Analysis Overview
SHA256
7c6196edac2b156e5da4556f391d3486250960dab1d1ca093cd6cfdde59a3a84
Threat Level: Known bad
The file Guna.UI2.dll was found to be: Known bad.
Malicious Activity Summary
Mercurial Grabber Stealer
Looks for VirtualBox Guest Additions in registry
Looks for VMWare Tools registry key
Loads dropped DLL
Checks computer location settings
Executes dropped EXE
Reads user/profile data of web browsers
Checks BIOS information in registry
Maps connected drives based on registry
Looks up external IP address via web service
Legitimate hosting services abused for malware hosting/C2
Program crash
Enumerates physical storage devices
Suspicious use of FindShellTrayWindow
Suspicious behavior: EnumeratesProcesses
Enumerates system info in registry
Checks SCSI registry key(s)
Checks processor information in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of WriteProcessMemory
Modifies registry class
Suspicious use of AdjustPrivilegeToken
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2023-09-03 11:56
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2023-09-03 11:56
Reported
2023-09-03 11:59
Platform
win7-20230831-en
Max time kernel
122s
Max time network
127s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Guna.UI2.dll,#1
Network
Files
Analysis: behavioral2
Detonation Overview
Submitted
2023-09-03 11:56
Reported
2023-09-03 12:00
Platform
win10v2004-20230831-en
Max time kernel
202s
Max time network
220s
Command Line
Signatures
Mercurial Grabber Stealer
Looks for VirtualBox Guest Additions in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions | C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions | C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions | C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions | C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions | C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions | C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions | C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe | N/A |
Looks for VMWare Tools registry key
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\VMWare, Inc.\VMWare Tools | C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\VMWare, Inc.\VMWare Tools | C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\VMWare, Inc.\VMWare Tools | C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\VMWare, Inc.\VMWare Tools | C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\VMWare, Inc.\VMWare Tools | C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\VMWare, Inc.\VMWare Tools | C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\VMWare, Inc.\VMWare Tools | C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe | N/A |
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-4272677097-406801653-1594978504-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_Panel.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_Panel.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_Panel.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_Panel.exe | N/A |
Reads user/profile data of web browsers
Legitimate hosting services abused for malware hosting/C2
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip-api.com | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
| N/A | ip4.seeip.org | N/A | N/A |
Maps connected drives based on registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum | C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum | C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum | C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum | C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 | C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum | C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum | C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 | C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum | C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 | C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 | C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 | C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 | C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 | C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe | N/A |
Enumerates physical storage devices
Program crash
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_VMware_&Prod_VMware_Virtual_S | C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_VMware_&Prod_VMware_Virtual_S | C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_VMware_&Prod_VMware_Virtual_S | C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_VMware_&Prod_VMware_Virtual_S | C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_VMware_&Prod_VMware_Virtual_S | C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_VMware_&Prod_VMware_Virtual_S | C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_VMware_&Prod_VMware_Virtual_S | C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosInformation | C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Logical Unit Id 0 | C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemProductName | C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Logical Unit Id 0 | C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Logical Unit Id 0 | C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemManufacturer | C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemManufacturer | C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Logical Unit Id 0 | C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosInformation | C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosInformation | C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Logical Unit Id 0 | C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemManufacturer | C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemManufacturer | C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemProductName | C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemManufacturer | C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Logical Unit Id 0 | C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosInformation | C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemProductName | C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosInformation | C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemProductName | C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemManufacturer | C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemProductName | C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Logical Unit Id 0 | C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemManufacturer | C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemProductName | C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosInformation | C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosInformation | C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemProductName | C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4272677097-406801653-1594978504-1000\{ED1EAA6A-0CD4-4A2F-B165-9DEA1E031ADC} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4272677097-406801653-1594978504-1000\{DD2D5D6D-B1CF-4126-BA77-2847EE5C8791} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeRestorePrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: 35 | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Guna.UI2.dll,#1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0xf8,0x134,0x7ffef3b646f8,0x7ffef3b64708,0x7ffef3b64718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,8636472095965036422,866865767117355872,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1880 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2188,8636472095965036422,866865767117355872,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2188,8636472095965036422,866865767117355872,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2924 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8636472095965036422,866865767117355872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8636472095965036422,866865767117355872,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8636472095965036422,866865767117355872,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8636472095965036422,866865767117355872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4872 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,8636472095965036422,866865767117355872,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3680 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,8636472095965036422,866865767117355872,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3680 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8636472095965036422,866865767117355872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8636472095965036422,866865767117355872,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8636472095965036422,866865767117355872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4868 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8636472095965036422,866865767117355872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8636472095965036422,866865767117355872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8636472095965036422,866865767117355872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8636472095965036422,866865767117355872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4060 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8636472095965036422,866865767117355872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3648 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8636472095965036422,866865767117355872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8636472095965036422,866865767117355872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6628 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8636472095965036422,866865767117355872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6588 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8636472095965036422,866865767117355872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6932 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8636472095965036422,866865767117355872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7112 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2188,8636472095965036422,866865767117355872,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6924 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2188,8636472095965036422,866865767117355872,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=7108 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8636472095965036422,866865767117355872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2188,8636472095965036422,866865767117355872,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7432 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8636472095965036422,866865767117355872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7332 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2188,8636472095965036422,866865767117355872,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7384 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Panda\" -spe -an -ai#7zMap30970:72:7zEvent9068
C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_Panel.exe
"C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_Panel.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8636472095965036422,866865767117355872,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3488 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8636472095965036422,866865767117355872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7728 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8636472095965036422,866865767117355872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7360 /prefetch:1
C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe
"C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.gg/WYNH3S6Q
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffef3b646f8,0x7ffef3b64708,0x7ffef3b64718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8636472095965036422,866865767117355872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3584 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,8636472095965036422,866865767117355872,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7484 /prefetch:1
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 416 -p 5716 -ip 5716
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 5716 -s 2064
C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe
"C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.gg/WYNH3S6Q
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffef3b646f8,0x7ffef3b64708,0x7ffef3b64718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2032,7934038358544698367,1594226078515971450,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2336 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,7934038358544698367,1594226078515971450,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2044 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2032,7934038358544698367,1594226078515971450,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2992 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,7934038358544698367,1594226078515971450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,7934038358544698367,1594226078515971450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,7934038358544698367,1594226078515971450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4196 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe
"C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.gg/WYNH3S6Q
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffef3b646f8,0x7ffef3b64708,0x7ffef3b64718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,7934038358544698367,1594226078515971450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,7934038358544698367,1594226078515971450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 488 -p 4736 -ip 4736
C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe
"C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe"
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 4736 -s 2104
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.gg/WYNH3S6Q
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffef3b646f8,0x7ffef3b64708,0x7ffef3b64718
C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe
"C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.gg/WYNH3S6Q
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffef3b646f8,0x7ffef3b64708,0x7ffef3b64718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,7934038358544698367,1594226078515971450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,7934038358544698367,1594226078515971450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2032,7934038358544698367,1594226078515971450,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3660 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2032,7934038358544698367,1594226078515971450,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3816 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,7934038358544698367,1594226078515971450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3988 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,7934038358544698367,1594226078515971450,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 520 -p 4936 -ip 4936
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 4936 -s 2100
C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe
"C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe"
C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe
"C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe"
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 544 -p 5356 -ip 5356
C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 5356 -s 2096
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.178.238.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| NL | 88.221.24.66:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.24.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 54.120.234.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| NL | 88.221.24.113:443 | r.bing.com | tcp |
| NL | 88.221.24.113:443 | r.bing.com | tcp |
| NL | 88.221.24.66:443 | th.bing.com | tcp |
| NL | 88.221.24.66:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | 113.24.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| US | 8.8.8.8:53 | send-anywhere.com | udp |
| US | 18.239.69.54:443 | send-anywhere.com | tcp |
| US | 18.239.69.54:443 | send-anywhere.com | tcp |
| US | 8.8.8.8:53 | 22.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | cdn.cookielaw.org | udp |
| US | 8.8.8.8:53 | apis.google.com | udp |
| US | 8.8.8.8:53 | static.zdassets.com | udp |
| US | 8.8.8.8:53 | wcs.naver.net | udp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| US | 104.17.24.14:443 | cdnjs.cloudflare.com | tcp |
| US | 104.18.130.236:443 | cdn.cookielaw.org | tcp |
| US | 104.18.70.113:443 | static.zdassets.com | tcp |
| NL | 23.206.107.185:443 | wcs.naver.net | tcp |
| US | 8.8.8.8:53 | ekr.zdassets.com | udp |
| US | 104.18.72.113:443 | ekr.zdassets.com | tcp |
| US | 104.18.130.236:443 | cdn.cookielaw.org | tcp |
| US | 8.8.8.8:53 | wcs.naver.com | udp |
| US | 8.8.8.8:53 | www.googletagservices.com | udp |
| US | 8.8.8.8:53 | connect.facebook.net | udp |
| KR | 110.93.147.30:443 | wcs.naver.com | tcp |
| NL | 157.240.247.8:443 | connect.facebook.net | tcp |
| NL | 157.240.247.8:443 | connect.facebook.net | tcp |
| NL | 142.251.39.98:443 | www.googletagservices.com | tcp |
| US | 8.8.8.8:53 | 54.69.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.24.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 236.130.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.70.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 185.107.206.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.72.18.104.in-addr.arpa | udp |
| KR | 110.93.147.30:443 | wcs.naver.com | tcp |
| US | 8.8.8.8:53 | js.stripe.com | udp |
| NL | 13.227.219.58:443 | js.stripe.com | tcp |
| US | 8.8.8.8:53 | geolocation.onetrust.com | udp |
| US | 8.8.8.8:53 | m.servedby-buysellads.com | udp |
| US | 8.8.8.8:53 | cdn.carbonads.com | udp |
| US | 8.8.8.8:53 | d10lpsik1i8c69.cloudfront.net | udp |
| US | 8.8.8.8:53 | send-anywhere.zendesk.com | udp |
| US | 151.139.128.10:443 | cdn.carbonads.com | tcp |
| US | 104.18.32.137:443 | geolocation.onetrust.com | tcp |
| US | 151.139.128.10:443 | cdn.carbonads.com | tcp |
| US | 104.16.53.111:443 | send-anywhere.zendesk.com | tcp |
| NL | 52.222.137.37:443 | d10lpsik1i8c69.cloudfront.net | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| NL | 172.217.168.194:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 2.18.121.68:80 | apps.identrust.com | tcp |
| US | 2.18.121.68:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 8.247.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.39.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.219.227.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 30.147.93.110.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.128.139.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 111.53.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.137.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.168.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.121.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.211.227.13.in-addr.arpa | udp |
| DE | 172.217.23.194:443 | securepubads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 137.32.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | analytics.google.com | udp |
| US | 216.239.36.181:443 | analytics.google.com | tcp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| NL | 142.250.102.156:443 | stats.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| NL | 157.240.201.35:443 | www.facebook.com | tcp |
| DE | 172.217.23.194:443 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | srv.carbonads.net | udp |
| US | 8.8.8.8:53 | srv.buysellads.com | udp |
| US | 8.8.8.8:53 | settings.luckyorange.net | udp |
| US | 8.8.8.8:53 | f13ba826defbb6b1657acaf0538bd546.safeframe.googlesyndication.com | udp |
| US | 165.227.57.6:443 | srv.buysellads.com | tcp |
| US | 104.131.3.131:443 | srv.buysellads.com | tcp |
| NL | 142.250.179.161:443 | f13ba826defbb6b1657acaf0538bd546.safeframe.googlesyndication.com | tcp |
| US | 104.26.11.16:443 | settings.luckyorange.net | tcp |
| US | 8.8.8.8:53 | 194.23.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.36.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.201.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.102.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 16.11.26.104.in-addr.arpa | udp |
| US | 216.239.36.181:443 | analytics.google.com | udp |
| NL | 142.251.39.98:443 | www.googletagservices.com | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| NL | 142.251.36.1:443 | tpc.googlesyndication.com | tcp |
| NL | 142.250.102.156:443 | stats.g.doubleclick.net | udp |
| NL | 142.251.36.1:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | d4a553n24khrv.cloudfront.net | udp |
| NL | 142.250.179.161:443 | f13ba826defbb6b1657acaf0538bd546.safeframe.googlesyndication.com | udp |
| US | 18.65.39.74:443 | d4a553n24khrv.cloudfront.net | tcp |
| US | 8.8.8.8:53 | 131.3.131.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.57.227.165.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.39.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.39.65.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn4.buysellads.net | udp |
| US | 151.139.128.10:443 | cdn4.buysellads.net | tcp |
| US | 8.8.8.8:53 | m.stripe.network | udp |
| US | 18.239.94.78:443 | m.stripe.network | tcp |
| US | 8.8.8.8:53 | 78.94.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | services.bingapis.com | udp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 8.8.8.8:53 | m.stripe.com | udp |
| US | 52.32.224.81:443 | m.stripe.com | tcp |
| US | 8.8.8.8:53 | 80.5.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.224.32.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.22.238.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | file-65-0-131-196.send-anywhere.com | udp |
| IN | 65.0.131.196:443 | file-65-0-131-196.send-anywhere.com | tcp |
| US | 8.8.8.8:53 | 196.131.0.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.ampproject.org | udp |
| NL | 142.250.179.161:443 | cdn.ampproject.org | tcp |
| NL | 142.250.179.161:443 | cdn.ampproject.org | tcp |
| NL | 142.250.179.161:443 | cdn.ampproject.org | tcp |
| NL | 142.250.179.161:443 | cdn.ampproject.org | tcp |
| NL | 142.250.179.161:443 | cdn.ampproject.org | tcp |
| NL | 142.251.36.1:443 | tpc.googlesyndication.com | udp |
| DE | 172.217.23.194:443 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 106.208.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.179.250.142.in-addr.arpa | udp |
| IN | 65.0.131.196:443 | file-65-0-131-196.send-anywhere.com | tcp |
| NL | 142.251.39.98:443 | www.googletagservices.com | udp |
| IN | 65.0.131.196:443 | file-65-0-131-196.send-anywhere.com | tcp |
| US | 8.8.8.8:53 | privacyportal.onetrust.com | udp |
| US | 104.18.32.137:443 | privacyportal.onetrust.com | tcp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ip4.seeip.org | udp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 8.8.8.8:53 | ip-api.com | udp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 162.159.135.232:443 | discord.com | tcp |
| US | 8.8.8.8:53 | discord.gg | udp |
| US | 162.159.133.234:443 | discord.gg | tcp |
| US | 162.159.133.234:443 | discord.gg | tcp |
| US | 8.8.8.8:53 | 141.64.128.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.112.95.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 162.159.136.232:443 | discord.com | tcp |
| US | 162.159.135.232:443 | discord.com | tcp |
| US | 8.8.8.8:53 | 232.135.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.136.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.133.159.162.in-addr.arpa | udp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 162.159.133.234:443 | discord.gg | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 162.159.135.232:443 | discord.com | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 162.159.135.232:443 | discord.com | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 162.159.136.232:443 | discord.com | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 162.159.136.232:443 | discord.com | tcp |
| US | 162.159.136.232:443 | discord.com | tcp |
| US | 162.159.136.232:443 | discord.com | udp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 162.159.135.232:443 | discord.com | tcp |
| US | 162.159.135.232:443 | discord.com | tcp |
| US | 8.8.8.8:53 | 131.72.42.20.in-addr.arpa | udp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 162.159.135.232:443 | discord.com | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 23.128.64.141:443 | ip4.seeip.org | tcp |
| US | 162.159.135.232:443 | discord.com | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 8.8.8.8:53 | 9.57.101.20.in-addr.arpa | udp |
Files
\??\pipe\LOCAL\crashpad_2716_ABOQWXRUJEMEWWIC
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 1ea68f659b241e7799f6d5847673f4d5 |
| SHA1 | c767daa773972d1af040fbac5cac9075c7c8ee3a |
| SHA256 | bf0eba70082dcad559bfdbe1821b44777a7a2eb56ad1ca8a4248360dc301e2d5 |
| SHA512 | 46873a613a009ad8e5d4b04b1ce07d15118fc789270c9ab7fb911ed83425cd2b5fd8143d60189111358f2db2f652a4cfe4a694aa4e1b5a31a8828556e2e0d952 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe584a04.TMP
| MD5 | 1460cb7024208f60b46a29151bafc118 |
| SHA1 | 2cd069eb27ff44d7e422bc1ce1da9552583b7196 |
| SHA256 | 38eb22e3a2d0652285d2e5f6ec8d225c6a11839b57a28e3b0c74b002a27f5158 |
| SHA512 | b77d91cefdafd2359acdc901443974249034375767c74825ec2b54c3e989264dd107271035cd0c4651543e9591abfc9d3d98f2c3f6e91827dcce2c54ef4885f4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 729e322fde55f270ac0d8097c5dacaab |
| SHA1 | 8c1715411f569bb8ae28d276f3f26b67f4ce8d32 |
| SHA256 | 9b9c2ad6cef37a6b944c0964800dbce72b7c644fa2ccd7462dba39c8f6af8dcc |
| SHA512 | f0af48d5005b4f5ebab50b80a4e44744eb27377a9192d663a2105b0a61930cfa0f788f6b159489db613b44f3249252885faefb7300a21e9c7fcc76819669af19 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | e1c9896dbc04b4e91ba479c21330d88b |
| SHA1 | 5a5af91788ffead1854606bc7b32649fc2e9051b |
| SHA256 | a1fb6efefcd08d92e3c73d0de669d06bbfe25aacd188b560d509f9678661e040 |
| SHA512 | 6869d2c12155ca7efcb3128d1ad5e515c1b58098a727826cbe91c8e4a23e3681dcbe56d58f4172cd351ad2839d20e18b111a230c7b695f86754a3fbbfc239479 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | dae70e5a64af893e3d489471649c363d |
| SHA1 | 856852c74f12ea18222fc3bb7092b9202357924e |
| SHA256 | 60a311cdd64f2a0e9be2c389cb6e1c5803c1e27277494bfb08134f4fe72dbec0 |
| SHA512 | 3627e32c2d9d6e8e3b9d29688794c85bfdb400d29914c43e97a0e66f5eb53226f9f03d3108b1e89bdcf88d2680ef35a14c73539abef857dffaae60f1b8873467 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | bb43043c8a69270b4cbcd2c268e201dc |
| SHA1 | ed36b142c9d9885eaf2a503137b831d63bdeb2df |
| SHA256 | 8a45b782d1985220195d58bc0b92ad182f0cdc5592de298a1dd70e9ba496560e |
| SHA512 | 6941c498a56b0ee41996cc76147688bae223838cffeeb22f99fc7293ca52c67c7141ea58d0a10b81f7b799b9c21f390fb197c5fd5032eb8f1d5dcf835caafda3 |
C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_Panel.exe
| MD5 | 89a318e3f4ab22a7d59e788628fc4f8c |
| SHA1 | 05fd6065f8ff1f356c352ce836bcd25f861a85bf |
| SHA256 | 97815efda6c181706b97f3a030a3c0bbc481a5ebb7062ae84b1d2f38c6dd8d41 |
| SHA512 | 3d0172cedf9b0ef9f859f9eb8426144350adc32258504227749e2a3c6a07ec151123f19f3180edfb5ea4ddfe90c59ffd7297403995da7ba82a0ee29531a81baa |
C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_Panel.exe
| MD5 | 89a318e3f4ab22a7d59e788628fc4f8c |
| SHA1 | 05fd6065f8ff1f356c352ce836bcd25f861a85bf |
| SHA256 | 97815efda6c181706b97f3a030a3c0bbc481a5ebb7062ae84b1d2f38c6dd8d41 |
| SHA512 | 3d0172cedf9b0ef9f859f9eb8426144350adc32258504227749e2a3c6a07ec151123f19f3180edfb5ea4ddfe90c59ffd7297403995da7ba82a0ee29531a81baa |
memory/5300-173-0x00000000745C0000-0x0000000074D70000-memory.dmp
memory/5300-174-0x0000000000800000-0x00000000008E4000-memory.dmp
memory/5300-175-0x00000000058F0000-0x0000000005E94000-memory.dmp
memory/5300-176-0x0000000005340000-0x00000000053D2000-memory.dmp
memory/5300-177-0x0000000005590000-0x00000000055A0000-memory.dmp
memory/5300-178-0x00000000052E0000-0x00000000052EA000-memory.dmp
C:\Users\Admin\Downloads\Panda\Panda Regedit\Guna.UI2.dll
| MD5 | de97f5f8b11269f60e9b0a0d66266a4c |
| SHA1 | ac01b2bf4238810c5db34b436f77de4c9182b1d7 |
| SHA256 | 7c6196edac2b156e5da4556f391d3486250960dab1d1ca093cd6cfdde59a3a84 |
| SHA512 | 9f196e961b8d4a1e4b3f2bf1ae4f2145978503f54460c28e95fd49b1998964f6d1c8fe8da3a6a48183d00c5645fbc28ba9d1dd1e875f008739085fb6e466ff87 |
memory/5300-182-0x0000000006260000-0x0000000006620000-memory.dmp
C:\Users\Admin\Downloads\Panda\Panda Regedit\Guna.UI2.dll
| MD5 | de97f5f8b11269f60e9b0a0d66266a4c |
| SHA1 | ac01b2bf4238810c5db34b436f77de4c9182b1d7 |
| SHA256 | 7c6196edac2b156e5da4556f391d3486250960dab1d1ca093cd6cfdde59a3a84 |
| SHA512 | 9f196e961b8d4a1e4b3f2bf1ae4f2145978503f54460c28e95fd49b1998964f6d1c8fe8da3a6a48183d00c5645fbc28ba9d1dd1e875f008739085fb6e466ff87 |
C:\Users\Admin\Downloads\Panda\Panda Regedit\Guna.UI2.dll
| MD5 | de97f5f8b11269f60e9b0a0d66266a4c |
| SHA1 | ac01b2bf4238810c5db34b436f77de4c9182b1d7 |
| SHA256 | 7c6196edac2b156e5da4556f391d3486250960dab1d1ca093cd6cfdde59a3a84 |
| SHA512 | 9f196e961b8d4a1e4b3f2bf1ae4f2145978503f54460c28e95fd49b1998964f6d1c8fe8da3a6a48183d00c5645fbc28ba9d1dd1e875f008739085fb6e466ff87 |
memory/5300-183-0x0000000005590000-0x00000000055A0000-memory.dmp
memory/5300-184-0x00000000096D0000-0x000000000976C000-memory.dmp
C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe
| MD5 | c8d127e6c857f185024aca7723f51b75 |
| SHA1 | d2f5f3393958b6d500619ff4a0e2dd9bfe582ff5 |
| SHA256 | 03e57f5f5c6b391006c256fe071ce7154048726e7ac3c692418bb8f14fe94317 |
| SHA512 | 9b0c187f8bcf8168a18779bf509aa53b63f70e3151fc1f96eb1093dfd42b07ecb87d95c439af407d14ad0a2c546c317dde69997439d0465ddcb66c9402242d6b |
C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe
| MD5 | c8d127e6c857f185024aca7723f51b75 |
| SHA1 | d2f5f3393958b6d500619ff4a0e2dd9bfe582ff5 |
| SHA256 | 03e57f5f5c6b391006c256fe071ce7154048726e7ac3c692418bb8f14fe94317 |
| SHA512 | 9b0c187f8bcf8168a18779bf509aa53b63f70e3151fc1f96eb1093dfd42b07ecb87d95c439af407d14ad0a2c546c317dde69997439d0465ddcb66c9402242d6b |
memory/5716-187-0x0000000000570000-0x0000000000582000-memory.dmp
memory/5716-188-0x00007FFEE0C50000-0x00007FFEE1711000-memory.dmp
memory/5300-189-0x00000000745C0000-0x0000000074D70000-memory.dmp
memory/5716-190-0x0000000000E80000-0x0000000000E90000-memory.dmp
memory/5300-202-0x0000000005590000-0x00000000055A0000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 0f684e1a6f7d79135f081773387aa460 |
| SHA1 | f3100f22d4fcbb6a52b7308fd56a5bae3290eebe |
| SHA256 | 775936a462b770a702d15ff405af61b5562b6809fcec79ddbdc43b84bf511cd2 |
| SHA512 | 50f2422a597a49b28286a1e2fb7faa81e1062ce3c4016d63778872938740e1e93c0582a49d9380ffb02ca8a49134994c5c1e962a9989a13056df40635d531a45 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 9bb612c67679aa6d793fd38bab112a2d |
| SHA1 | 57d503b5f450471ca60bd17ca47eaf8ede82471d |
| SHA256 | 9b76ea2b5386c23028d9b1b87161d9b6a22186f918dc1ba8f9b4ca505f2e197c |
| SHA512 | 09beb09e40857699e8649c2d20056227ccf6c71b76a3c258c4edbacfb0e4183ee203d209132983d5d6574481e62d0d163a34038c7617b5adddb1213b61fafbce |
memory/5716-240-0x00007FFEE0C50000-0x00007FFEE1711000-memory.dmp
memory/5300-241-0x0000000005590000-0x00000000055A0000-memory.dmp
C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe
| MD5 | c8d127e6c857f185024aca7723f51b75 |
| SHA1 | d2f5f3393958b6d500619ff4a0e2dd9bfe582ff5 |
| SHA256 | 03e57f5f5c6b391006c256fe071ce7154048726e7ac3c692418bb8f14fe94317 |
| SHA512 | 9b0c187f8bcf8168a18779bf509aa53b63f70e3151fc1f96eb1093dfd42b07ecb87d95c439af407d14ad0a2c546c317dde69997439d0465ddcb66c9402242d6b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | f7e75a88fe92d5147528c475c6908243 |
| SHA1 | 7831682352cfdb17da7174cea8674e61e6fe7ff6 |
| SHA256 | 4faebaa12ccf24466cb17632b61174043ca23e183a44b29e9e3f6cfc2ce3192d |
| SHA512 | f210c56502e232b9e9b47c13eeb941a2ae7ee5b7b27742902172935e8986b23292151f21dd2d930d384b4dc74af032297b36947d1f8251ce5208cbdf93a56ff6 |
memory/4736-247-0x00007FFEE44B0000-0x00007FFEE4F71000-memory.dmp
memory/4736-248-0x000000001ACD0000-0x000000001ACE0000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | fb0b89ae9af783e301aad7b0802b8875 |
| SHA1 | 462e3b2e301911177a65f596f8e1646e0e21006b |
| SHA256 | da2d07b74b065cdb23a65d2d93cd5f222bf6cb5d1948428ee43d5566f48d888c |
| SHA512 | 722a0c9b075166670655cebaf38f6bcd7aa705465ef6e72d78a8c4590819e5ad756819cf63582d14e9a43aa7ccf088e86c8039b31b3e4887cf0da163d787264a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ae6438c57d451f0c54f8795290a5820a |
| SHA1 | ced0355fe405db1d785fd53c013ac17a1c1e2227 |
| SHA256 | 0707020c524fbdfa9532a393af3405f649a6ab4145ccb335dfd5ee67b290b123 |
| SHA512 | 68cb26becd184e76b6269e02c59d0b5f00ee0f07d1d1a27ba04ba7bc2839743a6c7515d9ff2b415c4ac5316d0c13df8da452f794525bc999f06c1d2433275ae5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies
| MD5 | 2acfc62fce71457d43f4d34e0a66725e |
| SHA1 | 2bd97e517d85e42bd754aec95c5722a249f0f477 |
| SHA256 | c6274059b5b6dd5eb9cb28cdf367eb75351125f599d11de7b5b1876f153ec843 |
| SHA512 | fc9f892bf39b5286d6b8e937f87c97733b97700d813a6fa2361beff6739b4730ba7dea28f43f5e03918e810bf507f579502e4ac17a4f8f0f9909ded4dac2f566 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b2bf840be25047d786012744617a0c8d |
| SHA1 | 84b5d8ae37a8ff4ac9d2d06c7a31a14274cab095 |
| SHA256 | 9356e5c3b566c4d972a0ba89be95aceec2c8acf8794d8e1eb5b93bc0cf4b8db5 |
| SHA512 | 82f840706000c91e1790382df6a3cb58e26644c2666dac512f076abaa9266c8f7fd9241c85ba3e458addcb91d1be2472cd330393a19ac6459e3fe29e2c4bb468 |
\??\pipe\LOCAL\crashpad_5436_ZPWDZEKGMCOHZAYD
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3
| MD5 | 60ff8447a32cc063cc402eb501f1bc10 |
| SHA1 | 2a80bc86d83978ee4b005ddcf22da7953823d4d9 |
| SHA256 | 514be13413fd89da9c277fdfaa3be848dbc174eefc800ad5931d242b5870c37f |
| SHA512 | d482785b5621edf501277ac89036770389d110e03a7daa30e72cf45d506cd17ccfdaf89b6b84fe6ab0bdcf7182c4f30091753280b36244b0f8fc6a2652dc20a7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2
| MD5 | 45d748db7fcfc633ecec66dbfa5e6d16 |
| SHA1 | dc4bbff3747fc16df2a7852161adc36a89aaaf3f |
| SHA256 | 8050351205a9a19321e7b8ce5317cbc2fd421f1f0de3185a423833230b9ac261 |
| SHA512 | a3a6c8d6faa08586ad34e3495197c955cb64484a0be07f0686c5b47439bb77d4fa5fe2688e76c54ee65d27c4e4deffc712ab0a9ef7878dfe36d3bafbc82160f9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1
| MD5 | 1bb511ff727e1ba0618742400d697c98 |
| SHA1 | 5e0684b1ab121d05f0540a4f6690f38e87eb12ad |
| SHA256 | 4196ccb81ada88445df57df7430daffeeef73448bd5c57ce1ce6d49d9cac439c |
| SHA512 | 9eabc55da1ae2ba29b47a2a21c3431fe581743e36a6aa0f1b7c4a2c5eead79dba515756b55cf471eee1a456370fc91877d675e25c995711453df2c7da15f929d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0
| MD5 | 976dd12a1e43e4d548b8690e1667b718 |
| SHA1 | 15bb1c9fe8fcdca16e7ab77984faffd11c8dd4fd |
| SHA256 | c31e143a8cc699fa50463229260cbdbb5ab2c23b722cfa0abce3de012ee8f0a1 |
| SHA512 | 235923b1afce4e4c487a760dc7e95a46cc0b86bbc45fe59eb11edc0df5a9f44a4169779576ca1071c96d3eb4ebc0eae2cf9674445e4d1cfab9b6210b0911db67 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000032
| MD5 | 15f5c380ef7043fb131b1dc78efdb7a8 |
| SHA1 | 6b492850f216dd19eca59503ba35a1434c8d8743 |
| SHA256 | 535d5ddd2412af32307be0c4ffcefa76c809dd004f9ccaa62d02a0a63f147807 |
| SHA512 | ab70416cf2673739b7ae2fbafaedd1f5acd2bee22fd7d1bf8fc8f5401d286ef30525cdd44a5c20e96570adf294c1f537612fd3825bd37490632fdb1aa20047ef |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000033
| MD5 | 1bd390a84c151efb8ac1b91c8c8564f8 |
| SHA1 | 781e841f5b765fc7b9646b63c92b4a3d1ad0b7e3 |
| SHA256 | 55bedf34e10ed025b397368fa77195afdde0f06f82112fbbac1d731cf1103dac |
| SHA512 | 8cccf6a5df0b83feb45f33b2e28b8836686ec7cdc5d007b61bd6b429853cf243688b6896d2cf6a6ebe237b03e44d8114d1e2913320231e71197976da2afa66a5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000036
| MD5 | ccdb1aa7f50a7118f8f619ccc96dbdd7 |
| SHA1 | d03d5c2a4c457723702e59cc8a67fec90a5de052 |
| SHA256 | 4537829cba2d43ebf157ab38ec70649e9c55e239dcc2e3ef25a75ef7fdfcfb28 |
| SHA512 | 5b1e58ef568f0a15f2fcea6506485d7cde758b6a8f0cabfdf0b0a65774323abae96f613837425cddddccd5d1b3471b695e6eac93a49950d2d99420eefc622514 |
C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe
| MD5 | c8d127e6c857f185024aca7723f51b75 |
| SHA1 | d2f5f3393958b6d500619ff4a0e2dd9bfe582ff5 |
| SHA256 | 03e57f5f5c6b391006c256fe071ce7154048726e7ac3c692418bb8f14fe94317 |
| SHA512 | 9b0c187f8bcf8168a18779bf509aa53b63f70e3151fc1f96eb1093dfd42b07ecb87d95c439af407d14ad0a2c546c317dde69997439d0465ddcb66c9402242d6b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000034
| MD5 | f81e33535a589feabcde1df2dbf62c52 |
| SHA1 | 8ebfc52d3f79b1963bfde705d2a1d9b22d898a05 |
| SHA256 | c0009e84e09a768a81004b8e8ae790c53e47cfd9e50a32767b2f571589394d95 |
| SHA512 | 82bc3a804983d5c0a3b1cf8c21a8442a16c04f58c435f1c6b729c188c659b82e3f9f5a3d345abaa043d2d87b9197e8121977710d4ff19caebf4e98855575b553 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000035
| MD5 | e0928569d3e8f0e317fe514253e4d608 |
| SHA1 | ab37e74ce93285078073fa1b29d6f7e5ca2cebf1 |
| SHA256 | 742908fbce4f821a1f5e87ab3ffcdd350de332e21688725be594f35c8b761e48 |
| SHA512 | 817a2456a5b763fb5c575fe3a3e578792ef40c609df3b30917ac8a308f5d1fe7779743621754fc10b6d7b471528042bd0b2dda46bff0b6f04f576cea53beb4a3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ae6438c57d451f0c54f8795290a5820a |
| SHA1 | ced0355fe405db1d785fd53c013ac17a1c1e2227 |
| SHA256 | 0707020c524fbdfa9532a393af3405f649a6ab4145ccb335dfd5ee67b290b123 |
| SHA512 | 68cb26becd184e76b6269e02c59d0b5f00ee0f07d1d1a27ba04ba7bc2839743a6c7515d9ff2b415c4ac5316d0c13df8da452f794525bc999f06c1d2433275ae5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 9bb612c67679aa6d793fd38bab112a2d |
| SHA1 | 57d503b5f450471ca60bd17ca47eaf8ede82471d |
| SHA256 | 9b76ea2b5386c23028d9b1b87161d9b6a22186f918dc1ba8f9b4ca505f2e197c |
| SHA512 | 09beb09e40857699e8649c2d20056227ccf6c71b76a3c258c4edbacfb0e4183ee203d209132983d5d6574481e62d0d163a34038c7617b5adddb1213b61fafbce |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 0f684e1a6f7d79135f081773387aa460 |
| SHA1 | f3100f22d4fcbb6a52b7308fd56a5bae3290eebe |
| SHA256 | 775936a462b770a702d15ff405af61b5562b6809fcec79ddbdc43b84bf511cd2 |
| SHA512 | 50f2422a597a49b28286a1e2fb7faa81e1062ce3c4016d63778872938740e1e93c0582a49d9380ffb02ca8a49134994c5c1e962a9989a13056df40635d531a45 |
memory/5576-289-0x00007FFEE44B0000-0x00007FFEE4F71000-memory.dmp
memory/5576-290-0x000000001B6B0000-0x000000001B6C0000-memory.dmp
C:\Users\Admin\Downloads\Panda\Panda Regedit\Panda_System.exe
| MD5 | c8d127e6c857f185024aca7723f51b75 |
| SHA1 | d2f5f3393958b6d500619ff4a0e2dd9bfe582ff5 |
| SHA256 | 03e57f5f5c6b391006c256fe071ce7154048726e7ac3c692418bb8f14fe94317 |
| SHA512 | 9b0c187f8bcf8168a18779bf509aa53b63f70e3151fc1f96eb1093dfd42b07ecb87d95c439af407d14ad0a2c546c317dde69997439d0465ddcb66c9402242d6b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ae6438c57d451f0c54f8795290a5820a |
| SHA1 | ced0355fe405db1d785fd53c013ac17a1c1e2227 |
| SHA256 | 0707020c524fbdfa9532a393af3405f649a6ab4145ccb335dfd5ee67b290b123 |
| SHA512 | 68cb26becd184e76b6269e02c59d0b5f00ee0f07d1d1a27ba04ba7bc2839743a6c7515d9ff2b415c4ac5316d0c13df8da452f794525bc999f06c1d2433275ae5 |
memory/2632-307-0x00007FFEE44B0000-0x00007FFEE4F71000-memory.dmp
memory/4736-309-0x00007FFEE44B0000-0x00007FFEE4F71000-memory.dmp
memory/2632-310-0x000000001B200000-0x000000001B210000-memory.dmp
memory/4736-313-0x00007FFEE44B0000-0x00007FFEE4F71000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Reporting and NEL
| MD5 | 79971e4b331ae577a042bcf79a6a194d |
| SHA1 | c36e3f56bfba48f93063e7b5b90de89316bc865e |
| SHA256 | 11c614b0216559f7a71fe3fe0481b40300a61a8bd26623b4ce96f587a8f09c46 |
| SHA512 | 2b4bce674375fb9844cc377e26c1286205659182b4f4705c34a6fcbe5c3e15da66b68439aee7202618a0549bc11559eccabb0dd9e72793673adccd929a075fc9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 4c3593e1c6ab20528a59257868dd1e92 |
| SHA1 | 69168bb4eb6e2ed9317f5641c7a642ff4d3c8045 |
| SHA256 | 352ce5bea05456a4f2149c955a4f82a7602bca6ece4da50117a677ccc13b7524 |
| SHA512 | ae9a431e5ad03e22178d5722ccecffdaf1755896a2f79a275760ccdc77fe357d3f54118bfa3c8e05337a95614a96aee4e265d448de8fe1ecb3945dfcbccd20ae |
memory/5576-325-0x00007FFEE44B0000-0x00007FFEE4F71000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | fa977c4b49c0293ef2e258f29508e505 |
| SHA1 | b47e4b96d4c11554e5e48de512769f0b5f35d571 |
| SHA256 | 521708618e8c137feec8da765e867ed163d204efaa89f1e4171a76125e2196c6 |
| SHA512 | 0c2b5290f0bd707b0f853ea2dc79dc50f16efacafbedf15498622736666c7cf4f781293b0f68cbd5b0e93ea65dcdaaf45d9bd8bf048fd83573502e3b6232e7c0 |
memory/4936-337-0x00007FFEE44B0000-0x00007FFEE4F71000-memory.dmp
memory/4936-338-0x0000000001FD0000-0x0000000001FE0000-memory.dmp
memory/5576-351-0x000000001B6B0000-0x000000001B6C0000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\login.db
| MD5 | 02d2c46697e3714e49f46b680b9a6b83 |
| SHA1 | 84f98b56d49f01e9b6b76a4e21accf64fd319140 |
| SHA256 | 522cad95d3fa6ebb3274709b8d09bbb1ca37389d0a924cd29e934a75aa04c6c9 |
| SHA512 | 60348a145bfc71b1e07cb35fa79ab5ff472a3d0a557741ea2d39b3772bc395b86e261bd616f65307ae0d997294e49b5548d32f11e86ef3e2704959ca63da8aac |
memory/2632-386-0x00007FFEE44B0000-0x00007FFEE4F71000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 04d5b764660c7d1168e8b6c00c8a8678 |
| SHA1 | e96385e360e279d8228e8a28d4be61b3d0502505 |
| SHA256 | e03f5d6e716e7e631d327557b8bc4b2d4d8ce3326e194095d9a5b1127b642cbb |
| SHA512 | 0a7cec129d05965704cb4734d81420b740db3e5d2226f2b2d48ebaa937437429f8691a263aafd05dfd663c9b07ce5236ae8690ad992931008dde34fe7656333c |
memory/4936-417-0x00007FFEE44B0000-0x00007FFEE4F71000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ca97242fd4199e7f10f410681f2d3816 |
| SHA1 | f714a3f9f6979923cc25be7b94b5dd1146ba7938 |
| SHA256 | 0c7ff6c68833cf0a63c7567681e734c79fdbf2d2928d2f0c0cb92cfae1c59095 |
| SHA512 | efc35d2de2458aa95cc35b07347b92b53782662c3d35571ad8492bd2b9019e6c2daf539765064b7c9ac11f717a159e79144a016617ff93ed7a54fa00755f677a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 26c97198de4a7501976e71ed3cbccf18 |
| SHA1 | 5dd46803b134affa8ed191e49c6881562954cf2d |
| SHA256 | c6962e08c52d2d4f7407fd30e15d55fa058cf774adef80e225d25240a1a4c005 |
| SHA512 | 549ff6d11bdaf570f23d725563b6f85008b0c737e3efa7ff9475a57bc48d42d49b63fbac699da21caae039d9f7e676a322c6829a31761f7e8520bf699cf5a024 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 7a8951b000ee3fdf53233caa767cde21 |
| SHA1 | e880f4bb09fd502495c0ef09c68226b3a3b60ad2 |
| SHA256 | cac5114909946afaf3890a1408e6c1d9ccb43e4de3e381fadd8eb245bea21cc3 |
| SHA512 | e02ca1eb4ce93db557b7f83908250422d1ee0ddb18f662fd2cba8416118bbf4a784d149feae704534cd2b8245f8c1d12c8d409a7ca51d5a6b83c11b150b17882 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 0ebd4ee2126ba69ca915684f2fbb4a14 |
| SHA1 | d443fd4e7773fc36f0a999703ee959dde460fca5 |
| SHA256 | b615f8c0142d5abca541af49bb315bdfe1b961c75a7d9cb77e03f12e84f88133 |
| SHA512 | 321c5d2dd2f08748974194d3866a7c3d3c2057f65a7751775ec5de0ce3f31d5aeb54a83d7daa3f0fd7d6017fad998533f1d809071826b64a1fe76aaf0b890b47 |
memory/2632-507-0x000000001B200000-0x000000001B210000-memory.dmp
memory/5300-511-0x00000000745C0000-0x0000000074D70000-memory.dmp
memory/5356-512-0x00007FFEE44B0000-0x00007FFEE4F71000-memory.dmp
memory/5356-513-0x000000001B500000-0x000000001B510000-memory.dmp
memory/2764-514-0x00007FFEE44B0000-0x00007FFEE4F71000-memory.dmp
memory/5356-518-0x00007FFEE44B0000-0x00007FFEE4F71000-memory.dmp
memory/2764-519-0x00007FFEE44B0000-0x00007FFEE4F71000-memory.dmp
memory/2764-520-0x000000001AE80000-0x000000001AE90000-memory.dmp