Malware Analysis Report

2024-11-15 08:07

Sample ID 230909-2qp48aeb81
Target https://google.com
Tags
mercurialgrabber discovery evasion persistence stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://google.com was found to be: Known bad.

Malicious Activity Summary

mercurialgrabber discovery evasion persistence stealer

Mercurial Grabber Stealer

Looks for VirtualBox Guest Additions in registry

Downloads MZ/PE file

Looks for VMWare Tools registry key

Executes dropped EXE

Loads dropped DLL

Checks computer location settings

Checks BIOS information in registry

Checks installed software on the system

Enumerates connected drives

Looks up external IP address via web service

Adds Run key to start application

Legitimate hosting services abused for malware hosting/C2

Maps connected drives based on registry

Drops file in Windows directory

Enumerates physical storage devices

Program crash

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Enumerates system info in registry

NTFS ADS

Checks processor information in registry

Uses Volume Shadow Copy service COM API

Modifies system certificate store

Modifies registry class

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Suspicious behavior: EnumeratesProcesses

Checks SCSI registry key(s)

Suspicious use of AdjustPrivilegeToken

Opens file in notepad (likely ransom note)

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-09-09 22:47

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-09-09 22:47

Reported

2023-09-09 23:05

Platform

win10v2004-20230831-en

Max time kernel

1042s

Max time network

1052s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.com

Signatures

Mercurial Grabber Stealer

stealer mercurialgrabber

Looks for VirtualBox Guest Additions in registry

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions C:\Users\Admin\Downloads\RobuxGen\rbxgen.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Oracle\VirtualBox Guest Additions C:\Users\Admin\Downloads\RobuxGen\rbxgen.exe N/A

Downloads MZ/PE file

Looks for VMWare Tools registry key

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SOFTWARE\VMWare, Inc.\VMWare Tools C:\Users\Admin\Downloads\RobuxGen\rbxgen.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\VMWare, Inc.\VMWare Tools C:\Users\Admin\Downloads\RobuxGen\rbxgen.exe N/A

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\Downloads\RobuxGen\rbxgen.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion C:\Users\Admin\Downloads\RobuxGen\rbxgen.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Programs\Buxify\Buxify.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\Mod Menu\XModz Mod Menu.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\Mod Menu\XModz Mod Menu.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\Mod Menu\XModz Mod Menu.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000\Control Panel\International\Geo\Nation C:\Windows\Temp\{698F9732-4E83-458B-BF6E-B496E3EA5515}\.cr\python-3.11.4-amd64.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000\Control Panel\International\Geo\Nation C:\Windows\Temp\{03A5D434-A400-42D3-A193-9B5483E4F505}\.cr\python-3.11.4-amd64.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Programs\Buxify\Buxify.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\buxify.exe N/A
N/A N/A C:\Users\Admin\Downloads\buxify.exe N/A
N/A N/A C:\Users\Admin\Downloads\buxify.exe N/A
N/A N/A C:\Users\Admin\Downloads\buxify.exe N/A
N/A N/A C:\Users\Admin\Downloads\buxify.exe N/A
N/A N/A C:\Users\Admin\Downloads\buxify.exe N/A
N/A N/A C:\Users\Admin\Downloads\buxify.exe N/A
N/A N/A C:\Users\Admin\Downloads\buxify.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Buxify\Buxify.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Buxify\Buxify.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Buxify\Buxify.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Buxify\Buxify.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Mod Menu\XModz Mod Menu.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Mod Menu\XModz Mod Menu.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Mod Menu\XModz Mod Menu.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Mod Menu\XModz Mod Menu.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Mod Menu\XModz Mod Menu.exe N/A
N/A N/A C:\Users\Admin\Downloads\python-3.11.4-amd64.exe N/A
N/A N/A C:\Users\Admin\Downloads\python-3.11.4-amd64.exe N/A
N/A N/A C:\Windows\Temp\{698F9732-4E83-458B-BF6E-B496E3EA5515}\.cr\python-3.11.4-amd64.exe N/A
N/A N/A C:\Windows\Temp\{A9CE7D0C-2A4E-4886-9AE5-262AA02C1C79}\.cr\python-3.11.4-amd64.exe N/A
N/A N/A C:\Windows\Temp\{858163FC-9910-4D2D-BC46-019B73DBC18C}\.be\python-3.11.4-amd64.exe N/A
N/A N/A C:\Users\Admin\Downloads\python-3.11.4-amd64.exe N/A
N/A N/A C:\Windows\Temp\{03A5D434-A400-42D3-A193-9B5483E4F505}\.cr\python-3.11.4-amd64.exe N/A
N/A N/A C:\Windows\Temp\{504AE143-FAC2-4E8C-B7AB-84693FBF5BEC}\.be\python-3.11.4-amd64.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\buxify.exe N/A
N/A N/A C:\Users\Admin\Downloads\buxify.exe N/A
N/A N/A C:\Users\Admin\Downloads\buxify.exe N/A
N/A N/A C:\Users\Admin\Downloads\buxify.exe N/A
N/A N/A C:\Users\Admin\Downloads\buxify.exe N/A
N/A N/A C:\Users\Admin\Downloads\buxify.exe N/A
N/A N/A C:\Users\Admin\Downloads\buxify.exe N/A
N/A N/A C:\Users\Admin\Downloads\buxify.exe N/A
N/A N/A C:\Users\Admin\Downloads\buxify.exe N/A
N/A N/A C:\Users\Admin\Downloads\buxify.exe N/A
N/A N/A C:\Users\Admin\Downloads\buxify.exe N/A
N/A N/A C:\Users\Admin\Downloads\buxify.exe N/A
N/A N/A C:\Users\Admin\Downloads\buxify.exe N/A
N/A N/A C:\Users\Admin\Downloads\buxify.exe N/A
N/A N/A C:\Users\Admin\Downloads\buxify.exe N/A
N/A N/A C:\Users\Admin\Downloads\buxify.exe N/A
N/A N/A C:\Users\Admin\Downloads\buxify.exe N/A
N/A N/A C:\Users\Admin\Downloads\buxify.exe N/A
N/A N/A C:\Users\Admin\Downloads\buxify.exe N/A
N/A N/A C:\Users\Admin\Downloads\buxify.exe N/A
N/A N/A C:\Users\Admin\Downloads\buxify.exe N/A
N/A N/A C:\Users\Admin\Downloads\buxify.exe N/A
N/A N/A C:\Users\Admin\Downloads\buxify.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Buxify\Buxify.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Buxify\Buxify.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Buxify\Buxify.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Buxify\Buxify.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Buxify\Buxify.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Buxify\Buxify.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Buxify\Buxify.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Mod Menu\XModz Mod Menu.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Mod Menu\XModz Mod Menu.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Mod Menu\XModz Mod Menu.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Mod Menu\XModz Mod Menu.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Mod Menu\XModz Mod Menu.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Mod Menu\XModz Mod Menu.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Mod Menu\XModz Mod Menu.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Mod Menu\XModz Mod Menu.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Mod Menu\XModz Mod Menu.exe N/A
N/A N/A C:\Windows\Temp\{698F9732-4E83-458B-BF6E-B496E3EA5515}\.cr\python-3.11.4-amd64.exe N/A
N/A N/A C:\Windows\Temp\{A9CE7D0C-2A4E-4886-9AE5-262AA02C1C79}\.cr\python-3.11.4-amd64.exe N/A
N/A N/A C:\Windows\Temp\{03A5D434-A400-42D3-A193-9B5483E4F505}\.cr\python-3.11.4-amd64.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Mod Menu = "C:\\Users\\Admin\\AppData\\Roaming\\Mod Menu\\XModz Mod Menu.exe" C:\Users\Admin\AppData\Local\Temp\Temp1_XModz.Menu.zip\Mod Menu.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\{3d45edf4-44bb-483f-9e08-43c38c81e118} = "\"C:\\Users\\Admin\\AppData\\Local\\Package Cache\\{3d45edf4-44bb-483f-9e08-43c38c81e118}\\python-3.11.4-amd64.exe\" /burn.runonce" C:\Windows\Temp\{03A5D434-A400-42D3-A193-9B5483E4F505}\.cr\python-3.11.4-amd64.exe N/A

Checks installed software on the system

discovery

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A

Legitimate hosting services abused for malware hosting/C2

Looks up external IP address via web service

Description Indicator Process Target
N/A ip-api.com N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip-api.com N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A
N/A ip4.seeip.org N/A N/A

Maps connected drives based on registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Users\Admin\Downloads\RobuxGen\rbxgen.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 C:\Users\Admin\Downloads\RobuxGen\rbxgen.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum C:\Users\Admin\Downloads\RobuxGen\rbxgen.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0 C:\Users\Admin\Downloads\RobuxGen\rbxgen.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e66d4c1.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIE151.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e66d4cf.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{52DE4CC1-22CF-498B-B50F-E66877E4850B} C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{90A235DF-4CF1-415D-AD85-6AC578B5DFB4} C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e66d4c6.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e66d4cb.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e66d4d5.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI7C3D.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSID930.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI2AEE.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e66d4d4.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e66d4df.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{A32FE961-D579-4E46-B3D6-0B777F8F51E8} C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{FEF98C01-0C8A-4A0F-88AE-F164A787286C} C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e66d4c1.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e66d4c5.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIF585.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e66d4d5.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{FABA3DAC-829C-4C83-BC27-F3AFFD27B465} C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e66d4d9.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e66d4d0.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{DA4B94FB-D8BB-4DB9-85A7-FA5067A5CEDF} C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e66d4c0.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e66d4c6.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e66d4d0.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e66d4da.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e66d4da.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e66d4df.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI9275.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{7EB8F17E-4AA7-4F9E-B908-42A28799523A} C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e66d4bc.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e66d4bc.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\inprogressinstallinfo.ipi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIDC9C.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{1C6E1CE6-CA4E-4B38-BAFF-32BD94DBFFEF} C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e66d4ca.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e66d4cb.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI5E82.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e66d4de.msi C:\Windows\system32\msiexec.exe N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\vssvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters C:\Windows\system32\vssvc.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters C:\Windows\system32\vssvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_VMware_&Prod_VMware_Virtual_S C:\Users\Admin\Downloads\RobuxGen\rbxgen.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_VMware_&Prod_VMware_Virtual_S C:\Users\Admin\Downloads\RobuxGen\rbxgen.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr C:\Windows\system32\vssvc.exe N/A
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 0000000004000000b305b7ffc76f366e0000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff000000002701010000080000b305b7ff0000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff000000000700010000680900b305b7ff000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1db305b7ff000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000b305b7ff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\system32\vssvc.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Users\Admin\Downloads\RobuxGen\rbxgen.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\Downloads\RobuxGen\rbxgen.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Users\Admin\Downloads\RobuxGen\rbxgen.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Users\Admin\Downloads\RobuxGen\rbxgen.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Logical Unit Id 0 C:\Users\Admin\Downloads\RobuxGen\rbxgen.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Logical Unit Id 0 C:\Users\Admin\Downloads\RobuxGen\rbxgen.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosInformation C:\Users\Admin\Downloads\RobuxGen\rbxgen.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosInformation C:\Users\Admin\Downloads\RobuxGen\rbxgen.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemProductName C:\Users\Admin\Downloads\RobuxGen\rbxgen.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemProductName C:\Users\Admin\Downloads\RobuxGen\rbxgen.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemManufacturer C:\Users\Admin\Downloads\RobuxGen\rbxgen.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemManufacturer C:\Users\Admin\Downloads\RobuxGen\rbxgen.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Installer\Dependencies\CPython-3.11\Version = "3.11.4150.0" C:\Windows\Temp\{03A5D434-A400-42D3-A193-9B5483E4F505}\.cr\python-3.11.4-amd64.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Installer\Dependencies\{1C6E1CE6-CA4E-4B38-BAFF-32BD94DBFFEF}\Version = "3.11.4150.0" C:\Windows\Temp\{03A5D434-A400-42D3-A193-9B5483E4F505}\.cr\python-3.11.4-amd64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Installer\Dependencies\{FABA3DAC-829C-4C83-BC27-F3AFFD27B465}\Dependents\{3d45edf4-44bb-483f-9e08-43c38c81e118} C:\Windows\Temp\{03A5D434-A400-42D3-A193-9B5483E4F505}\.cr\python-3.11.4-amd64.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Installer\Dependencies\{7EB8F17E-4AA7-4F9E-B908-42A28799523A}\DisplayName = "Python 3.11.4 Standard Library (64-bit)" C:\Windows\Temp\{03A5D434-A400-42D3-A193-9B5483E4F505}\.cr\python-3.11.4-amd64.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Installer\Dependencies\{90A235DF-4CF1-415D-AD85-6AC578B5DFB4}\Version = "3.11.4150.0" C:\Windows\Temp\{03A5D434-A400-42D3-A193-9B5483E4F505}\.cr\python-3.11.4-amd64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Installer\Dependencies\{90A235DF-4CF1-415D-AD85-6AC578B5DFB4}\Dependents\{3d45edf4-44bb-483f-9e08-43c38c81e118} C:\Windows\Temp\{03A5D434-A400-42D3-A193-9B5483E4F505}\.cr\python-3.11.4-amd64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Installer C:\Windows\Temp\{03A5D434-A400-42D3-A193-9B5483E4F505}\.cr\python-3.11.4-amd64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Installer\Dependencies\{1C6E1CE6-CA4E-4B38-BAFF-32BD94DBFFEF} C:\Windows\Temp\{03A5D434-A400-42D3-A193-9B5483E4F505}\.cr\python-3.11.4-amd64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Installer\Dependencies\{1C6E1CE6-CA4E-4B38-BAFF-32BD94DBFFEF}\Dependents\{3d45edf4-44bb-483f-9e08-43c38c81e118} C:\Windows\Temp\{03A5D434-A400-42D3-A193-9B5483E4F505}\.cr\python-3.11.4-amd64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Installer\Dependencies\{1C6E1CE6-CA4E-4B38-BAFF-32BD94DBFFEF}\Dependents C:\Windows\Temp\{03A5D434-A400-42D3-A193-9B5483E4F505}\.cr\python-3.11.4-amd64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Installer\Dependencies\{FEF98C01-0C8A-4A0F-88AE-F164A787286C}\Dependents\{3d45edf4-44bb-483f-9e08-43c38c81e118} C:\Windows\Temp\{03A5D434-A400-42D3-A193-9B5483E4F505}\.cr\python-3.11.4-amd64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Installer\Dependencies\{7EB8F17E-4AA7-4F9E-B908-42A28799523A} C:\Windows\Temp\{03A5D434-A400-42D3-A193-9B5483E4F505}\.cr\python-3.11.4-amd64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Installer\Dependencies\{FABA3DAC-829C-4C83-BC27-F3AFFD27B465} C:\Windows\Temp\{03A5D434-A400-42D3-A193-9B5483E4F505}\.cr\python-3.11.4-amd64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Installer\Dependencies\{A32FE961-D579-4E46-B3D6-0B777F8F51E8} C:\Windows\Temp\{03A5D434-A400-42D3-A193-9B5483E4F505}\.cr\python-3.11.4-amd64.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\discord-925090689107243088\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\Buxify\\Buxify.exe\" \"%1\"" C:\Users\Admin\AppData\Local\Programs\Buxify\Buxify.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Installer\Dependencies\CPython-3.11\Dependents\{3d45edf4-44bb-483f-9e08-43c38c81e118} C:\Windows\Temp\{03A5D434-A400-42D3-A193-9B5483E4F505}\.cr\python-3.11.4-amd64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Installer\Dependencies\{52DE4CC1-22CF-498B-B50F-E66877E4850B}\Dependents C:\Windows\Temp\{03A5D434-A400-42D3-A193-9B5483E4F505}\.cr\python-3.11.4-amd64.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\discord-925090689107243088\ = "URL:discord-925090689107243088" C:\Users\Admin\AppData\Local\Programs\Buxify\Buxify.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Installer\Dependencies\{FEF98C01-0C8A-4A0F-88AE-F164A787286C}\Version = "3.11.4150.0" C:\Windows\Temp\{03A5D434-A400-42D3-A193-9B5483E4F505}\.cr\python-3.11.4-amd64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Installer\Dependencies\{7EB8F17E-4AA7-4F9E-B908-42A28799523A}\Dependents C:\Windows\Temp\{03A5D434-A400-42D3-A193-9B5483E4F505}\.cr\python-3.11.4-amd64.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Installer\Dependencies\{90A235DF-4CF1-415D-AD85-6AC578B5DFB4}\DisplayName = "Python 3.11.4 Utility Scripts (64-bit)" C:\Windows\Temp\{03A5D434-A400-42D3-A193-9B5483E4F505}\.cr\python-3.11.4-amd64.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Installer\Dependencies\{52DE4CC1-22CF-498B-B50F-E66877E4850B}\ = "{52DE4CC1-22CF-498B-B50F-E66877E4850B}" C:\Windows\Temp\{03A5D434-A400-42D3-A193-9B5483E4F505}\.cr\python-3.11.4-amd64.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Installer\Dependencies\{52DE4CC1-22CF-498B-B50F-E66877E4850B}\DisplayName = "Python 3.11.4 Test Suite (64-bit)" C:\Windows\Temp\{03A5D434-A400-42D3-A193-9B5483E4F505}\.cr\python-3.11.4-amd64.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Installer\Dependencies\CPython-3.11\ = "{3d45edf4-44bb-483f-9e08-43c38c81e118}" C:\Windows\Temp\{03A5D434-A400-42D3-A193-9B5483E4F505}\.cr\python-3.11.4-amd64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Installer\Dependencies\{FEF98C01-0C8A-4A0F-88AE-F164A787286C} C:\Windows\Temp\{03A5D434-A400-42D3-A193-9B5483E4F505}\.cr\python-3.11.4-amd64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Installer\Dependencies\{DA4B94FB-D8BB-4DB9-85A7-FA5067A5CEDF} C:\Windows\Temp\{03A5D434-A400-42D3-A193-9B5483E4F505}\.cr\python-3.11.4-amd64.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Installer\Dependencies\{DA4B94FB-D8BB-4DB9-85A7-FA5067A5CEDF}\ = "{DA4B94FB-D8BB-4DB9-85A7-FA5067A5CEDF}" C:\Windows\Temp\{03A5D434-A400-42D3-A193-9B5483E4F505}\.cr\python-3.11.4-amd64.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Installer\Dependencies\{DA4B94FB-D8BB-4DB9-85A7-FA5067A5CEDF}\DisplayName = "Python 3.11.4 Executables (64-bit)" C:\Windows\Temp\{03A5D434-A400-42D3-A193-9B5483E4F505}\.cr\python-3.11.4-amd64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Installer\Dependencies\{52DE4CC1-22CF-498B-B50F-E66877E4850B}\Dependents\{3d45edf4-44bb-483f-9e08-43c38c81e118} C:\Windows\Temp\{03A5D434-A400-42D3-A193-9B5483E4F505}\.cr\python-3.11.4-amd64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\discord-925090689107243088 C:\Users\Admin\AppData\Local\Programs\Buxify\Buxify.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Installer\Dependencies C:\Windows\Temp\{03A5D434-A400-42D3-A193-9B5483E4F505}\.cr\python-3.11.4-amd64.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Installer\Dependencies\CPython-3.11\DisplayName = "Python 3.11.4 (64-bit)" C:\Windows\Temp\{03A5D434-A400-42D3-A193-9B5483E4F505}\.cr\python-3.11.4-amd64.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Installer\Dependencies\{FEF98C01-0C8A-4A0F-88AE-F164A787286C}\DisplayName = "Python 3.11.4 Core Interpreter (64-bit)" C:\Windows\Temp\{03A5D434-A400-42D3-A193-9B5483E4F505}\.cr\python-3.11.4-amd64.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Installer\Dependencies\{A32FE961-D579-4E46-B3D6-0B777F8F51E8}\DisplayName = "Python 3.11.4 Tcl/Tk Support (64-bit)" C:\Windows\Temp\{03A5D434-A400-42D3-A193-9B5483E4F505}\.cr\python-3.11.4-amd64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Local Settings C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Installer\Dependencies\{FEF98C01-0C8A-4A0F-88AE-F164A787286C}\ = "{FEF98C01-0C8A-4A0F-88AE-F164A787286C}" C:\Windows\Temp\{03A5D434-A400-42D3-A193-9B5483E4F505}\.cr\python-3.11.4-amd64.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Installer\Dependencies\{DA4B94FB-D8BB-4DB9-85A7-FA5067A5CEDF}\Version = "3.11.4150.0" C:\Windows\Temp\{03A5D434-A400-42D3-A193-9B5483E4F505}\.cr\python-3.11.4-amd64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Installer\Dependencies\{DA4B94FB-D8BB-4DB9-85A7-FA5067A5CEDF}\Dependents\{3d45edf4-44bb-483f-9e08-43c38c81e118} C:\Windows\Temp\{03A5D434-A400-42D3-A193-9B5483E4F505}\.cr\python-3.11.4-amd64.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Installer\Dependencies\{7EB8F17E-4AA7-4F9E-B908-42A28799523A}\Version = "3.11.4150.0" C:\Windows\Temp\{03A5D434-A400-42D3-A193-9B5483E4F505}\.cr\python-3.11.4-amd64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Installer\Dependencies\{7EB8F17E-4AA7-4F9E-B908-42A28799523A}\Dependents\{3d45edf4-44bb-483f-9e08-43c38c81e118} C:\Windows\Temp\{03A5D434-A400-42D3-A193-9B5483E4F505}\.cr\python-3.11.4-amd64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Installer\Dependencies\{FABA3DAC-829C-4C83-BC27-F3AFFD27B465}\Dependents C:\Windows\Temp\{03A5D434-A400-42D3-A193-9B5483E4F505}\.cr\python-3.11.4-amd64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Installer\Dependencies\{90A235DF-4CF1-415D-AD85-6AC578B5DFB4} C:\Windows\Temp\{03A5D434-A400-42D3-A193-9B5483E4F505}\.cr\python-3.11.4-amd64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\discord-925090689107243088\shell\open C:\Users\Admin\AppData\Local\Programs\Buxify\Buxify.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2415528079-3794552930-4264847036-1000\{E342BD56-E71E-4E12-8B7F-C4982E05B115} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Installer\Dependencies\{1C6E1CE6-CA4E-4B38-BAFF-32BD94DBFFEF}\DisplayName = "Python 3.11.4 Development Libraries (64-bit)" C:\Windows\Temp\{03A5D434-A400-42D3-A193-9B5483E4F505}\.cr\python-3.11.4-amd64.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Installer\Dependencies\{7EB8F17E-4AA7-4F9E-B908-42A28799523A}\ = "{7EB8F17E-4AA7-4F9E-B908-42A28799523A}" C:\Windows\Temp\{03A5D434-A400-42D3-A193-9B5483E4F505}\.cr\python-3.11.4-amd64.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Installer\Dependencies\{90A235DF-4CF1-415D-AD85-6AC578B5DFB4}\ = "{90A235DF-4CF1-415D-AD85-6AC578B5DFB4}" C:\Windows\Temp\{03A5D434-A400-42D3-A193-9B5483E4F505}\.cr\python-3.11.4-amd64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Installer\Dependencies\{90A235DF-4CF1-415D-AD85-6AC578B5DFB4}\Dependents C:\Windows\Temp\{03A5D434-A400-42D3-A193-9B5483E4F505}\.cr\python-3.11.4-amd64.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Installer\Dependencies\{1C6E1CE6-CA4E-4B38-BAFF-32BD94DBFFEF}\ = "{1C6E1CE6-CA4E-4B38-BAFF-32BD94DBFFEF}" C:\Windows\Temp\{03A5D434-A400-42D3-A193-9B5483E4F505}\.cr\python-3.11.4-amd64.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Installer\Dependencies\{FABA3DAC-829C-4C83-BC27-F3AFFD27B465}\DisplayName = "Python 3.11.4 Documentation (64-bit)" C:\Windows\Temp\{03A5D434-A400-42D3-A193-9B5483E4F505}\.cr\python-3.11.4-amd64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\discord-925090689107243088\shell C:\Users\Admin\AppData\Local\Programs\Buxify\Buxify.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Installer\Dependencies\{FABA3DAC-829C-4C83-BC27-F3AFFD27B465}\Version = "3.11.4150.0" C:\Windows\Temp\{03A5D434-A400-42D3-A193-9B5483E4F505}\.cr\python-3.11.4-amd64.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2415528079-3794552930-4264847036-1000\{BEA575AC-A007-438E-A66C-1A6A45CBA3F3} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\discord-925090689107243088\shell\open\command C:\Users\Admin\AppData\Local\Programs\Buxify\Buxify.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Installer\Dependencies\{FEF98C01-0C8A-4A0F-88AE-F164A787286C}\Dependents C:\Windows\Temp\{03A5D434-A400-42D3-A193-9B5483E4F505}\.cr\python-3.11.4-amd64.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Installer\Dependencies\{52DE4CC1-22CF-498B-B50F-E66877E4850B}\Version = "3.11.4150.0" C:\Windows\Temp\{03A5D434-A400-42D3-A193-9B5483E4F505}\.cr\python-3.11.4-amd64.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Installer\Dependencies\{A32FE961-D579-4E46-B3D6-0B777F8F51E8}\ = "{A32FE961-D579-4E46-B3D6-0B777F8F51E8}" C:\Windows\Temp\{03A5D434-A400-42D3-A193-9B5483E4F505}\.cr\python-3.11.4-amd64.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Installer\Dependencies\{A32FE961-D579-4E46-B3D6-0B777F8F51E8}\Version = "3.11.4150.0" C:\Windows\Temp\{03A5D434-A400-42D3-A193-9B5483E4F505}\.cr\python-3.11.4-amd64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Installer\Dependencies\CPython-3.11\Dependents C:\Windows\Temp\{03A5D434-A400-42D3-A193-9B5483E4F505}\.cr\python-3.11.4-amd64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Installer\Dependencies\{DA4B94FB-D8BB-4DB9-85A7-FA5067A5CEDF}\Dependents C:\Windows\Temp\{03A5D434-A400-42D3-A193-9B5483E4F505}\.cr\python-3.11.4-amd64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Installer\Dependencies\{52DE4CC1-22CF-498B-B50F-E66877E4850B} C:\Windows\Temp\{03A5D434-A400-42D3-A193-9B5483E4F505}\.cr\python-3.11.4-amd64.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Installer\Dependencies\{FABA3DAC-829C-4C83-BC27-F3AFFD27B465}\ = "{FABA3DAC-829C-4C83-BC27-F3AFFD27B465}" C:\Windows\Temp\{03A5D434-A400-42D3-A193-9B5483E4F505}\.cr\python-3.11.4-amd64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Local Settings C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2415528079-3794552930-4264847036-1000_Classes\Installer\Dependencies\CPython-3.11 C:\Windows\Temp\{03A5D434-A400-42D3-A193-9B5483E4F505}\.cr\python-3.11.4-amd64.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 5c000000010000000400000000080000190000000100000010000000fd960962ac6938e0d4b0769aa1a64e26030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e76200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb65809000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e650040000000100000010000000324a4bbbc863699bbe749ac6dd1d46242000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 C:\Users\Admin\AppData\Roaming\Mod Menu\XModz Mod Menu.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A C:\Users\Admin\AppData\Roaming\Mod Menu\XModz Mod Menu.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 0f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb658140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a2000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 C:\Users\Admin\AppData\Roaming\Mod Menu\XModz Mod Menu.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 190000000100000010000000fd960962ac6938e0d4b0769aa1a64e26030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e76200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb65809000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6502000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 C:\Users\Admin\AppData\Roaming\Mod Menu\XModz Mod Menu.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 040000000100000010000000324a4bbbc863699bbe749ac6dd1d46240f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb658140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a190000000100000010000000fd960962ac6938e0d4b0769aa1a64e262000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 C:\Users\Admin\AppData\Roaming\Mod Menu\XModz Mod Menu.exe N/A

NTFS ADS

Description Indicator Process Target
File created C:\Users\Admin\AppData\Local\buxify-updater\installer.exe\:SmartScreen:$DATA C:\Users\Admin\Downloads\buxify.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 295540.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 193813.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 764662.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Opens file in notepad (likely ransom note)

ransomware
Description Indicator Process Target
N/A N/A C:\Windows\system32\NOTEPAD.EXE N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\Downloads\buxify.exe N/A
N/A N/A C:\Users\Admin\Downloads\buxify.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Buxify\Buxify.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Buxify\Buxify.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Buxify\Buxify.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Programs\Buxify\Buxify.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\RobuxGen\rbxgen.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\RobuxGen\rbxgen.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: 33 N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\Downloads\buxify.exe N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Roaming\Mod Menu\XModz Mod Menu.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Roaming\Mod Menu\XModz Mod Menu.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Roaming\Mod Menu\XModz Mod Menu.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Roaming\Mod Menu\XModz Mod Menu.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Roaming\Mod Menu\XModz Mod Menu.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Roaming\Mod Menu\XModz Mod Menu.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Roaming\Mod Menu\XModz Mod Menu.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Roaming\Mod Menu\XModz Mod Menu.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Roaming\Mod Menu\XModz Mod Menu.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Roaming\Mod Menu\XModz Mod Menu.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Roaming\Mod Menu\XModz Mod Menu.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Roaming\Mod Menu\XModz Mod Menu.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Roaming\Mod Menu\XModz Mod Menu.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Roaming\Mod Menu\XModz Mod Menu.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Roaming\Mod Menu\XModz Mod Menu.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Roaming\Mod Menu\XModz Mod Menu.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Roaming\Mod Menu\XModz Mod Menu.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Roaming\Mod Menu\XModz Mod Menu.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Roaming\Mod Menu\XModz Mod Menu.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Roaming\Mod Menu\XModz Mod Menu.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Roaming\Mod Menu\XModz Mod Menu.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Roaming\Mod Menu\XModz Mod Menu.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Roaming\Mod Menu\XModz Mod Menu.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Roaming\Mod Menu\XModz Mod Menu.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Roaming\Mod Menu\XModz Mod Menu.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Roaming\Mod Menu\XModz Mod Menu.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: 33 N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\srtasks.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\Temp\{03A5D434-A400-42D3-A193-9B5483E4F505}\.cr\python-3.11.4-amd64.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\Temp\{03A5D434-A400-42D3-A193-9B5483E4F505}\.cr\python-3.11.4-amd64.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Windows\Temp\{03A5D434-A400-42D3-A193-9B5483E4F505}\.cr\python-3.11.4-amd64.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Windows\Temp\{03A5D434-A400-42D3-A193-9B5483E4F505}\.cr\python-3.11.4-amd64.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Windows\Temp\{03A5D434-A400-42D3-A193-9B5483E4F505}\.cr\python-3.11.4-amd64.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\Temp\{03A5D434-A400-42D3-A193-9B5483E4F505}\.cr\python-3.11.4-amd64.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Windows\Temp\{03A5D434-A400-42D3-A193-9B5483E4F505}\.cr\python-3.11.4-amd64.exe N/A
Token: SeTcbPrivilege N/A C:\Windows\Temp\{03A5D434-A400-42D3-A193-9B5483E4F505}\.cr\python-3.11.4-amd64.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\Temp\{03A5D434-A400-42D3-A193-9B5483E4F505}\.cr\python-3.11.4-amd64.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\Temp\{03A5D434-A400-42D3-A193-9B5483E4F505}\.cr\python-3.11.4-amd64.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\Temp\{03A5D434-A400-42D3-A193-9B5483E4F505}\.cr\python-3.11.4-amd64.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2020 wrote to memory of 3772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2020 wrote to memory of 3772 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2020 wrote to memory of 2144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2020 wrote to memory of 2144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2020 wrote to memory of 2144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2020 wrote to memory of 2144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2020 wrote to memory of 2144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2020 wrote to memory of 2144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2020 wrote to memory of 2144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2020 wrote to memory of 2144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2020 wrote to memory of 2144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2020 wrote to memory of 2144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2020 wrote to memory of 2144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2020 wrote to memory of 2144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2020 wrote to memory of 2144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2020 wrote to memory of 2144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2020 wrote to memory of 2144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2020 wrote to memory of 2144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2020 wrote to memory of 2144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2020 wrote to memory of 2144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2020 wrote to memory of 2144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2020 wrote to memory of 2144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2020 wrote to memory of 2144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2020 wrote to memory of 2144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2020 wrote to memory of 2144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2020 wrote to memory of 2144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2020 wrote to memory of 2144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2020 wrote to memory of 2144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2020 wrote to memory of 2144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2020 wrote to memory of 2144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2020 wrote to memory of 2144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2020 wrote to memory of 2144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2020 wrote to memory of 2144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2020 wrote to memory of 2144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2020 wrote to memory of 2144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2020 wrote to memory of 2144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2020 wrote to memory of 2144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2020 wrote to memory of 2144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2020 wrote to memory of 2144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2020 wrote to memory of 2144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2020 wrote to memory of 2144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2020 wrote to memory of 2144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2020 wrote to memory of 1296 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2020 wrote to memory of 1296 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2020 wrote to memory of 2008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2020 wrote to memory of 2008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2020 wrote to memory of 2008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2020 wrote to memory of 2008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2020 wrote to memory of 2008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2020 wrote to memory of 2008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2020 wrote to memory of 2008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2020 wrote to memory of 2008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2020 wrote to memory of 2008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2020 wrote to memory of 2008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2020 wrote to memory of 2008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2020 wrote to memory of 2008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2020 wrote to memory of 2008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2020 wrote to memory of 2008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2020 wrote to memory of 2008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2020 wrote to memory of 2008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2020 wrote to memory of 2008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2020 wrote to memory of 2008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2020 wrote to memory of 2008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2020 wrote to memory of 2008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.com

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8136b46f8,0x7ff8136b4708,0x7ff8136b4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2904 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5104 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5104 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4048 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1984 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4792 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5760 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5724 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4564 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4048 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3696 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5916 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5912 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\Downloads\RobuxGen\rbxgen.exe

"C:\Users\Admin\Downloads\RobuxGen\rbxgen.exe"

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -pss -s 404 -p 3960 -ip 3960

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 3960 -s 2204

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\RobuxGen\ReadMe.txt

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\RobuxGen\UserContent\HowToUse\1-Configuring.txt

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\RobuxGen\UserContent\HowToUse\2-Troubleshooting.txt

C:\Users\Admin\Downloads\RobuxGen\rbxgen.exe

"C:\Users\Admin\Downloads\RobuxGen\rbxgen.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2712 /prefetch:2

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -pss -s 532 -p 5724 -ip 5724

C:\Windows\system32\WerFault.exe

C:\Windows\system32\WerFault.exe -u -p 5724 -s 2196

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /7

C:\Windows\system32\rundll32.exe

C:\Windows\system32\rundll32.exe C:\Windows\system32\PcaSvc.dll,PcaPatchSdbTask

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4816 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3900 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3464 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6788 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6284 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6940 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4480 /prefetch:8

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\BobuxGenerator.exe.vbs"

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\BobuxGenerator.exe.vbs"

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\BobuxGenerator.exe.vbs"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6080 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7340 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6796 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7836 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6708 /prefetch:8

C:\Users\Admin\Downloads\buxify.exe

"C:\Users\Admin\Downloads\buxify.exe"

C:\Users\Admin\Downloads\buxify.exe

"C:\Users\Admin\Downloads\buxify.exe"

C:\Users\Admin\Downloads\buxify.exe

"C:\Users\Admin\Downloads\buxify.exe"

C:\Users\Admin\Downloads\buxify.exe

"C:\Users\Admin\Downloads\buxify.exe"

C:\Users\Admin\Downloads\buxify.exe

"C:\Users\Admin\Downloads\buxify.exe"

C:\Users\Admin\Downloads\buxify.exe

"C:\Users\Admin\Downloads\buxify.exe"

C:\Users\Admin\Downloads\buxify.exe

"C:\Users\Admin\Downloads\buxify.exe"

C:\Users\Admin\Downloads\buxify.exe

"C:\Users\Admin\Downloads\buxify.exe"

C:\Users\Admin\AppData\Local\Programs\Buxify\Buxify.exe

"C:\Users\Admin\AppData\Local\Programs\Buxify\Buxify.exe"

C:\Users\Admin\AppData\Local\Programs\Buxify\Buxify.exe

"C:\Users\Admin\AppData\Local\Programs\Buxify\Buxify.exe" --type=gpu-process --field-trial-handle=1284,4022416562237621599,18136740405845922095,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1620 /prefetch:2

C:\Users\Admin\AppData\Local\Programs\Buxify\Buxify.exe

"C:\Users\Admin\AppData\Local\Programs\Buxify\Buxify.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1284,4022416562237621599,18136740405845922095,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:8

C:\Users\Admin\AppData\Local\Programs\Buxify\Buxify.exe

"C:\Users\Admin\AppData\Local\Programs\Buxify\Buxify.exe" --type=renderer --field-trial-handle=1284,4022416562237621599,18136740405845922095,131072 --disable-features=CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --app-path="C:\Users\Admin\AppData\Local\Programs\Buxify\resources\app.asar" --no-sandbox --no-zygote --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2440 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3604 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6532 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5152 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6904 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7820 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4984 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6532 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5888 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7376 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6252 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7472 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8152 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3008 /prefetch:1

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x4a0 0x2f0

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6100 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7020 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6660 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7360 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7292 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5752 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6708 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7736 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\Temp1_XModz.Menu.zip\Mod Menu.exe

"C:\Users\Admin\AppData\Local\Temp\Temp1_XModz.Menu.zip\Mod Menu.exe"

C:\Users\Admin\AppData\Roaming\Mod Menu\XModz Mod Menu.exe

"C:\Users\Admin\AppData\Roaming\Mod Menu\XModz Mod Menu.exe"

C:\Users\Admin\AppData\Roaming\Mod Menu\XModz Mod Menu.exe

"C:\Users\Admin\AppData\Roaming\Mod Menu\XModz Mod Menu.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\xmodz-mod-menu-nativefier-e5a4a8" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1640 --field-trial-handle=1728,i,16380299183844511970,5751803806939412105,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2

C:\Users\Admin\AppData\Roaming\Mod Menu\XModz Mod Menu.exe

"C:\Users\Admin\AppData\Roaming\Mod Menu\XModz Mod Menu.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\xmodz-mod-menu-nativefier-e5a4a8" --mojo-platform-channel-handle=2044 --field-trial-handle=1728,i,16380299183844511970,5751803806939412105,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8

C:\Users\Admin\AppData\Roaming\Mod Menu\XModz Mod Menu.exe

"C:\Users\Admin\AppData\Roaming\Mod Menu\XModz Mod Menu.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\xmodz-mod-menu-nativefier-e5a4a8" --app-user-model-id=xmodz-mod-menu-nativefier-e5a4a8 --app-path="C:\Users\Admin\AppData\Roaming\Mod Menu\resources\app" --no-sandbox --no-zygote --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2416 --field-trial-handle=1728,i,16380299183844511970,5751803806939412105,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1

C:\Users\Admin\AppData\Roaming\Mod Menu\XModz Mod Menu.exe

"C:\Users\Admin\AppData\Roaming\Mod Menu\XModz Mod Menu.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\xmodz-mod-menu-nativefier-e5a4a8" --app-user-model-id=xmodz-mod-menu-nativefier-e5a4a8 --app-path="C:\Users\Admin\AppData\Roaming\Mod Menu\resources\app" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3324 --field-trial-handle=1728,i,16380299183844511970,5751803806939412105,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7416 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2736 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8292 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8028 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2736 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7880 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8336 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1756 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7900 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3420 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=97 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8612 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1344 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=99 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6000 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=100 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7936 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7928 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=102 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1756 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=105 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1852 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8144 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6684 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=108 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6660 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8912 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=113 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1076 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=8588 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=110 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8612 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8528 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=116 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=119 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8840 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=120 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8920 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=121 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7944 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,12724878767403794427,12160689525040860987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=123 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2036 /prefetch:1

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /7

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Desktop\PopPing.mht

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8136b46f8,0x7ff8136b4708,0x7ff8136b4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,4980138979766253531,490033426105737124,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,4980138979766253531,490033426105737124,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,4980138979766253531,490033426105737124,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4980138979766253531,490033426105737124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4980138979766253531,490033426105737124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,4980138979766253531,490033426105737124,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4992 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,4980138979766253531,490033426105737124,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4992 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4980138979766253531,490033426105737124,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4980138979766253531,490033426105737124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4400 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4980138979766253531,490033426105737124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4980138979766253531,490033426105737124,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4980138979766253531,490033426105737124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3504 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2148,4980138979766253531,490033426105737124,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3640 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2148,4980138979766253531,490033426105737124,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3528 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4980138979766253531,490033426105737124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4980138979766253531,490033426105737124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2148,4980138979766253531,490033426105737124,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=2748 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4980138979766253531,490033426105737124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4868 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4980138979766253531,490033426105737124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2120 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4980138979766253531,490033426105737124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2148,4980138979766253531,490033426105737124,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6332 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4980138979766253531,490033426105737124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\Temp1_Neptune-main.zip\Neptune-main\setup.bat" "

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,4980138979766253531,490033426105737124,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6316 /prefetch:2

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Temp1_Neptune-main.zip\Neptune-main\requirements.txt

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\Temp1_Neptune-main.zip\Neptune-main\setup.bat" "

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Temp1_Neptune-main.zip\Neptune-main\tutorial.txt

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4980138979766253531,490033426105737124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6636 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4980138979766253531,490033426105737124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6504 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4980138979766253531,490033426105737124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6612 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2148,4980138979766253531,490033426105737124,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6844 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2148,4980138979766253531,490033426105737124,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6568 /prefetch:8

C:\Users\Admin\Downloads\python-3.11.4-amd64.exe

"C:\Users\Admin\Downloads\python-3.11.4-amd64.exe"

C:\Users\Admin\Downloads\python-3.11.4-amd64.exe

"C:\Users\Admin\Downloads\python-3.11.4-amd64.exe"

C:\Windows\Temp\{698F9732-4E83-458B-BF6E-B496E3EA5515}\.cr\python-3.11.4-amd64.exe

"C:\Windows\Temp\{698F9732-4E83-458B-BF6E-B496E3EA5515}\.cr\python-3.11.4-amd64.exe" -burn.clean.room="C:\Users\Admin\Downloads\python-3.11.4-amd64.exe" -burn.filehandle.attached=560 -burn.filehandle.self=568

C:\Windows\Temp\{A9CE7D0C-2A4E-4886-9AE5-262AA02C1C79}\.cr\python-3.11.4-amd64.exe

"C:\Windows\Temp\{A9CE7D0C-2A4E-4886-9AE5-262AA02C1C79}\.cr\python-3.11.4-amd64.exe" -burn.clean.room="C:\Users\Admin\Downloads\python-3.11.4-amd64.exe" -burn.filehandle.attached=568 -burn.filehandle.self=576

C:\Windows\Temp\{858163FC-9910-4D2D-BC46-019B73DBC18C}\.be\python-3.11.4-amd64.exe

"C:\Windows\Temp\{858163FC-9910-4D2D-BC46-019B73DBC18C}\.be\python-3.11.4-amd64.exe" -q -burn.elevated BurnPipe.{413063F6-42A7-4122-A334-F3974D3F7460} {84CEB1EC-2AA0-4EE2-92B2-2B274F4105B3} 4964

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\system32\srtasks.exe

C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2

C:\Users\Admin\Downloads\python-3.11.4-amd64.exe

"C:\Users\Admin\Downloads\python-3.11.4-amd64.exe"

C:\Windows\Temp\{03A5D434-A400-42D3-A193-9B5483E4F505}\.cr\python-3.11.4-amd64.exe

"C:\Windows\Temp\{03A5D434-A400-42D3-A193-9B5483E4F505}\.cr\python-3.11.4-amd64.exe" -burn.clean.room="C:\Users\Admin\Downloads\python-3.11.4-amd64.exe" -burn.filehandle.attached=560 -burn.filehandle.self=568

C:\Windows\Temp\{504AE143-FAC2-4E8C-B7AB-84693FBF5BEC}\.be\python-3.11.4-amd64.exe

"C:\Windows\Temp\{504AE143-FAC2-4E8C-B7AB-84693FBF5BEC}\.be\python-3.11.4-amd64.exe" -q -burn.elevated BurnPipe.{4CEBB010-2E82-4B62-83E9-3B33948DAEF9} {278E13A9-6F5B-4A6A-8B8F-B84FF3058F50} 5976

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4980138979766253531,490033426105737124,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6640 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4980138979766253531,490033426105737124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6876 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4980138979766253531,490033426105737124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6760 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2148,4980138979766253531,490033426105737124,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6928 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4980138979766253531,490033426105737124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6688 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2148,4980138979766253531,490033426105737124,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5700 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4980138979766253531,490033426105737124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1812 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,4980138979766253531,490033426105737124,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6940 /prefetch:1

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding F8843CDA08793D75DDA4B133BA50DF4E

C:\Users\Admin\AppData\Local\Programs\Python\Python311\python.exe

"C:\Users\Admin\AppData\Local\Programs\Python\Python311\python.exe" -E -s -m ensurepip -U --default-pip

C:\Users\Admin\AppData\Local\Programs\Python\Python311\python.exe

C:\Users\Admin\AppData\Local\Programs\Python\Python311\python.exe -W ignore::DeprecationWarning -c " import runpy import sys sys.path = ['C:\\Users\\Admin\\AppData\\Local\\Temp\\tmpcqx2ibep\\setuptools-65.5.0-py3-none-any.whl', 'C:\\Users\\Admin\\AppData\\Local\\Temp\\tmpcqx2ibep\\pip-23.1.2-py3-none-any.whl'] + sys.path sys.argv[1:] = ['install', '--no-cache-dir', '--no-index', '--find-links', 'C:\\Users\\Admin\\AppData\\Local\\Temp\\tmpcqx2ibep', '--upgrade', 'setuptools', 'pip'] runpy.run_module(\"pip\", run_name=\"__main__\", alter_sys=True) "

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 google.com udp
NL 142.250.179.142:443 google.com tcp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 142.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 ogs.google.com udp
US 8.8.8.8:53 apis.google.com udp
NL 142.250.179.206:443 ogs.google.com tcp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 196.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 195.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 206.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 206.23.217.172.in-addr.arpa udp
US 8.8.8.8:53 ssl.gstatic.com udp
DE 172.217.23.195:443 ssl.gstatic.com tcp
NL 88.221.24.41:443 www.bing.com tcp
US 8.8.8.8:53 play.google.com udp
NL 142.251.36.14:443 play.google.com tcp
NL 142.251.36.14:443 play.google.com udp
US 8.8.8.8:53 195.23.217.172.in-addr.arpa udp
US 8.8.8.8:53 41.24.221.88.in-addr.arpa udp
US 8.8.8.8:53 14.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 98.39.251.142.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 146.78.124.51.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 r.bing.com udp
NL 88.221.24.48:443 r.bing.com tcp
NL 88.221.24.51:443 r.bing.com tcp
NL 88.221.24.51:443 r.bing.com tcp
NL 88.221.24.48:443 r.bing.com tcp
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
US 8.8.8.8:53 254.7.248.8.in-addr.arpa udp
US 8.8.8.8:53 48.24.221.88.in-addr.arpa udp
US 8.8.8.8:53 51.24.221.88.in-addr.arpa udp
US 8.8.8.8:53 login.microsoftonline.com udp
US 8.8.8.8:53 0.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 services.bingapis.com udp
US 8.8.8.8:53 az416426.vo.msecnd.net udp
US 13.107.5.80:443 services.bingapis.com tcp
US 72.21.81.200:443 az416426.vo.msecnd.net tcp
US 8.8.8.8:53 200.81.21.72.in-addr.arpa udp
US 8.8.8.8:53 c1.microsoft.com udp
US 8.8.8.8:53 browser.events.data.microsoft.com udp
IE 13.69.239.73:443 browser.events.data.microsoft.com tcp
IE 68.219.88.97:443 c1.microsoft.com tcp
IE 13.69.239.73:443 browser.events.data.microsoft.com tcp
US 8.8.8.8:53 c.bing.com udp
US 8.8.8.8:53 73.239.69.13.in-addr.arpa udp
US 8.8.8.8:53 97.88.219.68.in-addr.arpa udp
US 8.8.8.8:53 71.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
US 140.82.112.4:443 github.com tcp
US 140.82.112.4:443 github.com tcp
US 8.8.8.8:53 4.112.82.140.in-addr.arpa udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 8.8.8.8:53 github.githubassets.com udp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 154.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 collector.github.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 140.82.113.22:443 collector.github.com tcp
US 8.8.8.8:53 api.github.com udp
US 140.82.113.22:443 collector.github.com tcp
US 140.82.112.6:443 api.github.com tcp
US 8.8.8.8:53 22.113.82.140.in-addr.arpa udp
US 8.8.8.8:53 6.112.82.140.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 240.81.21.72.in-addr.arpa udp
US 8.8.8.8:53 objects.githubusercontent.com udp
US 8.8.8.8:53 ip4.seeip.org udp
US 23.128.64.141:443 ip4.seeip.org tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 8.8.8.8:53 ip-api.com udp
US 208.95.112.1:80 ip-api.com tcp
US 8.8.8.8:53 discord.com udp
US 162.159.138.232:443 discord.com tcp
US 8.8.8.8:53 141.64.128.23.in-addr.arpa udp
US 8.8.8.8:53 1.112.95.208.in-addr.arpa udp
US 8.8.8.8:53 232.138.159.162.in-addr.arpa udp
US 8.8.8.8:53 68.159.190.20.in-addr.arpa udp
US 162.159.138.232:443 discord.com tcp
US 8.8.8.8:53 aefd.nelreports.net udp
US 2.18.121.79:443 aefd.nelreports.net tcp
US 8.8.8.8:53 79.121.18.2.in-addr.arpa udp
US 23.128.64.141:443 ip4.seeip.org tcp
US 23.128.64.141:443 ip4.seeip.org tcp
US 8.8.8.8:53 2.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 ip-api.com udp
US 208.95.112.1:80 ip-api.com tcp
US 162.159.138.232:443 discord.com tcp
US 162.159.138.232:443 discord.com tcp
US 8.8.8.8:53 8.3.197.209.in-addr.arpa udp
US 8.8.8.8:53 75.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 9.57.101.20.in-addr.arpa udp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
NL 88.221.24.82:443 www.bing.com tcp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
NL 88.221.24.57:443 th.bing.com tcp
NL 88.221.24.72:443 th.bing.com tcp
NL 88.221.24.72:443 th.bing.com tcp
NL 88.221.24.57:443 th.bing.com tcp
US 8.8.8.8:53 82.24.221.88.in-addr.arpa udp
US 8.8.8.8:53 57.24.221.88.in-addr.arpa udp
US 8.8.8.8:53 72.24.221.88.in-addr.arpa udp
US 8.8.8.8:53 login.microsoftonline.com udp
US 8.8.8.8:53 c1.microsoft.com udp
US 8.8.8.8:53 browser.events.data.microsoft.com udp
IE 68.219.88.97:443 c1.microsoft.com tcp
US 20.42.65.89:443 browser.events.data.microsoft.com tcp
US 8.8.8.8:53 c.bing.com udp
US 204.79.197.200:443 c.bing.com tcp
US 20.42.65.89:443 browser.events.data.microsoft.com tcp
US 8.8.8.8:53 89.65.42.20.in-addr.arpa udp
US 8.8.8.8:53 69.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 niklsultra.itch.io udp
US 173.255.250.29:443 niklsultra.itch.io tcp
US 173.255.250.29:443 niklsultra.itch.io tcp
US 8.8.8.8:53 29.250.255.173.in-addr.arpa udp
US 8.8.8.8:53 1.208.79.178.in-addr.arpa udp
US 8.8.8.8:53 static.itch.io udp
US 104.26.8.198:443 static.itch.io tcp
US 104.26.8.198:443 static.itch.io tcp
US 104.26.8.198:443 static.itch.io tcp
US 104.26.8.198:443 static.itch.io tcp
US 104.26.8.198:443 static.itch.io tcp
US 8.8.8.8:53 img.itch.zone udp
US 69.16.175.10:443 img.itch.zone tcp
US 104.26.8.198:443 static.itch.io tcp
US 69.16.175.10:443 img.itch.zone tcp
US 69.16.175.10:443 img.itch.zone tcp
US 8.8.8.8:53 198.8.26.104.in-addr.arpa udp
US 8.8.8.8:53 10.175.16.69.in-addr.arpa udp
US 8.8.8.8:53 8.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 js.stripe.com udp
NL 13.227.219.97:443 js.stripe.com tcp
US 8.8.8.8:53 97.219.227.13.in-addr.arpa udp
US 8.8.8.8:53 m.stripe.network udp
US 18.239.94.78:443 m.stripe.network tcp
US 8.8.8.8:53 78.94.239.18.in-addr.arpa udp
US 8.8.8.8:53 m.stripe.com udp
US 52.11.112.216:443 m.stripe.com tcp
US 8.8.8.8:53 216.112.11.52.in-addr.arpa udp
US 173.255.250.29:443 niklsultra.itch.io tcp
US 173.255.250.29:443 niklsultra.itch.io tcp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 w3g3a5v6.ssl.hwcdn.net udp
US 69.16.175.42:443 w3g3a5v6.ssl.hwcdn.net tcp
US 8.8.8.8:53 42.175.16.69.in-addr.arpa udp
US 8.8.8.8:53 194.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 itch.io udp
US 173.255.250.29:443 itch.io tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
NL 142.250.179.194:443 googleads.g.doubleclick.net tcp
NL 142.250.179.194:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 partner.googleadservices.com udp
NL 142.251.36.2:443 partner.googleadservices.com tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
NL 142.251.36.1:443 tpc.googlesyndication.com tcp
NL 142.251.36.1:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 194.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 2.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 1.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 www.googletagservices.com udp
US 8.8.8.8:53 106.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 34.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 126.211.247.8.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 233.141.123.20.in-addr.arpa udp
US 8.8.8.8:53 www.buxify.gg udp
US 172.67.181.193:443 www.buxify.gg tcp
US 172.67.181.193:443 www.buxify.gg tcp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
US 8.8.8.8:53 193.181.67.172.in-addr.arpa udp
US 8.8.8.8:53 14.24.17.104.in-addr.arpa udp
US 8.8.8.8:53 i.imgur.com udp
NL 199.232.148.193:443 i.imgur.com tcp
NL 199.232.148.193:443 i.imgur.com tcp
NL 199.232.148.193:443 i.imgur.com tcp
NL 199.232.148.193:443 i.imgur.com tcp
NL 199.232.148.193:443 i.imgur.com tcp
US 8.8.8.8:53 buxify.gg udp
US 8.8.8.8:53 193.148.232.199.in-addr.arpa udp
US 8.8.8.8:53 101.14.18.104.in-addr.arpa udp
US 8.8.8.8:53 buxify.gg udp
US 8.8.8.8:53 giveaways.buxify.gg udp
US 172.67.181.193:443 giveaways.buxify.gg tcp
US 104.21.35.247:443 giveaways.buxify.gg tcp
US 8.8.8.8:53 buxifyapp.nyc3.digitaloceanspaces.com udp
US 172.67.181.193:443 giveaways.buxify.gg tcp
US 172.67.181.193:443 giveaways.buxify.gg tcp
US 172.67.181.193:443 giveaways.buxify.gg tcp
US 162.243.189.2:443 buxifyapp.nyc3.digitaloceanspaces.com tcp
US 8.8.8.8:53 247.35.21.104.in-addr.arpa udp
US 172.67.181.193:443 giveaways.buxify.gg tcp
US 8.8.8.8:53 2.189.243.162.in-addr.arpa udp
US 8.8.8.8:53 api.roblox.com udp
US 8.8.8.8:53 api.roblox.com udp
US 8.8.8.8:53 api.roblox.com udp
NL 88.221.24.130:443 www.bing.com tcp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 r.bing.com udp
NL 88.221.24.89:443 r.bing.com tcp
NL 88.221.24.65:443 r.bing.com tcp
NL 88.221.24.65:443 r.bing.com tcp
NL 88.221.24.89:443 r.bing.com tcp
US 8.8.8.8:53 130.24.221.88.in-addr.arpa udp
US 8.8.8.8:53 89.24.221.88.in-addr.arpa udp
US 8.8.8.8:53 65.24.221.88.in-addr.arpa udp
US 8.8.8.8:53 login.microsoftonline.com udp
NL 40.126.32.74:443 login.microsoftonline.com tcp
US 8.8.8.8:53 c1.microsoft.com udp
US 8.8.8.8:53 browser.events.data.microsoft.com udp
IE 68.219.88.97:443 c1.microsoft.com tcp
US 13.89.178.26:443 browser.events.data.microsoft.com tcp
US 8.8.8.8:53 26.178.89.13.in-addr.arpa udp
US 8.8.8.8:53 discord.gg udp
US 162.159.135.234:443 discord.gg tcp
US 8.8.8.8:53 discord.com udp
US 162.159.128.233:443 discord.com tcp
US 8.8.8.8:53 234.135.159.162.in-addr.arpa udp
US 8.8.8.8:53 233.128.159.162.in-addr.arpa udp
US 2.18.121.79:443 aefd.nelreports.net tcp
N/A 127.0.0.1:6463 tcp
US 8.8.8.8:53 cdn.discordapp.com udp
US 162.159.129.233:443 cdn.discordapp.com tcp
US 8.8.8.8:53 233.129.159.162.in-addr.arpa udp
N/A 127.0.0.1:6464 tcp
US 8.8.8.8:53 js.hcaptcha.com udp
US 104.16.168.131:443 js.hcaptcha.com tcp
N/A 127.0.0.1:6465 tcp
US 8.8.8.8:53 131.168.16.104.in-addr.arpa udp
US 8.8.8.8:53 newassets.hcaptcha.com udp
US 8.8.8.8:53 hcaptcha.com udp
N/A 127.0.0.1:6466 tcp
US 8.8.8.8:53 imgs.hcaptcha.com udp
US 104.16.168.131:443 imgs.hcaptcha.com tcp
N/A 127.0.0.1:6467 tcp
N/A 127.0.0.1:6468 tcp
N/A 127.0.0.1:6469 tcp
N/A 127.0.0.1:6470 tcp
US 8.8.8.8:53 gateway.discord.gg udp
N/A 127.0.0.1:6471 tcp
US 162.159.133.234:443 gateway.discord.gg tcp
US 8.8.8.8:53 234.133.159.162.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 x-modz.github.io udp
US 185.199.108.153:443 x-modz.github.io tcp
US 185.199.108.153:443 x-modz.github.io tcp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 8.8.8.8:53 153.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 status.discord.com udp
US 162.159.137.232:443 status.discord.com tcp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 github.githubassets.com udp
US 140.82.114.4:443 github.com tcp
US 8.8.8.8:53 232.137.159.162.in-addr.arpa udp
US 8.8.8.8:53 4.114.82.140.in-addr.arpa udp
US 162.159.129.233:443 cdn.discordapp.com tcp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 media.discordapp.net udp
US 162.159.130.232:443 media.discordapp.net tcp
US 162.159.130.232:443 media.discordapp.net tcp
US 162.159.130.232:443 media.discordapp.net tcp
US 8.8.8.8:53 232.130.159.162.in-addr.arpa udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 images-ext-1.discordapp.net udp
US 162.159.134.232:443 images-ext-1.discordapp.net tcp
US 162.159.134.232:443 images-ext-1.discordapp.net tcp
US 8.8.8.8:53 232.134.159.162.in-addr.arpa udp
US 8.8.8.8:53 bit.ly udp
US 67.199.248.11:443 bit.ly tcp
US 67.199.248.11:443 bit.ly tcp
US 8.8.8.8:53 11.248.199.67.in-addr.arpa udp
US 18.239.47.8:443 d1ayxb9ooonjts.cloudfront.net tcp
US 18.239.47.8:443 d1ayxb9ooonjts.cloudfront.net tcp
US 8.8.8.8:53 8.47.239.18.in-addr.arpa udp
US 8.8.8.8:53 17.211.227.13.in-addr.arpa udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 images-ext-2.discordapp.net udp
NL 88.221.24.65:443 www.bing.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 modmenu.pages.dev udp
US 188.114.97.0:443 modmenu.pages.dev tcp
US 8.8.8.8:53 0.97.114.188.in-addr.arpa udp
US 188.114.97.0:443 modmenu.pages.dev udp
US 8.8.8.8:53 d3h83s39ga3y3t.cloudfront.net udp
FR 52.222.161.59:443 d3h83s39ga3y3t.cloudfront.net tcp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 8.8.8.8:53 59.161.222.52.in-addr.arpa udp
US 8.8.8.8:53 d20nekq25xo9kd.cloudfront.net udp
FR 18.164.55.198:443 d20nekq25xo9kd.cloudfront.net tcp
FR 18.164.55.198:443 d20nekq25xo9kd.cloudfront.net tcp
US 8.8.8.8:53 198.55.164.18.in-addr.arpa udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 d266key948fg17.cloudfront.net udp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
NL 172.217.168.234:443 ajax.googleapis.com tcp
US 18.239.102.111:443 d266key948fg17.cloudfront.net tcp
US 18.239.102.111:443 d266key948fg17.cloudfront.net tcp
US 18.239.102.111:443 d266key948fg17.cloudfront.net tcp
US 18.239.102.111:443 d266key948fg17.cloudfront.net tcp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
US 8.8.8.8:53 234.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 111.102.239.18.in-addr.arpa udp
US 8.8.8.8:53 14.25.17.104.in-addr.arpa udp
US 8.8.8.8:53 dns.google udp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:443 dns.google tcp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
NL 88.221.24.41:443 th.bing.com tcp
NL 88.221.24.51:443 th.bing.com tcp
NL 88.221.24.51:443 th.bing.com tcp
NL 88.221.24.41:443 th.bing.com tcp
US 8.8.8.8:53 login.microsoftonline.com udp
IE 20.190.159.73:443 login.microsoftonline.com tcp
US 8.8.8.8:53 73.159.190.20.in-addr.arpa udp
US 72.21.81.200:443 az416426.vo.msecnd.net tcp
US 8.8.8.8:53 c1.microsoft.com udp
US 8.8.8.8:53 browser.events.data.microsoft.com udp
IE 68.219.88.97:443 c1.microsoft.com tcp
US 20.189.173.7:443 browser.events.data.microsoft.com tcp
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 7.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 help.bing.microsoft.com udp
US 20.118.40.9:443 help.bing.microsoft.com tcp
US 8.8.8.8:53 45.147.19.2.in-addr.arpa udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 js.monitor.azure.com udp
NL 104.85.1.163:443 www.microsoft.com tcp
US 13.107.246.67:443 js.monitor.azure.com tcp
US 13.107.246.67:443 js.monitor.azure.com tcp
US 8.8.8.8:53 9.40.118.20.in-addr.arpa udp
US 8.8.8.8:53 163.1.85.104.in-addr.arpa udp
US 8.8.8.8:53 67.246.107.13.in-addr.arpa udp
US 8.8.8.8:53 support.microsoft.com udp
NL 104.85.0.112:443 support.microsoft.com tcp
NL 104.85.0.112:443 support.microsoft.com tcp
US 8.8.8.8:53 112.0.85.104.in-addr.arpa udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 mem.gfx.ms udp
US 13.107.246.67:443 mem.gfx.ms tcp
GB 96.16.110.13:443 c.s-microsoft.com tcp
US 8.8.8.8:53 ajax.aspnetcdn.com udp
US 152.199.4.33:443 ajax.aspnetcdn.com tcp
NL 104.85.1.163:443 www.microsoft.com tcp
US 8.8.8.8:53 13.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 33.4.199.152.in-addr.arpa udp
US 8.8.8.8:53 76.121.18.2.in-addr.arpa udp
US 13.107.246.67:443 mem.gfx.ms tcp
US 8.8.8.8:53 aadcdn.msauth.net udp
US 8.8.8.8:53 aadcdn.msftauth.net udp
US 13.107.246.67:443 aadcdn.msauth.net tcp
US 13.107.246.67:443 aadcdn.msauth.net tcp
US 8.8.8.8:53 acctcdn.msauth.net udp
US 8.8.8.8:53 acctcdn.msftauth.net udp
US 13.107.246.67:443 acctcdn.msauth.net tcp
US 152.195.19.97:443 acctcdn.msftauth.net tcp
US 8.8.8.8:53 acctcdnvzeuno.azureedge.net udp
US 8.8.8.8:53 acctcdnmsftuswe2.azureedge.net udp
US 8.8.8.8:53 lgincdnmsftuswe2.azureedge.net udp
US 8.8.8.8:53 lgincdnvzeuno.azureedge.net udp
US 8.8.8.8:53 logincdn.msftauth.net udp
US 8.8.8.8:53 97.19.195.152.in-addr.arpa udp
US 8.8.8.8:53 199.211.229.192.in-addr.arpa udp
US 20.189.173.7:443 browser.events.data.microsoft.com tcp
US 20.189.173.7:443 browser.events.data.microsoft.com tcp
US 20.189.173.7:443 browser.events.data.microsoft.com tcp
US 20.189.173.7:443 browser.events.data.microsoft.com tcp
US 20.189.173.7:443 browser.events.data.microsoft.com tcp
US 20.189.173.7:443 browser.events.data.microsoft.com tcp
US 20.189.173.7:443 browser.events.data.microsoft.com tcp
US 8.8.8.8:53 cheatlab.app udp
US 172.67.173.132:443 cheatlab.app tcp
US 172.67.173.132:443 cheatlab.app tcp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 8.8.8.8:53 132.173.67.172.in-addr.arpa udp
GB 216.58.208.106:445 fonts.googleapis.com tcp
GB 216.58.208.106:139 fonts.googleapis.com tcp
US 172.67.173.132:443 cheatlab.app tcp
US 8.8.8.8:53 github.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 140.82.114.4:443 github.com tcp
US 8.8.8.8:53 1.240.123.52.in-addr.arpa udp
NL 88.221.24.51:443 www.bing.com tcp
NL 88.221.24.51:443 www.bing.com tcp
NL 88.221.24.51:443 www.bing.com udp
US 8.8.8.8:53 th.bing.com udp
NL 88.221.24.48:443 th.bing.com tcp
NL 88.221.24.66:443 th.bing.com tcp
NL 88.221.24.66:443 th.bing.com tcp
NL 88.221.24.48:443 th.bing.com tcp
US 8.8.8.8:53 66.24.221.88.in-addr.arpa udp
US 8.8.8.8:53 c1.microsoft.com udp
IE 68.219.88.97:443 c1.microsoft.com tcp
US 8.8.8.8:53 browser.events.data.microsoft.com udp
US 20.189.173.5:443 browser.events.data.microsoft.com tcp
US 8.8.8.8:53 c.bing.com udp
NL 88.221.24.66:443 th.bing.com udp
US 20.189.173.5:443 browser.events.data.microsoft.com tcp
US 140.82.114.4:443 github.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 20.189.173.5:443 browser.events.data.microsoft.com tcp
US 8.8.8.8:53 5.173.189.20.in-addr.arpa udp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.133:443 objects.githubusercontent.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 repository-images.githubusercontent.com udp
US 185.199.108.133:443 repository-images.githubusercontent.com tcp
US 185.199.108.133:443 repository-images.githubusercontent.com tcp
US 185.199.108.133:443 repository-images.githubusercontent.com tcp
US 8.8.8.8:53 api.github.com udp
US 140.82.113.22:443 collector.github.com tcp
US 140.82.112.6:443 api.github.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 github.com udp
NL 88.221.24.18:443 www.bing.com udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 r.bing.com udp
NL 88.221.24.18:443 r.bing.com udp
NL 88.221.24.66:443 r.bing.com udp
US 8.8.8.8:53 18.24.221.88.in-addr.arpa udp
US 8.8.8.8:53 camo.githubusercontent.com udp
US 8.8.8.8:53 codeload.github.com udp
US 140.82.112.9:443 codeload.github.com tcp
US 8.8.8.8:53 9.112.82.140.in-addr.arpa udp
US 8.8.8.8:53 www.python.org udp
NL 151.101.36.223:443 www.python.org tcp
NL 151.101.36.223:443 www.python.org tcp
US 8.8.8.8:53 223.36.101.151.in-addr.arpa udp
US 8.8.8.8:53 226.20.18.104.in-addr.arpa udp
NL 88.221.24.41:443 www.bing.com udp
US 8.8.8.8:53 81.171.91.138.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
US 140.82.114.4:443 github.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 api.github.com udp
US 140.82.114.6:443 api.github.com tcp
US 8.8.8.8:53 6.114.82.140.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 4aab618ef3d86f2fbf808c4ac50ab083
SHA1 3f794d5499a16d7048809b46589984a065164ed0
SHA256 4971c4c535809b9ffe1b1d9b22e7d9ade38d51a4406def14c54708a87c2e4dc2
SHA512 21adbdb317cb85cbcb370003a09fa6f75fd8ba65b4453d33f6f3abd6449c9c0ce97a9480fd5c058885a264364b2c00e7979a7bd285b76b296c56f85e207babeb

\??\pipe\LOCAL\crashpad_2020_WHOODOCLILPAVBVI

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 bcf37ffb39fc0935acd30dce53363063
SHA1 1390b3e9e40daacc10def9f8ad62b49bb0307762
SHA256 f872406fab131ffdcc6de4520e7e8f2e58361d1f48fef0bd127fdd9a78048bb8
SHA512 5c937bb7517eb94060b0487672676529508c545f75898b10922b43f1129ee9e9d4ec64db30ea96503d893d56d36c6f99b38259b2a5a6a27a8e7195f8430a6195

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 bfff7beffdcf147adc2f7995395b9de0
SHA1 f168913b18e044316222241ccf1fb3366ae6ac70
SHA256 dafcf46d5ded1efaa92d60d8fb954a9184bb2eb82d77ff7f26596cabba45ab33
SHA512 4cf3dbbbefe10323c90ad3e1b28f6fafac3e14f76b864cff2fceb243fdf3f91ed68e82999e495d17dff93eb5d3956d8826040bb04e4764d0a68ab41734793c6e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 586fc1e58f7a3ce1373f4a1e68542c53
SHA1 a6c778a8ca748ed847a3ae24f5c48bd326d3098f
SHA256 2058812f44acec334a4f0157743af2cc3ceb96896a075c58351c125affd2d46e
SHA512 dc6ecfd06a472baf3880f668413804e7b31d9efb99655ae05f5d3c5f4bd7ac08f6580b2da0aa42a3b230d334d809d316f428411dfc8b75af8c5a7f5f7b0cd4c5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 7caf65193db27a3b881dfb25b62ce529
SHA1 304e35e18f36b79acae60f4a426f0ab861a651b5
SHA256 eaa4cdd8c166fc998235daec7bdc3fc2a9ef1e2207be2f4eabb8fbb564ead890
SHA512 96231ea6ea8f879e0d2f48fd7bca3480ef78df283d135a1f631faf701215c4d9477b1a8eb59a24b8f08d060b71e250e04deaf49ea08758993b77199a6bc5cd69

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 fc155e5b2198522d222553d7bbc1a483
SHA1 8979c04e9b3e8e596b3ae258786faeb7168bf0f0
SHA256 8bd2bcb24ee1e80482a2ea0bf6aab0fb78b28a7802a82b4f1ffda3055823c847
SHA512 f9134765c711fcc691acae3df4027a47a28866d0172dcdfa329eaa1b3783057ac9f52c0b5f4560e4b2dbc7841b23614a720e5d8134e1c4c8bb4d47a9e6b391f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58467a.TMP

MD5 733d7aca05c645841b66b36bc56f3b1d
SHA1 3da8cf74b0cbb99d6a6bcdb8aeed3672d5280835
SHA256 9ffc94d1f1c8eb4c3638ab3be04c37176551668d83b68fe521832875e943b4cb
SHA512 c8eb75fd2a25b821c9feb7e2e1c2caf3a71bbb4516edf9e81fbbaacd8f26a3686a572ddc28e9f4db3da929d0b8863855cd974801c6eb360d2815ac490d7da095

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1d40576c223534c3cfd20e6510040dea
SHA1 6ef23341646c2369f2e4b6bcfe65497a139a4b7a
SHA256 0ac24330c3fb5df7a0daa258760b06c9423de71301eb5a0105c63ec24d2192ef
SHA512 94793fd136bc8a036a1e3b387185dc483510d5a53a09eb993f8a28f967358616d16a714530109f333dd4ecbd4c5bc79439cb2026cdfa2f184f12216bb471a2d7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 bf3da7f06cb5d9f974b6a282b01d31bf
SHA1 817125cea8d7405606c6430904068490867b447c
SHA256 33f214652caa236d5fe316612b3abcf02efa1e97b907c36f7d64a1ac441ae628
SHA512 ebae8b49b7b97571f01446446673a672b57a8ab582e3d40f42326ad9a5dc606a88df1a260d197673c33ac84d4c5fd99279061b7d3e6a0303cc304612d7d4b3f8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 c34f5d3d32e13bd70db36821538be617
SHA1 aebe5cce68adb532290366af3edad890ed236096
SHA256 deed9933b5882b7a815c32fc2d4232d0ee31cd2d8ffac8f07daae89c61911530
SHA512 8add0170cad511fbbf1cf4f8e9183886bb432a38bfe48c7adf9680ce2a2e943c354a0a569df5d77131e4cc21c9e029d26dc6529b535f55a9612c609e3a9d86e7

C:\Users\Admin\Downloads\RobuxGen.zip

MD5 ffbe8fe460a26e8a3d2123d9531b093d
SHA1 df7ccf2568cd690722cd6857b9824f7b76db5bb4
SHA256 b879722256aafed97ed6d3f108d4d4954dd18fc4beb5bd7a054efecaefbae44e
SHA512 b70fc03a7d594f2e7a0e7ec0efca183133c03d6df307c4abf4d71d5446e25cff992fdf250f145a784d60c002fd0b8af22e0cfc659d59dea23438c1a90f73cf16

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d3497bb2620644058c3c920019eccd12
SHA1 7c975417d01b5756f51020fe39a4a96d5f809dea
SHA256 31e8fba9842940340899f52b893a622e0fc7753ed73be7662619081d8e7664c4
SHA512 74a741731ba028f92df55fc2912286760b034b9ee2faceb4431afa2ce4c4261054a227f39eb3d2a848a8e4e16ae586836644daa78ee776a8f639f890d7aeb156

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b03919611a2b0968782708648da89714
SHA1 778d1a9a34b8ffb425042ae02f56b0d823b52a60
SHA256 6342bb9381be31a816a9d361fdcafcdcd409a7fe61cc0ade603b1ff73096da7a
SHA512 8a8fff42db26ebdf280c74b269952e26cff9f64ccb0c8edf2c1f97285feb1369753f122f5332b73e9eb9f0b5c78f4b964f16d6d6605c8738886229c009362f5c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ea838a292f3ad6fc2c16333ec1a394c4
SHA1 083e336bfe3a88e7ec5ec5d074f2a594f398667a
SHA256 a3d017855c19682c3bf4b098b962deea545f2c693653429b3b792eb8ef4ad396
SHA512 996e7109df36b82f18f22863203d1ded95f74d614630af0f8177af1272491fc22bc8677c75b6aa0060c7f4c4dec822f4c586a62c6c2dad12b9dfced7e0bb28f0

memory/3960-426-0x00000000002C0000-0x00000000002E6000-memory.dmp

memory/3960-427-0x00007FFFFF470000-0x00007FFFFFF31000-memory.dmp

memory/3960-428-0x0000000002450000-0x0000000002460000-memory.dmp

memory/3960-436-0x00007FFFFF470000-0x00007FFFFFF31000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 2d6a43eb392e6091c9da5a0e967b7240
SHA1 4c73fc5b15836c95a3e78c0c061ddbdc7eb5db31
SHA256 bcd9fc71112e574a7b8ceeb0aede71f494bf855b74b15a84f8130a1a83726d93
SHA512 6d0a43c000cefb2e9903ffc54f46f4a4dad24c6c112e6739f2dd2d2bcb843e6976f87dbafa23c5ea6febe9296036e54f7f9b4269352adb8cef97de0169ff2168

memory/5724-466-0x00007FFFFF520000-0x00007FFFFFFE1000-memory.dmp

memory/5724-467-0x00007FFFFF520000-0x00007FFFFFFE1000-memory.dmp

memory/5724-468-0x0000000002B70000-0x0000000002B80000-memory.dmp

memory/5724-474-0x00007FFFFF520000-0x00007FFFFFFE1000-memory.dmp

memory/456-477-0x00000277C8440000-0x00000277C8441000-memory.dmp

memory/456-478-0x00000277C8440000-0x00000277C8441000-memory.dmp

memory/456-479-0x00000277C8440000-0x00000277C8441000-memory.dmp

memory/456-483-0x00000277C8440000-0x00000277C8441000-memory.dmp

memory/456-484-0x00000277C8440000-0x00000277C8441000-memory.dmp

memory/456-485-0x00000277C8440000-0x00000277C8441000-memory.dmp

memory/456-487-0x00000277C8440000-0x00000277C8441000-memory.dmp

memory/456-486-0x00000277C8440000-0x00000277C8441000-memory.dmp

memory/456-488-0x00000277C8440000-0x00000277C8441000-memory.dmp

memory/456-489-0x00000277C8440000-0x00000277C8441000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

MD5 ee46b7b691bb9483e2713c0a244f408c
SHA1 24feea16788a3142545bb8cddb6217ae3bd5ac63
SHA256 bc7c1f2386a6b4187bf8eb4e7077b971c202d4401754818fc2241416ed00c9d4
SHA512 7d3508f36fadf5f7d9ad689c2150ac6a8265eff0518a444e9076d7761e573051663047fc4128b0b298f952f054d8509f278a7467a4036328b66aeaa73e6a8ecc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028

MD5 76a3f1e9a452564e0f8dce6c0ee111e8
SHA1 11c3d925cbc1a52d53584fd8606f8f713aa59114
SHA256 381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c
SHA512 a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

MD5 d8588a7d7bb0b66fb439edf73ee37563
SHA1 a2398d543e3fbeb197e2128654bb5a1afd599585
SHA256 2210c60cbfec62e2bebd2c77783511100072459b3d0cc296216eab8e72d8af35
SHA512 7c87e7b4ec1d643ce2672ef9badefad6832c6fcc4053cedad2d34c52004aed4e0a589e2f839ace7bcdb0f409fff836ca7ce20dc882d9982568176d4b1c830bb9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029

MD5 d6b36c7d4b06f140f860ddc91a4c659c
SHA1 ccf16571637b8d3e4c9423688c5bd06167bfb9e9
SHA256 34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92
SHA512 2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c

MD5 79673f8e0c99002a22e8709a0cf821e5
SHA1 e8f957bc8a97ec2f61ca0d555211e3963c6edd53
SHA256 9fa810664bfdf27cc9087b293533082fec88ad93364ef3a01de1e262987bbae0
SHA512 d95a31ff43a79a92e8cf3ad768a8062d8e7685f755e7d53507b847b482cbfd66872fe54142ee6583864641977518e5318658207bb4f6f0d6418819175ff896af

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 042ad9172ba0695ff87f4012529ee17b
SHA1 15c32e38be04e224e49cab915e773679f1ab0328
SHA256 3d4c0de1c98a116c766125e14d91b51620c17bacfbcc529b7284393114fec576
SHA512 891cc54064c05205b41ae2670ec8ac6e21d18cf0ba76caf8cec5afc8b019d4ba8dc0de5fd519d7b64c9eec091c70e8589d58c69cad8bc9dfc0ec0a203cd3cd8f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 09263aa3446347c008b9a289f88d1616
SHA1 34d08a964952d2d22527c84c7a02780d8313d5d3
SHA256 ff6198c18a251c7d2254471aa76c5eafb4446e303c41959aa50a55eb3fd2221d
SHA512 c4025a96be0f80af478ce4be33f8de0f5712a1aaab3ac28eb2b696a38e07107cd53cfc2cac6abfdf9ede8c840f955bad21680cd903f4a29fda6a5ebfa9e858ce

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b3004f1ad7ce91f236b1494d4bd2c82c
SHA1 27522993a03cb8b5ee4e4c96b6d0e6e089fd14b5
SHA256 d95ae91e22290fa303b6fbd0d54fbc6bd1fe8d8e8498dd2b7c681a86b5bb3eb0
SHA512 bbb4776c6d3b8fe5013e1743707bc9e99f91fbb145876731e9432e761710a8cd849d78d570357c4b433dff4978e5493100cd2614662f7f7c5be1163cadec2745

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 abca80730c6f47066107aa38d0ba68ee
SHA1 503f456597a790873ebf9999c09b916b8cca1c98
SHA256 6a3313a4940993e4cbf6b417c78cd18c44c0d06e807e7403e1d20b26e4bc212c
SHA512 d12e66ebf7bb819d506dcb8b04e99684ca9a7d256b18503530ef9debda90541d7162c1ed3ed67135c5afc09517171943414cec4100228a8af23336311de00c57

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ed7eb31db89502a593da5ffe7a878319
SHA1 3ae2d5d48331077438823fc54891635a84e1e5c0
SHA256 8d3df8a8a656e85f20cef3da648f9f4bb2f605f9ddbb4a11b3880fba2d9684f8
SHA512 f921a70cfa7ca4363df47c7dfd2f81df38768c3e4704e11ded0519b131b2ef5f1ee16a72747536dfaad038118b43e2cbfc37ba5af0428d803e3f050d61c99a5a

C:\Users\Admin\Downloads\Unconfirmed 193813.crdownload

MD5 6d844c1c50dab0fba67aa1011e9406a3
SHA1 90af03d9e6f5b15cdded3373149be17d6da81cbe
SHA256 acc163a07a3147cb8073b31c7f9cd30cbd80393509db163eb51d54812365e3e8
SHA512 91932768a3c15f02ae2f9841cf63299a432dd9cdfbf79c040ee8ae48318dfd51557a82c0ae64d36ec8c195a8cd300e82cb96a40eb6aa005da199ec19ffc33030

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000033

MD5 92e27ae6380c546c35a6d507feae5945
SHA1 4af413ce6ec6bf36b79672926beadd20ee67692d
SHA256 ccc9cd87d4ab794b1305e6e4c0adbfa65c143c59ad739dcac6e8d5f66f79cd86
SHA512 aca4bb3d982ff266c4588f8874c14a7362575ad9ab1f67ce69d310a409fff0823d98b6d15000b52be07e91c1811bb1b1cdf845e96efc3265f371fa0e64a8d26a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 6d598a95b8867f2c42d9233d5b858953
SHA1 4a3fd8977cf33b51ffb8e13ec99b4af603d25784
SHA256 6d63e1af7184842a10e6aab23e8aaaf76cdf70f86f629b8d0b88320110c294ed
SHA512 6cb59298651a75482910aec6a18e1c97786c369fc010b04c98d6360d26334422954bb7133c46c3e13bbd1f31dce37f26cdaba552555ff33f63857aa7be38e715

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 57d113b4e535d364912ce86906506282
SHA1 563bb05453e5339ad7e52b21096d8c060916b64d
SHA256 6d25350f67b5c752b53f3463d23d7585ba53be79f381ca2b4a8d8ffde7b5586e
SHA512 53dda1a37a1fb2e3adbbadfa133a94eaff27eae9e90d9069e12319919bf041566f8f58e42192c6bb66fa6c4870a95a9bf8e7f76f99cb1cb00498bfac3f0817d3

C:\Users\Admin\Downloads\BobuxGenerator.exe.vbs

MD5 6d844c1c50dab0fba67aa1011e9406a3
SHA1 90af03d9e6f5b15cdded3373149be17d6da81cbe
SHA256 acc163a07a3147cb8073b31c7f9cd30cbd80393509db163eb51d54812365e3e8
SHA512 91932768a3c15f02ae2f9841cf63299a432dd9cdfbf79c040ee8ae48318dfd51557a82c0ae64d36ec8c195a8cd300e82cb96a40eb6aa005da199ec19ffc33030

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 574aaf9a8f37a3136f85a81e5db0d782
SHA1 bda311d539c1ecedb9d8fbcf5a5fe4013ddd108d
SHA256 191790fa1d992b561a6bae58ec0b3ab3f29376a7ed16d3e4cb99e78b2f79f9fb
SHA512 ebe8170452f3707fe7ab1df5e7a5b9a46a979ccd0096b0e105bde141119cf6a02d044a8c0452bc7df007ba499d381c6841f23422ca206251a86043f3a25f1834

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 ab90515402893e22a0aa7b95487c0a28
SHA1 bb3ec0f5f322439eae646aaae731191405468942
SHA256 a58e34fd5abf27082fc31e2814ee0507ce6ca88d2897af34da476d4aa13f1ad3
SHA512 0784507e453b07f0b262e4ac452a96d3ab2b81c5a0a2bfcdb92ec658268464dd05f03c5093cd45bd9da5bae7711e3b3dc80e8b505d57dbbeab56bfa1fec8d079

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5264cb9283e52b413b6e63c6e96142e2
SHA1 a6eab287f5d98d4ab0410e937f965d3825a16af5
SHA256 895bad723dea006d0753835de4beea6c83fd4757445c221613d251cd66007314
SHA512 088bb9c0cf821079bac1379bcfbaeba66e8f55adea793d733e079eb4c52a5db7f38d02cd367a2c6638d738c6ec139ff28d8c25dc1846909640d7b7b2e096dc31

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 4386afb2bcc3e46020a4e7c9d76abfed
SHA1 1ced19a68be967c9bfa3a43c9f862183597acc3b
SHA256 73058da9913a94b797ef66b731708ac07f1933439d591a0e7d72b941cd2ba35a
SHA512 919e7919fa76756bd15f0fb49a5a4dcffd485e8cd303b4ddf02cf871d61142acd381a2837ea642b9e82fd324bbc30f2ecc0e4c137cb0b831b598a10737c39f97

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 7af65ccb944cc1b5317f1f0ced64c314
SHA1 640cfab599a9fd28ce35cca1e8d50cf8fc86de87
SHA256 ab810a900a7953cec7c17bf14d2efa115865a5f43ff92271e09a9b72353d7c67
SHA512 e6da3752f1603355168f36a6962472b30492c3d1d28a6b4d32b69ca9322f5cbe00621771401fe534341d0fed98924fb3078f19692bf2059a6dde0b7a6cf3c036

C:\Users\Admin\Downloads\buxify.exe

MD5 56b147a542a03d2b4112ac4f7ee12112
SHA1 3eaa4cc99369f15c13ff6c224a7faf3f7b08573c
SHA256 8892caec2a44e2c0ab3a145ceaba993dd3bdac71758859b925e4d36afcbb01ed
SHA512 9a4eba90b375abc158836112ef0a69327fb124de02d84fcc9c3bb2ef9e311821550cbd2ebe970d23a9827c21350afc26d6c9a2fee2a191c6eb738360721d539e

C:\Users\Admin\Downloads\buxify.exe

MD5 56b147a542a03d2b4112ac4f7ee12112
SHA1 3eaa4cc99369f15c13ff6c224a7faf3f7b08573c
SHA256 8892caec2a44e2c0ab3a145ceaba993dd3bdac71758859b925e4d36afcbb01ed
SHA512 9a4eba90b375abc158836112ef0a69327fb124de02d84fcc9c3bb2ef9e311821550cbd2ebe970d23a9827c21350afc26d6c9a2fee2a191c6eb738360721d539e

C:\Users\Admin\Downloads\buxify.exe

MD5 56b147a542a03d2b4112ac4f7ee12112
SHA1 3eaa4cc99369f15c13ff6c224a7faf3f7b08573c
SHA256 8892caec2a44e2c0ab3a145ceaba993dd3bdac71758859b925e4d36afcbb01ed
SHA512 9a4eba90b375abc158836112ef0a69327fb124de02d84fcc9c3bb2ef9e311821550cbd2ebe970d23a9827c21350afc26d6c9a2fee2a191c6eb738360721d539e

C:\Users\Admin\Downloads\buxify.exe

MD5 56b147a542a03d2b4112ac4f7ee12112
SHA1 3eaa4cc99369f15c13ff6c224a7faf3f7b08573c
SHA256 8892caec2a44e2c0ab3a145ceaba993dd3bdac71758859b925e4d36afcbb01ed
SHA512 9a4eba90b375abc158836112ef0a69327fb124de02d84fcc9c3bb2ef9e311821550cbd2ebe970d23a9827c21350afc26d6c9a2fee2a191c6eb738360721d539e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 37746e51af870d294f2ea302b50aadf2
SHA1 40bf0907be6a4dae8e580cefa98669baa3825884
SHA256 859cdf5755ce52af4f3820132fefd5bb4daad3021888ced0760aded78bcc1155
SHA512 4e442c13fdfca589ffeff207c832f7a2f095b7e3af480260c4ebe42e9a97cde32d0da353ad44d66aebff3a1af55313726fdb1920619917deae617c06908ebc1d

C:\Users\Admin\Downloads\buxify.exe

MD5 56b147a542a03d2b4112ac4f7ee12112
SHA1 3eaa4cc99369f15c13ff6c224a7faf3f7b08573c
SHA256 8892caec2a44e2c0ab3a145ceaba993dd3bdac71758859b925e4d36afcbb01ed
SHA512 9a4eba90b375abc158836112ef0a69327fb124de02d84fcc9c3bb2ef9e311821550cbd2ebe970d23a9827c21350afc26d6c9a2fee2a191c6eb738360721d539e

C:\Users\Admin\Downloads\buxify.exe

MD5 56b147a542a03d2b4112ac4f7ee12112
SHA1 3eaa4cc99369f15c13ff6c224a7faf3f7b08573c
SHA256 8892caec2a44e2c0ab3a145ceaba993dd3bdac71758859b925e4d36afcbb01ed
SHA512 9a4eba90b375abc158836112ef0a69327fb124de02d84fcc9c3bb2ef9e311821550cbd2ebe970d23a9827c21350afc26d6c9a2fee2a191c6eb738360721d539e

C:\Users\Admin\Downloads\buxify.exe

MD5 56b147a542a03d2b4112ac4f7ee12112
SHA1 3eaa4cc99369f15c13ff6c224a7faf3f7b08573c
SHA256 8892caec2a44e2c0ab3a145ceaba993dd3bdac71758859b925e4d36afcbb01ed
SHA512 9a4eba90b375abc158836112ef0a69327fb124de02d84fcc9c3bb2ef9e311821550cbd2ebe970d23a9827c21350afc26d6c9a2fee2a191c6eb738360721d539e

C:\Users\Admin\AppData\Local\Temp\nskB0CF.tmp\UAC.dll

MD5 adb29e6b186daa765dc750128649b63d
SHA1 160cbdc4cb0ac2c142d361df138c537aa7e708c9
SHA256 2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08
SHA512 b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada

C:\Users\Admin\AppData\Local\Temp\nskB0CF.tmp\StdUtils.dll

MD5 c6a6e03f77c313b267498515488c5740
SHA1 3d49fc2784b9450962ed6b82b46e9c3c957d7c15
SHA256 b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
SHA512 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

C:\Users\Admin\AppData\Local\Temp\nskB0CF.tmp\System.dll

MD5 0d7ad4f45dc6f5aa87f606d0331c6901
SHA1 48df0911f0484cbe2a8cdd5362140b63c41ee457
SHA256 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
SHA512 c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

C:\Users\Admin\AppData\Local\Temp\nsgB285.tmp\UAC.dll

MD5 adb29e6b186daa765dc750128649b63d
SHA1 160cbdc4cb0ac2c142d361df138c537aa7e708c9
SHA256 2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08
SHA512 b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada

C:\Users\Admin\AppData\Local\Temp\nsgB285.tmp\UAC.dll

MD5 adb29e6b186daa765dc750128649b63d
SHA1 160cbdc4cb0ac2c142d361df138c537aa7e708c9
SHA256 2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08
SHA512 b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada

C:\Users\Admin\AppData\Local\Temp\nsqB2C3.tmp\UAC.dll

MD5 adb29e6b186daa765dc750128649b63d
SHA1 160cbdc4cb0ac2c142d361df138c537aa7e708c9
SHA256 2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08
SHA512 b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada

C:\Users\Admin\AppData\Local\Temp\nsqB2C3.tmp\System.dll

MD5 0d7ad4f45dc6f5aa87f606d0331c6901
SHA1 48df0911f0484cbe2a8cdd5362140b63c41ee457
SHA256 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
SHA512 c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

C:\Users\Admin\AppData\Local\Temp\nsbB302.tmp\UAC.dll

MD5 adb29e6b186daa765dc750128649b63d
SHA1 160cbdc4cb0ac2c142d361df138c537aa7e708c9
SHA256 2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08
SHA512 b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada

C:\Users\Admin\AppData\Local\Temp\nsbB302.tmp\System.dll

MD5 0d7ad4f45dc6f5aa87f606d0331c6901
SHA1 48df0911f0484cbe2a8cdd5362140b63c41ee457
SHA256 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
SHA512 c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

C:\Users\Admin\AppData\Local\Temp\nsgB285.tmp\System.dll

MD5 0d7ad4f45dc6f5aa87f606d0331c6901
SHA1 48df0911f0484cbe2a8cdd5362140b63c41ee457
SHA256 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
SHA512 c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

C:\Users\Admin\AppData\Local\Temp\nsgB285.tmp\System.dll

MD5 0d7ad4f45dc6f5aa87f606d0331c6901
SHA1 48df0911f0484cbe2a8cdd5362140b63c41ee457
SHA256 3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
SHA512 c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

C:\Users\Admin\Downloads\buxify.exe

MD5 56b147a542a03d2b4112ac4f7ee12112
SHA1 3eaa4cc99369f15c13ff6c224a7faf3f7b08573c
SHA256 8892caec2a44e2c0ab3a145ceaba993dd3bdac71758859b925e4d36afcbb01ed
SHA512 9a4eba90b375abc158836112ef0a69327fb124de02d84fcc9c3bb2ef9e311821550cbd2ebe970d23a9827c21350afc26d6c9a2fee2a191c6eb738360721d539e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 6e98ced93071795eeef4ec960b05ee4b
SHA1 5f4a9040dc27390161019f4b6f8aae9352e16ac5
SHA256 8ad6e7efbedaa7862e3cb85ab1318f94ddb9570e7a007e72b4709616a3453e23
SHA512 f7cbde677bc6c17e22b69e09efb50dbb4db7b69957db74137016de838676d438764cb6cc66ce1fdb0266bfa11084566a4456d86e42c3eab3f94802b492d40785

C:\Users\Admin\AppData\Local\Programs\Buxify\Buxify.exe

MD5 9d3c0be9a45c45e142e212b001963871
SHA1 3f8829470669028c8e05e11ca747d828d9b616c1
SHA256 12a4049d1f9e20c6fc1bb11821c44f95107784b13b0dc0653009c512140dd88f
SHA512 4b998894262c3ca5466718feaf6794d8baf15a28d19ae3013276ede1ffc184a1efb38340128e9f00e2c808c258461271909112422b972a62af97cbc0e4f05982

C:\Users\Admin\AppData\Local\Temp\nskB0CF.tmp\WinShell.dll

MD5 1cc7c37b7e0c8cd8bf04b6cc283e1e56
SHA1 0b9519763be6625bd5abce175dcc59c96d100d4c
SHA256 9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6
SHA512 7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

C:\Users\Admin\AppData\Local\Temp\nskB0CF.tmp\StdUtils.dll

MD5 c6a6e03f77c313b267498515488c5740
SHA1 3d49fc2784b9450962ed6b82b46e9c3c957d7c15
SHA256 b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
SHA512 9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

memory/5528-1624-0x00007FF821390000-0x00007FF821391000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

C:\Users\Admin\AppData\Roaming\buxifyapp\config.json

MD5 d04cd3faaa3c10bb92f5d95116944372
SHA1 27167c22c85a323d5f323c57dd1c47663aa14a1d
SHA256 c528eac3bdfba5a15496d48f7a5033034ecfcd18503325237e75b635c4355894
SHA512 3e7ef2078e2bde6b503d37077965aac936eff82ea0bd4ab604707eb8f582b8923aeefd29eeb1161a11b7f9311552ad1a0177f08e27fe4f65db15d03fb9316bb5

memory/5528-1688-0x0000020A1AEC0000-0x0000020A1AEF0000-memory.dmp

C:\Users\Admin\AppData\Roaming\Buxify\22d73478-5493-4a14-b145-7385227ee130.tmp

MD5 58127c59cb9e1da127904c341d15372b
SHA1 62445484661d8036ce9788baeaba31d204e9a5fc
SHA256 be4b8924ab38e8acf350e6e3b9f1f63a1a94952d8002759acd6946c4d5d0b5de
SHA512 8d1815b277a93ad590ff79b6f52c576cf920c38c4353c24193f707d66884c942f39ff3989530055d2fade540ade243b41b6eb03cd0cc361c3b5d514cca28b50a

C:\Users\Admin\AppData\Roaming\Buxify\Network Persistent State

MD5 385c7a8b7a5621b673b67e9a4b21e70b
SHA1 3b94c5651c48411d027fed902fbebdb52fa87b1e
SHA256 39157d88e5ef5cd53fe7bea624149adee01fa3f4f4732171a056b16ba20400ed
SHA512 f9b421334535bc8c8dcae8e27d023c3309b63b13551cf286c7ce7c484d9ca981b656ba4ec80452d77a60799166270df7366d17410049ba02f278e5e93d03a503

C:\Users\Admin\AppData\Roaming\Buxify\Network Persistent State~RFe5ceb42.TMP

MD5 2800881c775077e1c4b6e06bf4676de4
SHA1 2873631068c8b3b9495638c865915be822442c8b
SHA256 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512 e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

C:\Users\Admin\AppData\Roaming\Buxify\GPUCache\data_2

MD5 0962291d6d367570bee5454721c17e11
SHA1 59d10a893ef321a706a9255176761366115bedcb
SHA256 ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512 f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

MD5 8975a973899494033c27b93c593d9d4f
SHA1 be89574a2dcdf8754c7d2c080e4aeb1c0eaf41a8
SHA256 b869cc4db64bd82dd5ce5d4804296f7b95e02e94bdb9f56814362b1a032fb2a2
SHA512 5abf39307ba5be50214603c48af5f18473c8d3cc36e641609216c79227de9fd27ad8d5e86e044a2c72b0e2849e731ef4d04ef102b12385f72d3717d171e5888a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

MD5 f0d11cde238eb54a334858a3b0432a3f
SHA1 7c764fe6f00cab8058caeba38eb7482088a378f4
SHA256 579adf148a5905868140df9075b90a2ff33c9070dfd35b3ab869a2d9aacd9a96
SHA512 b3e590c88b462004b29ced18027f640addd1ea6ce9ae584820054ca508ce7d626acb3bd729e3693b50ccdc5e4694b1aa400cb33a315a475de47f5b25ed964d02

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

MD5 8c40878b03ea1ec6600c6f58f80bf430
SHA1 0b376ff9ae6e3d2373b7f87ec913320f58d18d78
SHA256 f4e198e26a54aadb5843d037641c73b54b4da943df8246055310abc75d6085d5
SHA512 ae92f49af5b7afaf5c9389f23a15635b52532d742be147c34d3a092a21e1c9f816488ecb221d39b5c957b67c66e370081d878fac65946d98ed35ff046f1fcf0c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027

MD5 b90bbef154a21a5967b29eecd2e04109
SHA1 6d35b11f277ba398368a4a37655a8580186cfea5
SHA256 dd4a94de1eea796e9e19e63102282637086c529184330ba932c57dbfc4aea400
SHA512 84b4eb86f5800390d46eb7d9506e1809f6d7550875a80177dae3bf57e5bc1c4ee90742ad7b3d3181830ec1d2d5a75ada81210568ee4032f02f429dc704a97ab6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a

MD5 56d57bc655526551f217536f19195495
SHA1 28b430886d1220855a805d78dc5d6414aeee6995
SHA256 f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4
SHA512 7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002b

MD5 20b4214373f69aa87de9275e453f6b2d
SHA1 05d5a9980b96319015843eee1bd58c5e6673e0c2
SHA256 aa3989bee002801f726b171dcc39c806371112d0cfd4b4d1d4ae91495a419820
SHA512 c1e86e909473386b890d25d934de803f313a8d8572eb54984b97f3f9b2b88cbe2fb43a20f9c3361b53b040b3b61afb154b3ec99a60e35df8cf3563dabf335f54

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

MD5 b3e399b1c11344ed79907ccd5f721be9
SHA1 28933ba1392f17e5eb994e9f29aed2ecac0018e5
SHA256 be611e15aedcf8a20ef161ea69024afcd2b7fb51a7be1bc0a9fd970a6dbb8a99
SHA512 68789ab1a9510b8fff81f130f43c07e62b3b05bb2ff7a9b699d177b679afb4b24606cae5feaa4cdc8cd78ec25c2fff45bb01048ac2918bf28d5892089bc78f26

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

MD5 3051c1e179d84292d3f84a1a0a112c80
SHA1 c11a63236373abfe574f2935a0e7024688b71ccb
SHA256 992cbdc768319cbd64c1ec740134deccbb990d29d7dccd5ecd5c49672fa98ea3
SHA512 df64e0f8c59b50bcffb523b6eab8fabf5f0c5c3d1abbfc6aa4831b4f6ce008320c66121dcedd124533867a9d5de83c424c5e9390bf0a95c8e641af6de74dabff

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

MD5 68f0a51fa86985999964ee43de12cdd5
SHA1 bbfc7666be00c560b7394fa0b82b864237a99d8c
SHA256 f230c691e1525fac0191e2f4a1db36046306eb7d19808b7bf8227b7ed75e5a0f
SHA512 3049b9bd4160bfa702f2e2b6c1714c960d2c422e3481d3b6dd7006e65aa5075eed1dc9b8a2337e0501e9a7780a38718d298b2415cf30ec9e115a9360df5fa2a7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004f

MD5 00fc4cf3b691778c6bfed8be9da3b879
SHA1 9b58a7f445904655bd9c4a864c25f55c60853a3c
SHA256 7f179acb44d81c660581e34cef91a8651639653a54bb28d44526f3c6f4546d46
SHA512 7acfb45f8710615b116f9b64e1d92730de5cf78306fe71c0b5495743f1585b2140e934cb384f2a399264bcfa9a39d82bbdf95a1691ce44aa41165b5cd9db4fba

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5032f56efd7a9ee2f268795258a803ef
SHA1 4c61c877aa9545067b9ab18007bbc03a51b6509e
SHA256 804260d9812defc3a2201c1b4fbe383ae7c7dacf1f5f0da81c823a53fffc715e
SHA512 e191830d6bc710f78f2b70fe2672a089b3c0785cc8efb5159f77d72dc29db7da056b88e4b26b074c27a88040efd1013b689677ebbaf535d411007133ff2341c6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 eb23a38983a1b04311dce65f0a42ad77
SHA1 b3f495ad240be2da226755cd76bccecfe5dfc746
SHA256 21037c8851b0cb87f4902cfa34bde8bacd0b5b3c06a6e0545fc82608cfeb862a
SHA512 8a6d2f5c94409b22a16359c5bfd7f84105a567b6b721bb24d6e37037035c143f85cf5aa4b045be1658ac1011e2930c66ee47ae762bf76fba9b97525cbbcc75a5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 15398c03f2621dc88a72c10ef45a4548
SHA1 deae3bf2424e382f7ec00c6a6045bf1d376fa285
SHA256 5d595221a5b43403273df8207ee43747cb1fccdcf869422efa3790b0f5239847
SHA512 e4bf7f58ee1aab4032dae153befaf5e6086df21338bc2c4455d099d6d5b6477951b60fc9ec0e735b24aae47f43a4e94a6ca181319fd7fd99f53b55befa96d6be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 4818c7b6bd6e7aeaa8c80902ddde3abe
SHA1 68fd199f6b2301cfaeb2660542a92e469b7f1bd7
SHA256 75d9e79a988214dd3f02470d5a1f896fc9d94a1c2b04369b25969d3829d7d5af
SHA512 11286ece462993d693a9521ff873b4efd68825850904341689dab72188e1506922cca3aeadc24f54caee85df47ddb31b880e8c2e6ce8bf5cd2a7f763406bfeb1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 ebf273f60f156810fdc81312484cb85b
SHA1 6d3cc779543bce81e610efb6fa0601530ee341ca
SHA256 bae7909a3fcdc06ffe24722608149fca6d4a4f10877996c58371059354cb8468
SHA512 6a7fd9d1da2d471a1d6dc20460776179c00450f9ca3ebf68fcc638d70419478a17045514c73167b7d4686ca06d3e631ebf321f28b1f936487dc9e09228cef08a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 537aac1642854a4807aad4b22ef11638
SHA1 e83644189aca6c60f2dc72bac01cd9b4cf2c94e1
SHA256 c68254a195996a14da0f77639ed9a4b11b6ffdac0a1deca0f2383b90447c358e
SHA512 cf270678800d0f07652967336ca3c9565bc673650f487cd433d763ea72013d261a8239c3e1e69d52d1410fd60db62319fd8feecc29260ed90bff85bc05ebbd71

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 eb9be6f55b5e124faa547ff262b4e4a7
SHA1 1e4e21dcdbadc7304aa562a2ef8c74f76fde619c
SHA256 db16c7261c5cc9a8a86cff2acfd82c26c62f57aa855be97182770a849b650991
SHA512 8df0a0250696d63485f21547d8ba7334b503fa276d50d1c3b7193fda55823ad7f466e9a66b607995e097e9fb1bb4a7b930e32f6ed62c87def67972386998ea48

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005a

MD5 0afe526e91593672bba758ba7f871adc
SHA1 0d21dd2b22935b9f94edf4aaeead88a03db6e8d9
SHA256 9eea6d55023b85804691af30b0e5add526eacfb005769f3d6b40d70dd33b24ac
SHA512 d04967b65b7da6c119fc55ca82442afbad89ec762bb057149397ac76fb8900e9ac2eb553a589875c7f44d1c32891e182eceaf513997d0048cac1b1a6e6e06d59

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ec22e8f797b836db114701140ab66358
SHA1 df49bb473099e46ae1f41401a60fe70a75123256
SHA256 04781109268ff6a45ec46d587d5a8fe329f957c1e6b611c555a13acc3ef0fc32
SHA512 b48c0a2d79e5816289b19cee026f9b99279632f07e0aeb3467d1baa519bceb32b8db48a0229e7f8ef85d2d430c16da68de5c265ce4121a9302088e92dde3f972

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005e

MD5 4709c4f9967219e4f5f3daaf9721d51d
SHA1 10dc7726ebf51da76c9c0b973ec83e503cbe9f4f
SHA256 3354df802944fb4c9f54c707835e3f1db5aad1d59cda21556f3e82857ceaf9c4
SHA512 268bd2ed5d23a6498b5b1b40bd1a80b8ffbb4f59a84ca10e03d6017659643bb0354f5fb2fc7414b0e48b83650e8a3653048d0b90622366490a6bbbea07bee5f2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006a

MD5 290da880446319f357ede673218d69e0
SHA1 635c93664f99e9e35fc5b92bb4120fbb6391d308
SHA256 2912d2629316c97078c51767e4cad121cdecd2616794de1db36e3c3377c72ccf
SHA512 fa07e459d797367bc9d3e55be6e9035e190427518f54b03021ba187f1e99301c3c5ca9efcc37c31e0ec81cc6920b51507f6bdb7fca22f5a3419073e4d442e338

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006c

MD5 0db13293cfdb507caafd2066f1eada49
SHA1 e031a29843d1a4e9dc30ea13a06b1044e6b6f37a
SHA256 4c171deee7af6f41c9d6781345e4fe0e66ee58947cd3493cb95a75ea372e9aba
SHA512 52f0f3768430af146ba545e65230230d8bce1e3776717bc34662ae5d94efdc4f9641cc980f4815399c9ffd267869bd3cc6e91a37cffd68987458e2ac63af5c18

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006b

MD5 211ce3ce8b4b67ef8cf316ab34945a49
SHA1 26aefa04275e8d0ef8e1e856b4ddc53e5afc18a0
SHA256 c166008a7aae9c0aa03dbd124ce640f7fefd234b95b9bd95d9fadd2af4ac841e
SHA512 b53270d69470c6c2430f465569a3543315175c2627d6cffb3db00af760eef682af755e1bfa4b1d5530b9eb493137895c3539ee120ad2e1a25be4ac20600f81f7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 58417987252fa4a823a4fe35cf7a8ad5
SHA1 212b3b96bde86abc8f56b40a2363123bd7b42bfd
SHA256 084fd0058a41ac4ea6b9c1954456715cbd8a7fb1b3c60cf3cdb3aa82e3ce5ac0
SHA512 592bb88c3b10d111095d6e150bc1f2f8dead664461a70a4f720656a809aa4247a1287476285125bdea899f82d56046d4334beb746955f783350a6309207843f1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8421c0602ba9e680621ff930631c59c1
SHA1 ec22c7277230ff168f0674c8471e47cc352260a0
SHA256 d5f1ff593bcfa3dab6cf819c53fced024cfcae6f7bebf514020ed661a1024e97
SHA512 ec2adbd6c9143a4be09f4b2601031778fa42b631156137995513a02cd2e019625dd666f35a0fc27d3abc796bc4bb3ce5afe46319ed87313109bcbd333c790204

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 b4d8a0c0abfccc2acfd11644d8676ecd
SHA1 9b17183ce693f713ff8d02ca790a75e75ca7dc37
SHA256 a4782f05b1ceeb2ab87e38b9c2b24e69e17e2a75b01301e8f17612378bbd804c
SHA512 30e85e8074e0ba5737612c42521d32e49915d7ba4f34d3e6e8d80fc700bc6e39fed4dc231b048f8ef87ce15843b0c5f337b3be54241c8e46fbbbf6ae1ffc8362

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 60a201616e495c6ef9b86f8b4f4a078c
SHA1 7b7ae98572940f527d3f1e125f506618f1d21ac4
SHA256 6141a2abd906724331e3e30df2f0c81456ae70313e3831efc1d725ea235e0508
SHA512 ec70cbc4bfcd2fea0cd4c6561d951d091200ffb39b3b3c807a0f53902e6172eaeb624c6b1e2b58861a077390e3f694a4b5c77a7455097d09c79c0d2a46176cd6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 90826679bc4f5bb723a2268f72b97863
SHA1 bc2c0c27693453f5bcc4f815b9d50989ac283ba6
SHA256 4796f6c57bf39d82c143445a994665e0f58e400ad7a934dc7ddb16304e5e126c
SHA512 7db72eea962262bd60db58ec2b2b99fd6806b2a516affdd2935123513371deae1a08f801669b6c86c34d13de501ea6232c638c1d0cfbe35dccb7fc14a544a29f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 65dd21f7184700857e0ea54ebabc50ae
SHA1 a6143aab77eaf29095de1f088022125aa5562938
SHA256 e55c3b1fe8c965dea9426bb16ad408afd35569144dbb6d86843dc55f626a455c
SHA512 c0d0ee9c4cdb6e276940c3e6f2e01ec0a3e53a9d97a5ec21aaf60d5c3e1fb8d700f8b283c52ee974ca1acb3f26aff5aef36e341961cf5827e13b183c4a4ab7e4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 5e1834dc0cbfb257de58d8197cff517b
SHA1 482ebcf51a64392e749737d84371c2a1797b6ed9
SHA256 d498cc41d7131eed315f227b351a93b90dccc1106c73de125da8deed212d3288
SHA512 e72ea086ba4157c97aae847fa6980028f88e99e8a283acb24693c9fcd29e1348352e37b7523a4adaf766fcac1b0a50a67c68a0a62a1100aa78c708235f297805

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 7ba54dc47a8c9fb427b37a528b965393
SHA1 3769eac5c6389e0cf6097a1969b0f0ce0c74b2ae
SHA256 c23829e27337f2d759a8c8ed7e6ff55bf757b935204a64787de68602fc7c253e
SHA512 66a52524740db27abd7f062efaebc3b8016f3fc506be4bd1e01ae165332c5b905c59ade1b9ebccbb7418a7ac26e52505e3bd0bfc16c9fb9bfc195973bd7b47d4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 7abae9ebeffa495595747bc4d63c6297
SHA1 58e69e87abb0536292e9c92a14fb46351bc7fa1b
SHA256 2e6de0c4f51156ab09144206064b5e9552087e73b1ff36d4a873c5302fc0080b
SHA512 b56b868479791f04dbf4dbb88e30d9b734b27d31a7bd1e45873e89a31d0ed3fa1ca1c5c17f7b1272eed65853c2498ea824b4a8c81e5d138d0d0c0e3d61472893

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 6a44faf773bac452aefd904ba2ac2ec1
SHA1 b0c594cf4dbd7dcc20c9de46c7509b6cb790e8e3
SHA256 587934818fafc3417b9b6bbd6f59562799d420fdfa1b9909d696fa5fb739affa
SHA512 c141736335ef192290ce97a21e4aab368844341eabb09c49961b4f38f1dd21285a96fcc97f97e06d249e5311af241910abe10ac9aabcff51a6ef476aaf15e877

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b9c1c0db40c460327ba484179ded8f86
SHA1 91b5d246f223e217f6ae65163408cac05c4510bd
SHA256 aa0eff33125d4ce0f6a41e8eb43e2ef40efb64971d79e3e5bb9470f61a646fb0
SHA512 de0737272fd5cdc9bbe070bd5d9ae809a8629f6b184397f5a9be84a34119eb7d01513d404575ccdd48b465a462c196797622d599844eda6a0c53326a2a4795cc

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 9f00ab18e2c0640ee86a59208b8a3a07
SHA1 87fefbff76b5804377b3ca3167916a984dd5d038
SHA256 45eb525f4f9ffe500e80fab3c2283a4feb36d5931475c3018b7d68062bb63262
SHA512 f94b8cef67e8119176b6fbc269394982cde4a6a6902f959a21bb351a1a351aa26511743130b79282c28a39b3eaf744faadc50e7c18c74db72a27c9f40f758edc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 41826acd89473e035708a8f1443f298d
SHA1 4a526b3e52e1f5d2712db558c95146cf297f1d1b
SHA256 c6ad99195510260ef1e49080e48562aeef5960fe2934da2d7eb69c8a10c169f4
SHA512 14252b56106dc9edf090f41fedac372286a46a35bfdfb01f440154368d57e52f0e0492d31cadb1abdba345c10f06876f6ac6394f273496bbb5f3ee91e4e4bbca

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\wasm\index-dir\the-real-index

MD5 f0b2209a63f446233372ba5d1bbceff2
SHA1 ad1f4f87cb04a5e0c85faa5787c03c7adc8d6278
SHA256 9ecdc0f25d7862ba9ceae6b8ee227abb598d92f959163d342715bd322a87b624
SHA512 6942d20fbc545997ae3eb78cdbabbd16ed87795d2eed8cc5d188f9df6f3f64ccf893df226f7e213b608d23b0f9df5578ce3ec4e1683c8894b4a777ef3f5d9850

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13338773711416479

MD5 405edc6e85a0f6f5c934d8dce46e9c51
SHA1 4288f7996d5c2c181c8366de47d373e4dc052e8e
SHA256 20ce938a2c088f1556b6f4486e35287c135df6ae3f444690fb59e49fa0152e71
SHA512 666be72d0b8f4eafe6f75be6a9d6384925a4b476e082c013bb54765b9b6c6e506543fa6c6c26a1a7a136e2e63c9a3eb68217d639d859cfc14d12db86fc50cfea

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 e703f2cbe99dcf636fa9d75eff3ce893
SHA1 b98462d6aafd113a7657556f988845fcac2b466c
SHA256 5c2b9ece79783b322269b565c8394838076922b74ed9071ee9565cc97822ff67
SHA512 432834e6a6ffc5ab3bb631a0a32ed38e22f88e66abae8b1b388f75f9e7dd0e14041d99c8446a4bf0c96d6af5b3e2bc8b48d56d856c5cd94ddbf9ece38a0339d1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 f45d44477935ffcecb1de75b08845a73
SHA1 6e6d64f37986f65cc78d70f9d5ddcb628b3c8b75
SHA256 135525dd382b88733e90863bcb31d14bc18c604e0f5adf1d5b4c6520a171796a
SHA512 a79a6b340c03815ce610622c1abbcdb8682b6b0897cc3830eba62ab3dde341e178e4c73a26988cad34ff71142f2c17c626bd6f3f90a90a89d601b833d5e7976e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 cde100a2abf236dd4166a311da918662
SHA1 c5f02c46c97a90fdb782b90f045da17fc3528806
SHA256 48ab770e424f62bc6531bcf1545841942bb4204fcdfad024c4f30b032a79a46b
SHA512 f83f5a11503ba8e32cff597368f2afad938aea3069dad23fce4fb406f22d1766af4410353e9b8b313fa39060868974cb506aeddf4140a5f24df1ffba71e2b55c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 de9a51d7f62b8dbe09752a23008dec6b
SHA1 f0c8746afcf31b80a8356a5dd742cf87e6e95dcd
SHA256 8b2a068e04678fbf674377b2ff1e40587f9c81c3a7eb31c755ab9e12d9aecffc
SHA512 74ed17a612319d94a89bbda206758f6d09c5ca3ec0ce09ef5d4236b23e5d87532ac59805038ced3f4aa08a5e8f9653ec04e5e4eca6f95e0cc4515073366557a1

C:\Users\Admin\Downloads\XModz.Menu.zip

MD5 2b1127e88281f75a58ae927ecfa8261e
SHA1 db5d75cccdaa94848198738dc9e80ea0d83acc46
SHA256 79937efc724f7f57b8aece3c512e4a8993309e1f0d8b72221203e5de8e8725b7
SHA512 4458b8306a71a89b3b890912ee15dce2e039e205a7ef65f1fd27d103823d07d07876acfc40a18eb3df88621017d1545b12e28b0b2b4ac67de0eaa7641fba38c0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 dce107641d9a0193d0cc4fc6bc698ced
SHA1 65ab4aebeac273c1ab7f48907b6b4a315a8eb219
SHA256 a6f9bf887ec840eff504b78f04dbe2e500ae9286fb9a2bfb06cdf1bb73feda1d
SHA512 ef77a18c5301857b20445479b88ddf3004f6b06c8fe6df513f228c129e02bd8a4ea04fd0e793a971941edb08aede9ec7879e186676a177de9971a63f77d77628

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 379c542875e1224cc36712fae282b1c5
SHA1 8e8e705ddb7aa2500cb2ab823eee510e91dadaf4
SHA256 3af5b8d041a2a01f1ba55b48b923529d5680cf96d716f0723e53dbdc13a65f73
SHA512 ded514402d728eebeb6e307f3e1222297870855a0a018b8414272945a2230ce72ced817c482263ad1a0e9134eba31d055e993acd5a1373fac983ba1ae725d28f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 502189a4dd7bc6a6bb6f9c610d316f86
SHA1 4b47784ce2eb63f195f0cf1849f88b2bc6aa7c89
SHA256 79ed446b768ffcff1390d6f58cffb56784005a30243cf18e97d42beecffeeba2
SHA512 6a9dbbf38b41f66bf06bfd3f0aa47b57f7ff3dfdb5a64f50afc1e42dbcb12ea81fd52ecf073b40cd2aaca614cf8266ee618f3ef4e5db9102bfebe545f8262f96

memory/2712-2810-0x0000000000E30000-0x0000000000E31000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mod Menu\XModz Mod Menu.exe

MD5 1fbf2fdd728f165ec276f054c9af44c0
SHA1 48c9bfe6e9e8c7d81e755f22c0365d02319c1428
SHA256 26adb5392d8b83331f76344fda933c672e7951dcd2b960746e6f004b57d42b45
SHA512 a325c97d27b33c853046ee8cbdc639bbe2b16b4e1cf9a79ebbae06ccffc8a84bfc88b8c3d38f78c5841b892d001a69158818898197fb6a8ff0eaea3679ed8bcb

memory/2712-2997-0x00000000002A0000-0x0000000000581000-memory.dmp

memory/2712-2998-0x0000000000E30000-0x0000000000E31000-memory.dmp

memory/2712-3023-0x00000000002A0000-0x0000000000581000-memory.dmp

memory/6064-3026-0x00007FF821390000-0x00007FF821391000-memory.dmp

C:\Users\Admin\AppData\Roaming\xmodz-mod-menu-nativefier-e5a4a8\Local Storage\leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Roaming\xmodz-mod-menu-nativefier-e5a4a8\Local Storage\leveldb\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Roaming\xmodz-mod-menu-nativefier-e5a4a8\GPUCache\data_3

MD5 41876349cb12d6db992f1309f22df3f0
SHA1 5cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256 e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512 e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

C:\Users\Admin\AppData\Roaming\xmodz-mod-menu-nativefier-e5a4a8\GPUCache\data_1

MD5 d0d388f3865d0523e451d6ba0be34cc4
SHA1 8571c6a52aacc2747c048e3419e5657b74612995
SHA256 902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b
SHA512 376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

C:\Users\Admin\AppData\Roaming\xmodz-mod-menu-nativefier-e5a4a8\GPUCache\data_0

MD5 cf89d16bb9107c631daabf0c0ee58efb
SHA1 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256 d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA512 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

memory/4984-3092-0x00007FF821600000-0x00007FF821601000-memory.dmp

memory/4984-3093-0x00007FF821610000-0x00007FF821611000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 89c622ecfc35b53fc0e275b8fdced4b5
SHA1 a033146e0c8d5dca32d18f2a7588c59b99c8d3cf
SHA256 5874f5d74604e01ebff8e2c46098c4501aaa5580624789bc9ef4c5b26f9fdea5
SHA512 56a1de2a7ae2cfe56bc577a82df67309f53ddb13695528b6a4b34f2396c0e5d4a8e8b4833448c9d42d71bde05dd864be1773a25fb3369ded404884a5dded5e6b

memory/6064-3132-0x000002D444F00000-0x000002D444F30000-memory.dmp

C:\Users\Admin\AppData\Roaming\xmodz-mod-menu-nativefier-e5a4a8\Code Cache\js\index-dir\the-real-index

MD5 645bd54c2f1e39f372d12ca9243b8f92
SHA1 949626ceba17e72482244880208515c562c3cb7c
SHA256 0e3a8f82171d2d3822c54a95edc69eeb10fb173abbdbaa06e63b8fae89867d6a
SHA512 2530e26dae6627d768c2ce263cebb2292e851488e483a74eff364c4e055603ded62de795755b413130a4b0406ee7c465f8f070ef218c2abb05392eb2b390cea0

C:\Users\Admin\AppData\Roaming\xmodz-mod-menu-nativefier-e5a4a8\Code Cache\js\index-dir\the-real-index~RFe61bab4.TMP

MD5 3b6819df7a5d9910add256db296bacf3
SHA1 158fa5da2d4d43e348e959aa8c27a241b77f4ca0
SHA256 049e99820e30e5c7596c353a4d28611fbe2502be04f794a06f0c472345684ae0
SHA512 89c8480bb5c062fb7c24f4deb65dd07fe4bccee6b41bf9e3eee9955fc0b4473b8738da563ef6a631eb315a5a450fa0ccefda4397bb8f9efade35fbe650b3a7f8

C:\Users\Admin\AppData\Roaming\xmodz-mod-menu-nativefier-e5a4a8\Network\Network Persistent State

MD5 ec11ac7fe5054b09234d67f49400f973
SHA1 b2957d07db5b3155a66a4f9af11b45909bf39f33
SHA256 6efbea7ea08c6d080e6439f035181ec187c708b0d797f0b4399f6264eebac1ef
SHA512 ff477afeb62d087bd93602df996c7002c5e469d6d8d68e5e0e8b045e5fe062ec81bf444698dea3363cb1387118f361f9a65e557201c1c4a57d9b99ea57f62f06

memory/4984-3187-0x00000221CAFE0000-0x00000221CB010000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d

MD5 873c4764c2a7befb6d4d78650fffa6cb
SHA1 3052199d1a09e6aa9a48667267a1a65e01925785
SHA256 c6396cfb3b709128efd82810adebff888f1af62d634f882abf05b09cde839b15
SHA512 385d88634055001bcb3526b0878f2a9adbc02b77e60d0c72a3cc9d81c0c8e59aa7ec04f15e7d80e34ec416c876631288171c8924ea91482b12f7b8ddf37bb2fc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002e

MD5 58d4ec17141f90f940c0c8cf1babf0c4
SHA1 188d4da38593a7fbffa950c4d7017a40bca8e8f1
SHA256 07a29e19ab31e312a9bbe223588b66408531bdca831a97fcf79fd30206010d4d
SHA512 fffa1a79c33b2212974a50474a1798a20e0667befa77391f97124347bbefd4bb7785e747aa02482240cacff1a5305c4d92702c7467554a0f0e7660105e8b9a24

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7f5820a981b13d1d067720bc04092caa
SHA1 a8d1bb89b7fc2b48d7f4b351c5650d18b84e7948
SHA256 2ed7e5097ade8ee7abc4160e34360a3a170af047b62cc603dcce5eebec8360f3
SHA512 6142dbaf4396f787afbe1ed9e64fcb5e68556e342d67025697bdfa8d537e14c24220cd1cf6fa2169c729428f85bd4bf56da19126272844e3d89f33718624beb7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 c950222bbfe1583282947f45a27e4169
SHA1 f565c9209a10908efd07631ed4f5730c588c86d0
SHA256 52a9399a6f611770ad9e7bebe65dccde1b4f76a1e5f2f83039d756474a6265fa
SHA512 a2dc0456518078b00e2909698c49f70a0d4f1a8a9b227b5650691f2a0da6103700c6546a28f81ce0e28675348237c71533f08d1a711269303c179eab3c4f08c9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 14de824a790ccacbf9ea3c6459be3155
SHA1 f70db6710c820f8381330b6f2284248417b19067
SHA256 25e1c858eb9a203ac2a071bbb6e9f1c02b36a21d1db2c1b0f9063075996a0d39
SHA512 8fccde2425c6c4539e39b23bcf3dc2e26a5bb76cc8e5ca940f5e345212bff841d885bdc26d6d13577f50c0e056bffcf2fa62261e6e5e48c456b2c29a1f46e311

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 94a7f25462056c70b9cdd03dc73148d6
SHA1 d25b6fa62bd3d7aec1da8f5d69e5ffd954540149
SHA256 8f2612b508e7d1cf9bc92ca5699bfaae2e15e4a3f9448355bcd22222a0c36386
SHA512 449cacc8206d09373f2099f9247bb4d04422980c4b909652c94cb0d72a78cd1e09a63aa06e46230c409585fe0f2dd4698e2bab6a02880ebf6548b972607000dc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 93853efcef6972acf6e9eeb0d6e3ea84
SHA1 c8e8603f880cc84c042ee46770271a5a90f4dbea
SHA256 75d671ff7fbbbab38b538526ed7c825b4f7083b6e560336a602e5b01a32eb7a2
SHA512 7eeaa3966fb16a460135fb70977431e5f03c8d940ea295c86bf933374294f9b550171ee0730f9700c1552a5df24f88571a535f901e8fc3ae4a31fde56ebcf840

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 48f4ce66af9bd6c1de79f4529401161b
SHA1 d38110fe6f74f9ef8e916171f24880cd363977c6
SHA256 4307affcdc3e619f532246fb92070490a8ee4c784b3dbfaa53b437ebd34abd78
SHA512 9d5123c0b871a047637f1d60e5d83ce3e05ea515cd4be4030e3d707bf5d57411e57378b3994175191e78ed99a371ae9c07dc04a89ede099037095a47312b4b4a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9043e6e0626de51292ac5bcefa2132ea
SHA1 e3a4d85ead25a9cf20bc3df6809d3b678115c290
SHA256 5329cb96b501d7e2fc1e3b7ab7689df83b07dd192cae6bf6bebd900d24792e4d
SHA512 90f7b21e9f25e8743d774391277f2a56fa959e101c279db51847ee09c09545a50ee006e8a234fcd4fc5427ad4c32fba0537bc01e86a4fe446a4187b4f7242028

C:\Users\Admin\Downloads\86da1240-0019-485d-b794-bf9ee11771f2.tmp

MD5 1ce9b61c455d234cfb84eedbde3ea184
SHA1 eba69e786eccf5c00b1efd7f948b4f841ccb61e2
SHA256 ffac03c052d4778415c90ea0135cb636b80167610ac85b2fb9292efaab1e01ac
SHA512 ab56e5d4976555db4e7c85b07c567087d9a916049c096a30024d9b99831978cb856ce21dad55402fac38a1a7a5f8d17a047163aa01217c10dbc12b5e2cf8535a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 5aa828749d52e769a9d4793f5017f398
SHA1 d43dc347894a60489b0d786825ab436e9b425de6
SHA256 f21de4caa4fdd948da6efb7206115db822fd133ee58eda950eb241adddc9d60f
SHA512 94ae21d9c954d630dcfc3db132e6548de22a2d378278262783bcf458ad42f32a9ee070b6ecfcd9ca7ad48fcdbfa99e692d4421006e5d3ef6fb6aed317989b866

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 31c17227f98f5804ffca79da48ea1afb
SHA1 c04b9c4abb47dca1ba7c682d3cf396fe5a297dbd
SHA256 4bcd8f45a9bf558b8fe40cf9030a9fc3615514f2a1536705bb76d9fd91e0e167
SHA512 24009d0d9ce705d8ade256ac7326fc6e3159edf1c59e5fd5eace09090c56925a2727bde76693fa3ff30c26b2086bffdcb09fa4f53f10094f643e154cdbd00b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 14b2ba82ecccc4d96cbc734b02a4e045
SHA1 5d14fbbe9a0f1c9e52095ab5f3cc0f93625b0ec4
SHA256 d211d588e4ffa7e904811882cf1adb03ad265687a936d3da29bdbe18b314b6af
SHA512 dad1fa8be126445163a41c559eddf4b982dcb8c3a4079daa0a1529569a2d406dacf46745e53e40595822e0f4301cf74d9f9cd156b9527dcf34977c69a8183da9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9441125ed37a39b89ae2107a543ac722
SHA1 bce50ad31a2e66252e6f20495596d172a2571928
SHA256 655f3458ccfe95c51c740d25e0a1cfa6a095f529f80d3096b9e18bb57302c988
SHA512 d21d70f1086ac0c097bad8bc8392426ee0e6a0c4e2ed98cc1aece972ba93bb0bc02516e4a20de6b43a3788554ab050f7ac17fef1aa2aec701b201027b630e1e2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 82ebaccfaad136d65261404efb89ec70
SHA1 e0cbde23d6846d6bc09374a60ddf1a1ebc0c491f
SHA256 a2f4a6513270fc3f4c30665fbaa536e7d58aee362800a8032c27fb62acb0abd7
SHA512 81e9eb54500608ffc243d468d9328869ae723235b2eca64bccd3c841c29598223d0284b9154087544af528d5648a8956d4dfe1d4065c8def839a7c50e0870367

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 c5a92b225f923420fdcb7af6542855d6
SHA1 87e7c145b01ed70d9cfaf9788b6232e02ff641d6
SHA256 3b6b3eb75232cac950f3a4cd04e566502eb5e0c8ed1c65033db423a7f8b2a66a
SHA512 58e173cb180f9314659088d688d9a652c5fcd236cb78b9a110259cc9bd69530a9660aeb86e419b9f911f6473f6fa02e844dba6d6cd5dd93a11ac56edaf04691d

C:\Users\Admin\Downloads\Unconfirmed 534839.crdownload

MD5 0558ac0dd92c7158328a5ce84c00c890
SHA1 37ae948115cbab3f4fe7798fac1b0c9b1dc37a9d
SHA256 ea65507010632089666dffb42e40bbe2d61691e4f1b87a1e71e6b9056feceb8b
SHA512 735e371dfbcc7ddb4458f91ad08dcc3772643c5f7adf0501ece654b44131cb2dfca50fc3315eaf3b8bc32ac3a309f35453c8feb2c0c7b3e19975c6dfef74f03a

memory/5584-3899-0x000001A04B5D0000-0x000001A04B5D1000-memory.dmp

memory/5584-3901-0x000001A04B5D0000-0x000001A04B5D1000-memory.dmp

memory/5584-3900-0x000001A04B5D0000-0x000001A04B5D1000-memory.dmp

memory/5584-3903-0x000001A04B5D0000-0x000001A04B5D1000-memory.dmp

memory/5584-3904-0x000001A04B5D0000-0x000001A04B5D1000-memory.dmp

memory/5584-3905-0x000001A04B5D0000-0x000001A04B5D1000-memory.dmp

memory/5584-3906-0x000001A04B5D0000-0x000001A04B5D1000-memory.dmp

memory/5584-3908-0x000001A04B5D0000-0x000001A04B5D1000-memory.dmp

memory/5584-3907-0x000001A04B5D0000-0x000001A04B5D1000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 9f738ba0c5c7ae233ade88a2ab4f35c4
SHA1 705704447d0657647f78179a6e2dc7a7b28470ab
SHA256 d7d56291e884f3b1ab7e6d5f869b93d89ab2ff96e8c2ca347f05d0fc0bc1ef03
SHA512 36e026375cc7e6b8f146d1c1b1733f1af65537fe2c3b1d0f47a4da5e75b32d983d3f3ecf14d39526b0215d4c70d26ed3e3b19a29c484e9c4f3a9cfd798a8b018

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 c9a763069fde4f43eb62de6c6a966317
SHA1 b51377ee85c11c842edc027490042056e4186115
SHA256 e26cb5dd4adcf18c41e87187814ef68693b3861119d9efe54716ff98859be9cf
SHA512 4af185980e0227e117c0107d4bd88656ea67bf694607da701166709d0f3dd20e7d58b0b8d573ee113c3464cf8d86b1f435d452db6785c68bf3cc6cd9015c017f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d55e864d905aa56e77f8bc07401ec5db
SHA1 462d2f94c7740f794742970101596c077c79ccb7
SHA256 b6555bab6b1fb4979f96877c7def1d0bfc4f49b326a64b5234ba6e7d0f8d3508
SHA512 cf922f8916d77e46aeac5ba803e8c12b5aec530d933d7301794fb3fac3f9629174f1fccb92c29afc9d57b5c6754dbb14ed90254501ed43faaf1ff17e4b2c1b9a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 aefd77f47fb84fae5ea194496b44c67a
SHA1 dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA256 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512 b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 519f72d5b27803eae816344ac0e8f251
SHA1 478273a496f8903e2e045763ccd927fa5341a67e
SHA256 f068340f642b96984686dd40c0163b7f51229fe91bbc8a25f1698ad944f61ba8
SHA512 96b2cd312c660147f2c853a16043e3355b896ce0ffc6ef5e73023b85542d48316348a29514921f770e0d517d4ca7f9ff3cf32475d4aa9043e853df06caeaf4cf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 aa275f2d4f1e73288f9c823185bfeff9
SHA1 d63fe33b482abc825491361a01406b8665e717ef
SHA256 a15852bda7571d063025a45b9f5f8dbe399ed7b410fce21c39458a73ecb0de26
SHA512 142aa2954aab2d3f5704ce3050b96c3219724edf91f8a4706b07f68ba9c24f2ecb587b307e443abf5dee9e5c96e73a037ad09e70e8afc104e40e6b0d1b0b502b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a0cd54750f900749f2603074fb98eb3c
SHA1 0dde4eac75ece82bae8104cc98be129234266e4b
SHA256 dff794889b68554594cff8629389d7d285092f591c141e1c04ca05b53cc0ac44
SHA512 1b9c3fddcd443878971a65d6ce86073d49e9acb70e4a89d3a394508d54ad1e8b1b537f29733f401e43d3347fa20f318f866467c58a4405ef873a4c3cfa53a750

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 01b7d1e83cfa5c4c0156ee81d4f0ca37
SHA1 a61c8e16ceb31ce8fa8ac3cced756e5835a5913d
SHA256 d2fc9f0bdbdca42d071943dae0eb3aea9d7ad4e0d1a4345dbfca2e06559d6994
SHA512 0c8cc2f601e212dc7e7176c154098c3f9856e5ad15ccc1ca746878e6741229f86f19e873b22023234438bf8ee558dca96d61f089e2aa000916ab0f42ecbbe6f4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 352513f1d4c8f37357453f7046bb20f3
SHA1 ca40014339711cfeec178ea74b5dc07083c2b662
SHA256 ffa888d0b8efa1c4f5931a97bb3af7d4260290c11832a78c0fd2e171f997dec5
SHA512 ae22ca0849b5b7d7bfca3ffcd77f7bbfa73f78c5405f00b2a6017b3ca062dc04cc0f75e176af4576fbf995cf771cbf71b7ae9b28f5b5b6d6ddc0dc7811ccbcad

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 86d10c2e3a589632af3fcaa3aa05aabf
SHA1 555cbff4f5778f4c9194d972a3f24b0e1f6d9704
SHA256 477fbbeb8feb0dded9ba440177aec2a2c8b10e664bbcb0ffe06e72f605c630f7
SHA512 8f40f0a22fcab8f281581ab9d289dae775cf6d873fa1a582638bdedfee2d2c04f6c1fcb9f2870df2a3421eaddab462b2d2582f912a9f0584a93fbbc29cb85dd1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 d85e304a6a8a044c68fde2c2e41dff01
SHA1 42903b1a98219c82742bae40613ce16acf6cdf62
SHA256 e84d74924468d11bc6f6d6fb02f20dfdcbffcc340827b556c2226b2f27c8a67a
SHA512 e891ff712277545748c7edc9fc48411f410c9d21e739bf375ffd76b92bae03962919c5cdae491bdd78d580ad46dae4e706e6418b89ae93e086f7e8553217fd1b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000c9

MD5 03b690f9597d934ce452d63e24ba89da
SHA1 4d27ec9879394a82b58826aa1be10cd531762e92
SHA256 1658e31bee86090f4836e2bc3c9b99a3c9eeaaede5fc04f3eb224c700ad2a1f9
SHA512 88d784bba822cb3e1a11a743691eae0f1865c796a65bfa354b2a6ae741183d02b71be22c8e5ca29c2014eacccfcf4380afced14fb6548962e740ecc4a3b2fecd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 27d5749123a8826b906ef3054ee77f54
SHA1 3695b5c8377afd41c56fc98f94cddf2e6ef31074
SHA256 9a7071fd2453a532a646bb52626698455f9e4d452636713b1637eb1a0e591646
SHA512 daf3c3ed3de10d8f6d255be70ea668ddb89f26f04dc40138d1e745364b751f737696546782c2b3756cf96fc83ff28af85c350e8562a4cefd89de739efc20840b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9af98aa844479c18686e920d896ca0b0
SHA1 1dcbd1b71c6aa2081952419b34346964228a7c45
SHA256 2141a3b7f93509825ea9aaf9b648dee6b7f40ac8d3eb462bc83b02bffb05991d
SHA512 b9fd218726e832c9205ab17add66648d9f416cc5cc1636c2e463450608552edca3a73c69fa84904f51792e95457110f72ad534022ed59d83819e729ec3c77b58

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 1d5630f8b15cbe1e519d030bf09abf16
SHA1 525bb86313febdbdcaf5bb467d96f8e279fbdb82
SHA256 de4f51635d974cf24886025d4659b428be146244a7d49ff7b9226115c7f2b846
SHA512 b2ad894263dd750d2edfe016f9ef24fd9ec4cbe15e80e74639613f75cf1b6d2df90c830ed4c3d09f53b6be44c9c4752e7a01415e5b384008b3a46ab5a98e323c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d57686dc4c1f1b98ea1e61b2f758d2cd
SHA1 0da860d067be2f2f0514980194a0c94b147fd004
SHA256 d919baed560478b6c39a31c1949f0cfb6fe97481136a7ef6523c4f3b29986248
SHA512 7d85b9e82619554150c96f82682b5061fb9294d324ec1116b27626bc7b7bcf8f0a1b71435496bfeacb362cafe8fac84c2eb536af326b5bcde257397e0d7ddfdd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 54eb37a6c5fd08cb945d57a176b7a573
SHA1 5bd383bf9e480ef53c6d190e0ffdef431be37919
SHA256 a16d5c9aecd3b653b33b406590a2f0770c08157e81925bd6880f96145187e66c
SHA512 d6cfc0bf905ce17dca142f0d818f81f8605df41878f548a1f22ff091d65a4625ed228e1ec1eeaca297aa7af5deb7fc1fb0a2f63d87e594be50e38ce7b8cec0be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 3c10c95c23492af9740d9237f280ece6
SHA1 3db80c20974a4a93931fb11e9ed742a3274708c6
SHA256 a96182b1324d54312b4c1e3643911dde37a6949f29a19c3bb372570e6b4eb01e
SHA512 d3ee81b865026b38d2629ca98be640bdd20447767450e916a9791f455602f3ab476d88d1ed21234d1305cb40c20bbe1490f3ce66cc81545cecc820dc620f2e73

C:\Users\Admin\Downloads\Neptune-main.zip

MD5 fd68d7084d53a276f8afa9138983f4d7
SHA1 6f093140fb290b534e42ff65a402a078c2eaa41f
SHA256 ab9fe01fa2599af1915961f7af7baf96fdafceb643e5ada593c976ab8d68a2cc
SHA512 818c9415897646ce831e8c3ddd541c09a2fd771f547051e7b1c5dced1046a2f2e4948b78ea44675f21c1ee5d9df9e5bab046ac8cc47d1782869da4aed87b3a6d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 87df56f184b6e04aac067ea7f4d9b719
SHA1 5bd91e3d1654db8c91ca93455a172010fb2ec717
SHA256 292f269955172f2fe3dbf136cd138cc74c68021b01000ed9cf0679bf53027810
SHA512 2eb16d500f429a3b28c9159132d1e5c4b264f0e122917ea2f70967f623282908aa21e1f20f067faa1088eec78ac37925729eaf0699dba2883ce4a70b1f96f9e9

C:\Users\Admin\Downloads\Unconfirmed 295540.crdownload

MD5 e4413bb7448cd13b437dffffba294ca0
SHA1 59dcc42113cd01346f7498a07c1265a4428b8864
SHA256 47be821c0f1825d90fc40f83a3ee3d3a691a3e16c8e21ac0cd56371362aaad50
SHA512 a48ee8992eee60a0d620dced71b9f96596f5dd510e3024015aca55884cdb3f9e2405734bfc13f3f40b79106a77bc442cce02ac4c8f5d16207448052b368fd52a

C:\Windows\Temp\{858163FC-9910-4D2D-BC46-019B73DBC18C}\.ba\PythonBA.dll

MD5 6382ca6e9024097c5b662b0147c67e7c
SHA1 e1134801e1d2834c0a2be3f7d30bc6610760689f
SHA256 cbac589b8142d3c1df2353471e928b2823f59b66e06e521619052dbe6385055c
SHA512 0a38306ae961a64eb0da531ae3f7b6f438be94320b0e11caf1b05a700d49632556405431b175606d3bff13f89f658f3af00037c1cd752b659169086ce247d6bb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 0a24db23701870264b746f2085e888ad
SHA1 5d8986abacdbd7a13eed8199c3d888cf5f9470c8
SHA256 6f23720822a3924ae6d4e6cd10a0120d3e45df3914ace05dc4877929bbed6dbe
SHA512 b8e42172fd4990678e11665f612b334660f2b9cfad8850e495a4de7b9f89155b4c48ec4d8e6d356b54e44bf270b4169ba2e97f1c5feeb5e433f2c5de03153ba9

C:\Windows\Temp\{858163FC-9910-4D2D-BC46-019B73DBC18C}\.ba\SideBar.png

MD5 888eb713a0095756252058c9727e088a
SHA1 c14f69f2bef6bc3e2162b4dd78e9df702d94cdb4
SHA256 79434bd1368f47f08acf6db66638531d386bf15166d78d9bfea4da164c079067
SHA512 7c59f4ada242b19c2299b6789a65a1f34565fed78730c22c904db16a9872fe6a07035c6d46a64ee94501fbcd96de586a8a5303ca22f33da357d455c014820ca0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 76c51a206aae9bae636f464d445af26d
SHA1 09a64f8cda147360e84ba2a11c38b95ae8f799b4
SHA256 311c313a74551a793475b38e699825d50bf43515e7aa6f6daf6066866fe05e21
SHA512 3a4efe31ff8dbe002d727691a913f28c9e085ee8d47f5dde971987d92d6b65c79cd15be66732e95f855dd8cd7e1fadfec1db0f01f2701c96441469d2d1d519a6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 354d4ebdcf41e0363baadaa856b884f9
SHA1 4d45d20b7c38ce8ee25ccdc5193f18eabdcc62b7
SHA256 2ab543a7561d07a3f6ed54356439c02abcb2935f796c5b5a0ca195f50f81445a
SHA512 0eb21fc9190a123f0f4f4b5868f6d5e5219eb58ce76e489a894bf5c977f12101bcd372a3b43630180e4157785a6ac58363fb9b171cf3540ffef619b973b5efac

C:\Windows\Temp\{858163FC-9910-4D2D-BC46-019B73DBC18C}\.be\python-3.11.4-amd64.exe

MD5 73084cdc98f16f144aeaa7ce8966a76a
SHA1 40e8d66a0d13454b25513c8444c763cab00f2ab7
SHA256 6846e876b507121739c7325d83c6cef655748113f0ef1cb61759552dd76c9db4
SHA512 d674aa9c8ec2736fc4282d6ae7a15c87ef714c6d8f0ceef5213c6925abce8e152eed4fa39525b5aa7c5bcf806fe7bffbbbbd74e71f25fd9ff544825d407abb71

C:\Windows\Temp\{504AE143-FAC2-4E8C-B7AB-84693FBF5BEC}\.ba\Default.thm

MD5 4a006bb0fd949404e628d26f833c994b
SHA1 128bf94b6232c1591ee9d9d4b15953368838d8ef
SHA256 be2baed45bcfb013e914e9d5bf6bc7c77a311f6f1723afbb7eb1faa7da497e1b
SHA512 b77383479e630060aeaacbb59e4f90aa0db3037c9c37ebf668cf6669f48b9f57602210c8e0c20b92a20d1bae1a371a98997b35f48082456f77964c7978664cd4

C:\Windows\Temp\{504AE143-FAC2-4E8C-B7AB-84693FBF5BEC}\.ba\Default.wxl

MD5 e2e4ed5dd48af4eebe15726c7053749f
SHA1 8d7eebbd2d8544724ac2ff0da71ac1ff62121347
SHA256 0111a0f259f5f498055b4c1218b30c21d4a8b7d893bca04ed4e18fe01d3563d2
SHA512 64c3010e4dd0fcfb2e236ea1ed464d1928dbe2f5a13dd0a71b4c446a7b986118955d37055857c5fb44a45500a598112641d6979d78883be4c444e7fbc1292e05

C:\Windows\Temp\{504AE143-FAC2-4E8C-B7AB-84693FBF5BEC}\.ba\BootstrapperApplicationData.xml

MD5 29f7c1ae17542f2947d43086cc8a2c61
SHA1 ad26076b5e86cdeb2e9f68f136577ffd40b9f824
SHA256 82fdb1fb8ba06ea22ef1e0e790dcd66b51eb04085b3a8fd104edaf1c8f008340
SHA512 30ef345fb2d7ceb57b637d8afdc3c417b4f10d2fbfdcff0a352e830bb49c2d45baffe13f7637c7b4d41984ea41a91861dd86b2ef7e45581aebb98db1fbcb6b35

C:\Windows\Temp\{504AE143-FAC2-4E8C-B7AB-84693FBF5BEC}\tools_JustForMe

MD5 c6becc684cf5071c79ca71213b27f1e7
SHA1 bcead7c4184eb3eab3734f5aa0f4e90224428a08
SHA256 3be39c326e8d40e101d6c12995e89a9c15a9e30e134d0f4ade131522ecefc081
SHA512 7674dec3fe56cdfe98e459d12253fc50ecc34b464f142b7c643fb1972130a9c1d22f15b21f261b52582f866a1743046352e1bd3916e7b32805f77db64de73591

C:\Users\Admin\AppData\Local\Package Cache\.unverified\lib_JustForMe

MD5 61f515a5767b0b86b7f025470ea59cfc
SHA1 3ee14100438adc5c905ee9c9bcd7fe4dcb84d5c7
SHA256 cff6cefdd631ad4cca3b97e2d2c7f64f1f069fa9913111d3dbafc29a5a44c459
SHA512 8b7c9cbde146d2faaf66e54dadc3f8264564bcfd0cbcb2f5ee4e1dddf771e597a9b2e8c82a7eb11003589aff84773f38c1d24197f01721383c8a2532598213ae

C:\Users\Admin\AppData\Local\Package Cache\.unverified\doc_JustForMe

MD5 bf152691c485494abb104bcecf66edb2
SHA1 3570812d1a76cd971432b099cf30c4a6877cb376
SHA256 4cfcc529e605fed113d85b880fc23d23fdf2cc58e8766182181b25c14cf6aedd
SHA512 8ff33d7f6dcf4c7d4caeed465447a9dfe42ded635bfa89a3c0319ba3c09e95881bf658259e6dbe81418ea44e4a0e8bade7b9681df3ff3908cbc654f79bc5410e

C:\Users\Admin\AppData\Local\Package Cache\.unverified\tcltk_JustForMe

MD5 ec2aff78b2405d86280ed36a83a08b93
SHA1 acdd2251f064ac5921c7e7bd3a282639504907bd
SHA256 de0e7c2f063a5d8f3b32815feca509effc788252604759c7b686478344cb2447
SHA512 71f9d60a294988b58345d9736f0315bcf90be84ee383aab517c6feb4b52ef7d9f72b4163b93a6396ba00248c7d009d677573f992d0ea2b20eb04a1cb66477e09

C:\Config.Msi\e66d4bf.rbs

MD5 f9fecb991909edf8c72c3d6a05a26c34
SHA1 c121d320bf37ff9202db51ee66cdbbdd38fa1b4c
SHA256 a1e0482980e2b9166fa8777da91924754fe148a26ecfbb606ced928f85087101
SHA512 f4ee29d47ffbc5efb7d572131b26574dad224a362cee189b11b7cf34a8778a8b9cfab94fa2c48b418ab2b5496c9b56ce8a1dd94d9a35062450a11515b776dd57

C:\Config.Msi\e66d4c4.rbs

MD5 6b4edea31a140280113aee8b23cc8f2f
SHA1 eea01b28ef524abc9936041b63edd2759e68e4db
SHA256 cdb98681a1e56373e3041436dcca2dd6fec7eb4d09fe4c550a3e3430a0addaea
SHA512 e7b2eb27b6b0cba54072e3ef060a63f8e6c5e527f06fc5c88f0b8ced857f4b06f80183dab34cd76e22741a3faee6a93794675db87f77912844b964bfdf1b4fae

C:\Config.Msi\e66d4c9.rbs

MD5 0cfb4a5bf1026a5675ab221155752f63
SHA1 d1d43a29f471694a3b8840c5ba9ea17636bfec9f
SHA256 63eb0afe2675419e206eecb9c17275c9485f945fccb066b8756bf9ffd960e07b
SHA512 dcbda8db5c8497ce0e3de5d98829f9de5e6265463ca41186688d75924cf36e1f4d12e4c7f345ffa458e5a85a7bc727191719f8ca4840badd73d02006d6fc663f

C:\Config.Msi\e66d4ce.rbs

MD5 bcb1a718b441c15f4d208abec927912a
SHA1 2d4e375cc80943d5a726327a0027bd0f5ac273d7
SHA256 0761e4393335cc0b32a6d9a11fdd1189459210ca3760554a43e989ae69232da3
SHA512 c67896388f108abb60fd03945158584fd24411b395f619c3388ff38ac51fbaaecaf6fea63ab5a91f38c617e0027fa55014297a68cac1cb24a30ea5055f32020f

C:\Users\Admin\AppData\Local\Programs\Python\Python311\Lib\test\test_importlib\extension\__main__.py

MD5 47878c074f37661118db4f3525b2b6cb
SHA1 9671e2ef6e3d9fa96e7450bcee03300f8d395533
SHA256 b4dc0b48d375647bcfab52d235abf7968daf57b6bbdf325766f31ce7752d7216
SHA512 13c626ada191848c31321c74eb7f0f1fde5445a82d34282d69e2b086ba6b539d8632c82bba61ff52185f75fec2514dad66139309835e53f5b09a3c5a2ebecff5

C:\Users\Admin\AppData\Local\Programs\Python\Python311\Lib\test\test_importlib\frozen\__init__.py

MD5 c3239b95575b0ad63408b8e633f9334d
SHA1 7dbb42dfa3ca934fb86b8e0e2268b6b793cbccdc
SHA256 6546a8ef1019da695edeca7c68103a1a8e746d88b89faf7d5297a60753fd1225
SHA512 5685131ad55f43ab73afccbef69652d03bb64e6135beb476bc987f316afe0198157507203b9846728bc7ea25bc88f040e7d2cb557c9480bac72f519d6ba90b25

C:\Config.Msi\e66d4d3.rbs

MD5 70e51a3832de20e0d1e8cb782acb68a6
SHA1 e8e80485cc7e97d880ffb37c13c20f0164af9225
SHA256 7eb6b143052b21278310021368abd3454b6a2b4a81f747f706b056e28ff0182f
SHA512 f8c508508d830753c4a48cbcfff9479cc48a1ad6d0d80f14e9ab930c53f63593dee9b741e8d07dc53869b24c94b948a90395ab95465527bae96b4876e82eb4a9

C:\Config.Msi\e66d4d8.rbs

MD5 d5edd2eafffb00d34cd44e4e5c83e86f
SHA1 d60ba74c6cc8bf0b6acc02868ad593b8ac2d9330
SHA256 91fc27aa81553d0a3cd14f7cf1a39b0a7914dc286c16dedc0e41aab4e95a5769
SHA512 d402659ad66c120d127b63b33f340ec59c3dc18b3697d8b9f93ca898d0bc5dc7586e1f01e250036bd787e10149c6d09eab2df97fb6195ae36cda16bac1834865

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\b1ab0a3a-1825-49f8-a807-228c43f20eea.tmp

MD5 fe202402b4182478097b681b3ac1a4c3
SHA1 866b60f162c223f676542a33f6972323eec6ecf2
SHA256 e5a5467ae901baed51b1d74ac8ca279789bdb8586158e25d06bca0eb5ccae1f1
SHA512 3a6deb2297feed4234510b0cf0ed45daa711dc7b9906bc7958d0bedefbae50975a38af66f3f00629e2d7482eb5faa121d92f98f11ad5456c750b8ccd1c6aba51

C:\Config.Msi\e66d4dd.rbs

MD5 5bdaf5ebc614c14b7a1795c5a244083f
SHA1 81f6e366097cdce92a5cc7241a82b1b0a92ee710
SHA256 899a03795327935e291c69a1bee339b28502b6dda223e7cf69fae99ff50f7f0a
SHA512 be628a0b56ad36bece1fb175074e83ac57ed385ee1c350b6297ed61261f016efa702659511e50330ed617a646783200b968b68163ca7a471c0294c81d17a66a4

C:\Users\Admin\Downloads\Unconfirmed 340364.crdownload

MD5 553799f90908d9015d91ab6de3ba31bf
SHA1 14324c9b660cd036f4ea3da9ad99f2d5c700b677
SHA256 7f5b876590074567abde667afa2156aeeafafa86200d487f40f6a6da6531b993
SHA512 5d8a28f8d7bfe2ae0e5734ae894c0069be1981069e5287e1714e8590cb75f059332bd1017b53e481af6b2d4c7769597a6516834abfef2dbb71a804f1af7f49ad

C:\Users\Admin\AppData\Local\Programs\Python\Python311\python.exe

MD5 b6ef5717317f6300d663ed9559ee9967
SHA1 20cc528f0dd7d148beb1afc164ae1f5efac09725
SHA256 4fb049eeddd221e5470cd33177299dd13f85eba25beef7aced7a0890ad85181f
SHA512 68ac3cea6930002a2deae17deae2ea847403987367cbaeb7a0d324a05d162f63b740f2a1c2aca13eae818b1648c328a87c2e626c59468b43b70e6e6da74c98a1

C:\Config.Msi\e66d4e2.rbs

MD5 0a68e5565b926f025b04be159c9b1c08
SHA1 64b31c964f5f3ba02be880750c38bb502c89eeb4
SHA256 3af3161af23dd230005068c81f5a11c610b54a951e8fc51b09cec0bd8d40a358
SHA512 56eb4208f80d4951e98136970f4a1e1dd04c166d221d20c1189e767e4b1279cbb57f83810cd87d4cf2779037e1e433725af58303885c9294a04812102c92d8a6

C:\Config.Msi\e66d4e7.rbs

MD5 4a9b52e3ebfdc9b67642ae9a92fca740
SHA1 107937c458e2f4f4183d6138201bfaf64e1fba09
SHA256 05a6ddabda883a1537dc0cad3ad98080d8b4104db9df1c63451f83574822c4d3
SHA512 848f4728c6a2148d530766b5069586951191a86b3ac06dbc89aacf7a3636c987c6ca2f7d78b9d6e90c2a88af822ccd119ded53ecff24c92b4dfc953e358a01a9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 e238372bf0787c6e7297bfd0f8eda250
SHA1 f6f7707aef01755b07efdbc4644335b4076f13cc
SHA256 fa313d6ca3bd0cf9101f715dcca6b043af8a4a1b4ea9376ef2088d79f2022466
SHA512 e46ed3259108c8465b2b6f7415c6c93fbfa2251ae36fcb1dcb9b3e61e8200505ad62a629f25820576dc32fc8b0ea393e14e4d5af697baca22aeeb55259a0d88b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8a8afdad745070aa6b9b2780cf79f123
SHA1 64ba393f914ea36208148f844d2432c772bef273
SHA256 c2bcf73785b0dd376bc1faa4f83fd816545d5b00d141aafa7ab3e0dcb40d58b7
SHA512 96c9451f40dc8659833e212124265636f8a8d92a81317772a7b7c4c48814046c57918e15603c9a12f0820a780491fe43fcf4144d171ff18fd91566fbc94d98cd