245.199.15:443 cdn.privacy-mgmt.com tcp
US 104.22.74.216:443 btloader.com tcp
US 104.22.1.93:443 boot.pbstck.com tcp
GB 2.23.205.220:443 z.moatads.com tcp
US 8.8.8.8:53 kumo.network-n.com udp
US 8.8.8.8:53 crt.rootg2.amazontrust.com udp
GB 143.244.38.136:443 kumo.network-n.com tcp
FR 3.164.163.87:80 crt.rootg2.amazontrust.com tcp
US 8.8.8.8:53 cdnhorizon.nnmtools.com udp
US 172.67.190.95:443 cdnhorizon.nnmtools.com tcp
GB 143.244.38.136:443 kumo.network-n.com tcp
US 172.67.190.95:443 cdnhorizon.nnmtools.com tcp
US 8.8.8.8:53 apihorizon.nnmtools.com udp
US 8.8.8.8:53 2.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 146.165.78.104.in-addr.arpa udp
US 8.8.8.8:53 122.194.245.18.in-addr.arpa udp
US 8.8.8.8:53 243.152.64.172.in-addr.arpa udp
US 8.8.8.8:53 216.74.22.104.in-addr.arpa udp
US 8.8.8.8:53 93.1.22.104.in-addr.arpa udp
US 8.8.8.8:53 220.205.23.2.in-addr.arpa udp
US 8.8.8.8:53 15.199.245.18.in-addr.arpa udp
US 8.8.8.8:53 136.38.244.143.in-addr.arpa udp
US 8.8.8.8:53 38.201.222.52.in-addr.arpa udp
US 8.8.8.8:53 72.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 95.190.67.172.in-addr.arpa udp
US 8.8.8.8:53 87.163.164.3.in-addr.arpa udp
FR 18.245.199.15:443 cdn.privacy-mgmt.com tcp
US 8.8.8.8:53 ad-delivery.net udp
US 8.8.8.8:53 static.anonymised.io udp
US 34.107.217.107:443 static.anonymised.io tcp
US 172.67.69.19:443 ad-delivery.net tcp
US 172.67.69.19:443 ad-delivery.net tcp
US 8.8.8.8:53 cdn-adm.pbstck.com udp
US 34.107.217.107:443 static.anonymised.io udp
US 8.8.8.8:53 api.btloader.com udp
US 104.22.0.93:443 cdn-adm.pbstck.com tcp
US 130.211.23.194:443 api.btloader.com tcp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 api.permutive.com udp
US 8.8.8.8:53 material.anonymised.io udp
US 8.8.8.8:53 aegis.anonymised.io udp
US 34.107.254.252:443 api.permutive.com tcp
US 34.117.250.57:443 material.anonymised.io tcp
US 34.107.217.107:443 aegis.anonymised.io tcp
US 34.117.250.57:443 material.anonymised.io udp
US 8.8.8.8:53 107.217.107.34.in-addr.arpa udp
US 8.8.8.8:53 19.69.67.172.in-addr.arpa udp
US 8.8.8.8:53 6.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 93.0.22.104.in-addr.arpa udp
US 8.8.8.8:53 194.23.211.130.in-addr.arpa udp
US 8.8.8.8:53 36.34.239.216.in-addr.arpa udp
US 8.8.8.8:53 252.254.107.34.in-addr.arpa udp
US 8.8.8.8:53 57.250.117.34.in-addr.arpa udp
US 8.8.8.8:53 234.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 227.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 sb.scorecardresearch.com udp
FR 52.222.169.76:443 sb.scorecardresearch.com tcp
US 8.8.8.8:53 76.169.222.52.in-addr.arpa udp
US 216.239.34.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 00917082-71e9-498e-8343-00c3df06b798.prmutv.co udp
GB 142.250.200.2:443 securepubads.g.doubleclick.net udp
US 216.239.34.36:443 region1.google-analytics.com udp
US 35.241.9.51:443 00917082-71e9-498e-8343-00c3df06b798.prmutv.co tcp
US 8.8.8.8:53 ib.adnxs.com udp
US 8.8.8.8:53 live.primis.tech udp
US 8.8.8.8:53 secure.quantserve.com udp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 www.google.co.uk udp
NL 185.89.210.20:443 ib.adnxs.com tcp
US 216.239.32.36:443 region1.analytics.google.com tcp
BE 18.239.208.6:443 live.primis.tech tcp
GB 142.250.179.227:443 www.google.co.uk tcp
DE 91.228.74.244:443 secure.quantserve.com tcp
US 8.8.8.8:53 rules.quantcount.com udp
FR 18.244.28.2:443 rules.quantcount.com tcp
US 8.8.8.8:53 cdn.pbstck.com udp
US 8.8.8.8:53 pixel.quantserve.com udp
US 34.107.254.252:443 api.permutive.com udp
US 8.8.8.8:53 cdn.permutive.com udp
US 104.17.108.19:443 cdn.permutive.com tcp
US 8.8.8.8:53 script.4dex.io udp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 8.8.8.8:53 ap.lijit.com udp
US 8.8.8.8:53 exchange.kueezrtb.com udp
US 8.8.8.8:53 hb.yellowblue.io udp
US 8.8.8.8:53 mweb-hb.presage.io udp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
IE 54.171.11.29:443 ap.lijit.com tcp
US 8.8.8.8:53 prebid.media.net udp
US 8.8.8.8:53 hbopenbid.pubmatic.com udp
US 8.8.8.8:53 mp.4dex.io udp
US 8.8.8.8:53 fastlane.rubiconproject.com udp
IE 99.80.128.60:443 mweb-hb.presage.io tcp
FR 18.244.28.105:443 hb.yellowblue.io tcp
US 8.8.8.8:53 bidder.criteo.com udp
US 8.8.8.8:53 htlb.casalemedia.com udp
US 8.8.8.8:53 tlx.3lift.com udp
US 8.8.8.8:53 cdn-ima.33across.com udp
US 104.26.9.169:443 script.4dex.io tcp
US 45.77.76.124:443 exchange.kueezrtb.com tcp
US 45.77.76.124:443 exchange.kueezrtb.com tcp
US 45.77.76.124:443 exchange.kueezrtb.com tcp
US 45.77.76.124:443 exchange.kueezrtb.com tcp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
NL 178.250.1.56:443 bidder.criteo.com tcp
US 104.18.26.193:443 htlb.casalemedia.com tcp
US 104.18.29.101:443 cdn-ima.33across.com tcp
US 34.120.63.153:443 prebid.media.net tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
US 8.8.8.8:53 intake.pbstck.com udp
US 104.18.34.178:443 mp.4dex.io tcp
DE 18.157.230.4:443 tlx.3lift.com tcp
IE 99.80.128.60:443 mweb-hb.presage.io tcp
US 8.8.8.8:53 config.aps.amazon-adsystem.com udp
US 8.8.8.8:53 aax.amazon-adsystem.com udp
US 104.26.9.169:443 script.4dex.io tcp
US 8.8.8.8:53 cadmus.script.ac udp
FR 3.165.117.155:443 aax.amazon-adsystem.com tcp
US 104.18.23.145:443 cadmus.script.ac tcp
FR 52.84.174.40:443 config.aps.amazon-adsystem.com tcp
US 8.8.8.8:53 launchpad-wrapper.privacymanager.io udp
US 8.8.8.8:53 secure.cdn.fastclick.net udp
US 8.8.8.8:53 tags.crwdcntrl.net udp
US 8.8.8.8:53 cdn.hadronid.net udp
US 8.8.8.8:53 cdn.id5-sync.com udp
US 104.22.52.173:443 cdn.hadronid.net tcp
FR 18.155.129.39:443 tags.crwdcntrl.net tcp
FR 18.155.129.54:443 launchpad-wrapper.privacymanager.io tcp
US 104.22.52.86:443 cdn.id5-sync.com tcp
GB 104.78.175.230:443 secure.cdn.fastclick.net tcp
US 8.8.8.8:53 secure-assets.rubiconproject.com udp
GB 23.215.239.190:443 secure-assets.rubiconproject.com tcp
US 8.8.8.8:53 eus.rubiconproject.com udp
US 23.192.21.141:443 eus.rubiconproject.com tcp
US 8.8.8.8:53 aax-eu.amazon-adsystem.com udp
IE 67.220.226.238:443 aax-eu.amazon-adsystem.com tcp
US 8.8.8.8:53 launchpad.privacymanager.io udp
FR 3.164.163.14:443 launchpad.privacymanager.io tcp
US 8.8.8.8:53 id.hadron.ad.gt udp
US 172.67.23.234:443 id.hadron.ad.gt tcp
US 8.8.8.8:53 api-gdpr.intentiq.com udp
US 8.8.8.8:53 sync-gdpr.intentiq.com udp
IE 52.48.168.123:443 bcp.crwdcntrl.net tcp
US 8.8.8.8:53 geo.privacymanager.io udp
FR 3.165.136.96:443 sync-gdpr.intentiq.com tcp
FR 13.249.9.37:443 api-gdpr.intentiq.com tcp
BE 18.239.208.120:443 geo.privacymanager.io tcp
US 8.8.8.8:53 51.9.241.35.in-addr.arpa udp
US 8.8.8.8:53 20.210.89.185.in-addr.arpa udp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 227.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 244.74.228.91.in-addr.arpa udp
US 8.8.8.8:53 6.208.239.18.in-addr.arpa udp
US 8.8.8.8:53 2.28.244.18.in-addr.arpa udp
US 8.8.8.8:53 19.108.17.104.in-addr.arpa udp
US 8.8.8.8:53 229.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 29.11.171.54.in-addr.arpa udp
US 8.8.8.8:53 169.9.26.104.in-addr.arpa udp
US 8.8.8.8:53 105.28.244.18.in-addr.arpa udp
US 8.8.8.8:53 60.128.80.99.in-addr.arpa udp
US 8.8.8.8:53 77.190.64.185.in-addr.arpa udp
US 8.8.8.8:53 193.26.18.104.in-addr.arpa udp
US 8.8.8.8:53 101.29.18.104.in-addr.arpa udp
US 8.8.8.8:53 56.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 153.63.120.34.in-addr.arpa udp
US 8.8.8.8:53 139.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 124.76.77.45.in-addr.arpa udp
US 8.8.8.8:53 178.34.18.104.in-addr.arpa udp
US 8.8.8.8:53 4.230.157.18.in-addr.arpa udp
US 8.8.8.8:53 145.23.18.104.in-addr.arpa udp
US 8.8.8.8:53 40.174.84.52.in-addr.arpa udp
US 8.8.8.8:53 133.130.101.151.in-addr.arpa udp
US 8.8.8.8:53 173.52.22.104.in-addr.arpa udp
US 8.8.8.8:53 86.52.22.104.in-addr.arpa udp
US 8.8.8.8:53 230.175.78.104.in-addr.arpa udp
US 8.8.8.8:53 39.129.155.18.in-addr.arpa udp
US 8.8.8.8:53 190.239.215.23.in-addr.arpa udp
US 8.8.8.8:53 54.129.155.18.in-addr.arpa udp
US 8.8.8.8:53 a.ad.gt udp
US 104.22.5.69:443 a.ad.gt tcp
US 8.8.8.8:53 token.rubiconproject.com udp
US 8.8.8.8:53 lb.eu-1-id5-sync.com udp
NL 69.173.156.148:443 token.rubiconproject.com tcp
US 8.8.8.8:53 ads.pubmatic.com udp
DE 162.19.138.82:443 lb.eu-1-id5-sync.com tcp
DE 162.19.138.116:443 lb.eu-1-id5-sync.com tcp
GB 2.23.204.244:443 ads.pubmatic.com tcp
US 34.120.63.153:443 prebid.media.net udp
US 8.8.8.8:53 9346be14707dfef47e977d34251b581a.safeframe.googlesyndication.com udp
GB 142.250.179.225:443 9346be14707dfef47e977d34251b581a.safeframe.googlesyndication.com tcp
US 8.8.8.8:53 141.21.192.23.in-addr.arpa udp
US 8.8.8.8:53 238.226.220.67.in-addr.arpa udp
US 8.8.8.8:53 14.163.164.3.in-addr.arpa udp
US 8.8.8.8:53 234.23.67.172.in-addr.arpa udp
US 8.8.8.8:53 123.168.48.52.in-addr.arpa udp
US 8.8.8.8:53 96.136.165.3.in-addr.arpa udp
US 8.8.8.8:53 37.9.249.13.in-addr.arpa udp
US 8.8.8.8:53 120.208.239.18.in-addr.arpa udp
US 8.8.8.8:53 69.5.22.104.in-addr.arpa udp
US 8.8.8.8:53 148.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 82.138.19.162.in-addr.arpa udp
US 8.8.8.8:53 116.138.19.162.in-addr.arpa udp
US 8.8.8.8:53 244.204.23.2.in-addr.arpa udp
US 8.8.8.8:53 u.openx.net udp
US 8.8.8.8:53 cs-server-s2s.yellowblue.io udp
US 35.244.159.8:443 u.openx.net tcp
US 44.206.197.9:443 cs-server-s2s.yellowblue.io tcp
US 35.244.159.8:443 u.openx.net udp
US 8.8.8.8:53 ep1.adtrafficquality.google udp
GB 142.250.179.226:443 ep1.adtrafficquality.google tcp
US 8.8.8.8:53 video.primis.tech udp
US 8.8.8.8:53 pubads.g.doubleclick.net udp
US 8.8.8.8:53 x.bidswitch.net udp
US 8.8.8.8:53 match.adsrvr.org udp
US 8.8.8.8:53 csync.loopme.me udp
US 8.8.8.8:53 ssum-sec.casalemedia.com udp
BE 18.239.208.60:443 video.primis.tech tcp
BE 18.239.208.60:443 video.primis.tech tcp
BE 18.239.208.60:443 video.primis.tech tcp
BE 18.239.208.60:443 video.primis.tech tcp
US 3.33.220.150:443 match.adsrvr.org tcp
NL 35.214.216.122:443 csync.loopme.me tcp
US 8.8.8.8:53 eb2.3lift.com udp
US 8.8.8.8:53 pixel.rubiconproject.com udp
US 76.223.111.18:443 eb2.3lift.com tcp
NL 69.173.156.148:443 pixel.rubiconproject.com tcp
NL 35.214.136.108:443 x.bidswitch.net tcp
US 8.8.8.8:53 ups.analytics.yahoo.com udp
US 8.8.8.8:53 mb9eo.publishers.tremorhub.com udp
US 8.8.8.8:53 cs.media.net udp
US 8.8.8.8:53 ads.stickyadstv.com udp
GB 87.248.114.11:443 ups.analytics.yahoo.com tcp
US 54.204.18.118:443 mb9eo.publishers.tremorhub.com tcp
GB 2.23.220.28:443 cs.media.net tcp
FR 154.54.250.81:443 ads.stickyadstv.com tcp
US 8.8.8.8:53 cs.admanmedia.com udp
US 8.8.8.8:53 225.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 8.159.244.35.in-addr.arpa udp
US 8.8.8.8:53 9.197.206.44.in-addr.arpa udp
US 8.8.8.8:53 226.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 150.220.33.3.in-addr.arpa udp
US 8.8.8.8:53 60.208.239.18.in-addr.arpa udp
US 8.8.8.8:53 122.216.214.35.in-addr.arpa udp
US 8.8.8.8:53 226.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 226.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 18.111.223.76.in-addr.arpa udp
US 8.8.8.8:53 101.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 108.136.214.35.in-addr.arpa udp
US 8.8.8.8:53 11.114.248.87.in-addr.arpa udp
US 8.8.8.8:53 28.220.23.2.in-addr.arpa udp
US 8.8.8.8:53 81.250.54.154.in-addr.arpa udp
US 8.8.8.8:53 118.18.204.54.in-addr.arpa udp
US 80.77.87.163:443 cs.admanmedia.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 142.250.187.194:443 googleads.g.doubleclick.net tcp
GB 142.250.187.194:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 slack.com udp
US 8.8.8.8:53 ssbsync-global.smartadserver.com udp
GB 18.168.172.238:443 slack.com tcp
FR 91.134.110.132:443 ssbsync-global.smartadserver.com tcp
US 8.8.8.8:53 163.87.77.80.in-addr.arpa udp
US 8.8.8.8:53 194.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 238.172.168.18.in-addr.arpa udp
US 8.8.8.8:53 34.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 132.110.134.91.in-addr.arpa udp
NL 35.214.136.108:443 x.bidswitch.net udp
US 8.8.8.8:53 cm.adform.net udp
DK 37.157.2.229:443 cm.adform.net tcp
US 8.8.8.8:53 match.sharethrough.com udp
US 8.8.8.8:53 sync.1rx.io udp
DE 18.195.234.25:443 match.sharethrough.com tcp
NL 46.228.174.117:443 sync.1rx.io tcp
US 8.8.8.8:53 d34u8crftukxnk.cloudfront.net udp
US 8.8.8.8:53 a.slack-edge.com udp
US 8.8.8.8:53 cdn.cookielaw.org udp
US 8.8.8.8:53 reveal.clearbit.com udp
US 8.8.8.8:53 sync.kueezrtb.com udp
FR 3.162.40.48:443 d34u8crftukxnk.cloudfront.net tcp
US 104.18.86.42:443 cdn.cookielaw.org tcp
FR 3.164.163.10:443 a.slack-edge.com tcp
FR 3.164.163.10:443 a.slack-edge.com tcp
FR 3.164.163.10:443 a.slack-edge.com tcp
FR 3.164.163.10:443 a.slack-edge.com tcp
FR 3.164.163.10:443 a.slack-edge.com tcp
FR 3.164.163.10:443 a.slack-edge.com tcp
GB 18.135.18.21:443 reveal.clearbit.com tcp
US 67.207.86.10:443 sync.kueezrtb.com tcp
US 104.18.86.42:443 cdn.cookielaw.org tcp
FR 3.164.163.10:443 a.slack-edge.com tcp
US 8.8.8.8:53 229.2.157.37.in-addr.arpa udp
US 8.8.8.8:53 25.234.195.18.in-addr.arpa udp
US 8.8.8.8:53 48.40.162.3.in-addr.arpa udp
US 8.8.8.8:53 117.174.228.46.in-addr.arpa udp
US 8.8.8.8:53 42.86.18.104.in-addr.arpa udp
US 8.8.8.8:53 10.163.164.3.in-addr.arpa udp
US 8.8.8.8:53 21.18.135.18.in-addr.arpa udp
US 8.8.8.8:53 10.86.207.67.in-addr.arpa udp
US 8.8.8.8:53 ib.adnxs-simple.com udp
US 8.8.8.8:53 grid.bidswitch.net udp
US 8.8.8.8:53 prg.smartadserver.com udp
US 8.8.8.8:53 cdn.ampproject.org udp
NL 185.89.210.122:443 ib.adnxs-simple.com tcp
GB 216.58.204.65:443 cdn.ampproject.org tcp
FR 217.182.178.224:443 prg.smartadserver.com tcp
NL 178.250.1.56:443 grid.bidswitch.net tcp
US 8.8.8.8:53 sync.ingage.tech udp
US 8.8.8.8:53 a11179690159.cdn.optimizely.com udp
US 104.18.26.216:443 sync.ingage.tech tcp
US 8.8.8.8:53 geolocation.onetrust.com udp
US 8.8.8.8:53 api.demandbase.com udp
US 8.8.8.8:53 cdn3.optimizely.com udp
FR 18.164.52.73:443 api.demandbase.com tcp
US 104.18.65.57:443 a11179690159.cdn.optimizely.com tcp
US 172.64.155.119:443 geolocation.onetrust.com tcp
US 104.18.35.242:443 cdn3.optimizely.com tcp
GB 216.58.204.65:443 cdn.ampproject.org udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 104.18.65.57:443 a11179690159.cdn.optimizely.com tcp
GB 142.250.187.225:443 tpc.googlesyndication.com tcp
GB 142.250.187.225:443 tpc.googlesyndication.com tcp
GB 142.250.187.225:443 tpc.googlesyndication.com tcp
GB 142.250.187.225:443 tpc.googlesyndication.com tcp
GB 142.250.187.225:443 tpc.googlesyndication.com tcp
GB 142.250.187.225:443 tpc.googlesyndication.com tcp
US 172.64.155.119:443 geolocation.onetrust.com tcp
US 8.8.8.8:53 ssbsync.smartadserver.com udp
US 8.8.8.8:53 onetag-sys.com udp
DE 51.89.9.253:443 onetag-sys.com tcp
US 8.8.8.8:53 static.criteo.net udp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
GB 142.250.187.225:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 creativecdn.com udp
US 8.8.8.8:53 65.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 224.178.182.217.in-addr.arpa udp
US 8.8.8.8:53 216.26.18.104.in-addr.arpa udp
US 8.8.8.8:53 242.35.18.104.in-addr.arpa udp
US 8.8.8.8:53 73.52.164.18.in-addr.arpa udp
US 8.8.8.8:53 225.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 119.155.64.172.in-addr.arpa udp
GB 216.58.212.193:443 ep2.adtrafficquality.google tcp
NL 185.184.8.90:443 creativecdn.com tcp
NL 178.250.1.3:443 static.criteo.net tcp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 logx.optimizely.com udp
US 34.49.241.189:443 logx.optimizely.com tcp
US 8.8.8.8:53 253.9.89.51.in-addr.arpa udp
US 8.8.8.8:53 193.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 36.249.124.192.in-addr.arpa udp
US 8.8.8.8:53 90.8.184.185.in-addr.arpa udp
US 8.8.8.8:53 3.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 78.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 57.65.18.104.in-addr.arpa udp
US 8.8.8.8:53 189.241.49.34.in-addr.arpa udp
US 8.8.8.8:53 www.youtube-nocookie.com udp
GB 142.250.187.238:443 www.youtube-nocookie.com tcp
US 8.8.8.8:53 cdn.schemaapp.com udp
US 34.49.241.189:443 logx.optimizely.com udp
US 8.8.8.8:53 www.mczbf.com udp
FR 3.165.136.31:443 cdn.schemaapp.com tcp
FR 52.222.169.42:443 www.mczbf.com tcp
US 8.8.8.8:53 data.schemaapp.com udp
FR 52.222.169.42:443 www.mczbf.com tcp
FR 52.222.169.83:443 data.schemaapp.com tcp
FR 3.165.136.31:443 cdn.schemaapp.com tcp
US 8.8.8.8:53 pixel-eu.rubiconproject.com udp
US 8.8.8.8:53 i.ytimg.com udp
GB 142.250.187.238:443 www.youtube-nocookie.com udp
GB 216.58.201.118:443 i.ytimg.com tcp
NL 69.173.156.149:443 pixel-eu.rubiconproject.com tcp
NL 35.214.199.88:443 rtb.mfadsrvr.com tcp
US 8.8.8.8:53 u.4dex.io udp
US 8.8.8.8:53 sync-tm.everesttech.net udp
US 34.149.40.38:443 u.4dex.io tcp
US 151.101.130.49:443 sync-tm.everesttech.net tcp
US 8.8.8.8:53 6321597.fls.doubleclick.net udp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 31.136.165.3.in-addr.arpa udp
US 8.8.8.8:53 42.169.222.52.in-addr.arpa udp
US 8.8.8.8:53 83.169.222.52.in-addr.arpa udp
US 8.8.8.8:53 118.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 149.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 88.199.214.35.in-addr.arpa udp
US 8.8.8.8:53 38.40.149.34.in-addr.arpa udp
US 8.8.8.8:53 49.130.101.151.in-addr.arpa udp
GB 216.58.201.102:443 6321597.fls.doubleclick.net tcp
US 216.239.32.36:443 region1.analytics.google.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
GB 142.250.179.227:443 www.google.co.uk udp
BE 64.233.167.155:443 stats.g.doubleclick.net tcp
GB 216.58.201.102:443 6321597.fls.doubleclick.net udp
US 8.8.8.8:53 acdn.adnxs.com udp
GB 2.19.117.70:443 acdn.adnxs.com tcp
GB 142.250.187.194:443 googleads.g.doubleclick.net udp
DE 51.89.9.253:443 onetag-sys.com udp
US 8.8.8.8:53 bh.contextweb.com udp
US 8.8.8.8:53 match.prod.bidr.io udp
NL 208.93.169.131:443 bh.contextweb.com tcp
IE 54.171.185.234:443 match.prod.bidr.io tcp
US 8.8.8.8:53 rtb-csync.smartadserver.com udp
US 8.8.8.8:53 ce.lijit.com udp
US 8.8.8.8:53 s0.2mdn.net udp
FR 217.182.178.233:443 rtb-csync.smartadserver.com tcp
IE 99.81.94.169:443 ce.lijit.com tcp
GB 172.217.169.70:443 s0.2mdn.net tcp
US 8.8.8.8:53 c1.adform.net udp
US 8.8.8.8:53 155.167.233.64.in-addr.arpa udp
US 8.8.8.8:53 70.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 234.185.171.54.in-addr.arpa udp
US 8.8.8.8:53 131.169.93.208.in-addr.arpa udp
US 8.8.8.8:53 233.178.182.217.in-addr.arpa udp
US 8.8.8.8:53 169.94.81.99.in-addr.arpa udp
US 8.8.8.8:53 70.169.217.172.in-addr.arpa udp
GB 172.217.169.70:443 s0.2mdn.net udp
DK 37.157.6.237:443 c1.adform.net tcp
US 8.8.8.8:53 googleads4.g.doubleclick.net udp
GB 216.58.204.66:443 googleads4.g.doubleclick.net tcp
US 80.77.87.163:443 cs.admanmedia.com tcp
US 8.8.8.8:53 t.adx.opera.com udp
GB 216.58.204.66:443 googleads4.g.doubleclick.net udp
NL 82.145.213.8:443 t.adx.opera.com tcp
US 8.8.8.8:53 237.6.157.37.in-addr.arpa udp
US 8.8.8.8:53 66.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 gum.criteo.com udp
NL 178.250.1.11:443 gum.criteo.com tcp
US 8.8.8.8:53 ads.us.e-planning.net udp
NL 193.3.178.3:443 ads.us.e-planning.net tcp
US 8.8.8.8:53 cm.g.doubleclick.net udp
GB 216.58.212.194:443 cm.g.doubleclick.net tcp
GB 216.58.212.194:443 cm.g.doubleclick.net udp
BE 18.239.208.60:443 video.primis.tech tcp
US 8.8.8.8:53 8.213.145.82.in-addr.arpa udp
US 8.8.8.8:53 11.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 3.178.3.193.in-addr.arpa udp
US 8.8.8.8:53 194.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
GB 172.217.16.234:443 jnn-pa.googleapis.com tcp
GB 172.217.16.234:443 jnn-pa.googleapis.com udp
GB 216.58.212.193:443 ep2.adtrafficquality.google udp
US 8.8.8.8:53 www.google.com udp
GB 172.217.16.228:443 www.google.com tcp
DE 162.19.138.116:443 lb.eu-1-id5-sync.com tcp
US 8.8.8.8:53 3.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 228.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 api.rlcdn.com udp
NL 46.228.174.117:443 sync.1rx.io tcp
US 8.8.8.8:53 pixel-sync.sitescout.com udp
US 8.8.8.8:53 pixel-us-east.rubiconproject.com udp
US 34.36.216.150:443 pixel-sync.sitescout.com tcp
US 34.120.133.55:443 api.rlcdn.com tcp
US 69.173.151.100:443 pixel-us-east.rubiconproject.com tcp
US 8.8.8.8:53 s.amazon-adsystem.com udp
US 8.8.8.8:53 play.google.com udp
US 98.82.156.207:443 s.amazon-adsystem.com tcp
GB 142.250.187.206:443 play.google.com tcp
GB 142.250.187.206:443 play.google.com tcp
GB 142.250.187.206:443 play.google.com udp
US 8.8.8.8:53 image8.pubmatic.com udp
GB 185.64.191.214:443 image8.pubmatic.com tcp
US 8.8.8.8:53 support.microsoft.com udp
US 34.149.40.38:443 u.4dex.io udp
US 8.8.8.8:53 150.216.36.34.in-addr.arpa udp
US 8.8.8.8:53 55.133.120.34.in-addr.arpa udp
US 8.8.8.8:53 100.151.173.69.in-addr.arpa udp
US 8.8.8.8:53 207.156.82.98.in-addr.arpa udp
US 8.8.8.8:53 167.205.23.2.in-addr.arpa udp
US 8.8.8.8:53 214.191.64.185.in-addr.arpa udp
US 8.8.8.8:53 64.246.107.13.in-addr.arpa udp
US 8.8.8.8:53 dis.criteo.com udp
US 8.8.8.8:53 secure.adnxs.com udp
NL 178.250.1.9:443 dis.criteo.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 support.content.office.net udp
US 8.8.8.8:53 cms.quantserve.com udp
US 8.8.8.8:53 data.adsrvr.org udp
GB 104.123.93.172:443 support.content.office.net tcp
US 8.8.8.8:53 aadcdn.msftauth.net udp
US 23.192.22.93:443 www.microsoft.com tcp
US 23.192.22.93:443 www.microsoft.com tcp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 browser.events.data.microsoft.com udp
US 8.8.8.8:53 js.monitor.azure.com udp
US 8.8.8.8:53 mem.gfx.ms udp
GB 2.23.205.233:443 c.s-microsoft.com tcp
US 152.199.21.175:443 aadcdn.msftauth.net tcp
US 52.168.117.169:443 browser.events.data.microsoft.com tcp
US 8.8.8.8:53 api.schemaapp.com udp
US 34.236.118.236:443 api.schemaapp.com tcp
GB 104.123.93.172:443 support.content.office.net tcp
GB 104.123.93.172:443 support.content.office.net tcp
GB 104.123.93.172:443 support.content.office.net tcp
GB 104.123.93.172:443 support.content.office.net tcp
GB 104.123.93.172:443 support.content.office.net tcp
GB 104.123.93.172:443 support.content.office.net tcp
US 8.8.8.8:53 login.microsoftonline.com udp
US 8.8.8.8:53 9.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 172.93.123.104.in-addr.arpa udp
US 8.8.8.8:53 93.22.192.23.in-addr.arpa udp
US 8.8.8.8:53 163.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 233.205.23.2.in-addr.arpa udp
US 8.8.8.8:53 175.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 169.117.168.52.in-addr.arpa udp
US 8.8.8.8:53 236.118.236.34.in-addr.arpa udp
NL 20.190.160.17:443 login.microsoftonline.com tcp
US 8.8.8.8:53 aadcdn.msauth.net udp
GB 2.19.117.36:443 qsearch-a.akamaihd.net tcp
US 8.8.8.8:53 s.company-target.com udp
US 34.96.71.22:443 s.company-target.com tcp
US 8.8.8.8:53 dnacdn.net udp
US 8.8.8.8:53 ag.gbc.criteo.com udp
US 8.8.8.8:53 gem.gbc.criteo.com udp
US 8.8.8.8:53 a.nel.cloudflare.com udp
FR 185.235.86.62:443 gem.gbc.criteo.com tcp
FR 185.235.86.193:443 ag.gbc.criteo.com tcp
NL 178.250.1.11:443 dnacdn.net tcp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 8.8.8.8:53 ice.360yield.com udp
IE 54.77.10.240:443 ice.360yield.com tcp
US 8.8.8.8:53 17.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 69.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 36.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 eu-u.openx.net udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 52.168.117.169:443 browser.events.data.microsoft.com tcp
US 8.8.8.8:53 acctcdn.msftauth.net udp
US 8.8.8.8:53 acctcdn.msauth.net udp
US 8.8.8.8:53 acctcdnmsftuswe2.azureedge.net udp
US 152.199.21.175:443 acctcdn.msftauth.net tcp
US 8.8.8.8:53 acctcdnvzeuno.azureedge.net udp
US 8.8.8.8:53 lgincdnmsftuswe2.azureedge.net udp
US 8.8.8.8:53 lgincdnvzeuno.azureedge.net udp
US 8.8.8.8:53 logincdn.msftauth.net udp
US 8.8.8.8:53 22.71.96.34.in-addr.arpa udp
US 8.8.8.8:53 193.86.235.185.in-addr.arpa udp
US 8.8.8.8:53 240.10.77.54.in-addr.arpa udp
US 8.8.8.8:53 62.86.235.185.in-addr.arpa udp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
US 8.8.8.8:53 ade.googlesyndication.com udp
GB 142.250.200.34:443 ade.googlesyndication.com tcp
US 8.8.8.8:53 34.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 privacyportal.onetrust.com udp
US 104.18.32.137:443 privacyportal.onetrust.com tcp
GB 142.250.187.225:443 tpc.googlesyndication.com udp
GB 172.217.16.228:443 www.google.com udp
US 8.8.8.8:53 137.32.18.104.in-addr.arpa udp
GB 142.250.200.34:443 ade.googlesyndication.com udp
NL 185.89.210.122:443 secure.adnxs.com tcp
FR 217.182.178.224:443 prg.smartadserver.com tcp
US 8.8.8.8:53 imasdk.googleapis.com udp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 185.89.210.20:443 secure.adnxs.com tcp
US 34.120.63.153:443 prebid.media.net udp
NL 178.250.1.56:443 grid.bidswitch.net tcp
US 8.8.8.8:53 csi.gstatic.com udp
BR 172.217.29.227:443 csi.gstatic.com tcp
BR 172.217.29.227:443 csi.gstatic.com tcp
US 8.8.8.8:53 227.29.217.172.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 sync.richaudience.com udp
DE 162.55.233.28:443 sync.richaudience.com tcp
US 8.8.8.8:53 28.233.55.162.in-addr.arpa udp
DE 18.195.234.25:443 match.sharethrough.com tcp
US 8.8.8.8:53 prebid.a-mo.net udp
FR 163.5.194.36:443 prebid.a-mo.net tcp
US 8.8.8.8:53 assets.a-mo.net udp
US 8.8.8.8:53 36.194.5.163.in-addr.arpa udp
US 104.19.158.19:443 assets.a-mo.net tcp
US 8.8.8.8:53 id.a-mx.com udp
NL 79.127.227.46:443 id.a-mx.com tcp
US 8.8.8.8:53 sync.a-mo.net udp
FR 163.5.194.32:443 sync.a-mo.net tcp
US 8.8.8.8:53 csm.nl3.eu.criteo.net udp
NL 178.250.1.25:443 csm.nl3.eu.criteo.net tcp
US 8.8.8.8:53 19.158.19.104.in-addr.arpa udp
US 8.8.8.8:53 46.227.127.79.in-addr.arpa udp
US 8.8.8.8:53 32.194.5.163.in-addr.arpa udp
US 8.8.8.8:53 25.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 c.amazon-adsystem.com udp
US 8.8.8.8:53 tags.bkrtx.com udp
GB 104.78.165.146:443 tags.bkrtx.com tcp
US 130.211.23.194:443 api.btloader.com udp
US 34.117.250.57:443 material.anonymised.io udp
US 34.107.217.107:443 aegis.anonymised.io udp
US 8.8.8.8:53 1407cb13b0a044eaf018f92f58364605.safeframe.googlesyndication.com udp
DE 162.19.138.82:443 lb.eu-1-id5-sync.com tcp
FR 185.235.86.193:443 ag.gbc.criteo.com tcp
FR 185.235.86.62:443 gem.gbc.criteo.com tcp
US 8.8.8.8:53 s.external1.primis.tech udp
FR 91.134.110.132:443 ssbsync.smartadserver.com tcp
IE 34.254.99.169:443 s.external1.primis.tech tcp
NL 185.89.210.122:443 secure.adnxs.com tcp
FR 217.182.178.224:443 prg.smartadserver.com tcp
IE 67.220.226.238:443 aax-eu.amazon-adsystem.com tcp
US 8.8.8.8:53 169.99.254.34.in-addr.arpa udp
IE 34.254.99.169:443 s.external1.primis.tech tcp
US 8.8.8.8:53 cadmus2.script.ac udp
US 104.18.23.145:443 cadmus2.script.ac tcp
US 8.8.8.8:53 c.gumgum.com udp
FR 99.86.91.77:443 c.gumgum.com tcp
US 8.8.8.8:53 77.91.86.99.in-addr.arpa udp
US 8.8.8.8:53 js.gumgum.com udp
FR 18.244.28.96:443 js.gumgum.com tcp
US 8.8.8.8:53 js-sec.indexww.com udp
US 104.18.24.18:443 js-sec.indexww.com tcp
US 34.36.216.150:443 pixel-sync.sitescout.com udp
US 8.8.8.8:53 s.ad.smaato.net udp
US 80.77.87.163:443 cs.admanmedia.com tcp
US 34.96.71.22:443 s.company-target.com udp
FR 18.164.52.4:443 s.ad.smaato.net tcp
FR 99.86.91.77:443 c.gumgum.com tcp
US 8.8.8.8:53 g2.gumgum.com udp
US 8.8.8.8:53 aba.gumgum.com udp
US 8.8.8.8:53 gumgum.com udp
IE 54.76.232.73:443 g2.gumgum.com tcp
FR 3.165.136.15:443 aba.gumgum.com tcp
FR 18.244.28.96:443 js.gumgum.com tcp
FR 99.86.91.24:443 gumgum.com tcp
US 8.8.8.8:53 96.28.244.18.in-addr.arpa udp
US 8.8.8.8:53 18.24.18.104.in-addr.arpa udp
US 8.8.8.8:53 4.52.164.18.in-addr.arpa udp
US 80.77.87.163:443 cs.admanmedia.com tcp
DE 162.19.138.116:443 lb.eu-1-id5-sync.com tcp
US 8.8.8.8:53 ie-g2.gumgum.com udp
FR 217.182.178.233:443 rtb-csync.smartadserver.com tcp
IE 34.241.121.215:443 ie-g2.gumgum.com tcp
IE 34.241.121.215:443 ie-g2.gumgum.com tcp
IE 34.241.121.215:443 ie-g2.gumgum.com tcp
US 8.8.8.8:53 id.rlcdn.com udp
US 35.244.174.68:443 id.rlcdn.com tcp
US 8.8.8.8:53 cdn.justpremium.com udp
US 8.8.8.8:53 rtb.gumgum.com udp
US 35.244.174.68:443 id.rlcdn.com udp
FR 18.164.52.70:443 cdn.justpremium.com tcp
BR 172.217.29.227:443 csi.gstatic.com udp
US 8.8.8.8:53 tracking.justpremium.com udp
DE 52.59.4.26:443 tracking.justpremium.com tcp
US 8.8.8.8:53 15.136.165.3.in-addr.arpa udp
US 8.8.8.8:53 73.232.76.54.in-addr.arpa udp
US 8.8.8.8:53 24.91.86.99.in-addr.arpa udp
US 8.8.8.8:53 215.121.241.34.in-addr.arpa udp
US 8.8.8.8:53 68.174.244.35.in-addr.arpa udp
US 8.8.8.8:53 70.52.164.18.in-addr.arpa udp
US 8.8.8.8:53 26.4.59.52.in-addr.arpa udp
DE 52.59.4.26:443 tracking.justpremium.com tcp
US 8.8.8.8:53 pixel.adsafeprotected.com udp
US 54.191.0.77:443 pixel.adsafeprotected.com tcp
US 8.8.8.8:53 cdn.doubleverify.com udp
US 8.8.8.8:53 attentionxyz.com udp
GB 2.18.190.147:443 cdn.doubleverify.com tcp
FR 13.32.145.108:443 attentionxyz.com tcp
FR 13.32.145.108:443 attentionxyz.com tcp
FR 13.32.145.108:443 attentionxyz.com tcp
FR 13.32.145.108:443 attentionxyz.com tcp
FR 18.164.52.70:443 cdn.justpremium.com tcp
US 8.8.8.8:53 api.attentionxyz.com udp
US 34.117.222.118:443 api.attentionxyz.com tcp
US 8.8.8.8:53 77.0.191.54.in-addr.arpa udp
US 8.8.8.8:53 147.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 108.145.32.13.in-addr.arpa udp
US 8.8.8.8:53 tps.doubleverify.com udp
US 130.211.44.5:443 tps.doubleverify.com tcp
IE 54.76.232.73:443 rtb.gumgum.com tcp
US 34.117.222.118:443 api.attentionxyz.com udp
US 8.8.8.8:53 static.adsafeprotected.com udp
BE 18.239.208.69:443 static.adsafeprotected.com tcp
US 8.8.8.8:53 118.222.117.34.in-addr.arpa udp
US 8.8.8.8:53 5.44.211.130.in-addr.arpa udp
US 8.8.8.8:53 tps-dn-ew1.doubleverify.com udp
BE 35.210.149.152:443 tps-dn-ew1.doubleverify.com tcp
US 8.8.8.8:53 cdn.privacy-mgmt.com udp
US 8.8.8.8:53 tpsc-ew1.doubleverify.com udp
GB 142.250.200.2:443 securepubads.g.doubleclick.net udp
US 130.211.44.5:443 tpsc-ew1.doubleverify.com tcp
US 130.211.44.5:443 tpsc-ew1.doubleverify.com tcp
US 130.211.44.5:443 tpsc-ew1.doubleverify.com tcp
US 130.211.44.5:443 tpsc-ew1.doubleverify.com tcp
US 130.211.44.5:443 tpsc-ew1.doubleverify.com tcp
US 130.211.44.5:443 tpsc-ew1.doubleverify.com tcp
US 8.8.8.8:53 dt.adsafeprotected.com udp
US 3.215.14.163:443 dt.adsafeprotected.com tcp
US 3.215.14.163:443 dt.adsafeprotected.com tcp
US 8.8.8.8:53 69.208.239.18.in-addr.arpa udp
US 8.8.8.8:53 152.149.210.35.in-addr.arpa udp
US 8.8.8.8:53 unpkg.com udp
US 104.17.245.203:443 unpkg.com tcp
US 8.8.8.8:53 connect.facebook.net udp
CH 157.240.17.15:443 connect.facebook.net tcp
US 8.8.8.8:53 163.14.215.3.in-addr.arpa udp
US 8.8.8.8:53 203.245.17.104.in-addr.arpa udp
US 8.8.8.8:53 15.17.240.157.in-addr.arpa udp
US 8.8.8.8:53 platform.twitter.com udp
GB 146.75.72.157:443 platform.twitter.com tcp
US 8.8.8.8:53 syndication.twitter.com udp
US 104.244.42.72:443 syndication.twitter.com tcp
US 8.8.8.8:53 157.72.75.146.in-addr.arpa udp
US 8.8.8.8:53 72.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 dabb22b92665bd06878515e1de9577e6.safeframe.googlesyndication.com udp
FR 185.235.86.193:443 ag.gbc.criteo.com tcp
FR 185.235.86.62:443 gem.gbc.criteo.com tcp
DE 162.19.138.82:443 lb.eu-1-id5-sync.com tcp
FR 91.134.110.132:443 ssbsync.smartadserver.com tcp
US 8.8.8.8:53 adx.adform.net udp
NL 185.89.210.122:443 secure.adnxs.com tcp
FR 217.182.178.224:443 prg.smartadserver.com tcp
NL 178.250.1.56:443 grid.bidswitch.net tcp
GB 142.250.187.225:443 tpc.googlesyndication.com udp
US 35.244.159.8:443 eu-u.openx.net udp
FR 217.182.178.233:443 rtb-csync.smartadserver.com tcp
DE 162.19.138.116:443 lb.eu-1-id5-sync.com tcp
DE 18.195.234.25:443 match.sharethrough.com tcp
US 8.8.8.8:53 wt.rqtrk.eu udp
DE 57.129.18.113:443 wt.rqtrk.eu tcp
GB 216.58.212.193:443 ep2.adtrafficquality.google udp
US 8.8.8.8:53 113.18.129.57.in-addr.arpa udp
US 8.8.8.8:53 live.primis.tech udp
BE 18.239.208.77:443 live.primis.tech tcp
US 8.8.8.8:53 77.208.239.18.in-addr.arpa udp
US 8.8.8.8:53 steamcommunity.com udp
GB 104.82.234.109:443 steamcommunity.com tcp
GB 104.82.234.109:443 steamcommunity.com tcp
US 8.8.8.8:53 www.google.co.uk udp
GB 142.250.179.227:443 www.google.co.uk udp
US 8.8.8.8:53 109.234.82.104.in-addr.arpa udp
US 8.8.8.8:53 community.fastly.steamstatic.com udp
US 151.101.67.52:443 community.fastly.steamstatic.com tcp
US 151.101.67.52:443 community.fastly.steamstatic.com tcp
US 151.101.67.52:443 community.fastly.steamstatic.com tcp
US 151.101.67.52:443 community.fastly.steamstatic.com tcp
US 151.101.67.52:443 community.fastly.steamstatic.com tcp
US 151.101.67.52:443 community.fastly.steamstatic.com tcp
US 151.101.67.52:443 community.fastly.steamstatic.com tcp
US 8.8.8.8:53 cdn.fastly.steamstatic.com udp
US 8.8.8.8:53 avatars.fastly.steamstatic.com udp
US 8.8.8.8:53 shared.fastly.steamstatic.com udp
US 151.101.67.52:443 shared.fastly.steamstatic.com tcp
US 151.101.67.52:443 shared.fastly.steamstatic.com tcp
US 151.101.3.52:443 shared.fastly.steamstatic.com tcp
US 151.101.3.52:443 shared.fastly.steamstatic.com tcp
US 151.101.3.52:443 shared.fastly.steamstatic.com tcp
US 151.101.3.52:443 shared.fastly.steamstatic.com tcp
US 151.101.3.52:443 shared.fastly.steamstatic.com tcp
US 151.101.3.52:443 shared.fastly.steamstatic.com tcp
US 151.101.67.52:443 shared.fastly.steamstatic.com tcp
US 151.101.67.52:443 shared.fastly.steamstatic.com tcp
US 8.8.8.8:53 52.67.101.151.in-addr.arpa udp
US 8.8.8.8:53 52.3.101.151.in-addr.arpa udp
US 8.8.8.8:53 store.steampowered.com udp
US 23.192.21.216:443 store.steampowered.com tcp
US 8.8.8.8:53 help.steampowered.com udp
GB 104.82.234.109:443 help.steampowered.com tcp
US 8.8.8.8:53 216.21.192.23.in-addr.arpa udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 45.77.76.124:443 exchange.kueezrtb.com tcp
NL 185.89.210.20:443 secure.adnxs.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 178.250.1.56:443 grid.bidswitch.net tcp
US 34.120.63.153:443 prebid.media.net udp
US 216.239.34.36:443 region1.analytics.google.com udp
US 8.8.8.8:53 steamcdn-a.akamaihd.net udp
GB 104.91.71.76:443 steamcdn-a.akamaihd.net tcp
US 8.8.8.8:53 76.71.91.104.in-addr.arpa udp
DK 37.157.6.231:443 adx.adform.net tcp
US 8.8.8.8:53 231.6.157.37.in-addr.arpa udp
US 8.8.8.8:53 steamcommunity.com udp
US 8.8.8.8:53 community.fastly.steamstatic.com udp
US 8.8.8.8:53 11.173.189.20.in-addr.arpa udp
GB 92.123.128.162:443 www.bing.com tcp
US 8.8.8.8:53 162.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
GB 92.123.128.146:443 th.bing.com tcp
GB 92.123.128.195:443 r.bing.com tcp
GB 92.123.128.195:443 r.bing.com tcp
GB 92.123.128.146:443 th.bing.com tcp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 login.microsoftonline.com udp
NL 40.126.32.76:443 login.microsoftonline.com tcp
US 8.8.8.8:53 146.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 195.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 76.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 237.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 testfamilysafety.bing.com udp
US 204.79.197.201:443 testfamilysafety.bing.com tcp
US 8.8.8.8:53 201.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
GB 92.123.128.146:443 th.bing.com tcp
DK 37.157.6.231:443 adx.adform.net tcp
US 8.8.8.8:53 aefd.nelreports.net udp
GB 2.19.117.143:443 aefd.nelreports.net tcp
US 8.8.8.8:53 143.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 www.techradar.com udp
US 151.101.130.114:443 www.techradar.com tcp
US 151.101.130.114:443 www.techradar.com tcp
US 8.8.8.8:53 bordeaux.futurecdn.net udp
US 8.8.8.8:53 vanilla.futurecdn.net udp
US 8.8.8.8:53 cdn.mos.cms.futurecdn.net udp
US 151.101.130.114:443 www.techradar.com udp
FR 18.155.129.118:443 cdn.mos.cms.futurecdn.net tcp
FR 52.222.169.84:443 bordeaux.futurecdn.net tcp
US 8.8.8.8:53 cdn.jwplayer.com udp
US 8.8.8.8:53 cdn.privacy-mgmt.com udp
FR 52.84.174.66:443 vanilla.futurecdn.net tcp
FR 52.84.174.66:443 vanilla.futurecdn.net tcp
FR 52.84.174.66:443 vanilla.futurecdn.net tcp
FR 52.84.174.66:443 vanilla.futurecdn.net tcp
US 8.8.8.8:53 cdn.taboola.com udp
FR 52.84.174.66:443 vanilla.futurecdn.net tcp
US 8.8.8.8:53 hawk.techradar.com udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 slice.vanilla.futurecdn.net udp
FR 18.245.199.15:443 cdn.privacy-mgmt.com tcp
US 8.8.8.8:53 search-api.fie.futurecdn.net udp
FR 52.222.169.84:443 bordeaux.futurecdn.net tcp
US 8.8.8.8:53 champagne.futurecdn.net udp
US 8.8.8.8:53 uk-script.dotmetrics.net udp
US 8.8.8.8:53 freyr.futurecdn.net udp
US 8.8.8.8:53 6093eccf-6734-4877-ac8b-83d6d0e27b46.edge.permutive.app udp
US 8.8.8.8:53 sommelier.futurehybrid.tech udp
FR 3.162.38.111:443 champagne.futurecdn.net tcp
BE 18.239.208.46:443 uk-script.dotmetrics.net tcp
US 151.101.2.114:443 search-api.fie.futurecdn.net tcp
US 151.101.2.114:443 search-api.fie.futurecdn.net tcp
US 8.8.8.8:53 widgets.hawk-assets.co.uk udp
FR 18.244.28.32:443 freyr.futurecdn.net tcp
US 8.8.8.8:53 search-api.fie.future.net.uk udp
US 151.101.2.114:443 search-api.fie.futurecdn.net tcp
GB 185.113.25.52:443 search-api.fie.future.net.uk tcp
US 8.8.8.8:53 cdn.parsely.com udp
FR 52.222.200.60:443 cdn.parsely.com tcp
FR 18.245.199.15:443 cdn.privacy-mgmt.com tcp
US 8.8.8.8:53 114.130.101.151.in-addr.arpa udp
US 8.8.8.8:53 118.129.155.18.in-addr.arpa udp
US 8.8.8.8:53 84.169.222.52.in-addr.arpa udp
US 8.8.8.8:53 66.174.84.52.in-addr.arpa udp
US 8.8.8.8:53 114.2.101.151.in-addr.arpa udp
US 8.8.8.8:53 111.38.162.3.in-addr.arpa udp
US 8.8.8.8:53 46.208.239.18.in-addr.arpa udp
US 8.8.8.8:53 32.28.244.18.in-addr.arpa udp
US 8.8.8.8:53 52.25.113.185.in-addr.arpa udp
US 8.8.8.8:53 60.200.222.52.in-addr.arpa udp
US 8.8.8.8:53 www3.doubleclick.net udp
GB 216.58.201.110:443 www3.doubleclick.net tcp
US 8.8.8.8:53 p1.parsely.com udp
US 151.101.130.114:443 search-api.fie.futurecdn.net tcp
IE 54.155.18.159:443 p1.parsely.com tcp
US 8.8.8.8:53 eventsproxy.gargantuan.futureplc.com udp
US 8.8.8.8:53 marketingplatform.google.com udp
IE 52.17.195.18:443 eventsproxy.gargantuan.futureplc.com tcp
GB 142.250.187.238:443 marketingplatform.google.com tcp
FR 3.164.163.81:443 cdn.jwplayer.com tcp
US 8.8.8.8:53 sr.studiostack.com udp
US 8.8.8.8:53 content.jwplatform.com udp
FR 3.164.163.78:443 content.jwplatform.com tcp
GB 51.104.28.77:443 sr.studiostack.com tcp
US 151.101.130.114:443 search-api.fie.futurecdn.net udp
US 8.8.8.8:53 api.permutive.com udp
US 8.8.8.8:53 ads.servebom.com udp
IE 52.212.165.252:443 sommelier.futurehybrid.tech tcp
US 151.101.130.114:443 search-api.fie.futurecdn.net udp
US 34.107.254.252:443 api.permutive.com udp
FR 52.222.149.106:443 ads.servebom.com tcp
US 8.8.8.8:53 rm-script.dotmetrics.net udp
FR 52.222.169.122:443 rm-script.dotmetrics.net tcp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 159.18.155.54.in-addr.arpa udp
US 8.8.8.8:53 18.195.17.52.in-addr.arpa udp
US 8.8.8.8:53 81.163.164.3.in-addr.arpa udp
US 8.8.8.8:53 77.28.104.51.in-addr.arpa udp
US 8.8.8.8:53 78.163.164.3.in-addr.arpa udp
US 8.8.8.8:53 252.165.212.52.in-addr.arpa udp
US 8.8.8.8:53 106.149.222.52.in-addr.arpa udp
US 8.8.8.8:53 122.169.222.52.in-addr.arpa udp
US 8.8.8.8:53 r.skimresources.com udp
US 35.190.59.101:443 r.skimresources.com tcp
US 8.8.8.8:53 region1.google-analytics.com udp
US 35.190.59.101:443 r.skimresources.com udp
US 216.239.34.36:443 region1.google-analytics.com udp
US 151.101.2.114:443 search-api.fie.futurecdn.net udp
US 8.8.8.8:53 sb.scorecardresearch.com udp
FR 52.222.169.106:443 sb.scorecardresearch.com tcp
US 8.8.8.8:53 101.59.190.35.in-addr.arpa udp
US 8.8.8.8:53 106.169.222.52.in-addr.arpa udp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 connect.facebook.net udp
US 8.8.8.8:53 futureplc-com.videoplayerhub.com udp
US 8.8.8.8:53 ml314.com udp
US 8.8.8.8:53 cdn.brandmetrics.com udp
US 8.8.8.8:53 p.cpx.to udp
US 8.8.8.8:53 cdn.p-n.io udp
US 8.8.8.8:53 functions.adnami.io udp
GB 142.250.200.2:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 vi.ml314.com udp
GB 142.250.179.227:443 www.google.co.uk udp
US 8.8.8.8:53 analytics.tiktok.com udp
US 8.8.8.8:53 c.aps.amazon-adsystem.com udp
US 8.8.8.8:53 prod.euid.eu udp
US 8.8.8.8:53 6093eccf-6734-4877-ac8b-83d6d0e27b46.prmutv.co udp
US 34.117.77.79:443 ml314.com tcp
CH 157.240.17.15:443 connect.facebook.net tcp
US 35.201.104.135:443 vi.ml314.com tcp
US 104.26.0.90:443 cdn.brandmetrics.com tcp
US 172.67.74.207:443 futureplc-com.videoplayerhub.com tcp
DE 37.252.173.215:443 ib.adnxs-simple.com tcp
GB 88.221.134.161:443 functions.adnami.io tcp
GB 95.100.104.14:443 analytics.tiktok.com tcp
FR 3.162.38.26:443 cdn.p-n.io tcp
GB 18.133.1.224:443 prod.euid.eu tcp
FR 99.86.91.95:443 c.aps.amazon-adsystem.com tcp
IE 52.17.47.178:443 p.cpx.to tcp
US 216.239.34.36:443 region1.analytics.google.com udp
US 8.8.8.8:53 cdn.adsafeprotected.com udp
US 8.8.8.8:53 ats-wrapper.privacymanager.io udp
US 8.8.8.8:53 cdn.pbxai.com udp
US 151.101.1.44:443 cdn.taboola.com tcp
FR 99.86.91.74:443 cdn.adsafeprotected.com tcp
FR 3.162.38.47:443 ats-wrapper.privacymanager.io tcp
US 151.101.66.217:443 scripts.webcontentassessor.com tcp
GB 143.244.38.136:443 cdn.pbxai.com tcp
US 34.117.77.79:443 ml314.com udp
US 8.8.8.8:53 in.ml314.com udp
US 44.214.186.16:443 in.ml314.com tcp
US 3.33.220.150:443 data.adsrvr.org tcp
US 8.8.8.8:53 api.rlcdn.com udp
US 34.120.133.55:443 api.rlcdn.com udp
US 8.8.8.8:53 79.77.117.34.in-addr.arpa udp
US 8.8.8.8:53 90.0.26.104.in-addr.arpa udp
US 8.8.8.8:53 207.74.67.172.in-addr.arpa udp
US 8.8.8.8:53 135.104.201.35.in-addr.arpa udp
US 8.8.8.8:53 161.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 14.104.100.95.in-addr.arpa udp
US 8.8.8.8:53 224.1.133.18.in-addr.arpa udp
US 8.8.8.8:53 26.38.162.3.in-addr.arpa udp
US 8.8.8.8:53 215.173.252.37.in-addr.arpa udp
US 8.8.8.8:53 95.91.86.99.in-addr.arpa udp
US 8.8.8.8:53 178.47.17.52.in-addr.arpa udp
US 8.8.8.8:53 44.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 74.91.86.99.in-addr.arpa udp
US 8.8.8.8:53 217.66.101.151.in-addr.arpa udp
US 8.8.8.8:53 16.186.214.44.in-addr.arpa udp
US 8.8.8.8:53 ssum-sec.casalemedia.com udp
US 8.8.8.8:53 ads.pubmatic.com udp
US 8.8.8.8:53 secure-assets.rubiconproject.com udp
US 8.8.8.8:53 pixel.advertising.com udp
US 8.8.8.8:53 ups.analytics.yahoo.com udp
GB 2.23.204.244:443 ads.pubmatic.com tcp
US 8.8.8.8:53 x.bidswitch.net udp
US 8.8.8.8:53 match.sharethrough.com udp
US 8.8.8.8:53 trc.taboola.com udp
GB 23.215.239.190:443 secure-assets.rubiconproject.com tcp
US 8.8.8.8:53 pm-widget.taboola.com udp
US 8.8.8.8:53 floor.pbxai.com udp
US 8.8.8.8:53 macro.adnami.io udp
US 8.8.8.8:53 visitor.omnitagjs.com udp
US 8.8.8.8:53 cs-server-s2s.yellowblue.io udp
GB 87.248.114.12:443 ups.analytics.yahoo.com tcp
GB 23.215.239.190:443 secure-assets.rubiconproject.com tcp
GB 88.221.134.186:443 macro.adnami.io tcp
FR 185.255.84.152:443 visitor.omnitagjs.com tcp
DE 18.197.30.174:443 match.sharethrough.com tcp
US 3.214.207.9:443 cs-server-s2s.yellowblue.io tcp
GB 13.43.251.212:443 floor.pbxai.com tcp
US 8.8.8.8:53 eus.rubiconproject.com udp
GB 23.44.65.229:443 eus.rubiconproject.com tcp
US 8.8.8.8:53 pixel.servebom.com udp
US 8.8.8.8:53 12.114.248.87.in-addr.arpa udp
US 8.8.8.8:53 186.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 152.84.255.185.in-addr.arpa udp
US 8.8.8.8:53 212.251.43.13.in-addr.arpa udp
US 8.8.8.8:53 174.30.197.18.in-addr.arpa udp
US 8.8.8.8:53 9.207.214.3.in-addr.arpa udp
FR 18.244.28.4:443 pixel.servebom.com tcp
FR 18.244.28.4:443 pixel.servebom.com tcp
FR 18.244.28.4:443 pixel.servebom.com tcp
US 8.8.8.8:53 secure.adnxs.com udp
US 8.8.8.8:53 creativecdn.com udp
NL 35.214.136.108:443 x.bidswitch.net udp
US 8.8.8.8:53 sync.1rx.io udp
US 8.8.8.8:53 api-2-0.spot.im udp
US 8.8.8.8:53 bc-sync.com udp
NL 35.214.216.122:443 csync.loopme.me tcp
US 8.8.8.8:53 b1sync.zemanta.com udp
US 8.8.8.8:53 image8.pubmatic.com udp
US 8.8.8.8:53 sync.srv.stackadapt.com udp
US 8.8.8.8:53 jadserve.postrelease.com udp
US 8.8.8.8:53 ap.lijit.com udp
US 8.8.8.8:53 id.rlcdn.com udp
US 8.8.8.8:53 sync-service.net udp
NL 185.184.8.90:443 creativecdn.com tcp
NL 185.89.210.122:443 secure.adnxs.com tcp
NL 185.89.210.122:443 secure.adnxs.com tcp
US 35.244.174.68:443 id.rlcdn.com udp
IE 54.155.94.181:443 jadserve.postrelease.com tcp
US 64.202.112.63:443 b1sync.zemanta.com tcp
US 64.202.112.63:443 b1sync.zemanta.com tcp
US 204.62.12.209:443 sync-service.net tcp
NL 198.47.127.18:443 image8.pubmatic.com tcp
IE 52.214.208.58:443 ap.lijit.com tcp
US 54.147.116.58:443 sync.srv.stackadapt.com tcp
US 8.2.108.175:443 bc-sync.com tcp
NL 46.228.174.117:443 sync.1rx.io tcp
US 44.218.229.239:443 api-2-0.spot.im tcp
US 8.8.8.8:53 eu-west-1-cs-rtb.openwebmp.com udp
US 8.8.8.8:53 ssc-cms.33across.com udp
US 8.8.8.8:53 player.aniview.com udp
US 8.8.8.8:53 onetag-sys.com udp
US 8.8.8.8:53 ssbsync.smartadserver.com udp
US 67.202.105.24:443 ssc-cms.33across.com tcp
NL 81.17.55.108:443 ssbsync.smartadserver.com tcp
FR 3.165.113.114:443 eu-west-1-cs-rtb.openwebmp.com tcp
US 8.8.8.8:53 bttrack.com udp
US 8.2.108.175:443 bc-sync.com tcp
DE 51.89.9.251:443 onetag-sys.com tcp
GB 2.20.12.70:443 player.aniview.com tcp
US 192.132.33.68:443 bttrack.com tcp
US 8.8.8.8:53 c.amazon-adsystem.com udp
US 8.8.8.8:53 purch-sync.go.sonobi.com udp
US 8.8.8.8:53 config.aps.amazon-adsystem.com udp
US 67.202.105.24:443 ssc-cms.33across.com tcp
US 8.8.8.8:53 us-u.openx.net udp
FR 52.84.174.60:443 config.aps.amazon-adsystem.com tcp
US 69.166.1.66:443 purch-sync.go.sonobi.com tcp
US 69.166.1.66:443 purch-sync.go.sonobi.com tcp
FR 18.245.194.122:443 c.amazon-adsystem.com tcp
US 8.8.8.8:53 s.cpx.to udp
US 8.8.8.8:53 aax.amazon-adsystem.com udp
US 8.8.8.8:53 pixel.adsafeprotected.com udp
US 8.8.8.8:53 www.facebook.com udp
IE 63.33.250.124:443 s.cpx.to tcp
US 8.8.8.8:53 rtb.mfadsrvr.com udp
US 8.8.8.8:53 pixel.rubiconproject.com udp
GB 157.240.214.35:443 www.facebook.com tcp
US 8.8.8.8:53 cm.g.doubleclick.net udp
US 8.8.8.8:53 229.65.44.23.in-addr.arpa udp
US 8.8.8.8:53 4.28.244.18.in-addr.arpa udp
US 8.8.8.8:53 18.127.47.198.in-addr.arpa udp
US 8.8.8.8:53 181.94.155.54.in-addr.arpa udp
US 8.8.8.8:53 58.208.214.52.in-addr.arpa udp
US 35.165.200.101:443 pixel.adsafeprotected.com tcp
US 8.8.8.8:53 63.112.202.64.in-addr.arpa udp
US 8.8.8.8:53 209.12.62.204.in-addr.arpa udp
US 8.8.8.8:53 58.116.147.54.in-addr.arpa udp
US 8.8.8.8:53 239.229.218.44.in-addr.arpa udp
US 8.8.8.8:53 108.55.17.81.in-addr.arpa udp
US 8.8.8.8:53 114.113.165.3.in-addr.arpa udp
US 8.8.8.8:53 70.12.20.2.in-addr.arpa udp
US 8.8.8.8:53 251.9.89.51.in-addr.arpa udp
US 8.8.8.8:53 68.33.132.192.in-addr.arpa udp
US 8.8.8.8:53 60.174.84.52.in-addr.arpa udp
FR 52.84.179.171:443 aax.amazon-adsystem.com tcp
US 8.8.8.8:53 24.105.202.67.in-addr.arpa udp
US 8.8.8.8:53 66.1.166.69.in-addr.arpa udp
NL 35.214.199.88:443 rtb.mfadsrvr.com udp
GB 216.58.212.226:443 cm.g.doubleclick.net udp
NL 69.173.156.149:443 pixel.rubiconproject.com tcp
US 8.8.8.8:53 image6.pubmatic.com udp
US 35.244.159.8:443 us-u.openx.net udp
GB 216.58.212.226:443 cm.g.doubleclick.net tcp
GB 185.64.190.78:443 image6.pubmatic.com tcp
US 8.8.8.8:53 grid-bidder.criteo.com udp
US 8.8.8.8:53 tlx.3lift.com udp
US 8.8.8.8:53 prebid.a-mo.net udp
US 8.8.8.8:53 hb.undertone.com udp
US 8.8.8.8:53 ads.yieldmo.com udp
US 8.8.8.8:53 fastlane.rubiconproject.com udp
NL 178.250.1.4:443 grid-bidder.criteo.com tcp
FR 13.32.145.9:443 hb.undertone.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
DE 18.157.230.4:443 tlx.3lift.com tcp
FR 163.5.194.31:443 prebid.a-mo.net tcp
IE 52.213.241.43:443 ads.yieldmo.com tcp
US 8.8.8.8:53 pr-bh.ybp.yahoo.com udp
DE 51.89.9.251:443 onetag-sys.com udp
IE 34.251.26.95:443 pr-bh.ybp.yahoo.com tcp
US 8.8.8.8:53 api.btloader.com udp
US 8.8.8.8:53 am-trc-events.taboola.com udp
US 8.8.8.8:53 tags.crwdcntrl.net udp
NL 141.226.228.48:443 am-trc-events.taboola.com tcp
NL 141.226.228.48:443 am-trc-events.taboola.com tcp
NL 141.226.228.48:443 am-trc-events.taboola.com tcp
NL 141.226.228.48:443 am-trc-events.taboola.com tcp
NL 141.226.228.48:443 am-trc-events.taboola.com tcp
NL 141.226.228.48:443 am-trc-events.taboola.com tcp
US 8.8.8.8:53 124.250.33.63.in-addr.arpa udp
US 8.8.8.8:53 35.214.240.157.in-addr.arpa udp
US 130.211.23.194:443 api.btloader.com udp
US 8.8.8.8:53 171.179.84.52.in-addr.arpa udp
US 8.8.8.8:53 226.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 78.190.64.185.in-addr.arpa udp
US 8.8.8.8:53 101.200.165.35.in-addr.arpa udp
US 8.8.8.8:53 4.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 9.145.32.13.in-addr.arpa udp
US 8.8.8.8:53 31.194.5.163.in-addr.arpa udp
US 8.8.8.8:53 43.241.213.52.in-addr.arpa udp
US 8.8.8.8:53 95.26.251.34.in-addr.arpa udp
FR 18.155.129.21:443 tags.crwdcntrl.net tcp
US 8.8.8.8:53 48.228.226.141.in-addr.arpa udp
US 8.8.8.8:53 21.129.155.18.in-addr.arpa udp
US 8.8.8.8:53 beacon.taboola.com udp
US 8.8.8.8:53 vidstat.taboola.com udp
US 8.8.8.8:53 sync.taboola.com udp
NL 35.214.168.80:443 trace-eu.mediago.io tcp
NL 35.214.168.80:443 trace-eu.mediago.io tcp
IE 54.155.18.159:443 p1.parsely.com tcp
IE 52.17.195.18:443 eventsproxy.gargantuan.futureplc.com tcp
NL 178.250.1.25:443 csm.nl3.eu.criteo.net tcp
US 8.8.8.8:53 80.168.214.35.in-addr.arpa udp
US 8.8.8.8:53 2.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 fpt.microsoft.com udp
US 52.167.30.171:443 fpt.microsoft.com tcp
US 8.8.8.8:53 fpt2.microsoft.com udp
US 8.8.8.8:53 171.30.167.52.in-addr.arpa udp
US 8.8.8.8:53 tse3.mm.bing.net udp
GB 2.19.117.143:443 aefd.nelreports.net udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 tse4.mm.bing.net udp
US 8.8.8.8:53 www.google.com udp
GB 172.217.16.228:443 www.google.com tcp
US 8.8.8.8:53 chrome.google.com udp
GB 142.250.200.14:443 chrome.google.com tcp
GB 172.217.16.228:443 www.google.com udp
US 8.8.8.8:53 35.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
GB 142.250.200.14:443 chrome.google.com tcp
US 8.8.8.8:53 chromewebstore.google.com udp
GB 142.250.178.14:443 chromewebstore.google.com tcp
US 8.8.8.8:53 lh3.googleusercontent.com udp
US 8.8.8.8:53 ssl.gstatic.com udp
GB 216.58.201.97:443 lh3.googleusercontent.com tcp
GB 216.58.201.97:443 lh3.googleusercontent.com tcp
GB 216.58.201.97:443 lh3.googleusercontent.com tcp
GB 216.58.201.97:443 lh3.googleusercontent.com tcp
GB 216.58.201.97:443 lh3.googleusercontent.com tcp
GB 216.58.201.97:443 lh3.googleusercontent.com tcp
GB 216.58.204.67:443 ssl.gstatic.com tcp
GB 216.58.204.67:443 ssl.gstatic.com tcp
GB 216.58.204.67:443 ssl.gstatic.com tcp
GB 216.58.204.67:443 ssl.gstatic.com tcp
GB 216.58.204.67:443 ssl.gstatic.com tcp
GB 216.58.201.97:443 lh3.googleusercontent.com udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 216.58.213.10:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 apis.google.com udp
GB 172.217.16.234:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.187.206:443 play.google.com tcp
GB 142.250.187.206:443 play.google.com tcp
GB 142.250.187.206:443 play.google.com udp
GB 142.250.200.14:443 apis.google.com udp
GB 142.250.178.14:443 chromewebstore.google.com udp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 8.8.8.8:53 97.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 10.213.58.216.in-addr.arpa udp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 scone-pa.clients6.google.com udp
GB 216.58.213.10:443 scone-pa.clients6.google.com tcp
GB 216.58.204.67:443 ssl.gstatic.com udp
GB 216.58.213.10:443 scone-pa.clients6.google.com udp
US 216.239.32.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 clients2.google.com udp
US 8.8.8.8:53 clients2.googleusercontent.com udp
GB 216.58.201.97:443 clients2.googleusercontent.com tcp
US 8.8.8.8:53 img.youtube.com udp
GB 216.58.201.97:443 clients2.googleusercontent.com udp
US 8.8.8.8:53 ogs.google.com udp
GB 172.217.16.228:443 www.google.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
DE 142.250.185.195:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 195.185.250.142.in-addr.arpa udp
GB 142.250.178.14:443 img.youtube.com udp
US 8.8.8.8:53 google.com udp
DE 142.250.185.195:443 beacons.gcp.gvt2.com udp
GB 142.250.187.238:443 google.com tcp
US 8.8.8.8:53 e2c57.gcp.gvt2.com udp
IT 35.219.224.178:443 e2c57.gcp.gvt2.com tcp
US 8.8.8.8:53 178.224.219.35.in-addr.arpa udp
US 8.8.8.8:53 beacons.gvt2.com udp
US 216.239.32.36:443 region1.google-analytics.com udp
GB 88.221.135.35:443 www.bing.com tcp
GB 88.221.135.35:443 www.bing.com udp
US 8.8.8.8:53 35.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
GB 88.221.135.32:443 th.bing.com tcp
GB 88.221.135.3:443 th.bing.com tcp
GB 88.221.135.3:443 th.bing.com tcp
GB 88.221.135.32:443 th.bing.com tcp
GB 88.221.135.3:443 th.bing.com udp
GB 88.221.135.3:443 th.bing.com udp
US 8.8.8.8:53 32.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 3.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 adf.ly udp
US 172.66.40.139:443 adf.ly tcp
US 172.66.40.139:443 adf.ly tcp
US 8.8.8.8:53 publisher.linkvertise.com udp
US 104.22.22.72:443 publisher.linkvertise.com tcp
US 8.8.8.8:53 139.40.66.172.in-addr.arpa udp
US 104.22.22.72:443 publisher.linkvertise.com udp
US 8.8.8.8:53 cdn.datatables.net udp
US 8.8.8.8:53 cdn.rawgit.com udp
US 8.8.8.8:53 maxcdn.bootstrapcdn.com udp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
US 104.26.9.123:443 cdn.datatables.net tcp
US 104.18.10.207:443 maxcdn.bootstrapcdn.com tcp
GB 143.244.38.136:443 cdn.rawgit.com tcp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 151.101.129.229:443 cdn.jsdelivr.net udp
US 104.18.10.207:443 maxcdn.bootstrapcdn.com udp
GB 143.244.38.136:443 cdn.rawgit.com udp
US 104.17.24.14:443 cdnjs.cloudflare.com udp
GB 172.217.169.10:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 player.vimeo.com udp
US 162.159.138.60:443 player.vimeo.com tcp
GB 172.217.16.228:443 www.google.com udp
US 8.8.8.8:53 rec.smartlook.com udp
US 8.8.8.8:53 ga.getresponse.com udp
GB 172.217.16.228:443 www.google.com tcp
FR 3.165.136.108:443 rec.smartlook.com tcp
PL 178.16.117.14:443 ga.getresponse.com tcp
FR 3.165.136.108:443 rec.smartlook.com udp
US 8.8.8.8:53 72.22.22.104.in-addr.arpa udp
US 8.8.8.8:53 14.24.17.104.in-addr.arpa udp
US 8.8.8.8:53 123.9.26.104.in-addr.arpa udp
US 8.8.8.8:53 207.10.18.104.in-addr.arpa udp
US 8.8.8.8:53 229.129.101.151.in-addr.arpa udp
US 8.8.8.8:53 10.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 60.138.159.162.in-addr.arpa udp
US 8.8.8.8:53 108.136.165.3.in-addr.arpa udp
US 8.8.8.8:53 14.117.16.178.in-addr.arpa udp
GB 172.217.16.228:443 www.google.com udp
GB 172.217.16.228:443 www.google.com tcp
US 162.159.138.60:443 player.vimeo.com tcp
US 8.8.8.8:53 fresnel.vimeocdn.com udp
US 8.8.8.8:53 f.vimeocdn.com udp
US 8.8.8.8:53 i.vimeocdn.com udp
US 34.120.202.204:443 fresnel.vimeocdn.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 151.101.128.217:443 i.vimeocdn.com tcp
US 151.101.2.109:443 f.vimeocdn.com tcp
US 151.101.2.109:443 f.vimeocdn.com tcp
US 151.101.2.109:443 f.vimeocdn.com tcp
FR 3.165.136.108:443 rec.smartlook.com udp
GB 142.250.179.226:443 googleads.g.doubleclick.net udp
GB 142.250.179.226:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 www.google.co.uk udp
GB 142.250.179.227:443 www.google.co.uk udp
GB 142.250.179.227:443 www.google.co.uk tcp
US 8.8.8.8:53 fresnel-events.vimeocdn.com udp
US 34.120.15.67:443 fresnel-events.vimeocdn.com tcp
US 8.8.8.8:53 player-telemetry.vimeo.com udp
US 34.120.202.204:443 player-telemetry.vimeo.com tcp
US 8.8.8.8:53 204.202.120.34.in-addr.arpa udp
US 8.8.8.8:53 217.128.101.151.in-addr.arpa udp
US 8.8.8.8:53 109.2.101.151.in-addr.arpa udp
US 8.8.8.8:53 67.15.120.34.in-addr.arpa udp
US 104.22.22.72:443 publisher.linkvertise.com udp
US 8.8.8.8:53 manager.eu.smartlook.cloud udp
DE 3.123.222.220:443 manager.eu.smartlook.cloud tcp
US 8.8.8.8:53 220.222.123.3.in-addr.arpa udp
DE 3.123.222.220:443 manager.eu.smartlook.cloud tcp
GB 88.221.135.3:443 th.bing.com udp
US 104.27.203.89:443 adfly.fileplanet.com tcp
US 104.27.203.89:443 adfly.fileplanet.com tcp
US 8.8.8.8:53 cdn.fileplanet.com udp
US 104.27.203.89:443 cdn.fileplanet.com udp
US 104.27.203.89:443 cdn.fileplanet.com udp
US 8.8.8.8:53 static.cloudflareinsights.com udp
GB 172.217.169.10:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 cmp.inmobi.com udp
US 104.16.80.73:443 static.cloudflareinsights.com tcp
FR 18.245.175.108:443 cmp.inmobi.com tcp
US 8.8.8.8:53 secure.statcounter.com udp
US 104.20.95.138:443 secure.statcounter.com tcp
US 8.8.8.8:53 www.fileplanet.com udp
US 8.8.8.8:53 c.statcounter.com udp
US 216.239.32.36:443 region1.google-analytics.com udp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 73.80.16.104.in-addr.arpa udp
US 8.8.8.8:53 108.175.245.18.in-addr.arpa udp
US 8.8.8.8:53 138.95.20.104.in-addr.arpa udp
US 8.8.8.8:53 api.cmp.inmobi.com udp
DE 18.197.18.38:443 api.cmp.inmobi.com tcp
US 8.8.8.8:53 38.18.197.18.in-addr.arpa udp
US 104.20.95.138:443 c.statcounter.com udp
US 8.8.8.8:53 url.totaladblock.com udp
US 35.224.74.90:443 url.totaladblock.com tcp
US 35.224.74.90:443 url.totaladblock.com tcp
US 8.8.8.8:53 www.totaladblock.com udp
US 34.160.40.40:443 www.totaladblock.com tcp
US 8.8.8.8:53 90.74.224.35.in-addr.arpa udp
US 8.8.8.8:53 40.40.160.34.in-addr.arpa udp
US 34.160.40.40:443 www.totaladblock.com udp
US 8.8.8.8:53 widget.trustpilot.com udp
FR 3.165.113.120:443 widget.trustpilot.com tcp
US 8.8.8.8:53 signup.totaladblock.com udp
US 8.8.8.8:53 secure.totaladblock.com udp
US 8.8.8.8:53 resources.totaladblock.com udp
US 8.8.8.8:53 www.paypalobjects.com udp
US 8.8.8.8:53 cdn.prod.pci-bridge.com udp
US 8.8.8.8:53 cdn.paymentauth.com udp
NL 185.172.149.104:443 resources.totaladblock.com tcp
NL 185.172.149.104:443 resources.totaladblock.com tcp
SE 192.229.221.25:443 www.paypalobjects.com tcp
US 35.186.203.58:443 cdn.prod.pci-bridge.com tcp
US 35.244.250.165:443 cdn.paymentauth.com tcp
NL 185.172.149.104:443 resources.totaladblock.com udp
US 8.8.8.8:53 25.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 104.149.172.185.in-addr.arpa udp
US 8.8.8.8:53 58.203.186.35.in-addr.arpa udp
US 8.8.8.8:53 fonts.cdnfonts.com udp
US 104.21.72.124:443 fonts.cdnfonts.com tcp
US 8.8.8.8:53 www.paypal.com udp
US 151.101.1.21:443 www.paypal.com tcp
US 35.186.203.58:443 cdn.prod.pci-bridge.com udp
NL 185.172.149.104:443 resources.totaladblock.com udp
US 8.8.8.8:53 api.paymentauth.com udp
US 35.244.215.28:443 api.paymentauth.com tcp
US 8.8.8.8:53 t.paypal.com udp
US 151.101.195.1:443 t.paypal.com tcp
US 35.244.215.28:443 api.paymentauth.com udp
NL 185.172.149.104:443 resources.totaladblock.com tcp
US 8.8.8.8:53 28.215.244.35.in-addr.arpa udp
US 8.8.8.8:53 124.72.21.104.in-addr.arpa udp
US 8.8.8.8:53 1.195.101.151.in-addr.arpa udp
US 8.8.8.8:53 21.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 ssl.kaptcha.com udp
US 8.8.8.8:53 pay.google.com udp
US 35.81.31.24:443 ssl.kaptcha.com tcp
US 35.81.31.24:443 ssl.kaptcha.com tcp
GB 173.194.76.92:443 pay.google.com tcp
US 35.224.74.90:443 url.totaladblock.com tcp
GB 173.194.76.92:443 pay.google.com udp
GB 142.250.187.238:443 google.com tcp
GB 172.217.16.228:443 www.google.com udp
US 8.8.8.8:53 92.76.194.173.in-addr.arpa udp
US 8.8.8.8:53 24.31.81.35.in-addr.arpa udp
US 35.81.31.24:443 ssl.kaptcha.com tcp
GB 173.194.76.92:443 pay.google.com udp
US 8.8.8.8:53 pay.sandbox.google.com udp
GB 74.125.133.81:443 pay.sandbox.google.com tcp
US 8.8.8.8:53 stun.kaptcha.com udp
US 8.8.8.8:53 stun1.l.google.com udp
US 100.20.121.79:53 stun.kaptcha.com udp
US 74.125.250.129:19302 stun1.l.google.com udp
GB 142.250.187.206:443 img.youtube.com udp
US 35.81.31.24:443 ssl.kaptcha.com tcp
GB 142.250.187.206:443 img.youtube.com tcp
US 8.8.8.8:53 79.121.20.100.in-addr.arpa udp
US 8.8.8.8:53 81.133.125.74.in-addr.arpa udp
US 8.8.8.8:53 129.250.125.74.in-addr.arpa udp
US 35.81.31.24:443 ssl.kaptcha.com tcp
US 35.81.31.24:443 ssl.kaptcha.com tcp
US 35.81.31.24:443 ssl.kaptcha.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 151.101.1.21:443 www.paypal.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 8.8.8.8:53 secure.downloadfp.com udp
NL 95.168.168.24:443 secure.downloadfp.com tcp
NL 95.168.168.24:443 secure.downloadfp.com tcp
US 8.8.8.8:53 24.168.168.95.in-addr.arpa udp
GB 95.101.143.195:443 www.bing.com udp
US 8.8.8.8:53 195.143.101.95.in-addr.arpa udp
US 8.8.8.8:53 r.bing.com udp
GB 88.221.135.25:443 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
GB 95.101.143.195:443 th.bing.com udp
US 8.8.8.8:53 25.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 aimbot.dev udp
US 172.67.146.163:443 aimbot.dev tcp
US 172.67.146.163:443 aimbot.dev tcp
US 172.67.146.163:443 aimbot.dev udp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 8.8.8.8:53 163.146.67.172.in-addr.arpa udp
US 8.8.8.8:53 pumproll.online udp
US 172.67.169.197:443 pumproll.online tcp
US 172.67.169.197:443 pumproll.online tcp
US 8.8.8.8:53 stackpath.bootstrapcdn.com udp
US 8.8.8.8:53 code.jquery.com udp
US 151.101.2.137:443 code.jquery.com tcp
US 8.8.8.8:53 save.enabledstats.com udp
IE 34.253.39.217:443 save.enabledstats.com tcp
US 172.67.169.197:443 pumproll.online udp
US 8.8.8.8:53 197.169.67.172.in-addr.arpa udp
US 8.8.8.8:53 137.2.101.151.in-addr.arpa udp
US 8.8.8.8:53 217.39.253.34.in-addr.arpa udp
US 8.8.8.8:53 www.7-zip.org udp
DE 49.12.202.237:443 www.7-zip.org tcp
DE 49.12.202.237:443 www.7-zip.org tcp
DE 49.12.202.237:443 www.7-zip.org tcp
US 8.8.8.8:53 237.202.12.49.in-addr.arpa udp
GB 142.250.187.238:443 google.com udp
US 8.8.8.8:53 www.google.com udp
GB 172.217.16.228:443 www.google.com udp
US 8.8.8.8:53 57.110.18.2.in-addr.arpa udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
DE 49.12.202.237:443 www.7-zip.org tcp
DE 49.12.202.237:443 www.7-zip.org tcp
US 8.8.8.8:53 save.enabledstats.com udp
IE 34.253.39.217:443 save.enabledstats.com tcp
GB 142.250.187.238:443 google.com udp
GB 172.217.16.228:443 www.google.com udp
GB 172.217.16.228:443 www.google.com udp
US 8.8.8.8:53 csp.withgoogle.com udp
GB 142.250.200.49:443 csp.withgoogle.com tcp
US 8.8.8.8:53 49.200.250.142.in-addr.arpa udp
GB 88.221.135.26:443 www.bing.com udp
US 8.8.8.8:53 26.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
GB 88.221.135.33:443 th.bing.com udp
GB 88.221.135.33:443 th.bing.com udp
GB 88.221.135.25:443 th.bing.com udp
US 8.8.8.8:53 33.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 bing.com udp
US 204.79.197.200:443 bing.com tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 8.8.8.8:53 github.githubassets.com udp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 185.199.108.133:443 user-images.githubusercontent.com tcp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 154.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 collector.github.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 140.82.112.22:443 collector.github.com tcp
US 140.82.112.22:443 collector.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 210.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 22.112.82.140.in-addr.arpa udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.110.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 133.110.199.185.in-addr.arpa udp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9050 tcp
GB 95.101.143.195:443 www.bing.com udp
N/A 127.0.0.1:9050 tcp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9150 tcp
N/A 127.0.0.1:9050 tcp
N/A 127.0.0.1:9150 tcp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 collector.github.com udp
US 140.82.114.21:443 collector.github.com tcp
US 8.8.8.8:53 21.114.82.140.in-addr.arpa udp
GB 20.26.156.210:443 api.github.com tcp
US 185.199.110.133:443 raw.githubusercontent.com tcp
GB 20.26.156.210:443 api.github.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 c2d9eeb3fdd75834f0ac3f9767de8d6f
SHA1 4d16a7e82190f8490a00008bd53d85fb92e379b0
SHA256 1e5efb5f1d78a4cc269cb116307e9d767fc5ad8a18e6cf95c81c61d7b1da5c66
SHA512 d92f995f9e096ecc0a7b8b4aca336aeef0e7b919fe7fe008169f0b87da84d018971ba5728141557d42a0fc562a25191bd85e0d7354c401b09e8b62cdc44b6dcd

\??\pipe\LOCAL\crashpad_4548_DMZSESLENYEISAHQ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e55832d7cd7e868a2c087c4c73678018
SHA1 ed7a2f6d6437e907218ffba9128802eaf414a0eb
SHA256 a4d7777b980ec53de3a70aca8fb25b77e9b53187e7d2f0fa1a729ee9a35da574
SHA512 897fdebf1a9269a1bf1e3a791f6ee9ab7c24c9d75eeff65ac9599764e1c8585784e1837ba5321d90af0b004af121b2206081a6fb1b1ad571a0051ee33d3f5c5f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5556f6385fad56f745894d2f8c65ba8a
SHA1 b3ef545908b406a8868bc06ac8dcc0a08efd0ef8
SHA256 9fc7cb7aa2ad94cfcf6beaf8dc7c9dd8a15706382b2329347028c12c5bea239f
SHA512 139059f35fa203df7d58dad04b94723054010363f99b9be0a3694e54cb23c4a53985e6bba54bdbcf61aa9b49edf08f39b95a82a8a405d7b7489b677ddfbbace5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a5640a15e07bb76ebd4a4ad42f54967a
SHA1 aaa7a0d6154fc20109462f7f65c833720d1782fd
SHA256 a4a625a8cb7e10e35580b974bfc4d02a60503f9e3019ee296cb39167606b19ee
SHA512 b9a2b64ff7cb90ce207f89c558439e4b52c342b5c8dd97a844eb7ef15d8bb95455fff0f9f51acc32a95ab5a8971ea90701de32740b8adee5e1dc6d5b01a5132a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e83c8dc2aed51d53f72707d378013a93
SHA1 d755b4685ca83ca3fdb5e45305899eefb9c990ec
SHA256 5ab37dc807952999dca7b4a24db53a13e85680d4996f66b2d70231f2a740b12c
SHA512 5fdfa0f65d34a7bd95cebbb237f3a80b0dd15ff6a1a96a03bd4f9d52a77f17d0a169295d31d2005d11b5a1cf107764f8851c32bc57908469ce8aa0fe664dccd4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 f6676bcaa9c16fab2a8081f8a0faa8f9
SHA1 7ac97773d867343366b52c604d8ad061295a04e6
SHA256 9ff2c74a2ff3484f55aec5988a6a1fc95b75b0c8dcc3e38a85b4b1da0a8cb11d
SHA512 df8de0cba3ef4ac307501505fea5a9c2747800ef9feeb2fbd322d5f59939fa8df045edb6d3177e25d631a3e6d396586c071e29acfc7d75fb0ccccdbd79ee1437

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 63b0de6f5f79aeafdc32d2cf71500e65
SHA1 a7ebf3f48265d694f64785483b62988016d902b3
SHA256 a4983d7e5f5ab014c860e5d0504d59ff3bd8f15d299fe8f19b69c56838e83b96
SHA512 46d18ddef2b3d4644c3c5c63e0ed9fd66cf171ac98c04aeb36968c4ff154082be0befca7d1bcb3efbc71fad8f5422f239f65e32903cb823abc582e96c6f5e26f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58b13a.TMP

MD5 6260ff4179143132774fa8f4c7864760
SHA1 093d66fd19e3566e43555b8249a787db3507577e
SHA256 d8d1e458c9afa97e830ed5abc72f5a758757d19df6851995a8f249db61d15a64
SHA512 eede88c65d9934b01f3564697a1f560c09c5b1a46cdd11b44c850d807a66fa89b95724de05d97d2612241eca69840dcb560e839d923976e273e9e0365f6a4ccc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2ed9720991a483d0b8daeb919d3afd37
SHA1 6a356ee58daab8ff7908853037140782a84b2c71
SHA256 ed6dcd2fe5229fba99724c7730cdb4552fc38ca4f8e3703c8c8b534bb1d51efc
SHA512 ec43dffd7032de3217736dbd638b8e01eb4d3c56d76f095be95214c63a0497ca86abe66ecbd0f1ef746d13bc1399d2f8d0029dfaa81cf0940b83b02c261b96fc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube-nocookie.com_0.indexeddb.leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\32cadb2b6d359d069dd3f3d132c212a43d223701\index.txt

MD5 343859b4ad03856a60d076c8cd8f22c3
SHA1 7954a27de3329b4c5eefd4bdcb8450823881aad6
SHA256 8c79b653c087618aa7395d5e75198da7d3b04c08654c39e56b1027f9ef269c2f
SHA512 58014a4e7f2b4b0d446fae3570196b8fb95d0d1b70bdab0dd34a74d6c62cd8d7ca494a486f19c1a829988a3af83a08d401f18d1769ce1799a02ee09807234254

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\32cadb2b6d359d069dd3f3d132c212a43d223701\index.txt~RFe58b745.TMP

MD5 dc8b289b739dc456dace6886422adddf
SHA1 dd8ab1a6b4205b464663baacda955b10b222ca21
SHA256 f5aec13776514786910146519f1ebf8bd5b9db8206e6f7f9b07f8edcfdf9921e
SHA512 d38b1057d5ef7ac70c63243c5806a33892591dc2a73485a38edb36201efca6154e885a137ad040fbce9f0c879ef308c3ef798b033633db1a072c55de93c75040

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 f8c450b0712af60e1fc33b420dd24ab4
SHA1 7706f01df9274b2b70ba69316d2df3eedbe0fc5d
SHA256 03bcf6afa39738538214be84a3f504cedeac9caac6a7a2d55cc4ddd9f1c8cef1
SHA512 cd48685784262ec65046aa208e446b097377a55deb135e68015df127491358fdde3da038313423632d95d52015e648e83efc81abd95d5ec8420102d8aabc2856

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 fb2d5764ed69d7c162a3bbb09008a143
SHA1 bee63b5af963bd9e37823ed62b66aad012185d5d
SHA256 2c48497e59b3523ab34de71bda368025d5256d7ef5f3c62cdf76e568f1b022db
SHA512 22490dd72299ea7229953e7fd575a6cfcfe294684eb837125cd81b6abe7fb418973de2f7f71fabf1159cb5c9c12a39159db1b9f570325441a65ffa34d2e89226

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3dfcbf966c148e3165f69a0042371a70
SHA1 77a9c95cddc0a8659eb17646c1d640d21a00bce2
SHA256 6d753a422c23a6849d7370b8ca31ba433a6da5ae0a48347af048e206b7dc537f
SHA512 1dc92c3ea4250070b8bd5cc2e01297326c9a51d58ad59abe3bf8440d7dc439317d91b72bbfa53e9e08e604073d6b75f5080263c2a288346caf57ef0bdebc4614

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 d93b8aeeefe993e17b789a64dfa73a0d
SHA1 44ee8de810e8cd659f9d133ecd2a94267b3e04ce
SHA256 b5402a386ff3a87245d16f17b31af75b0da32eaa8986c0bd024b8dc1c887a529
SHA512 9ba5ab479eb75f6105e62059ab636245cadcaa43c46d5af2d9975405b73dee095c0f75963344fb65460ce872dbe352dfbc7cfa42e7f7fdca16ed3a7676ca44e7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube-nocookie.com_0.indexeddb.leveldb\MANIFEST-000001

MD5 3fd11ff447c1ee23538dc4d9724427a3
SHA1 1335e6f71cc4e3cf7025233523b4760f8893e9c9
SHA256 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed
SHA512 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 87402f796ea7468e0527f1fbb530442a
SHA1 427745bb8156dbf24f7d1f5323306037f6a22d79
SHA256 3a4b2e1f22aa6556ab5f136aea422c62e1df5ce8a1a7dd5e1435620693bcb164
SHA512 ae770c8be5e8ce7dc8820f5b17ce912b33a97ea660d2d5e102616a2602b126deab92b3e08516734fb8068bc94ef8083d8078142e377198be8a68a4f66deb010f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 554ea78656348d6fdd8fd25d867c1737
SHA1 4c6d9ae3238bf948036870a6d6b2accc46d6bfb5
SHA256 43cfa1d3e5618eb2c8b3f775c54fe6c83826ee433ef6444f3c976c025273822c
SHA512 d2f816c7accf808e8df6bf2730059826627203d2961748cd8bfcf386950b6dd3210d1c150bab53cc3c7ad8c4e0722f50ecf0b3604d6e72ceeabc9a14d879459a

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029

MD5 6b04ab52540bdc8a646d6e42255a6c4b
SHA1 4cdfc59b5b62dafa3b20d23a165716b5218aa646
SHA256 33353d2328ea91f6abf5fb5c5f3899853dcc724a993b9086cab92d880da99f4d
SHA512 4f3b417c77c65936486388b618a7c047c84fb2e2dd8a470f7fe4ffec1ad6699d02fa9c1bbd551414eef0f2e6747a9ee59ca87198b20f9f4a9a01394ae69fa730

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

MD5 a5f105223ef0b591be97b1ca85de9443
SHA1 b6fcf0f00725cd50ad92615f04de9bd05ecaa6be
SHA256 bdd3d9bcead4878145384c14804baa50d8cbb22f77607ba95acf5192cb367a89
SHA512 e0ab2cfd895fa45782011d8505936459f509fe04191335c31deaf2dd78ef1032af6bae4b7fe783025c66a3ec1be409a3e632a83af6b592933051ebc2609c3249

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

MD5 938a8aa9990f0812f95daf04323f13c4
SHA1 7fb8d052215d601efcbf589e30f0427fb0bee72a
SHA256 084c94e5a456d72c2d0c5a2b400caf533fa998d0f5ec39546f5affff223cdf58
SHA512 7887784cb52503caae49161b576bbfc700b67bf7dfc93245dc7ab46511b679e725c43d8d2981f2da77fb0746fc5d0fc3a73f6d0b9ef08190336e15aba1efcb0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

MD5 1b8e5496aca8acfc597832f2aee42ec5
SHA1 9f8308fd46ec50e4de5419428107c5703ad36995
SHA256 7c3b99a73f295ce216cd7d8143af310fe64cd0a6d6f60caaa7c7c4c97442bdad
SHA512 f84492cf9efb9889e3578b0977d494367ca9bc9bddb0aaebdab5285850c59bbe918145abfa16a9725f4f47d5cd7c31dfefe98156e698a4a409288d5ae3e34621

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

MD5 89a574ff00e6b0ec61d995d059ce6e65
SHA1 aea09e96808ab77165ffa712eaa58b8f056d0bb6
SHA256 e5c29c139842fd487473d0824f2c01b374680fb35d22fa929686d17896602a44
SHA512 30d0d40bd680e61968273155b740901cdfa66670fc2af6f23e44c6b998b67cc1fcd0b51bd5f9470f209f188e75d071355e592b2a7c97f4bfd15d07d455e0909d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

MD5 56e81eee1a148d70c32df1fc2b59690c
SHA1 2142385c31ce3b5c98e63b241729106c237305e7
SHA256 b9c677ba0351ac1a6d6412d0f0fb6fb577cd5607a4b34cdae458b713875918d6
SHA512 ec3d1ae136de8ec93958ebb7e939fb16887f75cca31cad135cf87dc887ebe28ccd4c27a78bf3da7720ae0488d19d2f9f283b0d2158f2deccca7289e0ea64bfa3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1acd06a8025155195dca0632b69cc802
SHA1 1dd7ee259b2abc8e1ebd36a06bd4ceae80dbd793
SHA256 01b3f5dedf1812d647a7d157c6f10525af6b0b75297aef8cc694ac3b064ff92a
SHA512 4642df7e411d598d979b6539a94a9203618ed4a98eb09036772232ab22686b7e87389ff30235c93d7b40a3b19eb8a19b133e0f8f45e986d1dcf6a73983154faa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000035

MD5 c03ff64e7985603de96e7f84ec7dd438
SHA1 dfc067c6cb07b81281561fdfe995aca09c18d0e9
SHA256 0db8e9f0a185bd5dd2ec4259db0a0e89363afa953069f5238a0537671de6f526
SHA512 bb0fd94c5a8944a99f792f336bb8a840f23f6f0f1cb9661b156511a9984f0bb6c96baf05b7c1cf0efb83f43a224ecea52740432e3cfc85e0799428765eefb692

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000036

MD5 79ffcf947dd8385536d2cfcdd8fcce04
SHA1 a9a43ccbbb01d15a39fac57fa05290835d81468a
SHA256 ffc11b830ad653e7a9d4257c7cd7a8056db5e7d7e89439b8fd67d1207b1729bf
SHA512 3dc82ecb2abc8c567434666a9162cc188de669927c3dada6392d8bd97d5e746f1ed350e1a02ec016ee2b1dc8a9cc5c71c553f2ef1293d6793800c276560859a6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000052

MD5 ea35549990f54b349e6508f4f4cac0e0
SHA1 8efdec385374e1a3b51bfd29c3cc9315e7dc2df7
SHA256 4a1c17a1326271540f84968f43e9f55f936ae9085e99a6d06592a53f98aeff2f
SHA512 67c956058c45810b4d06f4c3f2974c3b264289be435a06ca219df51cd51f9e25bbdf1db42c20d9f435f1689431b5106c21dff8a400ed6263a6b102dfb51ba7ea

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 cb2ec4350c662bae240463ba44c37791
SHA1 9b67877ce9760e90a413351058c35fa30c8d2ded
SHA256 82e9fcff2f11715b0750a513a975fe4fd19605651a20dee528071b6b8d1b6540
SHA512 e5deeb2e274072365958f5d96dd7a42962321a3ac231127bc0aea90ede4267d901f4c86da271e2235eb8b2ae1950f8ee23e602727334d66737a9cb91b01741ed

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00007a

MD5 05cb4b9f101e025994f9686f3999fd43
SHA1 7450f129ea39792645b56de215eaab1d91182fbe
SHA256 07fba84e209fffc2a8eea1a88ec8c77cc92644c9050b7669b212bf1db30663b3
SHA512 9fbf0e99a1f19b362d9e7e31dc0b6f0d49177cea922d9d6acbc1b5a84d1bfce40c3a07e123b5b47ed9a531befc9a2372be3393502b5f00221d74ae23fe80efeb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000087

MD5 f2bcdf9060988910c023048a01c65cda
SHA1 1ee8b33e4aa1e1898fa82e5ef74323a2b6e3b1a8
SHA256 2b92cdcc37266bf366a8a7f61daf5e06ac46ad675dd3fbc5b726ee091d63e30f
SHA512 7802dde7667637280758edc9749b257c0a7eb8244b0fa119106587964ea2cc950f8a1026f8ffa957e8491f6575cd4a07475cf9238f7aefdc1318043e1742fba3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000088

MD5 9aced2ffa92d04e9939f26cd46e0be9a
SHA1 c9cbec3e2f22c26990b9215f5c3189a8b114e73f
SHA256 a914bb7c4b52655d6b2a43bd1068d5f457d3fb9f2c86540572577813525a7373
SHA512 466267fabf20fe202ff37993212c1127a747b12731200e42325248271d37887d30e553d83d483f5f85d696eba466e40576112863b66d542c254b84d08d772c77

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

MD5 5d3a0707312088a558d52a6de6c521bf
SHA1 0eb24f861f0cd528c6e1b3601818fc4696cf49c5
SHA256 b1182a3462d3f565a7f67383978400a03167f4d9959858f3f82822e51ae0d64a
SHA512 445fbad0d8ccfcb52dd8494e86f10403e927e90d058dbd2d0551687ef73e48fd81b5b831a71141b4841104395bd49ea041dce040e3f1f0b420dec1c1b74a19be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

MD5 b894d21dec718d57bd0acadae4b4269e
SHA1 f004cd8b25337a1f85f9996eeacf133ce3f78cbe
SHA256 529e6b1fce3963b6b4584bcd37effa2d05481f9789f3e535269e29ee4885b670
SHA512 892531ad08f6f7aac80eaba2df94aa71805ad3c2e9b8dc9ab3d830ed18a6a1ca40ad271c99b7266d18f31678704165d60d661e791ce93fb1ce9021eb6c957720

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

MD5 f020bbd8373da6a0f576f2a18261f68e
SHA1 edca1485cf20f87dec34e0edc29ba27be36a9948
SHA256 3bc445db46f00aec4f581f2ae81e7ec72a88d797f690951a23e8b4064287428d
SHA512 db31159c15a55f08187d7d5f34c235d2f5dfbe39914a39f19fc6722b3316e06f26bb73998d2b1c80bc669f18cec8af9d590b5a523caee127b78dc44a0fbe40b9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

MD5 1b98ffb03749105c6dcd5c3e38d169d2
SHA1 371a50082ae516887b58f9594548fd7de9f9fc66
SHA256 26580eff93a7e096dee4fc3ec655525acff4ac343f47eced5bd2307f9429e13c
SHA512 1754323cf81c20f7e2000517dddad37ee21b09180e3a2f0732301aeb73589dee438242dfb091733cd9217dd8e169dfb422114d56a00326f2ea14c4322c58e530

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

MD5 dba94a30353980aca0f359b1946618b1
SHA1 62606bafa6021bef8dceb53d42acb8ef8f8a9a71
SHA256 c04f23691a0415deaaa0da15e364b189c17648b372af6d25515878bfd6f88744
SHA512 585213d6fabc7f156003b2e9105eb48a31e6c9361a6feb7081a05408528d79f6e5ea8aad982969065f10f8007d34d5090b99ab138a5538261c9891e86b65c02b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

MD5 00a5d2abc29b683ef68c50652ca1a631
SHA1 d03c0e33dd9cee694e0c02a0d18b8893e4a0219f
SHA256 b9625e792ac46c910e8d6499e198c34219b5c34811eb5f86ba6db15d7ee66406
SHA512 02395ae1b5c6c2fe5d1d5c926384c7d8e3a5359439d93f1f865a28efb5232f98ac1a32793890aab0ed273f22db5cdd619a00ef761dc30a11cace12d8242cea62

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

MD5 e2a180560ec2a31bebdde48255f3d726
SHA1 f6c8459622c6b196ba83ed70136390b0539d43b5
SHA256 03fa5e3782e13cd321621ed1a4de764b7ad63e2529a0e0a1e7edf0ae5b2088a7
SHA512 fe00721416d13de333d45f2f40f29199cb31fd16100333bbea5d6064920bfeb688b684a39e48025261f9cf798590d9cb4ad0971fb125b068d474638e502e07c9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

MD5 be0276c82a536bf4697329d4359f7a02
SHA1 d979200f1701aad08eb0bb89b55d80aa726ccb48
SHA256 007b2826a617d52a646f521be7d33dcbfb098391edf6ae6e677f6369dfad451f
SHA512 8390459e8ca238d22f36985dfb484a107eb538fe84bf9a401f2d87f95a17b14a29be7372095356d95c2884d2a4ae31b5a352a20029853527e0d92fa26d95a2e1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

MD5 cc0b451d2a302778c27e9ad32cfb42dc
SHA1 1859059b88137f7953986ab2d8f072cd103d8ebb
SHA256 6e9f249d9d06938f3c3d3442a59670eeaba598dba3c4410a3747498be8b8e9fa
SHA512 580c4678dfad08d8c6b4a7c496fd2190a65066274127ca067142c408fa313a4ef88318c3d7e6866f004c10b587735a70cdaf14ef1ef49e40d8d3be6329826506

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

MD5 b04f5185174569312fa0207f744054b9
SHA1 0ed44b10b1f3ab552f0df29bb7234f0ea99972b3
SHA256 c34551510755ecba2b037a8545173c083322c606ad761d369d171f0b1d0b569f
SHA512 117b73c8b50d860a14c1d2ada07eb0bbb7cdfad802cc1c0d04976e4eab93f6b1a425dcbb6c9a95f39545fcdcf3d7a0e16bf053d05c9d9f246baa724866cbc03d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5f30fdda8e6929be3ccec529469d39e0
SHA1 685a1c97f43cd2b7edb46b7647ecf311f2b6c144
SHA256 8591bd0b39acfafda01c372c04c2372bcd105ad150bb71d0ce313b955b90eb14
SHA512 5396b00be0b1a8d8b96dab4188dc6cb975f22e17adc6e3c55c02d0d80f4bd3c15a8801a0827e64e31dbf618b40707a8cb718c80361ef967a800cc006524dfd49

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

MD5 93f48895d9e1e807ff9ae8e13452e977
SHA1 1326da28242bc96a30b0b1bf8fe3c0b66e32ece6
SHA256 5f260018d883669f0e6b25020fec91bae7b93459e8be0ae48ffffee3e1287397
SHA512 a9b76ca11ab9d864d961452d50b1019c2c191bcb821dfe2fe16e60efb824b05d2c48c4d2ccb83eb228bb5ea4c7c07d1f3d9db1b7b1e11a2fafab89672cede08b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

MD5 ad2d92610feb930e99b2e621526d992d
SHA1 4aff0fd17718aaedb55d83487eff70353eb0dd58
SHA256 649c9cbf72a64e49271b5982f9838b08915dfb1d68b4915334e316c1cc11d945
SHA512 998b286cda64282bb061132b39fa78dd77d349df6f1904a97f9cc0707a44ab253b7c3947f02b89b3595d1d5b18e58f58f2ca4e17b864fc3a26451cced627ef6a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

MD5 9e4f5fe6ff105363dad67602473d4ce6
SHA1 7f86d8c06f0c76d45212403f932bfcc59567dca3
SHA256 ccdbb5c733353d2496cdb97784eb57bc93df3c54bc0a01540349af52e45706ec
SHA512 9bd78a08e063e7b23b4ad93657fafa6e4a9e1d772073425f241f6404c998a3f6b2402de0a6293ca3bc61b1c819a65c7b524ba0b6e549914cf2fdf46261475977

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

MD5 9c62cb273f0c28201fb6f2cc99663e18
SHA1 b97e244de730531bad534809cbb1bc9cd43af580
SHA256 2461fc8c166e349c1269d3973d820188a428c33559b276a24baedde4375ea2a8
SHA512 b6d676362fa788f883d29ea3aaee621622cf80b6bdb34afdc61e0b90f5b5955bf6e4855890cf42bb232d393486855ced38a09057840a6fb2e10c7cb448ec73ef

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

MD5 fdd9349008127a9315c70ebf3baa2d82
SHA1 033939f054a6020fc6b3a6ed5c47d7e7b4f99611
SHA256 5f82a10d448dff881fd206711b7792a8eefc7ba7b32689530c6fa623b96d8c55
SHA512 b51f1f0aba2e4b06030056ba5c676dcd42b94928f7b783645f3213211e109deb24d19147970c50401e41f0b02a6f813465cea38cdef5eb098b4bbcf540ad7e7f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

MD5 d052700010ddc42c72ae8ba399509d86
SHA1 e6a4cf647db48d2b96b235efbb78c779be7708ff
SHA256 8ba7246c55a84dfb453423c299d324701ab87dc1982b82f207d27e443feb02d7
SHA512 ad3628b796c84b1c42aa34b9fffe6ef17d5d750a1e20318aa6549f6419c83c16e4013f43fed1a3311de8b3b04aa068b0a5ebc51dbfe385f4597c0cfe3b26b1a5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ebc74a9d77b20d6b_0

MD5 43ba6e686cc9cea8a64a174981b43c54
SHA1 d8134a52f76dcdff5658836354f69c7e7c850caf
SHA256 656427e8dff6accb9b13e80d538ca9e15e6db3befa438189c2dd990495075dfb
SHA512 151cd2ebf1a00ea6e48311acd6a1e29a044c1673fa6ac3b3787f3a5778cf5e717dc848e74b4f874888093459e149dd3219fc3d4664ea047836980c26f5aac92a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1f58ec8f11eebad2_0

MD5 34a480133670ed423d2a6be37cfd01e5
SHA1 d9d058a364517fbe39e76b3a8a1591aabf16f04f
SHA256 159e8f2abfc71c08c68c633af2d628962796e6ca07469a59896ec918e838abb6
SHA512 9fa8d6b5edd8d1c9729c5cb347c9f1a533da85beab3e3c3da9f1d3ebb66652237c757b3ee96589b1278b067a37846288585d2d556718fd8d9ec1e0df81637624

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9bec1549d70fd7ef_0

MD5 1384ad0e62202dc0b46398fd7b1f3802
SHA1 bdd88a8f796470871d88b9c415627dbe3b476c60
SHA256 929b763fbc2d553a5689afec525bdf835b7ac4d0f731c1fc0bdeb1c6af654e63
SHA512 b3058bffdce6266cf1f75d8e6ef6bede40c4676781340a8171ff1a392dc092aa6a4dd031c3ab5f8f4262f068dfacd701a5b76da37c0e9da859f177b5a9320e97

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e1777e35b0c337ce_0

MD5 56abab0daf018a8bffbbdd6b8d3600bf
SHA1 c7e4df7eb35754e1e55c7b2f8f03fa9b87c5c297
SHA256 15017c18e679ac7d7cff3a5e2cd3ebf23b1d81d13938d4762764198ec2f883b4
SHA512 bb6fdc9cdc1f3294df24e9c305d468e13fe42318ceaf68f32288109845dd3a6851b35e5fe35fb73e7a3e1ccb5d8353ace403528f815343e42a1c4459bf1f6a18

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\953bf4d0250ffd96_0

MD5 57501955d7bae6a7be1b276c221ced1e
SHA1 d07dbfc10455c56fde8c21485f0a5f386f52a276
SHA256 f76b84d6be7e0030858802bf716c270a9308b46cb18fd58f6bf1b6655aa93a49
SHA512 971e02560db1cbc15ee40e1bc30fd158d3824bfd3cacd658a1681bb92cdad94f24e9a8d2e0cf6e1501ce488535b24a77d0edf5681543066f5400baa58a28ff24

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c8569fa1e3b70145_0

MD5 b04e0b455a47fc83db1ff985cbc5ff03
SHA1 69c1f7858351fab0aa8ce8fa6e486f4e8fc451f8
SHA256 76102a02773dbeba4e7de4ba7a5ea6b3cb32442763fa18feaa7eb5548867131e
SHA512 3af4996b19a261f66366a5e3a8df088413e63e769bbfb47248ecfa77ce2b486af16ca2aeabe6c1f2da57330eb60f862544ae9cdf2545a83bd83a052ffb14d35e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004f

MD5 0d7efacbf81f99f9b3b82ac627cc34cc
SHA1 54ba921739b19ff14708d61bf424e4713a51cce8
SHA256 ee19dc2db1f7d41b35f1a8bd976f452d5fd58012d0eff83c53fb835a4ffd8764
SHA512 cf8b4b0f8f586c1ac11d220b4033f91a3a98f167110bae904947407a8b4896afe18bef08871d09f6a2634d58a7118345e90a358b386d889f83abb246d8b6e44a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 6938c9f733ad8edc2683f505048f261e
SHA1 c03faa44a67eabaefc2fda78bcc0009e8f7fd564
SHA256 4be32b271788f64c5a3c4a7977ba6896366d15e9e2769fbb8216882d10d3e754
SHA512 52edcca5dc5baa29622028a5bea79444fb1700de415a11c57dde204d46917481030b54fa39b5eff0f04976a333311d6d922f92625597458de8ba238052b4cbba

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000043

MD5 9c6b5ce6b3452e98573e6409c34dd73c
SHA1 de607fadef62e36945a409a838eb8fc36d819b42
SHA256 cd729039a1b314b25ea94b5c45c8d575d3387f7df83f98c233614bf09484a1fc
SHA512 4cfd6cc6e7af1e1c300a363a9be2c973d1797d2cd9b9009d9e1389b418dde76f5f976a6b4c2bf7ad075d784b5459f46420677370d72a0aaacd0bd477b251b8d7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006b

MD5 a4abf33199bea4b66a32d24287e94bad
SHA1 9e73d00d1bfbbf19e2e957b7a9926aaadc5b9063
SHA256 158c20aa070ccabbd1c9767cf2166241c3babe8b49999e01a99291fe5bd6a0e9
SHA512 0c65b9cc958725c2237e4dedfe70289c6aedbc51b9d39bc2b41f2038874590fbb90b1723b8cce6013732b15e346f42faa5a8f7a9df12a95679b336eb27614a3a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006c

MD5 49295de6ccd23cf80b6418a2d209868f
SHA1 42a955b4560bb22cb9b5b39577f7a691ea345018
SHA256 d5a29c73c6200af2ed6918a61106e649b92098ecd476830d725ed4d2ea5a8efa
SHA512 2954ab185fd84a08933bb6e79d91e301021fce4e632b477e765c172cacf72913561e101ed2f7e66bfbdc5946b35f2b63eb2b6f878e0afc9d26ffe71ee112a1c0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006d

MD5 5355e2a022dc58c04ce0225ac97e0fd2
SHA1 f118b3fd803492eb028180d6a78d2c4827212140
SHA256 6470cbf294208ad0da5d7d7b5f94e4dbd9507664f6360cd195a7abec4ea551f5
SHA512 de25e36ecd8e5d29f2ff569d05a71fd00fb18cf4e69115c3e9ec8e72e98a0aaaec71e5c196c5999161edbcd65c8e69ab3758c2735f8ff62ffab66ef6cb444ce5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000050

MD5 e03a26a5d7fa5fca140565dab2d93129
SHA1 13d911faf4ae47968203c76c49cafd1f7312f88a
SHA256 8adf8b110c824b3a5baba25e1b19ff41c68dc5e5fa46631e3b54169fdc8e2a3e
SHA512 d5274d425c9ea91aa3709c67fb2dfd9f0a173d1079468f04d68b6ffd8ea9511f9295ec71df02897a9fa811ce3acf6d0526d712381de8976597ed9a5fd2981f76

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 cceae3cf84b8fd72fed30b9243e7e627
SHA1 414315d9cf8f49a914e5f12524d44a863d0a19e8
SHA256 f7965a30ad0ed7eb60b4096cb573ee2d8f25b36f474c635c1f2f61ea922ed480
SHA512 dc21934d0dae34a030be9d5d91b49b1d88e37d09d27e34751c09724a7cfb9acd8b3ff090eba0e629d96c62a391198143b279b47d9fd4f2886d0a71f3c712b935

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 7341b6822429d20b4ba4ed8e66e06ac5
SHA1 fe11ef09d7f10834ff7610891469e3dee205b0d4
SHA256 ada292bccdbc43648845b70fa18442f231862ee0fc7904fa136b0a0799309f64
SHA512 a2e6954013da58f82782d92bd98fd3e510840f0741d2e4a5e60cfab0c45f5f255f4970e71b31990b2f5855afeafd2deb0adbd296f0128843a8dc98b3bfa94493

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 aa3a01d22d8aab8fe612de7695ef3988
SHA1 60952279a3b911ca2c290a3ae2fb2dcee82965a3
SHA256 ebc5307899b718b995e05064f78c9b15b4a0ff222388655387fcd155ca360834
SHA512 72c203d6222a7862114055f109dbdd340f8c10b79897aec3ab6573f710fada42f8a17ac1b0f5ddc33dec73def3e6004c853f9809293d6f3139a879695d4dfcb3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 5feafea832f704435096c60df085fbf3
SHA1 f0afad304226f72d897bcbe7f00066d7648442bb
SHA256 ced940a3ead75407016a516f09fc6766fb18cf5a2bcfc78eb9423b98262a82e8
SHA512 e85278f622af5230462558ad0442b4ad8d6e3a9f9167d03cd1b4600563109e3718dd258ea56f381d7ee743aa0884001b44a740e4a732c93147ebb39700a79af0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000098

MD5 536e991a61dfffa535ea03562b06299c
SHA1 0374425ff7f31230e02d9e369a4a52c79632d2ae
SHA256 5688eab965057123cadabe49fd69731a9d16cf1cf66ad1ee6aa9cfc4928ed7f1
SHA512 36f47db3231f990ba3b60406f289c47fdc7efbdf95b6da6f876ab3f125be4815d3ea7d22dff53d8f18048e2c1a00c16a4f4fac5296af2bd2e2437b8db73a2f89

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000097

MD5 ab1abb9c62964cd6ebe622eb4a51f999
SHA1 5694e9d79ec4643aab20a5dd4fa1a0f8db3db32f
SHA256 36310369ceebb3cbe10830f3070cfa10c1d2a65200e1b23851c2dfec9017dc0a
SHA512 67449067fe793f4f3e9d7b04b1ca5826b051207c3af08b13552660f8a50680c131e0469d1280b24c42e42a0c44ff8baba90e1a1c808b6cca12e23b739ac2043f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3bb303b599fc8ab461103afaa1003431
SHA1 c5b26ddbe02ec25b0d48235d60feb1a9faff6498
SHA256 05b4a463aa1576e661e782a9aaa9d06d29fec5e1655e69b5a46ed69068ec0ff7
SHA512 8e63e61dc2e3e1b8c43ea7d77c798933f2afa14bca6c364ec877cac71916a65ec95ae86f671a8953846ba12c1968eb0e7afcb5ee4473e627a97dafb5065965f2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 97d0a973a606dfa5c60f76afdb1677ef
SHA1 af529ab9baf8db82fdc2fd1286e6468cd49b1452
SHA256 c73f772bac3846f012de113cc3aba49c30c8e307e067b6fff0331fde3c70741e
SHA512 be935dcbcae187d81ee3298ce73e6a15833db4a2042c51c9f315cc1583c35cc06c920754a7bec652d6fd9cd2d803810559bdf722dd337f62c60e6e4e3851aa10

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 9a133f74be7e046132e77e4f27f085c0
SHA1 0e168924af13895eacf2e009bf4174ba52da6dec
SHA256 0ad08f592b96290f0d739475a782651a4f6fdbfc4e1116305aead34ca404503b
SHA512 b4279b79a17006316f2543e8835b78130fa94e899206d90c98677119bac95c56b19e9c8c711169b988b9a8b1b4d8954e7f2964d23060742a5b93109a55d597ea

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3fb2310c93dc6653f5b25314bfaa0d0f
SHA1 2e5627796268f16340c4714741d774c866502045
SHA256 8b9da344fcf704f95ba56161df103d2ed1a90596ecb5595f99d234fc969d6839
SHA512 4894fcf0d54867bd2d7e350da3ffe61c624109a9bd9ef1003b006552b9f238b7ef49bbe26120cbce12fd1c5fcf981a2a6fcea6726ed05d0826e3f8537b3daa27

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 3461c4bd78769b4b9e4825992ea38bd5
SHA1 1c9b79f2ff9fc7769ec9bb9cf35ae3e1f6beb069
SHA256 4920ed2b1f1c88006d2815a4d247a8499d41bd76ff0d689073555ccd89c75365
SHA512 8b7caeabdec3bf12cab3c17181291403e56b38289d2c2751bb257874a9b3158b8974fb60c8016484ab1d845bb374cad897d07c9e2eb5a4e7b9ab30c06d303418

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 be41c91006f6564f4f055b9ec492befa
SHA1 4beb46c1499d984099db62dd3d6fe89fa6d80044
SHA256 03dbababeea7e93829349cc07aa24121235f64e07fb760ae073d47da3d56104b
SHA512 832eae174940d36b11f544ade7525ea88cf3b09df2a2093a2ffce215d31a8c6da547823287ee2a16f6bc3a25313f59ce3091ce2474357345af32e966d75671c4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00009e

MD5 ad147daee08305dec01a074967fc8636
SHA1 93db16c05d6ecae608588e16e03ffc1af64a7ef8
SHA256 35af96d637b1ce81a63ac6f1284fceeda5f74eda61b2a107c467b91ce472200a
SHA512 894853b75b87cb396b6849a10d8bb35a29e65db8b5173f12e53abda183b70839fac635f4daf4bb676596a042e4090babd08c3bc85f11711187936041d0c0ed21

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000a0

MD5 7321b66b7fd2f9d5a4e28b3ce532b143
SHA1 299439e0f11923c19068f128eb9057970c9d4b2e
SHA256 fa6961b9594ae30137eb916fc6a33e77da81d26959349fcdfa50688140202a0e
SHA512 e5af2a6f6d90ec19a54636490eb2a4a23f28c83bebf1f205a62054c2b2543942c5dc68ef0d1bbb62b454fe0ff25b59473275c39d191183ce82fa1ab8cf49f829

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00009f

MD5 da3c7b254516e84002071746dffc6b0e
SHA1 6ebd8d3fd67508c5be1c66bed2daceb58acfb5fd
SHA256 12719736d93a67915ebb3c38c39b5034e2f7a1327e29bcc0282a6debbff1fa26
SHA512 076d9dc9325a22dd227f832ba0c2a20fbd7970fd00ad2616c87529fd7ca45ede6c878b898e2786d83564f46a5cf24667dc55582af46303390efe5fae587ae7da

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000a8

MD5 caa29f011eceac49b84ba76ca723a366
SHA1 3bb4d036163b7f61877231ae2873f45dcbc4f3ec
SHA256 b4f9d2686eae4c30e20be7bdc3885268c9a86ebf3c5dd0d46034673601da2ee4
SHA512 316ffdefb87481f727b2d75a6a2a3c768b26f65f828e290e862f51c2de52aa92cd39dd8fbe4d3ea6fb90ae5f3c07081eb64c379cd13c3f15c50925143b4098b8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000a5

MD5 cbdf5d866f6af55abd2c0b1ec1f6e851
SHA1 5f4463569d745420cef5ffd194a97e6ee49f4423
SHA256 c3345d061c2f8dcde67d6ebb1f86eac317ba41053e7bec35e55f2f48a1d6b5cb
SHA512 0f0d6e6d353360ace1817a94d9b58d1801669232a46dcf506b153760f91d0529271ffc2e33704fb3a3cb4b83dd76464ba0fa756161da5d84e46fa9871bf53a26

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000a7

MD5 e40f4473774abfb64dbb130b9a8c28c5
SHA1 a81110958fe37cf62b66505c50ab64b8c4aef5b0
SHA256 62c0892fcb75a5970ac213f333220014866f107829c4d0e2ba8653812401a348
SHA512 1da8e7510bf40a06cfb363dca037fd4dff5da3d484d5a273c6c31dafbd8b7025fb8c8a434675a042b16a72e6650d01acf1aa0faf68b2c671e4950dee576f2e96

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000bb

MD5 bee3ac4a8b5d2df4674ed39d4ed70ff4
SHA1 4e25933753764a8295ffe63842fc623c8a7f3b99
SHA256 e9c8f34ef798cc97a059e7c691862f6b28e95be1237fadb3b0385110ce669d3a
SHA512 ab6267e0c6d2025ab156331ffb108218a4f5aeca58d5aeeb51e335b7f546c6a5a0452c809e83d19f409573437bb49f12864f3b53f4fe5cd8c4a3330c93c11e72

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000ba

MD5 d84c2ee41abb7110fceca8729cec1dcc
SHA1 f62f9b4dd95fa41e0250e49c37952f12a6089e9f
SHA256 3d6b1c71eaf8d198c37002c8ce7c5f47ec23390edba849607b36fd9f5a8a0b9c
SHA512 3008086570c5d07775b0aa56b2ff4bd520307f2f107c676086fe862c78924b18bb8f94cd57e96bb587a1409baa74dfbf5ecef2202a29006dc9f31c2439e808ea

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000b3

MD5 838f86891ebcf2117ff5accdcc9aeb0c
SHA1 aff21f09cf5ec2e23ad50483a1638e1c7459acee
SHA256 c508f355d72eaca5d12705866da7c20fc5ce24944747abfd44d91d750c63fd15
SHA512 18eb2b5e2a40e145252a6da05e5bab9e640b18fc575a411fb3bca8e122b61cd8a9f28dafc1eb20fefebd998da4a4e875900779483be0a5a6a8528df5bab82642

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000b7

MD5 908a640e6d650a4a2602804d25d837bb
SHA1 b0f994bbab5e3500482b9bd258eced5524d38b7e
SHA256 ed09234ead34681473cefdf84f280cf3797fdeaaef0e931af5849f444063ed2e
SHA512 72154c9052125f7890e77d167f69e747fb00a247240f279069fb1af0f5c9d6e008aa750a11844ed1b83548082650ad1ca8ff25af9f4fd3fcca58b3af83ba529c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000b9

MD5 f561e44e67c51675b516412fb53b7307
SHA1 0ac359652f0766d4aab8bd38a95a887ee0f7aaf8
SHA256 73f6a8bf95a1cdd2ed30df83f5bb8e84f547b8b8b2943550179475ac2522deaa
SHA512 20272748d55caf6ad9818d7d9e8c146e1f985b94166839ae44093a7ac601a37b2c0c605f5bb40bc4b020176c68825ecd3f75277d085cc3ca1d9b6af2d69fb13f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000b6

MD5 3b4741485dae3f24e5260f8294f7e0f7
SHA1 5b0f2bf225442e1804ba7b8b958d8c88b7e59a13
SHA256 39bec4c6c2bd232ea670270aac309a8702a11956724cd47d76c978c5e0da6b77
SHA512 7f0b8171dc51ede4f77ac8df320b67ba3a46c3094b3164f2e98174c6d8de7f5fc1aee834818f310a7f0063cc256a33dbda66517d4b8623eb893fc9a93e3279a0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000b2

MD5 ffa859d7ece517adddec801fc9447d04
SHA1 572954607d5610b8989cf146940a4450ab8fc8db
SHA256 8a8d793cc6459a9553073548816fdfcdc3adbd6a7d1ab2ba58d947f5623030d1
SHA512 649444bd949928c7c1b3943465c5d0a9a79a69654fbc63875d74b3da4076f75aea01171d7a4982c29cad8eb8ce2de6cc0c724e87058c9f0370bffe440131cf18

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000b1

MD5 0c54ebff84401dd9fa38498379276fee
SHA1 1583ce86f3760716b8a89b5400450a32f6f802c2
SHA256 ead27df6821ff9c411e0b8cd48698cfb62ca6bd9abc3fb7771cea100913b103c
SHA512 f7b5c5e4a7ee2112ee49d25ac99ac1f789527e37814dc8b6aba27296af7028a3f0d513fd87f68e668b962cc215c0e0ff7a95a19a24fcd5f9e9bec721741493ac

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000b8

MD5 468cb4943d8d7df01c1d557eddd74c43
SHA1 1ce7662592bea29274b87766ec4d9564ce445140
SHA256 43336f231553e5f6b422482054f5e16b0e0530a21662cc8cdda0d59377f9c848
SHA512 268fb4aeeb95f4571d8f0b05e94c3845f23b7f62348e2cb8a94450d90fc64f43ce63a02fd6a46e45499edbc86d896379f0a0661ec6ffb2ac1414ae0674fac51f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000b5

MD5 12b099ee1befefc0dc5ab7c8eb6b29ed
SHA1 3988abf932e8fc60071240d01649513d60c9d6d8
SHA256 109284ae4c91fead8ad63b385f1f37ae84f4b33e75b30139d98a3b99915662b5
SHA512 6b14a7fac6d3229cd036d410c98ea43d6149c6a5541f24c44634a3746b7b308f58bae7ab669c112d200b78da27e222c47feb10f27b642e95cb59978028b999f1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000b4

MD5 5494451f9a2990667f319e5c87312fd1
SHA1 5124db43357ac3496689df3aabae2207c012df7e
SHA256 1c640cf9d762a203f97f93e5df19ced12867037959953b84afc471cf3b4e73ae
SHA512 b902e174872c29735117eba2031e02ed28d7ffa27926e715a3efd6d7627b058a9bfea04721036a0aa1526df40dfb6fd4c09f448e8eefb1456c65175ab27d5814

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000b0

MD5 5100d400380e4a1d43e37c642bf37f65
SHA1 815e07556a963ca4d2df1c43baf6448a418da6e8
SHA256 5df0d68b1d7d0b52838dccbe16ef5095305d7f767708a4023356a509e8ea6314
SHA512 ec73804d5c23f8d122dc73cf3892c94c7bb21ddc868d3e33f4dfe09c50962c0768a5ba05fb550b145e4c7feaec86ca3d25cfa420020546444aa3324bda5ca39c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000af

MD5 f661305c596edf399236b6f9c0a78481
SHA1 60a66df8b172c92df5acac4affd14490cecfc38e
SHA256 a96362e5922ab1f4a1344fe9348ba42c096f4b19a23dc2d4e70bebda7dae7aee
SHA512 c867f36984998e6f5b3482da1162a22168e2983ef1fe5522f94ac6ea9c758524ae081c7b6f0ddcc089bcc25b45f9c455a76a8129bf2924b3e9d3887e4b1e81ad

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000ae

MD5 97d700cdeeb48150f5356ded3e7894ee
SHA1 d4e7278e0c3f4bca6a7722ee82ee3dc8b0ed6362
SHA256 5e7526b51f50e03a58af53c03400e5b01b579d76d326788f70a89612be118220
SHA512 9e1aec34410f78599d32f7ae360ccf6fce965dbe365c8f1e115e5c720ac29785afa864b03692ccfc56ff3a11ea41d7a13d8302f4c0612e46fda71e1b98bbc2a4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000ad

MD5 0c6cf7ff6331f151f576535ee90b3226
SHA1 a7976d79671cfa7be3eee96487cc1afe0aeb620f
SHA256 53d2fb53f82fdd59bf95701ef0e815956b6138b4b6c7a4bf547249ca81b304d4
SHA512 9937ef4a7332984bd6e0bb2498999cb5721daadd815f05be8bc37ded8fc27b44a529b02e1ab1624a4a2c260491378d88868a19551caf734834cdee454657ce6b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000ac

MD5 d4200e94f53c52800602c3d34d7d9880
SHA1 d0afa73e085259449d696973dad2f7a23f5a7671
SHA256 e4c5e10758244e5cebba4cce5264c1c4acfce97d2117d66cc994bf9d0bc79b93
SHA512 c1c804ffa72068d21ec8425a67a9b766db5a55ccf98407ec0be6ac291435a70ea09a9e9f9e6517f6b77dd171003d1d4ab2743c46b0cb46707f7b1743bdbc90f8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000ab

MD5 1ae327b0ac981154bc5db89b7559fd07
SHA1 dc22ab4b626f98c1426beb66e7724882214ec411
SHA256 162048186cc782459b762a834b08ea5d0cc17453eea41bdcce65fa0aa5fd2634
SHA512 93bedcb6c7050f252b15bc520a8781819d3040af0c5c02860819fdb8311c3841d25c774807085380bc120eff97a35c7d56ebde32dd45d85481422c4fdfe27a88

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3bb6bdbd6fb6bdf070e9839595b4719d
SHA1 07f345fef872ce79a86160c5547114644a8ab630
SHA256 b1902ac6de68b1a9010b38c71d834c2e1fc909a183c970c0db0ba033a4d55b75
SHA512 7f91a2ea8724379e69e0f33b422feab47014c41f4cfd88685222fb446edbc6402f5b0aee449898125a6d51b169eb39c5c70c33e31ff2c3e8608831173c7672bb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 22123f54fa1a771b395371997bf2da94
SHA1 0fd77714e537939ab87ce697105124dee28df50d
SHA256 3b7a21504770ba6318bd086043ca85b9dd9380e05491625ed49e42813864bf00
SHA512 77e56ef7396f7f63e52a678d1371f67daf11345b01638238cf30e11c63b6e306837c656a04a3bb431c6cba06418a51afc79e82311d098a2feeec851db11c3380

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000c1

MD5 19ba59d39a1e72e2791945edb2320ff8
SHA1 b3ed86499fbd06f307e7586761d0980c9e90978f
SHA256 195dfca1061ceb28d6eebe74e68b0c6c24773b06fbca5da5b03418d19bfaf896
SHA512 dbc1663013a2a4a5bc77a740e76bfc3efbd3f0e84a3c0cbdbe6a23e4dcd532b5d308567544dad35a35854b524d72e99ed296651fee5dd15b87fc3a739a0ccbf2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000c2

MD5 6ed0713b74187117344ee8a1e77f874c
SHA1 95f0872b4809ec29d9e948f314a2e973fe74ff13
SHA256 9004cbbd7d54e6b0cb5f19e364851c3f87bebad2ac8ad9cc394f615ba0e4d728
SHA512 a3a25fa0bbf54f9044d817a17e352e10084860117b4c786c978dd4894cf17c6f83ca754296e79f2b73d15f9a4a162813a1c30304561a577e75623a012e855a17

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b027ed94b46b0a6aaa33431f2f181444
SHA1 bde28330d047f60806585f162777b949de0d72ec
SHA256 2bed2a99676fb2b9519f809504135c6c1cc6f6b9bcad2189d6f866f6ed958ee0
SHA512 21a804b67826254a76164af8b1197f3e9f209df8644065ae2dad903902d87b04119409a056ab17593c2647c14382e790e2b9591f221195f4ec04db8c20693014

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 ba2668a8ccc55bb628648abed2866ad6
SHA1 932d86a3b347ef861267030a7a14fdc5b358322a
SHA256 d5afe7b47cc5904c88b1385e4247b963e2541f96248aad6cc61a1fd8b988e9a5
SHA512 c517a10431076d57c6ba5ee5cceeb6402b76d2cf5bc2650d006d6a27770f98b41bfc20861cf80eedf5bc85b5ce03b4c6e28fdccefc4f886dc9de64dbd8901899

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 76808026354d12ed3df626529ed28ada
SHA1 76fcbfe016a0721c70e53bcfb96627bff49adbad
SHA256 b911ff42573d9833779c74cb5484024742e47cb0e5d62a03499d7f1d03adc2a2
SHA512 cae85832c026ec174e1df594e3b5984b10d7f08cbdc7f539705e56195db9368db6701ddcceb3589d1b4f7e6ff35f4e9738ec976e9d702c70178fb552ccc248f2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1fd829f0b9679023e6587be10b40f9be
SHA1 410046ee0dacec3dfaec1750b70c4f60dccd8a46
SHA256 520ec6e7eef98136e20b90ac671fb7ed28de82de97d7c68c84007ecb991903a3
SHA512 27536e6249ebb2604daeb295d6f2c0bd9c81d1e77448aaa495b8ab705aaa196e88d6e9f0bcfa502dd96f651c456b874aaf0a6c29b9ad4f16d0523a0ed674c13c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000f5

MD5 b275fa8d2d2d768231289d114f48e35f
SHA1 bb96003ff86bd9dedbd2976b1916d87ac6402073
SHA256 1b36ed5c122ad5b79b8cc8455e434ce481e2c0faab6a82726910e60807f178a1
SHA512 d28918346e3fda06cd1e1c5c43d81805b66188a83e8ffcab7c8b19fe695c9ca5e05c7b9808599966df3c4cd81e73728189a131789c94df93c5b2500ce8ec8811

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000f4

MD5 c813a1b87f1651d642cdcad5fca7a7d8
SHA1 0e6628997674a7dfbeb321b59a6e829d0c2f4478
SHA256 df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3
SHA512 af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 4bfcaaae3a318c6bafdab3ac63d42406
SHA1 278c8fec241c2a83b53303960efd3541f3e597ea
SHA256 04d8ab932de88cfa10175ca062153e7bc3247ef6387b9c1780327d2b65ca55c3
SHA512 01ceb69e128983de70103dc363e3d784e84d3eafb8c2ba3cb9fa0a6ace05d9ccf55b95ed0bf7e2fbdc65fbbd03f154ed43de369157ff5bc91094933fe07cda5d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6d3c2cb5684031e56b32eb119b9ee3ab
SHA1 3a667ff9a15e25bb6c0f85b9b9d963747773ef76
SHA256 4841a65b4ebf4c49d703977f0bf95cf33662fed7fe249d375dd5cebb2cea4ffa
SHA512 b778a9a8b3fe354500a53efcc514ec503a665023007b62f6ed2b8172b0152bf4b03478b855825ce457392a943c8ebba943e22c27cf842f7afabd408d6031fa11

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000f3

MD5 0d89f546ebdd5c3eaa275ff1f898174a
SHA1 339ab928a1a5699b3b0c74087baa3ea08ecd59f5
SHA256 939eb90252495d3af66d9ec34c799a5f1b0fc10422a150cf57fc0cd302865a3e
SHA512 26edc1659325b1c5cf6e3f3cd9a38cd696f67c4a7c2d91a5839e8dcbb64c4f8e9ce3222e0f69d860d088c4be01b69da676bdc4517de141f8b551774909c30690

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000f7

MD5 1bd4ae71ef8e69ad4b5ffd8dc7d2dcb5
SHA1 6dd8803e59949c985d6a9df2f26c833041a5178c
SHA256 af18b3681e8e2a1e8dc34c2aa60530dc8d8a9258c4d562cbe20c898d5de98725
SHA512 b3ff083b669aca75549396250e05344ba2f1c021468589f2bd6f1b977b7f11df00f958bbbd22f07708b5d30d0260f39d8de57e75382b3ab8e78a2c41ef428863

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000f6

MD5 226541550a51911c375216f718493f65
SHA1 f6e608468401f9384cabdef45ca19e2afacc84bd
SHA256 caecff4179910ce0ff470f9fa9eb4349e8fb717fa1432cf19987450a4e1ef4a5
SHA512 2947b309f15e0e321beb9506861883fde8391c6f6140178c7e6ee7750d6418266360c335477cae0b067a6a6d86935ec5f7acdfdacc9edffa8b04ec71be210516

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 5a91af25779841505064e41c74f1218e
SHA1 a4a5317e79f3eb735a63c8485982d6e6bb5ce8a5
SHA256 9b96bb1f0d6b3710e7ce3a1402ba3bb0b63042a336d2779e021a770e00a293bb
SHA512 89535d180096db3cbaefa5a751cf83226da672cde99bbb5c5123f83e792ee56980714ff668c6a6f69d1028dce99f990b47eedd63ca6dc15766e7268d427be723

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b1fd194c1f95e0c18c49e507535ade18
SHA1 fb3137ede06ee57019f0ffc27b38f538a03859b5
SHA256 4dae09cf37a45730257839d81eb549bf8028c88e5b963d3b44965f0ebfbc1831
SHA512 b82d8a19b31e147670ca65e1cebb4f571d8d206f014f9ae71bce2ad6a7e5a9c54ce46c8fb2f6ac58d2b79f8f911f977bf0ee7ce440cbd7f2beb9a678b06364e2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000108

MD5 914f6154623fb86bbc0aae5b80718394
SHA1 2eb8ef1eb2c13fa81ad70c8dbbbebd3fcb2d201b
SHA256 55c16fb463bba8eba8f37d859cf9719c10b68e0854b6e6c0cb24d642e8374a86
SHA512 ffb7aa18b5a92198c84cd283662aa19a65a05e54a66ad79d3aab9ef7cf31a4fc8375190822c9d2dd32cbfeac677d47b874045944f4b7d55ed089fe8af79ea2fb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000f8

MD5 8b06b747bf45671dbbfd53cdf42b39b7
SHA1 036ab57ac56e3e82e24d25b1e8fc3da0e758dff5
SHA256 77b7ba43678eb41699aadb083add7958be7f1a7d3bdeca68e356ce734bebb623
SHA512 d8545ae12e2ee9da79e099d02e94b227e79bd7d4b79ebb65fae983c68b1234d3556951805a659876e184db92c8575512e84fa850ff2f2f90bf93e8eb17aa7b32

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 188c1843ec77b84646df3637ce01677e
SHA1 5b80642a085922cf7433ba9115dfc6d5e4524751
SHA256 313312e655c8117120675a824c379d5b8a491f9ada4cd16deacd5f1d448f25a4
SHA512 8d854f69313f697d698be4be30b24ad7adb34bab152117263b9659eb205d3a42d82056b6d81c92f5efe01e892baf3424330c2f12407bd402c7005b299cf82745

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d7f3c68dc65a3b4558b32307e24ea4ce
SHA1 7e2814d94bd287fa6191d8c9bc7dd72d5bb45751
SHA256 c02f341faf86d864a4d1f4434f9b73bd1358c931f1f79370619785165393b2f1
SHA512 16b6da04773071e4c219b83e35e48fe4cad8c09be2c14b6ffc9eb4340c13e91ea64052707ef21ee17780543efe8fd1cf3e5bb1ea2ae4964b56ead91c83d4a09e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\45a16ff6d0d9ab5f_0

MD5 7dcb081a203ddc3c5eecea68481bdac9
SHA1 ec4aa6fd624e3a704531d4b9c61b0004b33718a8
SHA256 3128803c051db6c1d16e591a9e67bd11cde24947ce21c46638a8a7ee62698179
SHA512 cd41bd8be0988e0ce357261f2ea9c04beced02434469542e5775d33c9ba27b62dec8ce1906e717b3d45509c284e6c45c96266e3702a73ba09d0a1fe71bb65e79

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\53ac5abc87e80789_0

MD5 9c55c987c0784f74cda1516f91aff47b
SHA1 42d967559aa03d3f07a9332a2425824727575747
SHA256 6e6130a6e68979ae8c55d82e4e639c04a7a41c8c89a69df7757918c68a88917a
SHA512 ef8262c1ca05c0df2521fabd3adaa00bb60a302485e2045d95152e9d85a3067785ff7629e7691201de02ee7f3949f35946162ca2e2b3f02f68b6393e48e3dcf9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\be6d12311ce2b399_0

MD5 20d68ab013f734210e52827f729ad8cd
SHA1 d77906a5fd0f401238f47e9b642c99f6d3352ad3
SHA256 a486849c3ad81bfc80b5f359b1d0b479c370191287b94361e0ebb6e638cb2d65
SHA512 160eb0ca466f27c59806437fae3276919851b65b0ecbe3f2d2630546c00b70c84f71d7243dc3090b18956898542375fc707438f70e64eeb26453ad0eabecae21

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\25c90b4fb1c6ef85_0

MD5 2d0be76cb8ae35019c6bc9c3fce230d8
SHA1 6147843936dbb2a40842dcb90deaa57bef9d3edf
SHA256 bc4826f22c72d36b9a729af5354604dddb9f0db6bb2fb2128a6fa1e4c8fc4360
SHA512 6bba40c09367ab5855ece5f6bf6e1979ceaa76640e831e24a93c913b1fa3a9d3867a2eff76b591d0da706c95ee3420e53586f674a7794acbf1c78705590d01c8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e55f0a6d1b533c66_0

MD5 66b8239b454e795e5e2094f84ef0c501
SHA1 8d0cb1c1481b371a9614fd6393dc8501f3ec00ae
SHA256 b1904f66ae24d8b73ac3571d223ca03ff43aa1f1267d6fb2384620dad9319731
SHA512 cf8799060a1dc7876e29f8307257baf1dcdd2a2ef7d88072bb6666a7deeb8baa5852ff378c727ffee4af25c00fc89741ca4457934729a29b1350be130046f59f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e239929a95f56ab5_0

MD5 d1bfc4f62bfbde36ab143325812b9129
SHA1 4e6c16d3399974692a76d416b6cad3210132473a
SHA256 d09f0dee48f469d79ecc3d56459b8ef180012e25ec3e8c357316367e883057a4
SHA512 7ce496c984088dd7665c00b1b202a20cb44908cc83055b57e03376dde9201b947bdde528ad39c16e59ae0482a4bcc96813c360073589fcca25974877f947481f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d45aae6d8d9c9ff2_0

MD5 5259c654161677a43af7612fa16dd49e
SHA1 9558616b4353825b4d0da448e77992440d08e76b
SHA256 54e1df2e1e87f1c8220397ce2099191a9a10d16145358e2bef8dd94c7da5948c
SHA512 dccd7f3e07ab6ebc0424469682d2ee85bcb438bc3c6d865fb1780ea31605795e1dec0d6d77568928260d6aa5cb5de68933e0c8caf9cbf2f6d479fd7865afa5c0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\78bc646c0524ce58_0

MD5 dade2a34f607e80d44d76ae7683c8e93
SHA1 60bc053baad809f7d32bdfb4afe0860489b4d828
SHA256 61a80dec17daabfb5e376c9bf8f38b8ce82018d0597ccbad15ebb779061eb398
SHA512 00a826ad9c7ad4ddec7f3b5d690d34cc21872489882f80c954c3aed120c0a6a25f9e62156ea219be9d354909cf3d494fa56ab2a76d436e509928ebfadb1f06bb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ecd7b5fa78384dbceacc85534f3b3aa5
SHA1 5d4142cc6447115aa442a99cc480494d3e70ca8b
SHA256 e0b948e69971495e18d25072ec38747d9128424f107bd029ae9069fd98d18347
SHA512 ddcdc82ccbf353c6be03fbc5a896c6871a4aedcd3d54d6158f93193b5ef4329f489015a6c395daa61517320c5b933dd76ea84cf8e171c6e2c96e110cb7d4afd3

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 e4e9cac9994f52eb7d7139668e0a9891
SHA1 230c4e5987c7e4a8cd6b3f5a0a64487737026ecf
SHA256 6334723bb4d5597e6ee8f1f8524541ec62446d90aef5c7509ae9d9887ded2be6
SHA512 eabfab6e8efffec751449e77da775b63bbce508a9b22a04ded7ec06d5f544eddb06190f37c500799283a50ad369809997d51c647e8f01d15f986b764f35888df

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 754837d37e2ab5de6b4fa9e9fbdebe51
SHA1 1aa7294b2b24bdcf10422164b91dd484f8bccaac
SHA256 eaec34e1b6e11c78dfa5f1694832e0e4bbdb376b402219cde20950bd2392fde9
SHA512 4fdb3ce42584ed1dac3ef955464e74025f25a6d1a5027f8594832fe0a80c7cc9aa33899e0268acae50cb48b9ad812ffd0deb9d9e6f1f9cd81fb540b08b624983

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3f139f229e6f0497_0

MD5 11810922bc781024af12889df85835ea
SHA1 34f755d6b69ddd435b4341fa6842d91f43a8f5f3
SHA256 f35352167211f8ad370b047fffe1853d649a3556af8efae3ce516620272238bc
SHA512 deed346c7d93a35d58d6bcf92c669354676f24c91f640bf97d1d6381f723fb47f8675009cd26d3c1561c944c4b4a074306180222b305e2f37f7100361af87c35

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c91c845c83814759_0

MD5 d51f881eab18bb470bb3b185d4987c20
SHA1 28a71b75f6a61c8e3c1bc7c0600a939011da6171
SHA256 1f743db35f939bfbbf33fa009b5f21bae4d5452aed7156074b3ffdbde40eaef8
SHA512 c582c7f0ea170b0f0c22a40f9cc9f3aa1216f509e0133cd58abb5d7d50857da4b915a10dc25620dc42bd93968d1d3d5fd78431d79b2633e8fc68a3d4d5bf1710

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0bbe00d9bf7b798e_0

MD5 9cd6fe05b110e473e238c00a54294db1
SHA1 52543195b5c88f64467d7018a4de82bbf603b705
SHA256 b5025821db9b6ff16b4d9a1550e7d8e77b27c4844ecb7c8cde2d80ffc6179937
SHA512 f799c20bcdcc9a8066b782e4bdf49bbb3ab0360a46d55cdd756f92ac96441ce8cd71fb44721fe31a3d9248a5ad945e52d532b48157989a9de589d07a80e347bd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\61a0b4d20ae0e222_0

MD5 657d7d1e0cc9f4a45a42c86b722ec57a
SHA1 185ceec0a563d6cc1582e33e69e0c49ffbf6b5ab
SHA256 d6bf03243e04dae45982cfb8b644485048905d9865a7ea98554ae303bf2c70ab
SHA512 5f2dd7a97fda369cb95c2a2e5c0b195db65fd526b8a8bda46f63d53264ddb9e53db9c09fa47e6b78c1489aa730aebfd819a852a45ef9c6f6e9f98524cfdb58ed

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7f9ea5d207f5efb4_0

MD5 82e339e64e690103562b5282719baaf1
SHA1 d84b4677e07a10ab5a987377fae54e65730d6305
SHA256 490e4b4e858aad209754e37ef1a3db4d0a4d995f45cff8641bb2f5e5878f8abf
SHA512 c587a4595c7bd1be4b733a8b15263b6102d0db17ecaf6c436ce849c0a953805ab466d3e4b319a19f08bfe387b461f0a7b6e81716cf7507d96ab33305d32890e3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\90d7d7591a1b39bb_0

MD5 c20cdc19ce963aa636529ef4a7f1b291
SHA1 491b374b5f646a5f48080249f0f713c00d4bcae8
SHA256 5793306c43d4e4764f968327531a4d27d298402faa6cb7c7d2b29e7308a35657
SHA512 c5e2bc43dcd61951c246d975a359ecf6fe131c2f6a8b2ecd67af8cb09fc4d7c329d633d1864b20d890a3f3e99d6f2755359551cae9d2b5ebfb54540597304b97

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3a4259a0181983ba_0

MD5 93008be68417e11047a3aacc0540dcab
SHA1 2a7503e29b2b19fbe1e43e976f0deeea36510c3e
SHA256 8e7da036451504836d16fc9cf96190917fd6735f05e11df5f62cc35327a2a3d5
SHA512 beff4b748c6ee535afaeb731dbe98017f3e5f53bc125aba5cd134f5c43eb9d34d49e7566123e854183880e67cfe5f3f20442493265bd41c398518dd37911071d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\782d018d3f59e184_0

MD5 efe7d2554d3ddad64783afbbf9ae3140
SHA1 a243dd55704488bceac5307dddd4367a025bf2d5
SHA256 bb76df1b9dcc3a29c6b81db431c6862e70e93162288ce4453e7dba2a58805eba
SHA512 7c8bcaa1e34cf66bf0530bb6b8752ec9750c05a5be7cad3d05e04fdd5d2f12b6aca051436b2afbe012234db6f181eb3218a31c7bb3df06426e0da8be7834df74

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\74b88724f60b0383_0

MD5 a20fd0d6e1d48ae1259f97f61c6a31aa
SHA1 1e032f9db8a761fd6a5e2073af1f7491fe8e60ea
SHA256 6b3ae9f7f9196f04d35b0b65f3213321c5f1443d8f38911bb1013d1b6ff4bae5
SHA512 09ef996dc67212f2175d9def8a72e279c2cd8901fad1f8d72c33c9c4c0ad39b5c350ab0b560cb4433c25076e67195a5954f0da1d13c58daed78c1934db496f72

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b1d693ac0f52716b_0

MD5 e5ebece7c5c3a0d9ede971fb4761e95d
SHA1 3486bf7042317e3ba469ea04555acd8dec2625bb
SHA256 ad35d13d3f88f15f0a01dd82b1be8c786d79ac3b2814a47c6b566b7dc593eca1
SHA512 cb88b2d9c6ca440bd25d1f21513411ff68456d267569f36ed8d8e63a76795345efbf213c2780e41fa728ba49dd3ea688186beab78d9008419ed66561ae55ae69

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5dd1e579c9681f95_0

MD5 e09de009b3a0f3ca400191300881f3fe
SHA1 eace3767c33fdb6eed70049b1585281b530467fa
SHA256 77ba3ee3790f3bc3c279d1dd4a61edb2a5ce83c6b901b8839b209d387c43be69
SHA512 0e27e93704b8dba9475eec0a4df53a368c509bf3ac78ad592c55d114f424ca0e50943beb20bd115a175b179e7c9b767d48b78b12f093b12aacd3eef91339b037

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e146fd968644d345_0

MD5 f5a6d5dce476e5fbf877ea307a3e89e9
SHA1 6974ea45d7c7d8bea95731666270e24f2dcfcbff
SHA256 5a89566aebccedddebf885551b642c6907993e673df54f788d522d2a92cd65d1
SHA512 be6e463642e6c57983a9f7b641a468f9755144eeb487a9a924a94436143551da1188a262b0d0c45aa9f51f69b918f36bd0472003b9d1eeb86d172d6357ddd33c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ca5bb3c84b908d6e_0

MD5 ace83a457019e337cb770e041d3c3aba
SHA1 8bd0c98eecc672b7d08f982fbb75f0c6fc145a4f
SHA256 fdd6cb9beea69e946f7100e4149e69439f22387ef8abc75c96d45dd4438afe6b
SHA512 f53929170999d1b5b76a1c8e2df0f9db89719d7e950ddc3d214d9358516029fb5031e4cb6862501db0ee08df106d9c1ff76d951ee56b523fa8ee2aeade63fd8b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\635e64b37935c888_0

MD5 ff1889d02355274e3d06602b383f013c
SHA1 18907f0448dc6d36878b3106a6b93913ffd72b6a
SHA256 f1a5709c2ce6d40916d7aed08cd8d13735089e377cd368b792b5b7eeb181e64b
SHA512 0ebb791976330cf82a8970e8986ff8dab2125e4c3b5edb0d2901a4d7ca3f6bc486b02942bb1cdc65b7c93be270b7aaa054344b86e687fb3fc33eba58e957e770

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5f1d94d5862e00f1_0

MD5 1820e40350b8e118f7257a1219cf1f3b
SHA1 59c792b9f4464ceef15581ce17cb1d540ff6e93c
SHA256 835ca48068d1f327f4bb3ee89493cc2ba84681105d1b36abb5e03ec1b591d346
SHA512 930d10b66ef3fe181a4eafd6334ef81c5ae79f672b02c5c9e4d611764a70afb6ce57b60c6d9183a92c7adace4acc63d8da2061fca8a61d5eb029dfe4df0ddf4b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6db290dce274a012_0

MD5 41d41c40e8b37513e57e8f6b2186259c
SHA1 e448336de0e805694f4c5c0117d6404b3279baa6
SHA256 b8d48357cdbb3b9a0e58a57581719df207e33016ec31d81efde067102955061f
SHA512 6772505ecdb41fdd820b9455b50b566717f7de7c2734bfd86810ac731ace8edab54c67d509a27dc6e508f0c76182bb9ca8c8e5d59d2f8202391a1fd640631b6d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8551150be49776f3_0

MD5 5aa1e2ee7d1d0b2224b77245388f08e6
SHA1 f1fd277331abae0305b42745aa636558bf8387e4
SHA256 bf79ca4d88168ced96221b70f9b98958ad9a779a3b82ffb6491b534ae4be5a84
SHA512 f53114396a04eeb90481270f5b777e80797c9b6ce966cab64bb1cfbc099f10ae01006ce7ec37e9de8df065574dc38b53cdfe95d4a11dc7fa399ef43e4974b450

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c211c9dc68f4bf01_0

MD5 8a55d560b6f647a91ec82cf7eef25487
SHA1 a693feb13788e78f0a5490289b7b84c4a53fefc4
SHA256 64107ffb32efb48a5940f5f72d8461e02cdc67ea50e024985c9a5b89d0cc2b47
SHA512 0a6ad8de423b8f8101b4af90910213f014bb1e785fc313ff1902d348bad726cf74f1dc9b3401aacae922b4ee7ece0baa7221baa6ffad44e733fa856cfb8a406e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4e9b18b0f66a7183_0

MD5 10aacd7c5f8aa053fb2a369a22c02462
SHA1 c0d60c9e74ecaae085c6f580fe73f10f2c68909b
SHA256 93970545cf233f3b0ce89ec7bc0644e713e239428a7d117820eaedcd9391b0b5
SHA512 d5980ca546624c6de0750f9322629d06030ae6363f94efbaa519f4cc4ca0e1384fd57e67a6eb6c17fb519dd25a1d146c43097fd776f9bf90eb710529d3b16685

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7eb3a5f164f57242_0

MD5 ffa1d4e765d44f679227de517720f303
SHA1 5210f3fb2b76df9988e6c699bc37c9e290e90213
SHA256 7f95251fa3eed114e37c967c1ef284734c44f0f791453938e6a591c9c8ddfb3a
SHA512 d5d5a4a6d4d5ab84b6d2e94f83d59b2b7a0882d6de0a7bcf7a85ca7af4952066587789102b0fab2dc696fe9891f0e5a078d8bea1ad255c32cbdf7a3651c2b97b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c8d24c1d75137023_0

MD5 37188bdbb3fbb297c7b2e19542195afe
SHA1 548d2d693671b72d2c744342ad6b698a1f103bd3
SHA256 ce2e810552676c49761799d1291475368f9eeaeb4b128d746656d80638402ddc
SHA512 2178cab44fd4dbde551057b7f942931fb69ce73f313c39fe93bdd746ed3cb44be6640b3e880dd63f7fd75e5442795e38bd3c8f7e39609cefc1ae7aab7faa352a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4ff4b179c1c05fed_0

MD5 046549ad8f4d17c3e0ae6ff948eaf218
SHA1 5ccf4e913c8d86ad7fd1ddf45757ab4083ce5632
SHA256 16577d6ce4de78dd72e372bd33d44939a4cc8146b1c40bd63a5afa2f1feb4b67
SHA512 a6d008113af4993e52afa67c1d0219b3927ddbbf42acb543064800c28f0f38597115a2f9a4cdfd3d2d0fb5fa66f1267453a7dbfb54a48e800a6ec0268ac0acb7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 37a403bf33aec1ff980a1126fde1553e
SHA1 b76a5e9751eca10f357c76c81d612d0529c68b93
SHA256 64d7aab8de2a222a5836ba1a4b39d5084b59ca6c43ee2546088578e197890144
SHA512 90675a1e1ae8f7bd2726ae4518537dd8728c61f6fe20187033ec6ab6e955075f4772ba29ea912c72a3ab5f0bc1313e8ca49ca6443c80718b9d147f8a4cbbc672

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d6a6eb60ef3d5082f5ffaa220b98ea85
SHA1 7011453622c3e7f3f0ad3dd3ed1753c6cea633ae
SHA256 82a1cc834e3da868387769e44ef1da1d8cdc202695db730c040424428e3d1fb9
SHA512 6916445c92956f8e0e00f32c8d23914c17122b2018520fd524044640e39d268f95bd12807dcd65072a197ea87bb85d8e745e7a674289be08cfa68faf387e8803

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 39eca0437264e754dc4328215b47e9b8
SHA1 2b4957ccdf49dbbf9166bc7d58aa35ae83d7210b
SHA256 b46ae8383a5d0768412dd1c3b8c476714c4ec5309570ced16d53c102e9b5305a
SHA512 7e926266ab53dae35427340ab03c2a4d45f14f496374ade151eec03e14c1e9ac5cbd1264fdfaa25f3e0c29b8672d4eca1b620b68479e6bcbb151fb05df58f3a4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8a5f14803e3467515963370bead59847
SHA1 fa705ce5df746c7cc9c82e783fb0b8352ed7fbab
SHA256 113d911dea7b317341a661d81ef13e3d9d7253c08c6967fa07c7e5980cf71952
SHA512 80a845e33ab31bdf9423c2d381935b07832c33dea90594cc99e914789018276e6692051a2782137ad2df5e843bdcd4f684851114c605cf5a99ed1b44f6aca4f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 2e8e2dc8686969ec63701f8568f9bc0e
SHA1 f5e7f62eb1d81d78a3fcced7942f095e2a656f45
SHA256 f964ce065836b4a9735ae5fd546cd0e3c74a7471bdad200ba6ff095a10939192
SHA512 b02be34eed5d48e124137035ab135512e44b81b881f3c28f4762c01665fdc2532ed70dccc2fe78e5d4b9fac1c0356a8005614e669d948552ac6a096615e84158

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 7edd5999ebe4a92fed33b126e09873ea
SHA1 66689acae0b3d9dd705875ea6e68bcf0098ba068
SHA256 c8c79c04da99166d1bd4777f7186ddc2494912b2c2a1967aaa5e972882121f0a
SHA512 dc53452a2194120add791ba9472135844012c4123a28e0d1bc0617a20e5bce480b17f6cdad006cd5933e64e9a4d32bd4f259319afec3fb560d195faffac0d843

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 72834688459f9f78bd6b4c62cd39efd1
SHA1 e128608a97807d678446dbba85c65ee8e4609100
SHA256 d64ca5a2ff383d0e89145f7c20550ba5e74ac7695e0340acae27cd4a25100acb
SHA512 60db4b74c3f64996ab4fea59d9216f3eb70c2576ba9a138394105f3bab3eb5b1b9495814fa6eee4f8845d89988f902d7b2dd5ffb75c34ca9fd60527808680917

C:\Users\Admin\AppData\Local\Temp\46b6bca8-768e-48ae-a631-72433f42f968.tmp

MD5 5058f1af8388633f609cadb75a75dc9d
SHA1 3a52ce780950d4d969792a2559cd519d7ee8c727
SHA256 cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA512 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

C:\Users\Admin\AppData\Local\Temp\scoped_dir6840_1337124286\ad55f00c-3c7a-4d54-aeba-51abbf8ca690.tmp

MD5 da75bb05d10acc967eecaac040d3d733
SHA1 95c08e067df713af8992db113f7e9aec84f17181
SHA256 33ae9b8f06dc777bb1a65a6ba6c3f2a01b25cd1afc291426b46d1df27ea6e7e2
SHA512 56533de53872f023809a20d1ea8532cdc2260d40b05c5a7012c8e61576ff092f006a197f759c92c6b8c429eeec4bb542073b491ddcfd5b22cd4ecbe1a8a7c6ef

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 c7a94def13f90561f8e7091d68f58abe
SHA1 f3164f8767a13bdbc0e30160807792aa3db326fa
SHA256 3f05aba941867dd5a90671038574cccf816acc8bc8dadb67b19ca0d1e3e19ef8
SHA512 b0382104ce0830cf09f3606e0e2e84af437c2c22ed980487e26d92bbecbfb2e2fa76b3aac9c28908c8a67cda8a065459e72ef66013a5952aacd6251de0f02714

C:\Users\Admin\AppData\Local\Temp\scoped_dir6840_1337124286\CRX_INSTALL\_locales\en_CA\messages.json

MD5 558659936250e03cc14b60ebf648aa09
SHA1 32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825
SHA256 2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b
SHA512 1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\dasherSettingSchema.json

MD5 4ec1df2da46182103d2ffc3b92d20ca5
SHA1 fb9d1ba3710cf31a87165317c6edc110e98994ce
SHA256 6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6
SHA512 939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\_locales\en_CA\messages.json

MD5 07ffbe5f24ca348723ff8c6c488abfb8
SHA1 6dc2851e39b2ee38f88cf5c35a90171dbea5b690
SHA256 6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c
SHA512 7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

MD5 d29377ef279c5a94c29a9ef9774d0b58
SHA1 1ddc19d1240147ea59ac1c6c56e0de1cc71fd14d
SHA256 43166632d0526682febb2c8d630263689d5a0ecc2c03e9259639b4f547929c71
SHA512 321ebce1d669d74a4b039d338a93c49c44a93b540368312cc75aec84f566dfb43b192b28bb05ae186748c182f95c1a81d8f0afdda910c0f6c3d9b49b0995bff2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4c29489afba907cf100e4b2854fd8e28
SHA1 5d2835922ca7a2aabec7dfcde21bbb13f45775cf
SHA256 322100a2b81108a6b6b87e82af2ea7b4a95befe8c5bca704fb0f4b1e2ec183ab
SHA512 b0a7c649c1ce4e4444031523f0e9accd621ef633339f90bb324c92ea4176bb67af317cfc9c66ab9c765d1f91fe604fc28850d2938ea0330a157971048b89506c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 46f307a8bf8016267d79565a671d1ec4
SHA1 96439b793ffed5da6f69b22c1ce2402286f56746
SHA256 0a7ea5f6cdcd9039b35d6fedd23a14cad61ed993d8fb6ab9d13c5fb2d58ed46b
SHA512 07da0d41b2e74645513ba07f9993ba258ccc14b1fe01996119a28d7bdf7498d98a3cd1e323a3a34693fda08bb757de0b12260e5229e4965d2615ef17346d5149

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 e1eb9bd0f4d7c64bb66f15a34278212e
SHA1 fc873084fa9ebc34ddec92284d44da92f3dbfb9b
SHA256 53e2eb6cf87ab9a503843357a7f13d5cc72bec803cbe02c34e592aa828c65e28
SHA512 dbd850d98bbeeb6b2b19e2cf07e2bb3c173dc13352229e36ade1cd340f6f90c033a408bea9409eee7841d9980e44fe24bd486b5daf4882e416b6450da1385c3a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 d2633c9dfeaec39df1adb1ab47a6bf2e
SHA1 f4b8a4fe40fe547af9317854d2a9210bcf81fc9b
SHA256 d3250274270d4ddbee5257d02218ced2beac13efc24f85be951100737e2c5ac2
SHA512 9b5f9c7e041315ceab3f5dc8af51a0dc849094de23b4a75cb24001fa478b05a5f5cd89c27217a1edad9996bd25ea6d970f296ad9610a463c16d3ea0c560e0711

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2fc2cb60a88ade7816902920199ef0bf
SHA1 526b309f96c0609b77b65298bdc704483cca4dad
SHA256 05005f17c9e9f28a07d9329f3881a3165e0a8e5bbfff4824d7c69cf4cf27e280
SHA512 b74683a8ecd29b10299f55dd1b13f2b50e9ba1a8e878ec0c3c02463a4d4f8e2db7d199e85c3b37e454276ce6ba68ef0c7f40547566f78842f276a2e6741b7453

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 673586bd899d95f1e2fe7b0931f00729
SHA1 8c5aab281da8dd4b224e26af20f1546b54da6212
SHA256 8da8e92df02260392a4d4329da7f777e46ee95190e67e0222ed9bbdc1bc39fd1
SHA512 2fc2a0b0ac0ce893222125602b1d528c826256f6fba9b3791fd2f511d1f708615dc569414570cfdf0d2b64c93e414f26218079220a3f92be4d8b9316b197ac83

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003a

MD5 e579aca9a74ae76669750d8879e16bf3
SHA1 0b8f462b46ec2b2dbaa728bea79d611411bae752
SHA256 6e51c7866705bf0098febfaf05cf4652f96e69ac806c837bfb1199b6e21e6aaf
SHA512 df22f1dff74631bc14433499d1f61609de71e425410067fd08ec193d100b70d98672228906081c309a06bcba03c097ace885240a3ce71e0da4fdb8a022fc9640

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7b2a329c00556a9b3459ba3f7c506d88
SHA1 16f15cc2c439bd6b4c265da71d0541051d08091a
SHA256 4a177d3856c1a7faa0ef478c7ce68a66c3817e1338c0951daa1ed3805ac87b0a
SHA512 4202fc2dd534db830461e5de43507549fe6caf0014f09250ddd8fb18c65c48b1f55883d983d53e2b2a888e9d5390ae65445fb6487cb8bb7d46490705d75699ce

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 3f15a80bd03fd4ac6eb5ccda51a70745
SHA1 d44490b66a55d5087268a8abd896fed94aae741a
SHA256 df2c345aff76e4e3f673e9d30fd50f1507a001af8888673b66437f2ca800da25
SHA512 3d46d60262e46e189d37de0b69473c272f981d4eab497a94cc8b6a6f46c54789165f9a8163436b3d4ca45b57fdd36da47beacf31f3233df854e3b02bc2597560

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5ed16c2f0897c35cf75c1080b89b3216
SHA1 d64c2d6511ff7e3ed150ace7972c147c2ae47f5a
SHA256 7798c01fb91dfd7c4df66f6ccc7e19afd803bc9cfb180c5beed8858627af1089
SHA512 5c31feae681bdfeb595a0545486bad9ea520c2064066ad9926a896709f36b4f84caa0e5e7c8a4b8d36a5c1f7d3a214a55e4e3117825edbffec11d532e52bdd44

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 815495c5b6d53491058fcf5851b51df2
SHA1 36d54d6379ba20eb81de6824d70b8eeb96b33bbd
SHA256 d9d994c470889c630b3d250ba34f4bf25ca581fa4f57bb9f09b064fe78c4ff08
SHA512 414464919284957363dbe58323b77b5a9dac97f61633fd2e1e659e6433019e7021130fa97823058aa3d4daffd57e33a66c487ef345bdc379134ab6e0c711045b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 1dd70577195ae3db5e0d3202812f69eb
SHA1 070db4564516518fe558c387c4bbb33e5f652083
SHA256 46fc7348cd3014caf846eda3c0dd7ee5802a0d69eb535c4e75bc41dd7b97aa3c
SHA512 ee286e4d527093edf65f477ddf3a640bf63720a6700e100735ebdea878b638f7c82f62bdd69d695abbb95df6fb0840eceaadbe4090bd03b7fedb8441ef309940

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 42f941f725163c6ed8ce03329fe2c1e7
SHA1 9a4c5d205d29bde482179fdf01b86dc908181d78
SHA256 85a3219bf4959c3a8e4bcb0068afbc0d355c13de3aa6cee3c282226de9e30c9c
SHA512 f736a54737767ab7a3f560cc4ad94b326a7e36ea22bcba0f3dceb44822790be95a256cb2358ed375ba9ce9e68b39316545a979e1667cb729e6884241fa88f67d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 fe0922bd03337ffc38391ddecc429b95
SHA1 63f90c43a0ef99c45d9981b3016a250b6327d7f2
SHA256 4ed0c6a3d36f9e4128bee8cd01a4e198f904646c016e8766d519742a9d462a68
SHA512 d0b566e9e25cdf120584d0a862c213fca47d3bf5f442f77e012268481957c8cdf95b8aabad66dc3d0e480c6399623be522816053f5c29ec2e5df28e74f149718

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 dd2ed3fe3cfb2bbe3ddd19bcff96d927
SHA1 d54095cdb9b47b436ee80d1970af4956e9ba59c7
SHA256 1fa72398a5356f223f290d337223b083ec2abd15d311aa5a1dd6976057e802bb
SHA512 236721ad3a5a638fc036324b8ca2036564a878cbcfbee4b11c0def0de373ac37d427249f1cb72daef4fbb78d08bb9f79c5fe8cf165356047b249d14fe1d81d19

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b9c97002a9649075058a7e62002a6374
SHA1 a8f24dd89bd50590e37ea3b6fcb91c4cd1502f85
SHA256 19cc103aba770cd4479251a80fea002c672f10205a6bef17ad94f77bdfb7777e
SHA512 bc34ea975e9df7c4c9716976b42d6800e3e59dae8a8bf7313173250498aca91fe6807b0e8d3d8e0707d7ebd4a89018d4ab9515a265e90b610a95919baf2f20fc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 97dbeb1dd3b3bff59bd5cfc0c3232824
SHA1 29af246f96cc60a5db98031a440c2b42367bab15
SHA256 f51153fd4a03318ed684b754d14854f2a7c57e2c8fd69b64f9768fb268349755
SHA512 bfb04060587a95cd5bf59d585e78be958c21ef6586d8fccbc0ddd9db55bcb82242c16fcee729d79580b7c86184078bb80a28c1c8bc5062980264cdb9ff6390c4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\c4ec185c-b28f-4a0a-9cca-cadcdfbbbac6.tmp

MD5 bfc397305d91b6fd3b4d89d41e77d645
SHA1 eee6a68bcc5544fe98e04a7ae60a3a36043ab0b8
SHA256 f5f08afa74997d9fedf1edd3c3b131852f9b60d7f9aeff06ce94bfa4297b16e9
SHA512 171cce7c2bc3040a0159f9fd82ef663b0308b85d5f8c642182e63d42f197d59a7ad60775b42d51768b82ce018c43b503d00c2e9527764e0eea8c7a722c74f77e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GraphiteDawnCache\data_1

MD5 12ada1c99783bd079be675f80f2ad92b
SHA1 0a0a4f2abedadfb1b3037a5d533902c6c51819a2
SHA256 cecf40e4fe64659b2ab72575d7644964e2ad91f89b8e20a6f1aecc43eea7a580
SHA512 ce9a839c5906c1e0b9d37df64a7041f989505f80c16692e5f902debf9b348077da62bc30d2539600df48df421b9a0d489c296dd24f18e19f502959dec3f0a1ef

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 278a6f5a4497ab2172755e6146007709
SHA1 70740e8e1c8857cdf3bc9b0655d09f10854351f2
SHA256 03b49eb9c5db6405cf00850c2a30d97257c1a74f3df0fdaa94e4df215f73ba12
SHA512 aa713e19b467a90245e268bd31d38fccfb1b08bb57d2569d53fb0d4ca201707df2d561539a9b23c6d21b862eb6770764b63ed960379d66686fd945dcecfab598

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ba91238d0b52b19488d99ade0d4c41b2
SHA1 108f2d79e15066dd7c25b3d3ac1de532d94d9a53
SHA256 f98e0a35b9188d126d7471728249b460bed6583693e8796bbcb6ef2f9b96bcb6
SHA512 ac060816a9c5b5e43a5af244d322a5653e6b3b7c613903d1b0eea0c6df8a522b40a274fe1097bb5d0bdb4aeb9c2d50cfa7728cf1467372b548707db5cadf5dd7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000153

MD5 503766d5e5838b4fcadf8c3f72e43605
SHA1 6c8b2fa17150d77929b7dc183d8363f12ff81f59
SHA256 c53b8a39416067f4d70c21be02ca9c84724b1c525d34e7910482b64d8e301cf9
SHA512 5ead599ae1410a5c0e09ee73d0fdf8e8a75864ab6ce12f0777b2938fd54df62993767249f5121af97aa629d8f7c5eae182214b6f67117476e1e2b9a72f34e0b4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000155

MD5 8eff0b8045fd1959e117f85654ae7770
SHA1 227fee13ceb7c410b5c0bb8000258b6643cb6255
SHA256 89978e658e840b927dddb5cb3a835c7d8526ece79933bd9f3096b301fe1a8571
SHA512 2e4fb65caab06f02e341e9ba4fb217d682338881daba3518a0df8df724e0496e1af613db8e2f65b42b9e82703ba58916b5f5abb68c807c78a88577030a6c2058

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000158

MD5 115c2d84727b41da5e9b4394887a8c40
SHA1 44f495a7f32620e51acca2e78f7e0615cb305781
SHA256 ae0e442895406e9922237108496c2cd60f4947649a826463e2da9860b5c25dd6
SHA512 00402945111722b041f317b082b7103bcc470c2112d86847eac44674053fc0642c5df72015dcb57c65c4ffabb7b03ece7e5f889190f09a45cef1f3e35f830f45

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e8c33c0a9151fb10a556c0609650d6b0
SHA1 5d6492f5455627f41b72877974aca49fe3b2935f
SHA256 aaaec1a191d1c7c687f27beca96cf8bbc5317c3e9732717ccab4a3c5ec2e7845
SHA512 d568a355f4214813ff342eba34df979d5f9386af9f97556f367e7c084d99d423bc6bb3f2ad373159d2b9cb0976b8a67dce18fd877f6c35a52cf16118a7d9f06f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 f7c618170b70ed0da80a30546aecace9
SHA1 1d22ab541c0cad06bfb8d733348147fd2ead642d
SHA256 fa2e999934faeab16a20ad36793d9c9b4921b4374d2b876f3866f3b6728e99a5
SHA512 6f7023a7dcb88be34ba4539d231c6faec5b2fdc4f80299e60ac998dcbd9f6f313a044d1234e64034ae9843774a4f216332dbff9b0f22016fa739cb229c0f2b80

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 aefd77f47fb84fae5ea194496b44c67a
SHA1 dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA256 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512 b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe60b78c.TMP

MD5 e840fcc71e9dd0e46af74b4096741711
SHA1 85ad278836202095899b45c1d89d90299f954f47
SHA256 efd233dc01bdf97e9599363e70d23f9aebaca64cd79b81611f8334c7940cf7a2
SHA512 a6893b61ef037f2aae706277d532d0810f5b2b84a1e79e9598eec0f16b896c4ea7416c4fed9b9089705361882bcc5d604c1fa9a6040b74ebca552cbcf00f9c53

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 c43cde1df0ea78fdbc95fbd9dd54b2ea
SHA1 ef8e520350a7d886808b72e30c99f1e5c1ff04f0
SHA256 600c38ba4b80a07a848b67d388e34fa35f0e4fc8593d0e619421c428871c193f
SHA512 17e941f594ab13ce08af86160e1a219b4f37a9f6a8f406808703acb11c4da258330d201cba961b48c9d9e45209d33ee1beebc54f00dec51205d4e0b8dd853912

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 7478cd5cd8b4b88a005053fe702e7fb9
SHA1 eeb1aa1afcc4e438e2dec646559bbe74dc88fc97
SHA256 591f10998e229cd31dcf436dc663643e61cf40d8453e3359ff651073cd58a36a
SHA512 daf7bca59e551ae65a40228c4157193ba457fd1761a8af414e910f55fb4d9b959f861289e0703c3e70acb4b1bd575b700056634b0fd94afca1bd242b4f2d82ba

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 5bc5205084f11da1ead1fd53572a123d
SHA1 215294a5703359ff74a8c28194c3c6a854913bd0
SHA256 12c37e504955f8e3e413d4603f52067fec229f26b08e2056459ca1c7692e2eff
SHA512 2ef854525c4f8a0eaa83872368a2b8a1e85e126a7078954ce712990db96c1b4fe37882a87512482ae0d445d313b669e28a44967c896e241d891a71b9c7acc1cc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2e8e416c86e74ae2042e0e01c5faf03e
SHA1 8f9de921d93a6de5a898078ba454593751c9bd47
SHA256 81d0a2b3ad65b0c1183651eca1d66dcba1a23e4c3c62c2628c427a3f88d3d0d3
SHA512 80650320f873d85cfbe58880b76600f96133e558e4f5708e5564a31dd5ade59a02bbc57ad1614bfa9c51f1935e84a82e7e1355c8999edb2a951c748c9f087f37

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000178

MD5 65475f7581791c7dfbaed880e4d25d54
SHA1 85819b038cdce5854c308e6d18c6028c26d99b71
SHA256 722a68fcf354461f92f22c0d8bc4eafe8a4c987d58aad675d92158e22dfb9137
SHA512 15ef150a59080ca1dafa9064d707fd0caaa8357b076acb47784d2d82a21535b3a72d76182d17b018f5184c96c6df346b6c1b3c12d7b06053bf45bccffdac43a8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 52d6f39f7ee63e8221ceb6dc4ce993b0
SHA1 30caefeccfc58ac29c00232d9ad59d9eee8fdb2f
SHA256 ee8f691803c66f324e7d52fa86a32e550f0934de052af357fe220ffc5e605521
SHA512 cf89ddd4e48a67438ee584181a1f491eba02750b808e95ccdd072fcbea5af9b7cb5d34a358556406ec4947139e07900191899b806c18160755d52a52cef241ac

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 dd8474976076c5ccf08baa1da37fa7b8
SHA1 c7996bdc41c3d5875085f623d2fee50f2f001fdf
SHA256 1ae796b693946c6e8be6cd5cb52d5b39feac52d270467986f817607d28f61616
SHA512 58cda4e2c22c15446b6cfffe5497d0364eac7b6e7534b4acfc9fb4947328e797b0d17946db5d5187cd9fb796d5a71ae86374030d593b73d90489e06dbac38f8d

C:\Users\Admin\Downloads\adfly.apk

MD5 d9349571d26ecb491d1deae29349bda3
SHA1 2c563f24c5fc9c73bfb251e5f6309616d9cee63d
SHA256 82f9682ed49318bd53e199e3df61f244891a80bd7965e34f180bf22e09adf873
SHA512 cbfe5a880eb308b4a096a465a25908b8fa73fa9610e44a3678140d83baa6180e4ccfa7449cedbc109d910525d06bf28bbb68b2c69709361f4120d8967af333e1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 d7b96f48c72752f8924c637d1c7e2b6f
SHA1 34d9c77c84a98cfc06482ae44c15d5a0c2b6635d
SHA256 dbf35343f773fe56eb4e7e68ec9a94caa390da0986e1a26d074aa8f48a350898
SHA512 cd93f4bd47e69e823fd844e49cdb2570a71c2ae5e5ca711301f27f21eee996cb179bd256b66f7fe71fd32e01f79c76dff248f7f4cac7b85fc9562064a163a7f4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d00d95c2d3e24f13edbfdfb7340423b7
SHA1 4f31cc35108b4db1ce60af1e98624e045fc87d8c
SHA256 493e1e5d93d21299c8da711a642761f398b0185574600e18f28079ccbde8a9ba
SHA512 135bd24dcfcb3247ac4de478768043480eb986904ed36481efaf3e4707413db384b9799d2715dddc39811dcb5049f170763d0b30e434c726a907a44c9f9171b8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b66f92a70ec41d0fed8cc0e302ebe5fd
SHA1 638e50c6ffaa0b5a7e095f1a1365e7192bce752f
SHA256 6a2c3de711d3f32fb5e68609de59fa98cd04404b638adcf591069ed7a82440ce
SHA512 0a7f81c498d41e92a682301d6ea9e5a192c9383166e01ea77bd0be4cc975d158117c68907087b510bc47fbdb9d53ca53673dae6ec96f17196ceb57658726c94c

C:\Users\Admin\Downloads\Unconfirmed 695717.crdownload

MD5 a141303fe3fd74208c1c8a1121a7f67d
SHA1 b55c286e80a9e128fbf615da63169162c08aef94
SHA256 1c3c3560906974161f25f5f81de4620787b55ca76002ac3c4fc846d57a06df99
SHA512 2323c292bfa7ea712d39a4d33cdd19563dd073fee6c684d02e7e931abe72af92f85e5bf8bff7c647e4fcdc522b148e9b8d1dd43a9d37c73c0ae86d5efb1885c8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 2b35fb9a550643a159359ad6c33b4fc0
SHA1 d452921933f1a5838e59ebd3ac7842b90a72f415
SHA256 659eb5ccff6083adfc1788f6530900389e454dc81eda8b9a88dfe94d1806deb1
SHA512 700e0f3285440d3f4ad9b850f069e3c47763cc4b7771cfa6febda602bd36e0d47cafb7eebcad24b43990e97389a4aca31db96fbba82ac764731f87b1d3bc5ded

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 7e897d87631887ae120922fb9a100bc3
SHA1 a5a5b54fa7ddbfa4fd1c5de126f19c8f390a718a
SHA256 86913c0f7a6cc127e5a0b46f53ab2d29210c84cfdff3d08b1973feacb63ab87e
SHA512 aa0d6f006d8f7bc3de643ad4253a84ddfa7abc09cd08a44865cb4000013b1b0a847486017e232f3e4b2a0301ca6a3707ce7a1f7b0aec229fd7b5325e50cace64

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 95ef840cb1253c0ea71688671cdd0501
SHA1 ce71ed19080f9e06ad845586d32dea0ef0f051ec
SHA256 a15c0eb3fa5d3608644aab455837b051fb118d0e3671a57a4dd815d6cf3157f0
SHA512 bd2a20d0ff8dfa235686d92c69adeb085806309a19cbb01cb19800b3fab1258dddda9b62e441741fb65ad2b4df79f7ff86f89a8c723264f6c89676cb2ced9628

C:\Config.Msi\e620c50.rbs

MD5 c653e8b68642338b8d994b5812cd2e58
SHA1 f6f9f15a3c80c0eac89212ad4d7a7f89547793c9
SHA256 554ab185b7614ec79c9194efeaa51c6524f447eb76e21bb0a77aafe3f91ea8b7
SHA512 4561df511f37dc89d95316aa1dfdf52b5679a7aaee56202b0e7d97edaf51738328f8e821662ceaa643995a5f46c712ee4e07e87b66491d143cd0338c0152e2d9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 319bc16796bfc4b929dcd6252a5e48cb
SHA1 2117f816141c576949fb9a927538fc6bd3a83f4d
SHA256 a82be3b03ec005bf003f48eadadf8ea791acdf2a0057236e84abd3a28dea7699
SHA512 91bb53a1550d499d1a08fae4e9837655f5e5fd36062ce52e5b54ecc280cfb06d8a11f59bb2f0f10bc3a19ed1d7517246af248cf2c59f1811121b83e4aa294560

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 4613e82c5618751a07f160a535bbcd91
SHA1 f4815265746d69447b2873eadcfe0a0314a81c4b
SHA256 3105bfee7a7d3a55fcc017020172bfe15d9c3cb4817eb45352b092d1d940e596
SHA512 33a21758ebc698a27355b99ab7b50dd2b46015cd4f7635462aa1b234872e6499e92e16d54cc9ebe5b5dff1348179d0313397e8414edaaf671d88a682ab73e6f5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 c4bac0b3fc55ccf9ca15b033ab54b932
SHA1 9eb0793f658e07b9840ffa1d69ceef2c2b0f2846
SHA256 3164af828078a612ae60248112a9d6410ad8d3cdf78fb57ffc899c851d0c4ca0
SHA512 a2d0723f39c7c7041bfcfa43297cf1d3a67dcbe304c870032668d8fa1db28d596cab1b6438d0e83c43bfd0798e0adf033bc5434cbbf838a43044238164a48575

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b96bc31a9d0319f490e304101d9645f9
SHA1 35c781ec66416943870cb239a0b3069a7643c916
SHA256 e3116a0efdd088fce520cd5d985827be0400c24fd3eeeac18c12eb80a3468c3e
SHA512 8366bd6961dfdd35fe01f9d776b56c00911452d93881de06c5a99288315864941275fc2e67d0c9767ca2864fc5ebf0dd8ed258928a6f5b921fc7878e3559550f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b6547d15486f1a8b_0

MD5 250382bdbfa729d13093c72600ec80e0
SHA1 a16f682a01ed1df28e3117191b5085a661ad8a14
SHA256 2cba4ee653f353d03dbff93ec29ebd960c9298cc18cf89fe94a58de753b9f98e
SHA512 29e0a2a40998ce2cff4046232c75276c04c0a3cb51baeb9e5c51c855ec7c2d96505f851fcd05c9fed901e783671374b9e05809e6c2cab3f4338a0ea5bc40c741

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 2d7c6383de7559f019940bd8a3114ed9
SHA1 5f1c6ec80ab5eebdbf591cf7b5e910dfb65cb468
SHA256 5c37eecf7bff55dd76a540b2d1935adbff9006db1d77f463c2066f7c51745727
SHA512 d900c2572070dfa9a811e84d3299cd96dace89335786fc31d3c7a9ed8614cd2fe156b1ef33dece63fde046254f72815804bd3c697d603d262d183eda35afd2ac

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0aa53e4b3d84faef69559c7579bf704f
SHA1 abf5b8b98dba2234b9927d308659bd2bf7a978a4
SHA256 bbe3d6e2d1ce670fcf051bc898dac168703d6c3c9832ddbd1106c9475899a196
SHA512 d4a65a08780bc08ed9cb02720320afeabb5465efc3712a0beeb62ee75753fca0bf1f54f183997787e26c283ad4c21f3c52c0b4a8516af7e749089bd6002ff848

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 b31209bc00bcf8f3961253d2a5175686
SHA1 58a63cbe29438fc9d97a649d19a476508502a812
SHA256 3f9484ec433f83add50da5af3a5e77872e0df415c54f54e2e7571288f050f7a0
SHA512 d0bf680fc8f57bda0f4a155c7c0f18a2cb7d6d3c6d810d88b7c0fc6c305cbc327029788b09261dbcd547c29f447b3738635a645c400cd6246cf6ce0c9989d273

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 76ddd47e5f5fc2c6d5a10dc54fb91ab8
SHA1 fa0e3bfdbc817268ca971ddabcbeae391e3d6ad9
SHA256 1d0b1a8cd3e45f5ec604d015f6fdee0a06ae79cdbdddef3a55db3974d1e51b17
SHA512 484484a0d07e1fb69c95a64fb663b10fa7d44aa2b9b64466f51fe0871e9a5595a977c1e945b969d346ae2f3449d68e3f3e274a14ec5315cfd8fbf35cd3059a71

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 cc4124079ce40c850c3e07517d255542
SHA1 b7411f42b209e1c8daedbf961d0f0bae56418713
SHA256 e3e9573449d6da19a3f910b9887fc6a10f98d2f038576b0b5ab2627ac04b26b6
SHA512 0d308f523869d63e26551946e69d500ef5f97a735b12a3491e1501042ae154db60d329602aed15442c1cd2270404d942e7cf687ea45e63585c8c1a39b023a68e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 6c9763285176af6224516a67b4e5c0c1
SHA1 ba6d07ab37db49408827ec558aae691f5ff716d8
SHA256 bdad6151439c7f53522e979aaf8879828233c7551e5d19e2e8fd7b7867856ea3
SHA512 a9706e40c6f68ed5a106b3dc9d2aa3adc3a9b9ba923c3b5863555cf4afeac91cd9d5eb25fc5db89e3545f409b16b6527a8313c073e26619215aebba4653df371

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 1c373c9f7dd5271f4c3d6d9c99a4fd2c
SHA1 adf9178239cc5671408ea0293eb58066e4711529
SHA256 ba786e4aaf1259640e85e03f89d220cc76a3c1377749b9b2e213eaf33e288371
SHA512 b6e274dddc33181842f78d789b904fc01c4f9873056c1f08ed4a0aa6edb3494f68e08fadfbc501c244cbef2663b2f994c2c3eec50a333d5d20f897e86010d680

C:\Users\Admin\Downloads\Unconfirmed 870710.crdownload

MD5 5c7fb0927db37372da25f270708103a2
SHA1 120ed9279d85cbfa56e5b7779ffa7162074f7a29
SHA256 be22645c61949ad6a077373a7d6cd85e3fae44315632f161adc4c99d5a8e6844
SHA512 a15f97fad744ccf5f620e5aabb81f48507327b898a9aa4287051464019e0f89224c484e9691812e166471af9beaddcfc3deb2ba878658761f4800663beef7206

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 f577d52a7c98511ebbbdcf764168f7f0
SHA1 3e579827db31dc17466ef6658b6258a7080fb6d7
SHA256 2bd6e4075a11a9fd4430184788c524cba3898e4f5a00ba69e065711fb3fed83c
SHA512 999275c28b73a989d367a4289d919f57c96529a15926b0aa2a496e0cdc70a1bd7dcbf99d49337c81bc24f68a98bde5246331e45ba1deca30b352ea4e9a272563

memory/3132-5802-0x0000000010000000-0x0000000010012000-memory.dmp

C:\Users\Admin\Downloads\u.wry

MD5 cf1416074cd7791ab80a18f9e7e219d9
SHA1 276d2ec82c518d887a8a3608e51c56fa28716ded
SHA256 78e3f87f31688355c0f398317b2d87d803bd87ee3656c5a7c80f0561ec8606df
SHA512 0bb0843a90edacaf1407e6a7273a9fbb896701635e4d9467392b7350ad25a1bec0c1ceef36737b4af5e5841936f4891436eded0533aa3d74c9a54efa42f024c5

C:\Users\Admin\Downloads\!Please Read Me!.txt

MD5 afa18cf4aa2660392111763fb93a8c3d
SHA1 c219a3654a5f41ce535a09f2a188a464c3f5baf5
SHA256 227082c719fd4394c1f2311a0877d8a302c5b092bcc49f853a5cf3d2945f42b0
SHA512 4161f250d59b7d4d4a6c4f16639d66d21b2a9606de956d22ec00bedb006643fedbbb8e4cde9f6c0c977285918648314883ca91f3442d1125593bf2605f2d5c6b

C:\Recovery\WindowsRE\!WannaDecryptor!.exe.lnk

MD5 ea06ca646cf81271614f24d95c389f5b
SHA1 c91be80b6c81d8b75e72db62f7c5f6d63b51feb8
SHA256 ad6f6b2ac9ddfb66b71bd153db134efa6d122c8bdfc2893e30894b7e8b420d9b
SHA512 4475ddddd25f4b6e33eef78c240753bbfa8ce4b8bef2a33df680483ce95d65bb72b49eb36ab99e370ada5aa880e3039b5c2e0c76d461193c8d19bb706b150beb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 15e7ddab643570389fdee983e36af176
SHA1 6cd37579f5e46ef653c6900bd8d138d0b5385c89
SHA256 c5470538731dbb5583cc3b460c0037c14b3b1ea1dd9f78f29261eab9e6ee48b9
SHA512 7414f2255a9d19601905c454b8c0ff340acb7dd36f6537ae0215636ebbcb17a069b8928c3ced23ee717f32c67ee0234ff77e116aa4c4dcfebcfe69e46084c7ce

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 acd4b60a7b4d3e3fd36ce56e474b6bda
SHA1 04d80ab7a099e82d438079332c7256de03189ae0
SHA256 1f269fc84c32764180b0d9b3f610c6c6aa3f21268e481839187253fef81f11ae
SHA512 0fcbf5a2cbe64456d54df3b0eb089ad4eab9e0b5b4c1f748994c87f5291b5bbf51b8afc5d05b785023c9c477f4898aa2efc3208aa9a81c0d5ec650eb8d5b0e0e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 53f5668d238c74e594378b69e08cad39
SHA1 481edd1147f26de089410e85e37d821894664930
SHA256 9a92a4d869957f5d6813276e7bba76deea84eb980e831956724fd05c16eaddad
SHA512 1cfadef01c4979a82d882848e0ad23ef689191a191705dae7aaa9267866c48a6fa606b5b132328f09f8c0af3beea21f24f61026d74b7342f36a6f473ec04c3c2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 07450474da9ddb9d9ae6d2a95e7454e8
SHA1 ec1331a120284bebd85b5698d03bc988810f13aa
SHA256 8307b108c8ce32dbd01ceb51b23e244b1b2ccf6c1b3ed6b949a67b543873b932
SHA512 9eccdd14e33ac62ab3c5bae554bcc89e242b5085c8ccf94d57beac79c55e9dc01997b03deeb83cba61ced0dfe684c35d2c986e6a72b3c0bc0993fc167e6f44d4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 3e423b68def1d56f3991558fd44e8fb9
SHA1 48384cac7cbdeada95747359ea38450a21ac8430
SHA256 8415db65f975552e90bb92e3af275a5c892d7cd03fc0a1066d67011f397d9ae6
SHA512 296371ee9581f3ef5f3ebd23f75570f24240cfb6c916b5e56fad35d1cdca59c41ad555dd74811fad646d47dc5bacd392cbca2df3cbd5e6f9c1ed61f374ba10ab

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 df157ba995039222ba899db5cdef7498
SHA1 1e496af565c600753fbddebd21ac69365373750e
SHA256 b75d0ab5e4d7c55985c29a7c8e385555c0e22e7781f13a0802a564f9af395316
SHA512 a4f53807ad0aab1d38cd26a30d49af8c0e1376ed323c575cb6352237d9e141f392cb54e05e235d13f3e39730506761f8dd9ef56af718193a50d89f28a003feda

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 589c49f8a8e18ec6998a7a30b4958ebc
SHA1 cd4e0e2a5cb1fd5099ff88daf4f48bdba566332e
SHA256 26d067dbb5e448b16f93a1bb22a2541beb7134b1b3e39903346d10b96022b6b8
SHA512 e73566a037838d1f7db7e9b728eba07db08e079de471baca7c8f863c7af7beb36221e9ff77e0a898ce86d4ef4c36f83fb3af9c35e342061b7a5442ca3b9024d2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 efb2d3a1a89925e1a634e0ccf3ae1fd6
SHA1 5018f59f9fc3242bd7f5be4944021ff2e6bb8cc2
SHA256 91c989a456649ee7f4f9c6f48b51f5b0dedbf2829311dcd16a6652092227bba6
SHA512 a0227a04051e2a340f23061777f22aa74107a3a07467a55897ffab867b1b8bf9dfa2d22f6dea624481b7915f37b65c78459d147bbec00f2e4d2f89884b9d3a51

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 63b36861601fb71ef12f51c4dab84f75
SHA1 8c3e7826c64a995b0f367a55ea8858b5d9b989ef
SHA256 655f09a13736f972f612e9578078afec52dad4be828d0a01e7e263405c529dfa
SHA512 a22b4330710b247fb5bf80a5daafe3b53125762f5d2e5958a7f4ee39f0a699480537c38ea28588d4ae5d5304e6b79027e460c2f764542b2a8d0ba07df4a89029

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\blob_storage\dd0d8e1e-45d9-4dc7-8257-6e3c73c94197\0

MD5 c2c4450dd9dd82f2214c555cead43118
SHA1 af8f5b2955f2f1976128d08045b35d6c939495f5
SHA256 838fa0b08fba45c99233254dd2e1b02840c6f2c842a3848ee1fd343d0f3dc6b7
SHA512 6e30efbaab63f33776e263a72a42a52fa15cf145edee80b129b50ac80be97411285dc1263cb4609896be6150ba49ba59fae3f906e9cdf55f8539da0d79837de9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a630ec62f54e6ae3ff8a83f3aac64a8f
SHA1 83f0f4aa3b5bfe2c2ec95165f9c15918fd10df00
SHA256 a961187cb03c674ed1e8aae5dc32a13d061b31459bcbfb24a95eb8cbee2a0b2a
SHA512 c69d5fc75c4a9a3340d1fcf04dad3b97f5c38ad78babe128bdade5e98e4d1eed21516db3a0700f46f71c9f7eb7d8d95fb99039941c6763522e11ec1f5fb98045

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe660640.TMP

MD5 6a0e8ad8fb8f2039e183a6dcc9ae82ad
SHA1 25a8f66ad6280c74b5fb0c8e3e31e3abb139f68a
SHA256 915c92abd8be6f1d39e032f261c4afd8a203a05eb1f2c1abc5de628e62c6b9e0
SHA512 c3dba389e0914052c959598e42283eafb638356a4508f5eaf9113d03a63741ce942f2c10d29db080a9ca9bad8c6ab7854361272202bf1010577d158129b8d940

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 0e0c255c9c0977905f080a094f6751bc
SHA1 b8e8f3c52074087725676d1a02abcc55a935973f
SHA256 b7177469ef9f205977dac3e7ff86d2cabd99e7b1e227b8855ad370b34a905ed9
SHA512 9f3cad9917371019297f57105e47674d8069d48ae7591e63dd7e5e89b360ed9741805475e5b91c89da105d0a6cdfb766af43dc3080f242ccb7b86914c3950b73

C:\Users\Admin\Downloads\Unconfirmed 960509.crdownload

MD5 0f743287c9911b4b1c726c7c7edcaf7d
SHA1 9760579e73095455fcbaddfe1e7e98a2bb28bfe0
SHA256 716335ba5cd1e7186c40295b199190e2b6655e48f1c1cbe12139ba67faa5e1ac
SHA512 2a6dd6288303700ef9cb06ae1efeb1e121c89c97708e5ecd15ed9b2a35d0ecff03d8da58b30daeadad89bd38dc4649521ada149fb457408e5a2bdf1512f88677

C:\Users\Admin\Downloads\Unconfirmed 874971.crdownload:SmartScreen

MD5 4047530ecbc0170039e76fe1657bdb01
SHA1 32db7d5e662ebccdd1d71de285f907e3a1c68ac5
SHA256 82254025d1b98d60044d3aeb7c56eed7c61c07c3e30534d6e05dab9d6c326750
SHA512 8f002af3f4ed2b3dfb4ed8273318d160152da50ee4842c9f5d9915f50a3e643952494699c4258e6af993dc6e1695d0dc3db6d23f4d93c26b0bc6a20f4b4f336e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 5da03353755d501d56d7c1ba8eccff50
SHA1 073ca06529a924c8f584a810ab76c14eee6a7e18
SHA256 90678c31845b6caeb386a4f7f547c9db436fe3605899638f8c92ddf62783f5f0
SHA512 4cb2810f2ab0f0d267553e18963747ddc08f966acc68cb6d603de9704487997de11bcf458c5f15edb92f127bf65d0b883666bce26c18172f3121adb8c43d1753

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 27532973c2a0a14bfbd6969a4d2a4df1
SHA1 0caa2df3c0c8052906d291fe6e9b0632e9a1cca0
SHA256 d2968cfc53e218b261c7872c9fc27dfdfa7a2f63ec1127da71f0230d982dee68
SHA512 863864523c593f95a60b6ae3e344094e092430c50a81a380cd5015b6a278cb9657384423420a1207b8b5f2387fca4e0fe76292bd8c31e6e8a66c46b7c7c3fd96

memory/7148-7739-0x00000220C2BE0000-0x00000220C3BD4000-memory.dmp

memory/7148-7742-0x00000220DE120000-0x00000220DF6AE000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 3aabbfdd3274ffd30d55ed3d7f58ca52
SHA1 d2c4f18f58af6bf59644f1da72074e7f596be553
SHA256 af527555e59b32fad09c467b808b4de2c2e75a24b5d4e719bb574fb3a1562dab
SHA512 5f1b0c87c600f65098ebb51e97019ccd4bc2af96111b5eed44bcf36476e708d95777a69705ba968275d65876f539500b2b55ce8c7a6369e285ae0e9a94dc8a94

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8dac4a5a9f4dbb97e0798a976a9521ee
SHA1 252618c756fb61115298ade7a5c86f245c49ea65
SHA256 682a96d6f4219deed75eb3c42b1d75810899d30814d703a3ee7b67cb097a58de
SHA512 053979b327b1d2621d2bb6a40d863cc3ed8b350d7677c2fd1e4f601f587a527c6ce0b5adf642f3f67326f3690ad545a78354b190697a6b094925ceb2cb099dfc

C:\Users\Admin\Downloads\TaskHost\t2D5B.tmp.ANNABELLE

MD5 52488ef3f42a79048b8cbb5503816741
SHA1 56651900d95ee36de389c29b7a7e6dedbb421eff
SHA256 9ce5f9abb2fb204df9fc5db071bdfe0fefeb86da178d8c7b8e4ea29784c48154
SHA512 d42a0c76a4d24d930a9b6ee15205a02a6edec97ca16e9febc6eb47d05ff7d6f2af7c3d430d416bf464dc561289428d412acc856718aa5ead58de51b1e8facd5e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 1f79c9332d3e4edc29ee747bfe94166b
SHA1 8422fe5f911a9de55072a76a9de7b47cf1ed7269
SHA256 59cd6c3cc5eb3f421783e1f07ddf33a3d8aa4e489c95e1a8b01ecccfebcf08ea
SHA512 ec5a5a9b96cbf0da52c75730927b148ed57830cc8456aec720ead59c98e955c078e54ab27addfa46458ae606b52fee102b591243578217eea98744eae32ca194

C:\Users\Admin\Desktop\!WannaDecryptor!.exe.lnk.ANNABELLE

MD5 1a51f57286312cedfb86ba8ccfadd7f2
SHA1 8376d567867f0d91ee9b38aaa6687556efa6736f
SHA256 4866c12c2aa5227d553cf56c3d339e5ae357f15c9b7f752712265d57ba5bb300
SHA512 72f26e6b2419d11e0121fee5ece58acac430f8b70e4854c078b56d353378a3b090753d2af746d9caffb70642084582476ed5dad8c7733124629fefe915d222b2

C:\Users\Admin\Desktop\!Please Read Me!.txt.ANNABELLE

MD5 81c1845fff664ca86f152adc8fe842ff
SHA1 8c1e93c4a80cadc66690b01734e3faddf886b2d2
SHA256 146bab79fe96119a1be2c3c8a62d188685b5e9cd0817551b5a5377cabcd55c7d
SHA512 c37490ada3296d8e555748bcadce5a7223f6ad255f6c14ae52643640031882591211c9a05dabc988a9fbc437dad8ca6b8af7b996956118774bf8f507b3e9d10b