Malware Analysis Report

2024-11-15 08:07

Sample ID 230903-n4g4waaa55
Target Guna.UI2.dll
SHA256 7c6196edac2b156e5da4556f391d3486250960dab1d1ca093cd6cfdde59a3a84
Tags
mercurialgrabber evasion spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

7c6196edac2b156e5da4556f391d3486250960dab1d1ca093cd6cfdde59a3a84

Threat Level: Known bad

The file Guna.UI2.dll was found to be: Known bad.

Malicious Activity Summary

mercurialgrabber evasion spyware stealer

Mercurial Grabber Stealer

Looks for VirtualBox Guest Additions in registry

Looks for VMWare Tools registry key

Loads dropped DLL

Checks computer location settings

Executes dropped EXE

Reads user/profile data of web browsers

Checks BIOS information in registry

Maps connected drives based on registry

Looks up external IP address via web service

Legitimate hosting services abused for malware hosting/C2

Program crash

Enumerates physical storage devices

Suspicious use of FindShellTrayWindow

Suspicious behavior: EnumeratesProcesses

Enumerates system info in registry

Checks SCSI registry key(s)

Checks processor information in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of WriteProcessMemory

Modifies registry class

Suspicious use of AdjustPrivilegeToken

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-09-03 11:56

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-09-03 11:56

Reported

2023-09-03 11:59

Platform

win7-20230831-en

Max time kernel

122s

Max time network

127s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Guna.UI2.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Guna.UI2.dll,#1

Network

N/A

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2023-09-03 11:56

Reported

2023-09-03 12:00

Platform

win10v2004-20230831-en

Max time kernel

202s

Max time network

220s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Guna.UI2.dll,#1

Signatures

Mercurial Grabber Stealer

stealer mercurialgrabber

Looks for VirtualBox Guest Additions in registry

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe N/A

Looks for VMWare Tools registry key

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SOFTWARE\VMWare, Inc.\VMWare Tools C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\VMWare, Inc.\VMWare Tools C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\VMWare, Inc.\VMWare Tools C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\VMWare, Inc.\VMWare Tools C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\VMWare, Inc.\VMWare Tools C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\VMWare, Inc.\VMWare Tools C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\VMWare, Inc.\VMWare Tools C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe N/A

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-4272677097-406801653-1594978504-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_Panel.exe N/A

Reads user/profile data of web browsers

spyware stealer

Legitimate hosting services abused for malware hosting/C2

Looks up external IP address via web service

Description Indicator Process Target
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip-api.com N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A

Maps connected drives based on registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_VMware_&Prod_VMware_Virtual_S C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_VMware_&Prod_VMware_Virtual_S C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_VMware_&Prod_VMware_Virtual_S C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_VMware_&Prod_VMware_Virtual_S C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_VMware_&Prod_VMware_Virtual_S C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_VMware_&Prod_VMware_Virtual_S C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_VMware_&Prod_VMware_Virtual_S C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosInformation C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Logical Unit Id 0 C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemProductName C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Logical Unit Id 0 C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Logical Unit Id 0 C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemManufacturer C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemManufacturer C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Logical Unit Id 0 C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosInformation C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosInformation C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Logical Unit Id 0 C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemManufacturer C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemManufacturer C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemProductName C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemManufacturer C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Logical Unit Id 0 C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosInformation C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemProductName C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosInformation C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemProductName C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemManufacturer C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemProductName C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Logical Unit Id 0 C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemManufacturer C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemProductName C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosInformation C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosInformation C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemProductName C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4272677097-406801653-1594978504-1000\{ED1EAA6A-0CD4-4A2F-B165-9DEA1E031ADC} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4272677097-406801653-1594978504-1000\{DD2D5D6D-B1CF-4126-BA77-2847EE5C8791} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 5300 wrote to memory of 5716 N/A C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_Panel.exe C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe
PID 5300 wrote to memory of 5716 N/A C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_Panel.exe C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe
PID 5300 wrote to memory of 4128 N/A C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_Panel.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5300 wrote to memory of 4128 N/A C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_Panel.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4128 wrote to memory of 5464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4128 wrote to memory of 5464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5300 wrote to memory of 4736 N/A C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_Panel.exe C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe
PID 5300 wrote to memory of 4736 N/A C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_Panel.exe C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe
PID 5300 wrote to memory of 5436 N/A C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_Panel.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5300 wrote to memory of 5436 N/A C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_Panel.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5436 wrote to memory of 5396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5436 wrote to memory of 5396 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5436 wrote to memory of 3188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5436 wrote to memory of 3188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5436 wrote to memory of 3188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5436 wrote to memory of 3188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5436 wrote to memory of 3188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5436 wrote to memory of 3188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5436 wrote to memory of 3188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5436 wrote to memory of 3188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5436 wrote to memory of 3188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5436 wrote to memory of 3188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5436 wrote to memory of 3188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5436 wrote to memory of 3188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5436 wrote to memory of 3188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5436 wrote to memory of 3188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5436 wrote to memory of 3188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5436 wrote to memory of 3188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5436 wrote to memory of 3188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5436 wrote to memory of 3188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5436 wrote to memory of 3188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5436 wrote to memory of 3188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5436 wrote to memory of 3188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5436 wrote to memory of 3188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5436 wrote to memory of 3188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5436 wrote to memory of 3188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5436 wrote to memory of 3188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5436 wrote to memory of 3188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5436 wrote to memory of 3188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5436 wrote to memory of 3188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5436 wrote to memory of 3188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5436 wrote to memory of 3188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5436 wrote to memory of 3188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5436 wrote to memory of 3188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5436 wrote to memory of 3188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5436 wrote to memory of 3188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5436 wrote to memory of 3188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5436 wrote to memory of 3188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5436 wrote to memory of 3188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5436 wrote to memory of 3188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5436 wrote to memory of 3188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5436 wrote to memory of 3188 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5436 wrote to memory of 3812 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5436 wrote to memory of 3812 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5436 wrote to memory of 116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5436 wrote to memory of 116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5436 wrote to memory of 116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5436 wrote to memory of 116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5436 wrote to memory of 116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5436 wrote to memory of 116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5436 wrote to memory of 116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5436 wrote to memory of 116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5436 wrote to memory of 116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5436 wrote to memory of 116 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\Guna.UI2.dll,#1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0xf8,0x134,0x7ffef3b646f8,0x7ffef3b64708,0x7ffef3b64718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,8636472095965036422,866865767117355872,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1880 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2188,8636472095965036422,866865767117355872,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2188,8636472095965036422,866865767117355872,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2924 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8636472095965036422,866865767117355872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8636472095965036422,866865767117355872,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8636472095965036422,866865767117355872,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8636472095965036422,866865767117355872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4872 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,8636472095965036422,866865767117355872,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3680 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,8636472095965036422,866865767117355872,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3680 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8636472095965036422,866865767117355872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8636472095965036422,866865767117355872,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8636472095965036422,866865767117355872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4868 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8636472095965036422,866865767117355872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8636472095965036422,866865767117355872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8636472095965036422,866865767117355872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8636472095965036422,866865767117355872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4060 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8636472095965036422,866865767117355872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3648 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8636472095965036422,866865767117355872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8636472095965036422,866865767117355872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6628 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8636472095965036422,866865767117355872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6588 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8636472095965036422,866865767117355872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6932 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8636472095965036422,866865767117355872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7112 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2188,8636472095965036422,866865767117355872,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6924 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2188,8636472095965036422,866865767117355872,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=7108 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8636472095965036422,866865767117355872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2188,8636472095965036422,866865767117355872,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7432 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8636472095965036422,866865767117355872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7332 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2188,8636472095965036422,866865767117355872,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7384 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Panda\" -spe -an -ai#7zMap30970:72:7zEvent9068

C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_Panel.exe

"C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_Panel.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8636472095965036422,866865767117355872,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3488 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8636472095965036422,866865767117355872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7728 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8636472095965036422,866865767117355872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7360 /prefetch:1

C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe

"C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.gg/WYNH3S6Q

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffef3b646f8,0x7ffef3b64708,0x7ffef3b64718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8636472095965036422,866865767117355872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3584 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8636472095965036422,866865767117355872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7484 /prefetch:1

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -pss -s 416 -p 5716 -ip 5716

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 5716 -s 2064

C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe

"C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.gg/WYNH3S6Q

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffef3b646f8,0x7ffef3b64708,0x7ffef3b64718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2032,7934038358544698367,1594226078515971450,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2336 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,7934038358544698367,1594226078515971450,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2044 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2032,7934038358544698367,1594226078515971450,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2992 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,7934038358544698367,1594226078515971450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,7934038358544698367,1594226078515971450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,7934038358544698367,1594226078515971450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4196 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe

"C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.gg/WYNH3S6Q

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffef3b646f8,0x7ffef3b64708,0x7ffef3b64718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,7934038358544698367,1594226078515971450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,7934038358544698367,1594226078515971450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -pss -s 488 -p 4736 -ip 4736

C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe

"C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe"

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 4736 -s 2104

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.gg/WYNH3S6Q

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffef3b646f8,0x7ffef3b64708,0x7ffef3b64718

C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe

"C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.gg/WYNH3S6Q

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffef3b646f8,0x7ffef3b64708,0x7ffef3b64718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,7934038358544698367,1594226078515971450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,7934038358544698367,1594226078515971450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2032,7934038358544698367,1594226078515971450,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3660 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2032,7934038358544698367,1594226078515971450,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3816 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,7934038358544698367,1594226078515971450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3988 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,7934038358544698367,1594226078515971450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -pss -s 520 -p 4936 -ip 4936

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 4936 -s 2100

C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe

"C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe"

C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe

"C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe"

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -pss -s 544 -p 5356 -ip 5356

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 5356 -s 2096

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 126.178.238.8.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
NL 88.221.24.66:443 www.bing.com tcp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 66.24.221.88.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 54.120.234.20.in-addr.arpa udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
NL 88.221.24.113:443 r.bing.com tcp
NL 88.221.24.113:443 r.bing.com tcp
NL 88.221.24.66:443 th.bing.com tcp
NL 88.221.24.66:443 th.bing.com tcp
US 8.8.8.8:53 113.24.221.88.in-addr.arpa udp
US 8.8.8.8:53 login.microsoftonline.com udp
US 8.8.8.8:53 send-anywhere.com udp
US 18.239.69.54:443 send-anywhere.com tcp
US 18.239.69.54:443 send-anywhere.com tcp
US 8.8.8.8:53 22.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 8.8.8.8:53 cdn.cookielaw.org udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 static.zdassets.com udp
US 8.8.8.8:53 wcs.naver.net udp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
US 104.18.130.236:443 cdn.cookielaw.org tcp
US 104.18.70.113:443 static.zdassets.com tcp
NL 23.206.107.185:443 wcs.naver.net tcp
US 8.8.8.8:53 ekr.zdassets.com udp
US 104.18.72.113:443 ekr.zdassets.com tcp
US 104.18.130.236:443 cdn.cookielaw.org tcp
US 8.8.8.8:53 wcs.naver.com udp
US 8.8.8.8:53 www.googletagservices.com udp
US 8.8.8.8:53 connect.facebook.net udp
KR 110.93.147.30:443 wcs.naver.com tcp
NL 157.240.247.8:443 connect.facebook.net tcp
NL 157.240.247.8:443 connect.facebook.net tcp
NL 142.251.39.98:443 www.googletagservices.com tcp
US 8.8.8.8:53 54.69.239.18.in-addr.arpa udp
US 8.8.8.8:53 14.24.17.104.in-addr.arpa udp
US 8.8.8.8:53 236.130.18.104.in-addr.arpa udp
US 8.8.8.8:53 113.70.18.104.in-addr.arpa udp
US 8.8.8.8:53 185.107.206.23.in-addr.arpa udp
US 8.8.8.8:53 113.72.18.104.in-addr.arpa udp
KR 110.93.147.30:443 wcs.naver.com tcp
US 8.8.8.8:53 js.stripe.com udp
NL 13.227.219.58:443 js.stripe.com tcp
US 8.8.8.8:53 geolocation.onetrust.com udp
US 8.8.8.8:53 m.servedby-buysellads.com udp
US 8.8.8.8:53 cdn.carbonads.com udp
US 8.8.8.8:53 d10lpsik1i8c69.cloudfront.net udp
US 8.8.8.8:53 send-anywhere.zendesk.com udp
US 151.139.128.10:443 cdn.carbonads.com tcp
US 104.18.32.137:443 geolocation.onetrust.com tcp
US 151.139.128.10:443 cdn.carbonads.com tcp
US 104.16.53.111:443 send-anywhere.zendesk.com tcp
NL 52.222.137.37:443 d10lpsik1i8c69.cloudfront.net tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
NL 172.217.168.194:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 apps.identrust.com udp
US 2.18.121.68:80 apps.identrust.com tcp
US 2.18.121.68:80 apps.identrust.com tcp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 8.247.240.157.in-addr.arpa udp
US 8.8.8.8:53 98.39.251.142.in-addr.arpa udp
US 8.8.8.8:53 162.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 200.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 58.219.227.13.in-addr.arpa udp
US 8.8.8.8:53 30.147.93.110.in-addr.arpa udp
US 8.8.8.8:53 10.128.139.151.in-addr.arpa udp
US 8.8.8.8:53 111.53.16.104.in-addr.arpa udp
US 8.8.8.8:53 37.137.222.52.in-addr.arpa udp
US 8.8.8.8:53 194.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 68.121.18.2.in-addr.arpa udp
US 8.8.8.8:53 67.211.227.13.in-addr.arpa udp
DE 172.217.23.194:443 securepubads.g.doubleclick.net tcp
US 8.8.8.8:53 137.32.18.104.in-addr.arpa udp
US 8.8.8.8:53 analytics.google.com udp
US 216.239.36.181:443 analytics.google.com tcp
US 8.8.8.8:53 stats.g.doubleclick.net udp
NL 142.250.102.156:443 stats.g.doubleclick.net tcp
US 8.8.8.8:53 www.facebook.com udp
NL 157.240.201.35:443 www.facebook.com tcp
DE 172.217.23.194:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 srv.carbonads.net udp
US 8.8.8.8:53 srv.buysellads.com udp
US 8.8.8.8:53 settings.luckyorange.net udp
US 8.8.8.8:53 f13ba826defbb6b1657acaf0538bd546.safeframe.googlesyndication.com udp
US 165.227.57.6:443 srv.buysellads.com tcp
US 104.131.3.131:443 srv.buysellads.com tcp
NL 142.250.179.161:443 f13ba826defbb6b1657acaf0538bd546.safeframe.googlesyndication.com tcp
US 104.26.11.16:443 settings.luckyorange.net tcp
US 8.8.8.8:53 194.23.217.172.in-addr.arpa udp
US 8.8.8.8:53 181.36.239.216.in-addr.arpa udp
US 8.8.8.8:53 35.201.240.157.in-addr.arpa udp
US 8.8.8.8:53 156.102.250.142.in-addr.arpa udp
US 8.8.8.8:53 161.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 16.11.26.104.in-addr.arpa udp
US 216.239.36.181:443 analytics.google.com udp
NL 142.251.39.98:443 www.googletagservices.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
NL 142.251.36.1:443 tpc.googlesyndication.com tcp
NL 142.250.102.156:443 stats.g.doubleclick.net udp
NL 142.251.36.1:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 d4a553n24khrv.cloudfront.net udp
NL 142.250.179.161:443 f13ba826defbb6b1657acaf0538bd546.safeframe.googlesyndication.com udp
US 18.65.39.74:443 d4a553n24khrv.cloudfront.net tcp
US 8.8.8.8:53 131.3.131.104.in-addr.arpa udp
US 8.8.8.8:53 6.57.227.165.in-addr.arpa udp
US 8.8.8.8:53 1.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 100.39.251.142.in-addr.arpa udp
US 8.8.8.8:53 74.39.65.18.in-addr.arpa udp
US 8.8.8.8:53 cdn4.buysellads.net udp
US 151.139.128.10:443 cdn4.buysellads.net tcp
US 8.8.8.8:53 m.stripe.network udp
US 18.239.94.78:443 m.stripe.network tcp
US 8.8.8.8:53 78.94.239.18.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 services.bingapis.com udp
US 13.107.5.80:443 services.bingapis.com tcp
US 8.8.8.8:53 m.stripe.com udp
US 52.32.224.81:443 m.stripe.com tcp
US 8.8.8.8:53 80.5.107.13.in-addr.arpa udp
US 8.8.8.8:53 81.224.32.52.in-addr.arpa udp
US 8.8.8.8:53 254.22.238.8.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 file-65-0-131-196.send-anywhere.com udp
IN 65.0.131.196:443 file-65-0-131-196.send-anywhere.com tcp
US 8.8.8.8:53 196.131.0.65.in-addr.arpa udp
US 8.8.8.8:53 cdn.ampproject.org udp
NL 142.250.179.161:443 cdn.ampproject.org tcp
NL 142.250.179.161:443 cdn.ampproject.org tcp
NL 142.250.179.161:443 cdn.ampproject.org tcp
NL 142.250.179.161:443 cdn.ampproject.org tcp
NL 142.250.179.161:443 cdn.ampproject.org tcp
NL 142.251.36.1:443 tpc.googlesyndication.com udp
DE 172.217.23.194:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 106.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
IN 65.0.131.196:443 file-65-0-131-196.send-anywhere.com tcp
NL 142.251.39.98:443 www.googletagservices.com udp
IN 65.0.131.196:443 file-65-0-131-196.send-anywhere.com tcp
US 8.8.8.8:53 privacyportal.onetrust.com udp
US 104.18.32.137:443 privacyportal.onetrust.com tcp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 ip4.seeip.org udp
US 23.128.64.141:443 ip4.seeip.org tcp
US 8.8.8.8:53 ip-api.com udp
US 208.95.112.1:80 ip-api.com tcp
US 8.8.8.8:53 discord.com udp
US 162.159.135.232:443 discord.com tcp
US 8.8.8.8:53 discord.gg udp
US 162.159.133.234:443 discord.gg tcp
US 162.159.133.234:443 discord.gg tcp
US 8.8.8.8:53 141.64.128.23.in-addr.arpa udp
US 8.8.8.8:53 1.112.95.208.in-addr.arpa udp
US 8.8.8.8:53 discord.com udp
US 162.159.136.232:443 discord.com tcp
US 162.159.135.232:443 discord.com tcp
US 8.8.8.8:53 232.135.159.162.in-addr.arpa udp
US 8.8.8.8:53 232.136.159.162.in-addr.arpa udp
US 8.8.8.8:53 234.133.159.162.in-addr.arpa udp
US 23.128.64.141:443 ip4.seeip.org tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 162.159.133.234:443 discord.gg tcp
US 208.95.112.1:80 ip-api.com tcp
US 162.159.135.232:443 discord.com tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 162.159.135.232:443 discord.com tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 208.95.112.1:80 ip-api.com tcp
US 162.159.136.232:443 discord.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 162.159.136.232:443 discord.com tcp
US 162.159.136.232:443 discord.com tcp
US 162.159.136.232:443 discord.com udp
US 23.128.64.141:443 ip4.seeip.org tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 208.95.112.1:80 ip-api.com tcp
US 162.159.135.232:443 discord.com tcp
US 162.159.135.232:443 discord.com tcp
US 8.8.8.8:53 131.72.42.20.in-addr.arpa udp
US 23.128.64.141:443 ip4.seeip.org tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 208.95.112.1:80 ip-api.com tcp
US 162.159.135.232:443 discord.com tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 162.159.135.232:443 discord.com tcp
US 208.95.112.1:80 ip-api.com tcp
US 8.8.8.8:53 9.57.101.20.in-addr.arpa udp

Files

\??\pipe\LOCAL\crashpad_2716_ABOQWXRUJEMEWWIC

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 1ea68f659b241e7799f6d5847673f4d5
SHA1 c767daa773972d1af040fbac5cac9075c7c8ee3a
SHA256 bf0eba70082dcad559bfdbe1821b44777a7a2eb56ad1ca8a4248360dc301e2d5
SHA512 46873a613a009ad8e5d4b04b1ce07d15118fc789270c9ab7fb911ed83425cd2b5fd8143d60189111358f2db2f652a4cfe4a694aa4e1b5a31a8828556e2e0d952

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe584a04.TMP

MD5 1460cb7024208f60b46a29151bafc118
SHA1 2cd069eb27ff44d7e422bc1ce1da9552583b7196
SHA256 38eb22e3a2d0652285d2e5f6ec8d225c6a11839b57a28e3b0c74b002a27f5158
SHA512 b77d91cefdafd2359acdc901443974249034375767c74825ec2b54c3e989264dd107271035cd0c4651543e9591abfc9d3d98f2c3f6e91827dcce2c54ef4885f4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 729e322fde55f270ac0d8097c5dacaab
SHA1 8c1715411f569bb8ae28d276f3f26b67f4ce8d32
SHA256 9b9c2ad6cef37a6b944c0964800dbce72b7c644fa2ccd7462dba39c8f6af8dcc
SHA512 f0af48d5005b4f5ebab50b80a4e44744eb27377a9192d663a2105b0a61930cfa0f788f6b159489db613b44f3249252885faefb7300a21e9c7fcc76819669af19

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 e1c9896dbc04b4e91ba479c21330d88b
SHA1 5a5af91788ffead1854606bc7b32649fc2e9051b
SHA256 a1fb6efefcd08d92e3c73d0de669d06bbfe25aacd188b560d509f9678661e040
SHA512 6869d2c12155ca7efcb3128d1ad5e515c1b58098a727826cbe91c8e4a23e3681dcbe56d58f4172cd351ad2839d20e18b111a230c7b695f86754a3fbbfc239479

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 dae70e5a64af893e3d489471649c363d
SHA1 856852c74f12ea18222fc3bb7092b9202357924e
SHA256 60a311cdd64f2a0e9be2c389cb6e1c5803c1e27277494bfb08134f4fe72dbec0
SHA512 3627e32c2d9d6e8e3b9d29688794c85bfdb400d29914c43e97a0e66f5eb53226f9f03d3108b1e89bdcf88d2680ef35a14c73539abef857dffaae60f1b8873467

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 bb43043c8a69270b4cbcd2c268e201dc
SHA1 ed36b142c9d9885eaf2a503137b831d63bdeb2df
SHA256 8a45b782d1985220195d58bc0b92ad182f0cdc5592de298a1dd70e9ba496560e
SHA512 6941c498a56b0ee41996cc76147688bae223838cffeeb22f99fc7293ca52c67c7141ea58d0a10b81f7b799b9c21f390fb197c5fd5032eb8f1d5dcf835caafda3

C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_Panel.exe

MD5 89a318e3f4ab22a7d59e788628fc4f8c
SHA1 05fd6065f8ff1f356c352ce836bcd25f861a85bf
SHA256 97815efda6c181706b97f3a030a3c0bbc481a5ebb7062ae84b1d2f38c6dd8d41
SHA512 3d0172cedf9b0ef9f859f9eb8426144350adc32258504227749e2a3c6a07ec151123f19f3180edfb5ea4ddfe90c59ffd7297403995da7ba82a0ee29531a81baa

C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_Panel.exe

MD5 89a318e3f4ab22a7d59e788628fc4f8c
SHA1 05fd6065f8ff1f356c352ce836bcd25f861a85bf
SHA256 97815efda6c181706b97f3a030a3c0bbc481a5ebb7062ae84b1d2f38c6dd8d41
SHA512 3d0172cedf9b0ef9f859f9eb8426144350adc32258504227749e2a3c6a07ec151123f19f3180edfb5ea4ddfe90c59ffd7297403995da7ba82a0ee29531a81baa

memory/5300-173-0x00000000745C0000-0x0000000074D70000-memory.dmp

memory/5300-174-0x0000000000800000-0x00000000008E4000-memory.dmp

memory/5300-175-0x00000000058F0000-0x0000000005E94000-memory.dmp

memory/5300-176-0x0000000005340000-0x00000000053D2000-memory.dmp

memory/5300-177-0x0000000005590000-0x00000000055A0000-memory.dmp

memory/5300-178-0x00000000052E0000-0x00000000052EA000-memory.dmp

C:\Users\Admin\Downloads\Panda\Panda Regedit\Guna.UI2.dll

MD5 de97f5f8b11269f60e9b0a0d66266a4c
SHA1 ac01b2bf4238810c5db34b436f77de4c9182b1d7
SHA256 7c6196edac2b156e5da4556f391d3486250960dab1d1ca093cd6cfdde59a3a84
SHA512 9f196e961b8d4a1e4b3f2bf1ae4f2145978503f54460c28e95fd49b1998964f6d1c8fe8da3a6a48183d00c5645fbc28ba9d1dd1e875f008739085fb6e466ff87

memory/5300-182-0x0000000006260000-0x0000000006620000-memory.dmp

C:\Users\Admin\Downloads\Panda\Panda Regedit\Guna.UI2.dll

MD5 de97f5f8b11269f60e9b0a0d66266a4c
SHA1 ac01b2bf4238810c5db34b436f77de4c9182b1d7
SHA256 7c6196edac2b156e5da4556f391d3486250960dab1d1ca093cd6cfdde59a3a84
SHA512 9f196e961b8d4a1e4b3f2bf1ae4f2145978503f54460c28e95fd49b1998964f6d1c8fe8da3a6a48183d00c5645fbc28ba9d1dd1e875f008739085fb6e466ff87

C:\Users\Admin\Downloads\Panda\Panda Regedit\Guna.UI2.dll

MD5 de97f5f8b11269f60e9b0a0d66266a4c
SHA1 ac01b2bf4238810c5db34b436f77de4c9182b1d7
SHA256 7c6196edac2b156e5da4556f391d3486250960dab1d1ca093cd6cfdde59a3a84
SHA512 9f196e961b8d4a1e4b3f2bf1ae4f2145978503f54460c28e95fd49b1998964f6d1c8fe8da3a6a48183d00c5645fbc28ba9d1dd1e875f008739085fb6e466ff87

memory/5300-183-0x0000000005590000-0x00000000055A0000-memory.dmp

memory/5300-184-0x00000000096D0000-0x000000000976C000-memory.dmp

C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe

MD5 c8d127e6c857f185024aca7723f51b75
SHA1 d2f5f3393958b6d500619ff4a0e2dd9bfe582ff5
SHA256 03e57f5f5c6b391006c256fe071ce7154048726e7ac3c692418bb8f14fe94317
SHA512 9b0c187f8bcf8168a18779bf509aa53b63f70e3151fc1f96eb1093dfd42b07ecb87d95c439af407d14ad0a2c546c317dde69997439d0465ddcb66c9402242d6b

C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe

MD5 c8d127e6c857f185024aca7723f51b75
SHA1 d2f5f3393958b6d500619ff4a0e2dd9bfe582ff5
SHA256 03e57f5f5c6b391006c256fe071ce7154048726e7ac3c692418bb8f14fe94317
SHA512 9b0c187f8bcf8168a18779bf509aa53b63f70e3151fc1f96eb1093dfd42b07ecb87d95c439af407d14ad0a2c546c317dde69997439d0465ddcb66c9402242d6b

memory/5716-187-0x0000000000570000-0x0000000000582000-memory.dmp

memory/5716-188-0x00007FFEE0C50000-0x00007FFEE1711000-memory.dmp

memory/5300-189-0x00000000745C0000-0x0000000074D70000-memory.dmp

memory/5716-190-0x0000000000E80000-0x0000000000E90000-memory.dmp

memory/5300-202-0x0000000005590000-0x00000000055A0000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 0f684e1a6f7d79135f081773387aa460
SHA1 f3100f22d4fcbb6a52b7308fd56a5bae3290eebe
SHA256 775936a462b770a702d15ff405af61b5562b6809fcec79ddbdc43b84bf511cd2
SHA512 50f2422a597a49b28286a1e2fb7faa81e1062ce3c4016d63778872938740e1e93c0582a49d9380ffb02ca8a49134994c5c1e962a9989a13056df40635d531a45

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 9bb612c67679aa6d793fd38bab112a2d
SHA1 57d503b5f450471ca60bd17ca47eaf8ede82471d
SHA256 9b76ea2b5386c23028d9b1b87161d9b6a22186f918dc1ba8f9b4ca505f2e197c
SHA512 09beb09e40857699e8649c2d20056227ccf6c71b76a3c258c4edbacfb0e4183ee203d209132983d5d6574481e62d0d163a34038c7617b5adddb1213b61fafbce

memory/5716-240-0x00007FFEE0C50000-0x00007FFEE1711000-memory.dmp

memory/5300-241-0x0000000005590000-0x00000000055A0000-memory.dmp

C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe

MD5 c8d127e6c857f185024aca7723f51b75
SHA1 d2f5f3393958b6d500619ff4a0e2dd9bfe582ff5
SHA256 03e57f5f5c6b391006c256fe071ce7154048726e7ac3c692418bb8f14fe94317
SHA512 9b0c187f8bcf8168a18779bf509aa53b63f70e3151fc1f96eb1093dfd42b07ecb87d95c439af407d14ad0a2c546c317dde69997439d0465ddcb66c9402242d6b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f7e75a88fe92d5147528c475c6908243
SHA1 7831682352cfdb17da7174cea8674e61e6fe7ff6
SHA256 4faebaa12ccf24466cb17632b61174043ca23e183a44b29e9e3f6cfc2ce3192d
SHA512 f210c56502e232b9e9b47c13eeb941a2ae7ee5b7b27742902172935e8986b23292151f21dd2d930d384b4dc74af032297b36947d1f8251ce5208cbdf93a56ff6

memory/4736-247-0x00007FFEE44B0000-0x00007FFEE4F71000-memory.dmp

memory/4736-248-0x000000001ACD0000-0x000000001ACE0000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 fb0b89ae9af783e301aad7b0802b8875
SHA1 462e3b2e301911177a65f596f8e1646e0e21006b
SHA256 da2d07b74b065cdb23a65d2d93cd5f222bf6cb5d1948428ee43d5566f48d888c
SHA512 722a0c9b075166670655cebaf38f6bcd7aa705465ef6e72d78a8c4590819e5ad756819cf63582d14e9a43aa7ccf088e86c8039b31b3e4887cf0da163d787264a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ae6438c57d451f0c54f8795290a5820a
SHA1 ced0355fe405db1d785fd53c013ac17a1c1e2227
SHA256 0707020c524fbdfa9532a393af3405f649a6ab4145ccb335dfd5ee67b290b123
SHA512 68cb26becd184e76b6269e02c59d0b5f00ee0f07d1d1a27ba04ba7bc2839743a6c7515d9ff2b415c4ac5316d0c13df8da452f794525bc999f06c1d2433275ae5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

MD5 2acfc62fce71457d43f4d34e0a66725e
SHA1 2bd97e517d85e42bd754aec95c5722a249f0f477
SHA256 c6274059b5b6dd5eb9cb28cdf367eb75351125f599d11de7b5b1876f153ec843
SHA512 fc9f892bf39b5286d6b8e937f87c97733b97700d813a6fa2361beff6739b4730ba7dea28f43f5e03918e810bf507f579502e4ac17a4f8f0f9909ded4dac2f566

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b2bf840be25047d786012744617a0c8d
SHA1 84b5d8ae37a8ff4ac9d2d06c7a31a14274cab095
SHA256 9356e5c3b566c4d972a0ba89be95aceec2c8acf8794d8e1eb5b93bc0cf4b8db5
SHA512 82f840706000c91e1790382df6a3cb58e26644c2666dac512f076abaa9266c8f7fd9241c85ba3e458addcb91d1be2472cd330393a19ac6459e3fe29e2c4bb468

\??\pipe\LOCAL\crashpad_5436_ZPWDZEKGMCOHZAYD

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

MD5 60ff8447a32cc063cc402eb501f1bc10
SHA1 2a80bc86d83978ee4b005ddcf22da7953823d4d9
SHA256 514be13413fd89da9c277fdfaa3be848dbc174eefc800ad5931d242b5870c37f
SHA512 d482785b5621edf501277ac89036770389d110e03a7daa30e72cf45d506cd17ccfdaf89b6b84fe6ab0bdcf7182c4f30091753280b36244b0f8fc6a2652dc20a7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

MD5 45d748db7fcfc633ecec66dbfa5e6d16
SHA1 dc4bbff3747fc16df2a7852161adc36a89aaaf3f
SHA256 8050351205a9a19321e7b8ce5317cbc2fd421f1f0de3185a423833230b9ac261
SHA512 a3a6c8d6faa08586ad34e3495197c955cb64484a0be07f0686c5b47439bb77d4fa5fe2688e76c54ee65d27c4e4deffc712ab0a9ef7878dfe36d3bafbc82160f9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

MD5 1bb511ff727e1ba0618742400d697c98
SHA1 5e0684b1ab121d05f0540a4f6690f38e87eb12ad
SHA256 4196ccb81ada88445df57df7430daffeeef73448bd5c57ce1ce6d49d9cac439c
SHA512 9eabc55da1ae2ba29b47a2a21c3431fe581743e36a6aa0f1b7c4a2c5eead79dba515756b55cf471eee1a456370fc91877d675e25c995711453df2c7da15f929d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

MD5 976dd12a1e43e4d548b8690e1667b718
SHA1 15bb1c9fe8fcdca16e7ab77984faffd11c8dd4fd
SHA256 c31e143a8cc699fa50463229260cbdbb5ab2c23b722cfa0abce3de012ee8f0a1
SHA512 235923b1afce4e4c487a760dc7e95a46cc0b86bbc45fe59eb11edc0df5a9f44a4169779576ca1071c96d3eb4ebc0eae2cf9674445e4d1cfab9b6210b0911db67

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000032

MD5 15f5c380ef7043fb131b1dc78efdb7a8
SHA1 6b492850f216dd19eca59503ba35a1434c8d8743
SHA256 535d5ddd2412af32307be0c4ffcefa76c809dd004f9ccaa62d02a0a63f147807
SHA512 ab70416cf2673739b7ae2fbafaedd1f5acd2bee22fd7d1bf8fc8f5401d286ef30525cdd44a5c20e96570adf294c1f537612fd3825bd37490632fdb1aa20047ef

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000033

MD5 1bd390a84c151efb8ac1b91c8c8564f8
SHA1 781e841f5b765fc7b9646b63c92b4a3d1ad0b7e3
SHA256 55bedf34e10ed025b397368fa77195afdde0f06f82112fbbac1d731cf1103dac
SHA512 8cccf6a5df0b83feb45f33b2e28b8836686ec7cdc5d007b61bd6b429853cf243688b6896d2cf6a6ebe237b03e44d8114d1e2913320231e71197976da2afa66a5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000036

MD5 ccdb1aa7f50a7118f8f619ccc96dbdd7
SHA1 d03d5c2a4c457723702e59cc8a67fec90a5de052
SHA256 4537829cba2d43ebf157ab38ec70649e9c55e239dcc2e3ef25a75ef7fdfcfb28
SHA512 5b1e58ef568f0a15f2fcea6506485d7cde758b6a8f0cabfdf0b0a65774323abae96f613837425cddddccd5d1b3471b695e6eac93a49950d2d99420eefc622514

C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe

MD5 c8d127e6c857f185024aca7723f51b75
SHA1 d2f5f3393958b6d500619ff4a0e2dd9bfe582ff5
SHA256 03e57f5f5c6b391006c256fe071ce7154048726e7ac3c692418bb8f14fe94317
SHA512 9b0c187f8bcf8168a18779bf509aa53b63f70e3151fc1f96eb1093dfd42b07ecb87d95c439af407d14ad0a2c546c317dde69997439d0465ddcb66c9402242d6b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000034

MD5 f81e33535a589feabcde1df2dbf62c52
SHA1 8ebfc52d3f79b1963bfde705d2a1d9b22d898a05
SHA256 c0009e84e09a768a81004b8e8ae790c53e47cfd9e50a32767b2f571589394d95
SHA512 82bc3a804983d5c0a3b1cf8c21a8442a16c04f58c435f1c6b729c188c659b82e3f9f5a3d345abaa043d2d87b9197e8121977710d4ff19caebf4e98855575b553

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000035

MD5 e0928569d3e8f0e317fe514253e4d608
SHA1 ab37e74ce93285078073fa1b29d6f7e5ca2cebf1
SHA256 742908fbce4f821a1f5e87ab3ffcdd350de332e21688725be594f35c8b761e48
SHA512 817a2456a5b763fb5c575fe3a3e578792ef40c609df3b30917ac8a308f5d1fe7779743621754fc10b6d7b471528042bd0b2dda46bff0b6f04f576cea53beb4a3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ae6438c57d451f0c54f8795290a5820a
SHA1 ced0355fe405db1d785fd53c013ac17a1c1e2227
SHA256 0707020c524fbdfa9532a393af3405f649a6ab4145ccb335dfd5ee67b290b123
SHA512 68cb26becd184e76b6269e02c59d0b5f00ee0f07d1d1a27ba04ba7bc2839743a6c7515d9ff2b415c4ac5316d0c13df8da452f794525bc999f06c1d2433275ae5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 9bb612c67679aa6d793fd38bab112a2d
SHA1 57d503b5f450471ca60bd17ca47eaf8ede82471d
SHA256 9b76ea2b5386c23028d9b1b87161d9b6a22186f918dc1ba8f9b4ca505f2e197c
SHA512 09beb09e40857699e8649c2d20056227ccf6c71b76a3c258c4edbacfb0e4183ee203d209132983d5d6574481e62d0d163a34038c7617b5adddb1213b61fafbce

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 0f684e1a6f7d79135f081773387aa460
SHA1 f3100f22d4fcbb6a52b7308fd56a5bae3290eebe
SHA256 775936a462b770a702d15ff405af61b5562b6809fcec79ddbdc43b84bf511cd2
SHA512 50f2422a597a49b28286a1e2fb7faa81e1062ce3c4016d63778872938740e1e93c0582a49d9380ffb02ca8a49134994c5c1e962a9989a13056df40635d531a45

memory/5576-289-0x00007FFEE44B0000-0x00007FFEE4F71000-memory.dmp

memory/5576-290-0x000000001B6B0000-0x000000001B6C0000-memory.dmp

C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe

MD5 c8d127e6c857f185024aca7723f51b75
SHA1 d2f5f3393958b6d500619ff4a0e2dd9bfe582ff5
SHA256 03e57f5f5c6b391006c256fe071ce7154048726e7ac3c692418bb8f14fe94317
SHA512 9b0c187f8bcf8168a18779bf509aa53b63f70e3151fc1f96eb1093dfd42b07ecb87d95c439af407d14ad0a2c546c317dde69997439d0465ddcb66c9402242d6b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ae6438c57d451f0c54f8795290a5820a
SHA1 ced0355fe405db1d785fd53c013ac17a1c1e2227
SHA256 0707020c524fbdfa9532a393af3405f649a6ab4145ccb335dfd5ee67b290b123
SHA512 68cb26becd184e76b6269e02c59d0b5f00ee0f07d1d1a27ba04ba7bc2839743a6c7515d9ff2b415c4ac5316d0c13df8da452f794525bc999f06c1d2433275ae5

memory/2632-307-0x00007FFEE44B0000-0x00007FFEE4F71000-memory.dmp

memory/4736-309-0x00007FFEE44B0000-0x00007FFEE4F71000-memory.dmp

memory/2632-310-0x000000001B200000-0x000000001B210000-memory.dmp

memory/4736-313-0x00007FFEE44B0000-0x00007FFEE4F71000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Reporting and NEL

MD5 79971e4b331ae577a042bcf79a6a194d
SHA1 c36e3f56bfba48f93063e7b5b90de89316bc865e
SHA256 11c614b0216559f7a71fe3fe0481b40300a61a8bd26623b4ce96f587a8f09c46
SHA512 2b4bce674375fb9844cc377e26c1286205659182b4f4705c34a6fcbe5c3e15da66b68439aee7202618a0549bc11559eccabb0dd9e72793673adccd929a075fc9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 4c3593e1c6ab20528a59257868dd1e92
SHA1 69168bb4eb6e2ed9317f5641c7a642ff4d3c8045
SHA256 352ce5bea05456a4f2149c955a4f82a7602bca6ece4da50117a677ccc13b7524
SHA512 ae9a431e5ad03e22178d5722ccecffdaf1755896a2f79a275760ccdc77fe357d3f54118bfa3c8e05337a95614a96aee4e265d448de8fe1ecb3945dfcbccd20ae

memory/5576-325-0x00007FFEE44B0000-0x00007FFEE4F71000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 fa977c4b49c0293ef2e258f29508e505
SHA1 b47e4b96d4c11554e5e48de512769f0b5f35d571
SHA256 521708618e8c137feec8da765e867ed163d204efaa89f1e4171a76125e2196c6
SHA512 0c2b5290f0bd707b0f853ea2dc79dc50f16efacafbedf15498622736666c7cf4f781293b0f68cbd5b0e93ea65dcdaaf45d9bd8bf048fd83573502e3b6232e7c0

memory/4936-337-0x00007FFEE44B0000-0x00007FFEE4F71000-memory.dmp

memory/4936-338-0x0000000001FD0000-0x0000000001FE0000-memory.dmp

memory/5576-351-0x000000001B6B0000-0x000000001B6C0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\login.db

MD5 02d2c46697e3714e49f46b680b9a6b83
SHA1 84f98b56d49f01e9b6b76a4e21accf64fd319140
SHA256 522cad95d3fa6ebb3274709b8d09bbb1ca37389d0a924cd29e934a75aa04c6c9
SHA512 60348a145bfc71b1e07cb35fa79ab5ff472a3d0a557741ea2d39b3772bc395b86e261bd616f65307ae0d997294e49b5548d32f11e86ef3e2704959ca63da8aac

memory/2632-386-0x00007FFEE44B0000-0x00007FFEE4F71000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 04d5b764660c7d1168e8b6c00c8a8678
SHA1 e96385e360e279d8228e8a28d4be61b3d0502505
SHA256 e03f5d6e716e7e631d327557b8bc4b2d4d8ce3326e194095d9a5b1127b642cbb
SHA512 0a7cec129d05965704cb4734d81420b740db3e5d2226f2b2d48ebaa937437429f8691a263aafd05dfd663c9b07ce5236ae8690ad992931008dde34fe7656333c

memory/4936-417-0x00007FFEE44B0000-0x00007FFEE4F71000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ca97242fd4199e7f10f410681f2d3816
SHA1 f714a3f9f6979923cc25be7b94b5dd1146ba7938
SHA256 0c7ff6c68833cf0a63c7567681e734c79fdbf2d2928d2f0c0cb92cfae1c59095
SHA512 efc35d2de2458aa95cc35b07347b92b53782662c3d35571ad8492bd2b9019e6c2daf539765064b7c9ac11f717a159e79144a016617ff93ed7a54fa00755f677a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 26c97198de4a7501976e71ed3cbccf18
SHA1 5dd46803b134affa8ed191e49c6881562954cf2d
SHA256 c6962e08c52d2d4f7407fd30e15d55fa058cf774adef80e225d25240a1a4c005
SHA512 549ff6d11bdaf570f23d725563b6f85008b0c737e3efa7ff9475a57bc48d42d49b63fbac699da21caae039d9f7e676a322c6829a31761f7e8520bf699cf5a024

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 7a8951b000ee3fdf53233caa767cde21
SHA1 e880f4bb09fd502495c0ef09c68226b3a3b60ad2
SHA256 cac5114909946afaf3890a1408e6c1d9ccb43e4de3e381fadd8eb245bea21cc3
SHA512 e02ca1eb4ce93db557b7f83908250422d1ee0ddb18f662fd2cba8416118bbf4a784d149feae704534cd2b8245f8c1d12c8d409a7ca51d5a6b83c11b150b17882

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 0ebd4ee2126ba69ca915684f2fbb4a14
SHA1 d443fd4e7773fc36f0a999703ee959dde460fca5
SHA256 b615f8c0142d5abca541af49bb315bdfe1b961c75a7d9cb77e03f12e84f88133
SHA512 321c5d2dd2f08748974194d3866a7c3d3c2057f65a7751775ec5de0ce3f31d5aeb54a83d7daa3f0fd7d6017fad998533f1d809071826b64a1fe76aaf0b890b47

memory/2632-507-0x000000001B200000-0x000000001B210000-memory.dmp

memory/5300-511-0x00000000745C0000-0x0000000074D70000-memory.dmp

memory/5356-512-0x00007FFEE44B0000-0x00007FFEE4F71000-memory.dmp

memory/5356-513-0x000000001B500000-0x000000001B510000-memory.dmp

memory/2764-514-0x00007FFEE44B0000-0x00007FFEE4F71000-memory.dmp

memory/5356-518-0x00007FFEE44B0000-0x00007FFEE4F71000-memory.dmp

memory/2764-519-0x00007FFEE44B0000-0x00007FFEE4F71000-memory.dmp

memory/2764-520-0x000000001AE80000-0x000000001AE90000-memory.dmp