Malware Analysis Report

2024-08-06 12:27

Sample ID 230922-ldawrshb83
Target https://google.com
Tags
phemedrone evasion persistence spyware stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://google.com was found to be: Known bad.

Malicious Activity Summary

phemedrone evasion persistence spyware stealer trojan

Phemedrone

Downloads MZ/PE file

Modifies Installed Components in the registry

Checks computer location settings

Executes dropped EXE

Looks up external IP address via web service

Enumerates connected drives

Accesses cryptocurrency files/wallets, possible credential harvesting

Checks whether UAC is enabled

Suspicious use of SetThreadContext

Drops file in Windows directory

Enumerates physical storage devices

Program crash

Modifies registry class

Uses Volume Shadow Copy WMI provider

Checks processor information in registry

Checks SCSI registry key(s)

Enumerates system info in registry

Suspicious behavior: GetForegroundWindowSpam

Uses Task Scheduler COM API

Suspicious use of SetWindowsHookEx

Modifies data under HKEY_USERS

Suspicious behavior: EnumeratesProcesses

Suspicious use of SendNotifyMessage

Suspicious use of FindShellTrayWindow

Suspicious use of AdjustPrivilegeToken

Modifies Internet Explorer settings

Suspicious behavior: MapViewOfSection

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of WriteProcessMemory

MITRE ATT&CK Matrix V13

Initial Access
TA0001
Execution
TA0002
Persistence
TA0003
Boot or Logon Autostart Execution
T1547
Registry Run Keys / Startup Folder
T1547.001
Privilege Escalation
TA0004
Boot or Logon Autostart Execution
T1547
Registry Run Keys / Startup Folder
T1547.001
Defense Evasion
TA0005
Modify Registry
T1112
Credential Access
TA0006
Unsecured Credentials
T1552
Credentials In Files
T1552.001
Discovery
TA0007
Query Registry
T1012
System Information Discovery
T1082
Peripheral Device Discovery
T1120
Lateral Movement
TA0008
Collection
TA0009
Data from Local System
T1005
Exfiltration
TA0010
Command and Control
TA0011
Impact
TA0040
Resource Development
TA0042
Reconnaissance
TA0043

Analysis: static1

Detonation Overview

Reported

2023-09-22 09:24

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-09-22 09:24

Reported

2023-09-22 09:29

Platform

win10-20230915-ja

Max time kernel

277s

Max time network

298s

Command Line

"C:\Windows\system32\LaunchWinApp.exe" "https://google.com"

Signatures

Phemedrone

stealer phemedrone

Downloads MZ/PE file

Modifies Installed Components in the registry

persistence
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1384669652-2270756765-572751751-1000\Software\Microsoft\Active Setup\Installed Components C:\Windows\explorer.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1384669652-2270756765-572751751-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Desktop\licencu\application package\package.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Desktop\licencu\application package\lic.exe N/A
N/A N/A C:\Users\Admin\Desktop\licencu\application package\package.exe N/A
N/A N/A C:\INSTALLER\UQGOSTIDVY.exe N/A
N/A N/A C:\INSTALLER\DUFIXDUWFS.exe N/A

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\Desktop\licencu\application package\lic.exe N/A
Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA C:\Users\Admin\Desktop\licencu\application package\package.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\D: C:\Windows\explorer.exe N/A
File opened (read-only) \??\F: C:\Windows\explorer.exe N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A ip-api.com N/A N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 4300 set thread context of 792 N/A C:\INSTALLER\DUFIXDUWFS.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 4768 set thread context of 3688 N/A C:\INSTALLER\UQGOSTIDVY.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\rescache\_merged\1601268389\3877292338.pri C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe N/A
File created C:\Windows\rescache\_merged\4032412167\2900507189.pri C:\Windows\explorer.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
File created C:\Windows\rescache\_merged\4183903823\810424605.pri C:\Windows\system32\taskmgr.exe N/A
File created C:\Windows\rescache\_merged\1601268389\3877292338.pri C:\Windows\system32\taskmgr.exe N/A
File opened for modification C:\Windows\Debug\ESE.TXT C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File opened for modification C:\Windows\Debug\ESE.TXT C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
File created C:\Windows\rescache\_merged\3720402701\2219095117.pri C:\Windows\system32\taskmgr.exe N/A
File created C:\Windows\rescache\_merged\2717123927\3950266016.pri C:\Windows\explorer.exe N/A

Enumerates physical storage devices

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\INSTALLER\DUFIXDUWFS.exe
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\INSTALLER\UQGOSTIDVY.exe

Checks SCSI registry key(s)

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0002 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Capabilities C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Capabilities C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0002 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Capabilities C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Capabilities C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0002 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0011 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000 C:\Windows\explorer.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\0064 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0002 C:\Windows\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a45c254e-df1c-4efd-8020-67d146a850e0}\0011 C:\Windows\explorer.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\system32\taskmgr.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1384669652-2270756765-572751751-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\system32\browser_broker.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1384669652-2270756765-572751751-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1384669652-2270756765-572751751-1000\Software\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1384669652-2270756765-572751751-1000\Software\Microsoft\Internet Explorer\Main C:\Windows\system32\browser_broker.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133398483071339697" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-1384669652-2270756765-572751751-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "185" C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1384669652-2270756765-572751751-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\Internet Explorer\DOMStorage\microsoft.windows.cortana\ = "23" C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1384669652-2270756765-572751751-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\TrayNotify\IconStreams = 14000000070000000100010005000000140000007b005300330038004f0053003400300034002d0031005100340033002d0034003200530032002d0039003300300035002d00360037005100520030004f003200380053005000320033007d005c0072006b006300790062006500720065002e0072006b0072000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001c100000000000002000000e70709004100720067006a006200650078002000200033000a00a430f330bf30fc30cd30c330c8302000a230af30bb30b93000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000074ae2078e323294282c1e41cb67d5b9c00000000000000000000000084c1311b37edd90100000000000000000000000000000d20feb05a007600700065006200660062007300670020004a0076006100710062006a006600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000007b005300330038004f0053003400300034002d0031005100340033002d0034003200530032002d0039003300300035002d00360037005100520030004f003200380053005000320033007d005c0072006b006300790062006500720065002e0072006b00720000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000640000000000000002000000e70709004600630072006e0078007200650066003a002000360037002500000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000100000073ae2078e323294282c1e41cb67d5b9c000000000000000000000000b8301d1a37edd90100000000000000000000000000000d20feb05a007600700065006200660062007300670020004a0076006100710062006a006600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000007b00360051003800300039003300370037002d0036004e00530030002d003400340034004f002d0038003900350037002d004e00330037003700330053003000320032003000300052007d005c004a0076006100710062006a0066002000510072007300720061007100720065005c005a0046004e00460050006800760059002e0072006b007200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000640000000000000000000000e70709004e0070006700760062006100660020006100720072007100720071002e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000fffffffff9a6406d323dcb4f8a86be992e03dc7600000000000000000000000053c57653b9e7d90100000000000000000000000000000d20feb05a007600700065006200660062007300670020004a0076006100710062006a006600000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007b005300330038004f0053003400300034002d0031005100340033002d0034003200530032002d0039003300300035002d00360037005100520030004f003200380053005000320033007d005c0072006b006300790062006500720065002e0072006b00720000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000e7070900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff75ae2078e323294282c1e41cb67d5b9c000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000007b005300330038004f0053003400300034002d0031005100340033002d0034003200530032002d0039003300300035002d00360037005100520030004f003200380053005000320033007d005c0072006b006300790062006500720065002e0072006b00720000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000e7070900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff81ae2078e323294282c1e41cb67d5b9c00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 C:\Windows\explorer.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1384669652-2270756765-572751751-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VendorId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1384669652-2270756765-572751751-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies\CacheLimit = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1384669652-2270756765-572751751-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1384669652-2270756765-572751751-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1384669652-2270756765-572751751-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1384669652-2270756765-572751751-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1384669652-2270756765-572751751-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1384669652-2270756765-572751751-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 020000000100000000000000ffffffff C:\Windows\explorer.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1384669652-2270756765-572751751-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1384669652-2270756765-572751751-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\TreeView = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1384669652-2270756765-572751751-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1384669652-2270756765-572751751-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1384669652-2270756765-572751751-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1384669652-2270756765-572751751-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1384669652-2270756765-572751751-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1384669652-2270756765-572751751-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x1414\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1384669652-2270756765-572751751-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy\InProgressFlags = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1384669652-2270756765-572751751-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.cortana\Total = "56" C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1384669652-2270756765-572751751-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1384669652-2270756765-572751751-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{AEBA21FA-782A-4A90-978D-B72164 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1384669652-2270756765-572751751-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1384669652-2270756765-572751751-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1384669652-2270756765-572751751-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\Total C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1384669652-2270756765-572751751-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{A8A88C49-5EB2-4990-A1A2-087602 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1384669652-2270756765-572751751-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1384669652-2270756765-572751751-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus\DynamicCodePolicy = 05000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1384669652-2270756765-572751751-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1384669652-2270756765-572751751-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-SubSysId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1384669652-2270756765-572751751-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-Revision = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1384669652-2270756765-572751751-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1384669652-2270756765-572751751-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1384669652-2270756765-572751751-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DeviceId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1384669652-2270756765-572751751-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionHigh = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1384669652-2270756765-572751751-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1384669652-2270756765-572751751-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1384669652-2270756765-572751751-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1384669652-2270756765-572751751-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DXFeatureLevel = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1384669652-2270756765-572751751-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VendorId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1384669652-2270756765-572751751-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1384669652-2270756765-572751751-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1384669652-2270756765-572751751-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1384669652-2270756765-572751751-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1384669652-2270756765-572751751-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\CIPolicyState = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1384669652-2270756765-572751751-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1384669652-2270756765-572751751-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\PrivacyAdvanced = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1384669652-2270756765-572751751-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Explorer\Main C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1384669652-2270756765-572751751-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1384669652-2270756765-572751751-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1384669652-2270756765-572751751-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content\CacheLimit = "256000" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1384669652-2270756765-572751751-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.cortana\Total = "23" C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1384669652-2270756765-572751751-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1384669652-2270756765-572751751-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\LowMic C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1384669652-2270756765-572751751-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1384669652-2270756765-572751751-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\SubSysId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1384669652-2270756765-572751751-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1384669652-2270756765-572751751-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\DynamicCodePolicy = 00000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1384669652-2270756765-572751751-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History\CacheLimit = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1384669652-2270756765-572751751-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\TreeView = "1" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1384669652-2270756765-572751751-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-Revision = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1384669652-2270756765-572751751-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\SignaturePolicy = 06000000 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1384669652-2270756765-572751751-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VendorId = "0" C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\explorer.exe N/A

Suspicious behavior: MapViewOfSection

Description Indicator Process Target
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: 33 N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A
N/A N/A C:\Windows\explorer.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Users\Admin\Desktop\licencu\application package\lic.exe N/A
N/A N/A C:\Users\Admin\Desktop\licencu\application package\package.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A
N/A N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3132 wrote to memory of 788 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3132 wrote to memory of 788 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3132 wrote to memory of 788 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3132 wrote to memory of 788 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3132 wrote to memory of 788 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3132 wrote to memory of 788 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3132 wrote to memory of 788 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3132 wrote to memory of 788 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3132 wrote to memory of 788 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3132 wrote to memory of 788 N/A C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
PID 3788 wrote to memory of 812 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3788 wrote to memory of 812 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3788 wrote to memory of 4124 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3788 wrote to memory of 4124 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3788 wrote to memory of 4124 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3788 wrote to memory of 4124 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3788 wrote to memory of 4124 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3788 wrote to memory of 4124 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3788 wrote to memory of 4124 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3788 wrote to memory of 4124 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3788 wrote to memory of 4124 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3788 wrote to memory of 4124 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3788 wrote to memory of 4124 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3788 wrote to memory of 4124 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3788 wrote to memory of 4124 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3788 wrote to memory of 4124 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3788 wrote to memory of 4124 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3788 wrote to memory of 4124 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3788 wrote to memory of 4124 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3788 wrote to memory of 4124 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3788 wrote to memory of 4124 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3788 wrote to memory of 4124 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3788 wrote to memory of 4124 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3788 wrote to memory of 4124 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3788 wrote to memory of 4124 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3788 wrote to memory of 4124 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3788 wrote to memory of 4124 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3788 wrote to memory of 4124 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3788 wrote to memory of 4124 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3788 wrote to memory of 4124 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3788 wrote to memory of 4124 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3788 wrote to memory of 4124 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3788 wrote to memory of 4124 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3788 wrote to memory of 4124 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3788 wrote to memory of 4124 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3788 wrote to memory of 4124 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3788 wrote to memory of 4124 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3788 wrote to memory of 4124 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3788 wrote to memory of 4124 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3788 wrote to memory of 4124 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3788 wrote to memory of 2296 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3788 wrote to memory of 2296 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3788 wrote to memory of 2688 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3788 wrote to memory of 2688 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3788 wrote to memory of 2688 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3788 wrote to memory of 2688 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3788 wrote to memory of 2688 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3788 wrote to memory of 2688 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3788 wrote to memory of 2688 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3788 wrote to memory of 2688 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3788 wrote to memory of 2688 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3788 wrote to memory of 2688 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3788 wrote to memory of 2688 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3788 wrote to memory of 2688 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Uses Task Scheduler COM API

persistence

Uses Volume Shadow Copy WMI provider

ransomware

Processes

C:\Windows\system32\LaunchWinApp.exe

"C:\Windows\system32\LaunchWinApp.exe" "https://google.com"

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff906e39758,0x7ff906e39768,0x7ff906e39778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1716 --field-trial-handle=1968,i,3884667857358449726,8513940399849027689,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2208 --field-trial-handle=1968,i,3884667857358449726,8513940399849027689,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2996 --field-trial-handle=1968,i,3884667857358449726,8513940399849027689,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2988 --field-trial-handle=1968,i,3884667857358449726,8513940399849027689,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1916 --field-trial-handle=1968,i,3884667857358449726,8513940399849027689,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3736 --field-trial-handle=1968,i,3884667857358449726,8513940399849027689,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4772 --field-trial-handle=1968,i,3884667857358449726,8513940399849027689,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4864 --field-trial-handle=1968,i,3884667857358449726,8513940399849027689,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5040 --field-trial-handle=1968,i,3884667857358449726,8513940399849027689,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4724 --field-trial-handle=1968,i,3884667857358449726,8513940399849027689,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5040 --field-trial-handle=1968,i,3884667857358449726,8513940399849027689,131072 /prefetch:1

C:\Windows\System32\IME\SHARED\imebroker.exe

C:\Windows\System32\IME\SHARED\imebroker.exe -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5280 --field-trial-handle=1968,i,3884667857358449726,8513940399849027689,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=1620 --field-trial-handle=1968,i,3884667857358449726,8513940399849027689,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5504 --field-trial-handle=1968,i,3884667857358449726,8513940399849027689,131072 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x42c

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5864 --field-trial-handle=1968,i,3884667857358449726,8513940399849027689,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5768 --field-trial-handle=1968,i,3884667857358449726,8513940399849027689,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5996 --field-trial-handle=1968,i,3884667857358449726,8513940399849027689,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5988 --field-trial-handle=1968,i,3884667857358449726,8513940399849027689,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5392 --field-trial-handle=1968,i,3884667857358449726,8513940399849027689,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5436 --field-trial-handle=1968,i,3884667857358449726,8513940399849027689,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5420 --field-trial-handle=1968,i,3884667857358449726,8513940399849027689,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3748 --field-trial-handle=1968,i,3884667857358449726,8513940399849027689,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4720 --field-trial-handle=1968,i,3884667857358449726,8513940399849027689,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5840 --field-trial-handle=1968,i,3884667857358449726,8513940399849027689,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=4784 --field-trial-handle=1968,i,3884667857358449726,8513940399849027689,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1928 --field-trial-handle=1968,i,3884667857358449726,8513940399849027689,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=6404 --field-trial-handle=1968,i,3884667857358449726,8513940399849027689,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=6028 --field-trial-handle=1968,i,3884667857358449726,8513940399849027689,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=3488 --field-trial-handle=1968,i,3884667857358449726,8513940399849027689,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=5272 --field-trial-handle=1968,i,3884667857358449726,8513940399849027689,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=5340 --field-trial-handle=1968,i,3884667857358449726,8513940399849027689,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=3096 --field-trial-handle=1968,i,3884667857358449726,8513940399849027689,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=6764 --field-trial-handle=1968,i,3884667857358449726,8513940399849027689,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=7048 --field-trial-handle=1968,i,3884667857358449726,8513940399849027689,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=5500 --field-trial-handle=1968,i,3884667857358449726,8513940399849027689,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=7336 --field-trial-handle=1968,i,3884667857358449726,8513940399849027689,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6756 --field-trial-handle=1968,i,3884667857358449726,8513940399849027689,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=7648 --field-trial-handle=1968,i,3884667857358449726,8513940399849027689,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=7080 --field-trial-handle=1968,i,3884667857358449726,8513940399849027689,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=7276 --field-trial-handle=1968,i,3884667857358449726,8513940399849027689,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=7264 --field-trial-handle=1968,i,3884667857358449726,8513940399849027689,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=8132 --field-trial-handle=1968,i,3884667857358449726,8513940399849027689,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=8260 --field-trial-handle=1968,i,3884667857358449726,8513940399849027689,131072 /prefetch:1

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7940 --field-trial-handle=1968,i,3884667857358449726,8513940399849027689,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7224 --field-trial-handle=1968,i,3884667857358449726,8513940399849027689,131072 /prefetch:8

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\" -an -ai#7zMap10378:92:7zEvent7956

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=8612 --field-trial-handle=1968,i,3884667857358449726,8513940399849027689,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=8640 --field-trial-handle=1968,i,3884667857358449726,8513940399849027689,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=8608 --field-trial-handle=1968,i,3884667857358449726,8513940399849027689,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=8520 --field-trial-handle=1968,i,3884667857358449726,8513940399849027689,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=6972 --field-trial-handle=1968,i,3884667857358449726,8513940399849027689,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=8328 --field-trial-handle=1968,i,3884667857358449726,8513940399849027689,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=8248 --field-trial-handle=1968,i,3884667857358449726,8513940399849027689,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=7140 --field-trial-handle=1968,i,3884667857358449726,8513940399849027689,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=7096 --field-trial-handle=1968,i,3884667857358449726,8513940399849027689,131072 /prefetch:1

C:\Users\Admin\Desktop\licencu\application package\lic.exe

"C:\Users\Admin\Desktop\licencu\application package\lic.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=8620 --field-trial-handle=1968,i,3884667857358449726,8513940399849027689,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=7180 --field-trial-handle=1968,i,3884667857358449726,8513940399849027689,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --mojo-platform-channel-handle=8584 --field-trial-handle=1968,i,3884667857358449726,8513940399849027689,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --mojo-platform-channel-handle=8784 --field-trial-handle=1968,i,3884667857358449726,8513940399849027689,131072 /prefetch:1

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\licencu\application package\Settings.vbs"

C:\Program Files\Windows Defender\MSASCui.exe

"C:\Program Files\Windows Defender\MSASCui.exe"

C:\Users\Admin\Desktop\licencu\application package\package.exe

"C:\Users\Admin\Desktop\licencu\application package\package.exe"

C:\INSTALLER\UQGOSTIDVY.exe

C:\INSTALLER\UQGOSTIDVY.exe

C:\INSTALLER\DUFIXDUWFS.exe

C:\INSTALLER\DUFIXDUWFS.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4300 -s 132

C:\Windows\explorer.exe

explorer.exe

C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe

"C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4768 -s 140

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca

C:\Windows\system32\browser_broker.exe

C:\Windows\system32\browser_broker.exe -Embedding

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

Network

Country Destination Domain Proto
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 142.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 126.21.238.8.in-addr.arpa udp
US 8.8.8.8:53 35.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 196.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 ssl.gstatic.com udp
DE 172.217.23.195:443 ssl.gstatic.com tcp
DE 172.217.23.195:443 ssl.gstatic.com tcp
US 8.8.8.8:53 clients1.google.com udp
NL 142.251.36.46:443 clients1.google.com tcp
NL 142.251.36.46:443 clients1.google.com tcp
US 8.8.8.8:53 195.23.217.172.in-addr.arpa udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 ogs.google.com udp
DE 172.217.23.206:443 apis.google.com tcp
DE 172.217.23.206:443 apis.google.com tcp
NL 142.250.179.206:443 ogs.google.com tcp
NL 142.250.179.206:443 ogs.google.com tcp
US 8.8.8.8:53 46.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 195.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 206.23.217.172.in-addr.arpa udp
US 8.8.8.8:53 206.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 apis.google.com udp
DE 172.217.23.206:443 apis.google.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 youtube.com udp
NL 216.58.214.14:443 youtube.com tcp
NL 216.58.214.14:443 youtube.com tcp
US 8.8.8.8:53 i.ytimg.com udp
NL 142.251.36.22:443 i.ytimg.com tcp
US 8.8.8.8:53 14.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 22.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 106.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.179.141:443 accounts.google.com udp
US 8.8.8.8:53 141.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
NL 142.250.179.162:443 googleads.g.doubleclick.net tcp
NL 142.250.179.162:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 162.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
NL 142.251.36.42:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 suggestqueries-clients6.youtube.com udp
NL 172.217.168.206:443 suggestqueries-clients6.youtube.com tcp
NL 172.217.168.206:443 suggestqueries-clients6.youtube.com udp
US 8.8.8.8:53 yt3.ggpht.com udp
US 8.8.8.8:53 i2.ytimg.com udp
NL 142.251.36.22:443 i.ytimg.com udp
US 8.8.8.8:53 42.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 206.168.217.172.in-addr.arpa udp
NL 142.251.36.1:443 yt3.ggpht.com tcp
NL 142.251.36.1:443 yt3.ggpht.com tcp
NL 142.251.36.1:443 yt3.ggpht.com tcp
NL 142.250.179.174:443 i2.ytimg.com tcp
US 8.8.8.8:53 1.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 174.179.250.142.in-addr.arpa udp
NL 142.251.36.1:443 yt3.ggpht.com udp
US 8.8.8.8:53 jnn-pa.googleapis.com udp
NL 216.58.214.10:443 jnn-pa.googleapis.com udp
US 8.8.8.8:53 static.doubleclick.net udp
NL 142.251.36.6:443 static.doubleclick.net tcp
US 8.8.8.8:53 10.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 6.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 192.178.49.3:443 beacons.gcp.gvt2.com tcp
US 192.178.49.3:443 beacons.gcp.gvt2.com tcp
NL 172.217.168.206:443 suggestqueries-clients6.youtube.com udp
US 8.8.8.8:53 e2c66.gcp.gvt2.com udp
US 34.166.9.70:443 e2c66.gcp.gvt2.com tcp
US 8.8.8.8:53 70.9.166.34.in-addr.arpa udp
US 8.8.8.8:53 beacons.gvt2.com udp
GB 172.217.169.3:443 beacons.gvt2.com tcp
US 8.8.8.8:53 3.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 i1.ytimg.com udp
GB 216.58.208.110:443 i1.ytimg.com tcp
US 8.8.8.8:53 198.23.217.172.in-addr.arpa udp
US 8.8.8.8:53 110.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 rr1---sn-5hne6nsz.googlevideo.com udp
NL 74.125.100.70:443 rr1---sn-5hne6nsz.googlevideo.com tcp
NL 74.125.100.70:443 rr1---sn-5hne6nsz.googlevideo.com tcp
US 8.8.8.8:53 rr5---sn-5hneknek.googlevideo.com udp
NL 74.125.8.138:443 rr5---sn-5hneknek.googlevideo.com udp
US 8.8.8.8:53 70.100.125.74.in-addr.arpa udp
US 8.8.8.8:53 138.8.125.74.in-addr.arpa udp
US 8.8.8.8:53 rr2---sn-5hne6nsr.googlevideo.com udp
NL 172.217.132.71:443 rr2---sn-5hne6nsr.googlevideo.com udp
US 8.8.8.8:53 71.132.217.172.in-addr.arpa udp
NL 74.125.100.70:443 rr1---sn-5hne6nsz.googlevideo.com udp
US 8.8.8.8:53 rr2---sn-5hne6nsy.googlevideo.com udp
NL 172.217.132.103:443 rr2---sn-5hne6nsy.googlevideo.com udp
US 8.8.8.8:53 103.132.217.172.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
NL 142.251.36.14:443 play.google.com tcp
NL 142.251.36.14:443 play.google.com udp
US 8.8.8.8:53 14.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 package.easysoftc.com udp
US 192.64.119.254:443 package.easysoftc.com tcp
US 192.64.119.254:443 package.easysoftc.com tcp
US 192.64.119.254:443 package.easysoftc.com tcp
US 192.64.119.254:80 package.easysoftc.com tcp
US 192.64.119.254:80 package.easysoftc.com tcp
US 8.8.8.8:53 easysofty.com udp
IT 179.43.170.230:443 easysofty.com tcp
US 8.8.8.8:53 apps.identrust.com udp
US 2.18.121.132:80 apps.identrust.com tcp
US 8.8.8.8:53 254.119.64.192.in-addr.arpa udp
US 8.8.8.8:53 230.170.43.179.in-addr.arpa udp
US 8.8.8.8:53 www.mediafire.com udp
US 104.16.114.74:443 www.mediafire.com tcp
US 8.8.8.8:53 the.gatekeeperconsent.com udp
US 172.67.144.62:443 the.gatekeeperconsent.com tcp
US 8.8.8.8:53 132.121.18.2.in-addr.arpa udp
US 8.8.8.8:53 8.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 74.114.16.104.in-addr.arpa udp
US 8.8.8.8:53 62.144.67.172.in-addr.arpa udp
US 8.8.8.8:53 btloader.com udp
US 8.8.8.8:53 privacy.gatekeeperconsent.com udp
US 8.8.8.8:53 www.ezojs.com udp
US 8.8.8.8:53 translate.google.com udp
US 104.26.7.139:443 btloader.com tcp
US 172.67.144.62:443 privacy.gatekeeperconsent.com tcp
NL 142.250.179.206:443 translate.google.com tcp
US 104.21.93.25:443 www.ezojs.com tcp
US 8.8.8.8:53 static.mediafire.com udp
US 8.8.8.8:53 139.7.26.104.in-addr.arpa udp
US 8.8.8.8:53 25.93.21.104.in-addr.arpa udp
US 8.8.8.8:53 api.btloader.com udp
US 130.211.23.194:443 api.btloader.com tcp
US 8.8.8.8:53 g.ezoic.net udp
US 34.230.232.255:443 g.ezoic.net tcp
US 8.8.8.8:53 194.23.211.130.in-addr.arpa udp
US 8.8.8.8:53 255.232.230.34.in-addr.arpa udp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 8.8.8.8:53 cdn.amplitude.com udp
US 104.16.57.101:443 static.cloudflareinsights.com tcp
US 18.239.63.101:443 cdn.amplitude.com tcp
US 8.8.8.8:53 cdn.otnolatrnup.com udp
US 8.8.8.8:53 101.57.16.104.in-addr.arpa udp
US 8.8.8.8:53 101.63.239.18.in-addr.arpa udp
US 8.8.8.8:53 112.211.227.13.in-addr.arpa udp
US 8.8.8.8:53 178.36.239.216.in-addr.arpa udp
US 8.8.8.8:53 ad-delivery.net udp
US 104.26.3.70:443 ad-delivery.net tcp
US 8.8.8.8:53 api.amplitude.com udp
US 34.215.78.194:443 api.amplitude.com tcp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 translate.googleapis.com udp
NL 142.250.102.154:443 stats.g.doubleclick.net tcp
US 8.8.8.8:53 go.ezodn.com udp
US 130.211.23.194:443 api.btloader.com udp
NL 142.251.39.106:443 translate.googleapis.com tcp
US 172.64.137.15:443 go.ezodn.com tcp
US 8.8.8.8:53 70.3.26.104.in-addr.arpa udp
US 8.8.8.8:53 154.102.250.142.in-addr.arpa udp
US 8.8.8.8:53 106.39.251.142.in-addr.arpa udp
US 8.8.8.8:53 15.137.64.172.in-addr.arpa udp
US 8.8.8.8:53 194.78.215.34.in-addr.arpa udp
US 172.64.137.15:443 go.ezodn.com udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 172.217.218.155:443 securepubads.g.doubleclick.net tcp
US 8.8.8.8:53 translate-pa.googleapis.com udp
US 8.8.8.8:53 155.218.217.172.in-addr.arpa udp
US 8.8.8.8:53 prebid.media.net udp
US 8.8.8.8:53 btlr.sharethrough.com udp
US 34.107.148.139:443 prebid.media.net tcp
US 34.235.214.237:443 btlr.sharethrough.com tcp
US 34.235.214.237:443 btlr.sharethrough.com tcp
US 34.235.214.237:443 btlr.sharethrough.com tcp
US 34.235.214.237:443 btlr.sharethrough.com tcp
US 34.235.214.237:443 btlr.sharethrough.com tcp
US 8.8.8.8:53 hbopenbid.pubmatic.com udp
NL 185.64.189.112:443 hbopenbid.pubmatic.com tcp
US 8.8.8.8:53 analytics.google.com udp
NL 142.250.102.154:443 stats.g.doubleclick.net udp
US 216.239.32.181:443 analytics.google.com tcp
US 8.8.8.8:53 209.80.50.20.in-addr.arpa udp
US 8.8.8.8:53 139.148.107.34.in-addr.arpa udp
US 8.8.8.8:53 112.189.64.185.in-addr.arpa udp
US 8.8.8.8:53 237.214.235.34.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 172.217.218.155:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 181.32.239.216.in-addr.arpa udp
NL 142.250.179.206:443 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
US 8.8.8.8:53 d4881ae1e027bc10863191ac7ea42d8f.safeframe.googlesyndication.com udp
NL 142.250.179.161:443 d4881ae1e027bc10863191ac7ea42d8f.safeframe.googlesyndication.com tcp
US 8.8.8.8:53 cdn.id5-sync.com udp
US 104.22.52.86:443 cdn.id5-sync.com tcp
NL 142.250.179.206:443 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 oa.openxcdn.net udp
US 34.102.146.192:443 oa.openxcdn.net tcp
NL 142.250.179.161:443 d4881ae1e027bc10863191ac7ea42d8f.safeframe.googlesyndication.com udp
US 8.8.8.8:53 id5-sync.com udp
US 8.8.8.8:53 static.criteo.net udp
DE 162.19.138.117:443 id5-sync.com tcp
US 8.8.8.8:53 229.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 226.21.18.104.in-addr.arpa udp
US 8.8.8.8:53 86.52.22.104.in-addr.arpa udp
US 8.8.8.8:53 192.146.102.34.in-addr.arpa udp
US 8.8.8.8:53 161.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 130.179.250.142.in-addr.arpa udp
FR 178.250.7.2:443 static.criteo.net tcp
US 8.8.8.8:53 cm.g.doubleclick.net udp
US 8.8.8.8:53 dsum-sec.casalemedia.com udp
US 104.18.27.193:443 dsum-sec.casalemedia.com tcp
US 8.8.8.8:53 www.googletagservices.com udp
DE 172.217.23.194:443 www.googletagservices.com tcp
DE 172.217.23.194:443 www.googletagservices.com tcp
US 8.8.8.8:53 cdn.prod.uidapi.com udp
US 8.8.8.8:53 tags.crwdcntrl.net udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
US 8.8.8.8:53 invstatic101.creativecdn.com udp
US 34.96.70.87:443 invstatic101.creativecdn.com tcp
US 18.239.18.33:443 tags.crwdcntrl.net tcp
US 8.8.8.8:53 googleads4.g.doubleclick.net udp
US 8.8.8.8:53 s0.2mdn.net udp
US 18.239.84.102:443 cdn.prod.uidapi.com tcp
US 8.8.8.8:53 oajs.openx.net udp
US 34.120.107.143:443 oajs.openx.net tcp
NL 142.250.179.134:443 s0.2mdn.net tcp
NL 142.250.179.162:443 googleads4.g.doubleclick.net tcp
US 8.8.8.8:53 sync-tm.everesttech.net udp
US 172.217.218.155:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 rtb.openx.net udp
US 8.8.8.8:53 a.tribalfusion.com udp
US 151.101.2.49:443 sync-tm.everesttech.net tcp
US 104.18.24.173:443 a.tribalfusion.com tcp
NL 142.250.179.162:443 googleads4.g.doubleclick.net udp
US 8.8.8.8:53 match.360yield.com udp
US 8.8.8.8:53 image6.pubmatic.com udp
US 8.8.8.8:53 match.sharethrough.com udp
US 8.8.8.8:53 a.rfihub.com udp
US 35.186.253.211:443 rtb.openx.net tcp
US 8.8.8.8:53 117.138.19.162.in-addr.arpa udp
NL 193.0.160.130:443 a.rfihub.com tcp
US 8.8.8.8:53 2.7.250.178.in-addr.arpa udp
US 8.8.8.8:53 193.27.18.104.in-addr.arpa udp
US 8.8.8.8:53 194.23.217.172.in-addr.arpa udp
GB 185.64.190.78:443 image6.pubmatic.com tcp
US 8.8.8.8:53 33.18.239.18.in-addr.arpa udp
US 8.8.8.8:53 102.84.239.18.in-addr.arpa udp
US 8.8.8.8:53 143.107.120.34.in-addr.arpa udp
US 8.8.8.8:53 134.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 49.2.101.151.in-addr.arpa udp
US 8.8.8.8:53 87.70.96.34.in-addr.arpa udp
DE 18.197.170.218:443 match.sharethrough.com tcp
US 52.71.246.190:443 match.360yield.com tcp
US 34.120.107.143:443 oajs.openx.net udp
US 8.8.8.8:53 ads.pubmatic.com udp
US 8.8.8.8:53 contextual.media.net udp
US 8.8.8.8:53 bcp.crwdcntrl.net udp
US 8.8.8.8:53 s.tribalfusion.com udp
US 23.36.244.189:443 ads.pubmatic.com tcp
NL 104.85.0.23:443 contextual.media.net tcp
US 3.219.193.158:443 bcp.crwdcntrl.net tcp
US 8.8.8.8:53 google-bidout-d.openx.net udp
US 35.244.159.8:443 google-bidout-d.openx.net tcp
US 8.8.8.8:53 download2325.mediafire.com udp
US 199.91.155.66:443 download2325.mediafire.com tcp
US 199.91.155.66:443 download2325.mediafire.com tcp
US 8.8.8.8:53 173.24.18.104.in-addr.arpa udp
US 8.8.8.8:53 211.253.186.35.in-addr.arpa udp
US 8.8.8.8:53 130.160.0.193.in-addr.arpa udp
US 8.8.8.8:53 78.190.64.185.in-addr.arpa udp
US 8.8.8.8:53 218.170.197.18.in-addr.arpa udp
US 8.8.8.8:53 190.246.71.52.in-addr.arpa udp
US 8.8.8.8:53 189.244.36.23.in-addr.arpa udp
US 8.8.8.8:53 23.0.85.104.in-addr.arpa udp
US 8.8.8.8:53 158.193.219.3.in-addr.arpa udp
US 8.8.8.8:53 8.159.244.35.in-addr.arpa udp
US 104.18.27.193:443 dsum-sec.casalemedia.com udp
US 8.8.8.8:53 ib.adnxs.com udp
NL 185.89.210.90:443 ib.adnxs.com tcp
US 8.8.8.8:53 pr-bh.ybp.yahoo.com udp
US 8.8.8.8:53 s.amazon-adsystem.com udp
US 8.8.8.8:53 match.adsrvr.org udp
IE 34.255.44.222:443 pr-bh.ybp.yahoo.com tcp
US 52.46.128.147:443 s.amazon-adsystem.com tcp
US 52.223.40.198:443 match.adsrvr.org tcp
US 8.8.8.8:53 dis.criteo.com udp
FR 178.250.7.11:443 dis.criteo.com tcp
US 8.8.8.8:53 aax-eu.amazon-adsystem.com udp
IE 54.239.33.159:443 aax-eu.amazon-adsystem.com tcp
US 192.178.49.3:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 widget.us.criteo.com udp
US 74.119.119.150:443 widget.us.criteo.com tcp
US 8.8.8.8:53 cms.quantserve.com udp
US 192.184.69.201:443 cms.quantserve.com tcp
US 8.8.8.8:53 sync.crwdcntrl.net udp
US 8.8.8.8:53 simage2.pubmatic.com udp
US 8.8.8.8:53 cr.frontend.weborama.fr udp
US 44.193.240.0:443 sync.crwdcntrl.net tcp
US 8.8.8.8:53 a.audrte.com udp
NL 198.47.127.205:443 simage2.pubmatic.com tcp
US 8.8.8.8:53 um.simpli.fi udp
US 8.8.8.8:53 c1.adform.net udp
US 34.111.129.221:443 cr.frontend.weborama.fr tcp
US 54.197.82.124:443 a.audrte.com tcp
US 8.8.8.8:53 66.155.91.199.in-addr.arpa udp
US 8.8.8.8:53 90.210.89.185.in-addr.arpa udp
DK 37.157.6.254:443 c1.adform.net tcp
US 8.8.8.8:53 222.44.255.34.in-addr.arpa udp
US 8.8.8.8:53 147.128.46.52.in-addr.arpa udp
US 8.8.8.8:53 198.40.223.52.in-addr.arpa udp
US 8.8.8.8:53 11.7.250.178.in-addr.arpa udp
DE 3.71.149.231:443 ups.analytics.yahoo.com tcp
US 8.8.8.8:53 101.14.18.104.in-addr.arpa udp
US 8.8.8.8:53 159.33.239.54.in-addr.arpa udp
US 8.8.8.8:53 201.69.184.192.in-addr.arpa udp
NL 35.204.74.118:443 um.simpli.fi tcp
US 8.8.8.8:53 image2.pubmatic.com udp
US 162.248.18.37:443 image2.pubmatic.com tcp
US 162.248.18.37:443 image2.pubmatic.com tcp
US 34.111.129.221:443 cr.frontend.weborama.fr udp
NL 142.250.179.141:443 accounts.google.com udp
NL 142.250.179.141:443 accounts.google.com tcp
US 8.8.8.8:53 dmp.adform.net udp
US 8.8.8.8:53 205.127.47.198.in-addr.arpa udp
US 8.8.8.8:53 221.129.111.34.in-addr.arpa udp
US 8.8.8.8:53 254.6.157.37.in-addr.arpa udp
US 8.8.8.8:53 118.74.204.35.in-addr.arpa udp
US 8.8.8.8:53 231.149.71.3.in-addr.arpa udp
US 8.8.8.8:53 0.240.193.44.in-addr.arpa udp
US 8.8.8.8:53 124.82.197.54.in-addr.arpa udp
US 8.8.8.8:53 37.18.248.162.in-addr.arpa udp
US 216.239.32.181:443 analytics.google.com udp
US 8.8.8.8:53 simage4.pubmatic.com udp
GB 185.64.190.81:443 simage4.pubmatic.com tcp
US 8.8.8.8:53 beacons4.gvt2.com udp
US 216.239.32.116:443 beacons4.gvt2.com tcp
US 8.8.8.8:53 dsp.adfarm1.adition.com udp
DE 85.114.159.118:443 dsp.adfarm1.adition.com tcp
US 216.239.32.116:443 beacons4.gvt2.com udp
US 8.8.8.8:53 sync.srv.stackadapt.com udp
US 54.164.186.38:443 sync.srv.stackadapt.com tcp
US 8.8.8.8:53 cm.adgrx.com udp
NL 64.95.96.108:443 cm.adgrx.com tcp
US 8.8.8.8:53 81.190.64.185.in-addr.arpa udp
US 8.8.8.8:53 116.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 118.159.114.85.in-addr.arpa udp
NL 142.251.39.106:443 translate-pa.googleapis.com udp
US 8.8.8.8:53 match.prod.bidr.io udp
US 52.22.116.225:443 match.prod.bidr.io tcp
US 8.8.8.8:53 108.96.95.64.in-addr.arpa udp
US 8.8.8.8:53 38.186.164.54.in-addr.arpa udp
US 8.8.8.8:53 csync.loopme.me udp
US 8.8.8.8:53 sync.technoratimedia.com udp
NL 35.214.243.82:443 csync.loopme.me tcp
US 8.8.8.8:53 mwzeom.zeotap.com udp
US 8.8.8.8:53 uipglob.semasio.net udp
US 8.8.8.8:53 pixel.onaudience.com udp
US 8.8.8.8:53 x.bidswitch.net udp
US 8.8.8.8:53 pixel-sync.sitescout.com udp
US 8.8.8.8:53 pubmatic-match.dotomi.com udp
US 8.8.8.8:53 ad.turn.com udp
US 150.136.25.38:443 sync.technoratimedia.com tcp
FR 141.94.171.216:443 pixel.onaudience.com tcp
US 172.67.13.182:443 mwzeom.zeotap.com tcp
DE 18.196.113.49:443 x.bidswitch.net tcp
DK 77.243.51.121:443 uipglob.semasio.net tcp
US 207.198.113.89:443 pixel-sync.sitescout.com tcp
NL 64.158.223.137:443 pubmatic-match.dotomi.com tcp
NL 46.228.164.11:443 ad.turn.com tcp
US 8.8.8.8:53 225.116.22.52.in-addr.arpa udp
US 8.8.8.8:53 82.243.214.35.in-addr.arpa udp
US 8.8.8.8:53 sync.bumlam.com udp
US 8.8.8.8:53 stags.bluekai.com udp
DE 31.172.81.158:443 sync.bumlam.com tcp
JP 23.207.96.112:443 stags.bluekai.com tcp
US 8.8.8.8:53 uipus.semasio.net udp
US 50.57.31.206:443 uipus.semasio.net tcp
US 8.8.8.8:53 bh.contextweb.com udp
US 198.148.27.131:443 bh.contextweb.com tcp
US 8.8.8.8:53 182.13.67.172.in-addr.arpa udp
US 8.8.8.8:53 49.113.196.18.in-addr.arpa udp
US 8.8.8.8:53 216.171.94.141.in-addr.arpa udp
US 8.8.8.8:53 137.223.158.64.in-addr.arpa udp
US 8.8.8.8:53 121.51.243.77.in-addr.arpa udp
US 8.8.8.8:53 11.164.228.46.in-addr.arpa udp
US 8.8.8.8:53 38.25.136.150.in-addr.arpa udp
US 8.8.8.8:53 89.113.198.207.in-addr.arpa udp
US 8.8.8.8:53 112.96.207.23.in-addr.arpa udp
US 8.8.8.8:53 158.81.172.31.in-addr.arpa udp
US 8.8.8.8:53 206.31.57.50.in-addr.arpa udp
US 8.8.8.8:53 131.27.148.198.in-addr.arpa udp
US 8.8.8.8:53 rtb-csync.smartadserver.com udp
FR 185.86.139.94:443 rtb-csync.smartadserver.com tcp
US 8.8.8.8:53 94.139.86.185.in-addr.arpa udp
US 8.8.8.8:53 t.adx.opera.com udp
US 8.8.8.8:53 ipac.ctnsnet.com udp
NL 82.145.213.8:443 t.adx.opera.com tcp
US 35.186.193.173:443 ipac.ctnsnet.com tcp
US 8.8.8.8:53 d5p.de17a.com udp
SE 213.155.156.184:443 d5p.de17a.com tcp
US 8.8.8.8:53 p.rfihub.com udp
NL 193.0.160.131:443 p.rfihub.com tcp
US 8.8.8.8:53 ad.mrtnsvr.com udp
US 8.8.8.8:53 core.iprom.net udp
US 34.102.163.6:443 ad.mrtnsvr.com tcp
SI 195.5.165.20:443 core.iprom.net tcp
US 104.18.24.173:443 s.tribalfusion.com udp
US 8.8.8.8:53 cm-supply-web.gammaplatform.com udp
SG 35.186.154.107:443 cm-supply-web.gammaplatform.com tcp
US 8.8.8.8:53 match.adsby.bidtheatre.com udp
NL 64.227.64.62:443 match.adsby.bidtheatre.com tcp
SG 35.186.154.107:443 cm-supply-web.gammaplatform.com tcp
US 8.8.8.8:53 8.213.145.82.in-addr.arpa udp
US 8.8.8.8:53 173.193.186.35.in-addr.arpa udp
US 8.8.8.8:53 184.156.155.213.in-addr.arpa udp
US 8.8.8.8:53 131.160.0.193.in-addr.arpa udp
US 8.8.8.8:53 6.163.102.34.in-addr.arpa udp
US 8.8.8.8:53 20.165.5.195.in-addr.arpa udp
US 8.8.8.8:53 62.64.227.64.in-addr.arpa udp
US 50.57.31.206:443 uipus.semasio.net tcp
US 8.8.8.8:53 green.erne.co udp
FR 141.94.242.226:443 green.erne.co tcp
US 8.8.8.8:53 matching.truffle.bid udp
DE 23.88.86.2:443 matching.truffle.bid tcp
US 8.8.8.8:53 pixel-eu.onaudience.com udp
FR 141.94.171.213:443 pixel-eu.onaudience.com tcp
US 8.8.8.8:53 ads.playground.xyz udp
US 8.8.8.8:53 sync.1rx.io udp
US 34.102.253.54:443 ads.playground.xyz tcp
US 199.127.204.171:443 sync.1rx.io tcp
US 8.8.8.8:53 secure.adnxs.com udp
NL 185.89.210.244:443 secure.adnxs.com tcp
US 8.8.8.8:53 226.242.94.141.in-addr.arpa udp
NL 46.228.164.11:443 ad.turn.com tcp
US 8.8.8.8:53 2.86.88.23.in-addr.arpa udp
US 8.8.8.8:53 213.171.94.141.in-addr.arpa udp
US 8.8.8.8:53 171.204.127.199.in-addr.arpa udp
US 8.8.8.8:53 244.210.89.185.in-addr.arpa udp
US 8.8.8.8:53 54.253.102.34.in-addr.arpa udp
US 8.8.8.8:53 sync.targeting.unrulymedia.com udp
US 46.228.174.117:443 sync.targeting.unrulymedia.com tcp
US 8.8.8.8:53 117.174.228.46.in-addr.arpa udp
US 8.8.8.8:53 120.208.253.8.in-addr.arpa udp
US 192.178.49.3:443 beacons.gcp.gvt2.com udp
NL 142.250.179.141:443 accounts.google.com udp
US 8.8.8.8:53 selfmicrosoft.com udp
US 104.21.89.116:443 selfmicrosoft.com tcp
US 216.239.32.116:443 beacons4.gvt2.com udp
US 8.8.8.8:53 cocomicrosof.click udp
US 188.114.96.0:443 cocomicrosof.click tcp
US 8.8.8.8:53 116.89.21.104.in-addr.arpa udp
NL 142.250.179.162:443 googleads4.g.doubleclick.net udp
US 8.8.8.8:53 0.96.114.188.in-addr.arpa udp
US 8.8.8.8:53 96.134.101.95.in-addr.arpa udp
US 8.8.8.8:53 ip-api.com udp
US 208.95.112.1:80 ip-api.com tcp
US 8.8.8.8:53 1.112.95.208.in-addr.arpa udp
US 188.114.96.0:443 cocomicrosof.click tcp
US 8.8.8.8:53 formiklass.fun udp
US 8.8.8.8:53 217.14.97.104.in-addr.arpa udp
US 188.114.96.0:80 formiklass.fun tcp
US 188.114.96.0:80 formiklass.fun tcp
US 188.114.96.0:80 formiklass.fun tcp
US 188.114.96.0:80 formiklass.fun tcp
US 188.114.96.0:80 formiklass.fun tcp
US 188.114.96.0:80 formiklass.fun tcp
US 188.114.96.0:80 formiklass.fun tcp
US 188.114.96.0:80 formiklass.fun tcp
US 188.114.96.0:80 formiklass.fun tcp
US 188.114.96.0:80 formiklass.fun tcp
US 188.114.96.0:80 formiklass.fun tcp
US 188.114.96.0:80 formiklass.fun tcp
US 188.114.96.0:80 formiklass.fun tcp
US 188.114.96.0:80 formiklass.fun tcp
US 188.114.96.0:80 formiklass.fun tcp
US 188.114.96.0:80 formiklass.fun tcp
US 188.114.96.0:80 formiklass.fun tcp
US 188.114.96.0:80 formiklass.fun tcp
US 188.114.96.0:80 formiklass.fun tcp
US 188.114.96.0:80 formiklass.fun tcp
US 188.114.96.0:80 formiklass.fun tcp
US 188.114.96.0:80 formiklass.fun tcp
US 188.114.96.0:80 formiklass.fun tcp
US 188.114.96.0:80 formiklass.fun tcp
US 188.114.96.0:80 formiklass.fun tcp
US 188.114.96.0:80 formiklass.fun tcp
US 188.114.96.0:80 formiklass.fun tcp
US 188.114.96.0:80 formiklass.fun tcp
US 188.114.96.0:80 formiklass.fun tcp
US 188.114.96.0:80 formiklass.fun tcp
US 188.114.96.0:80 formiklass.fun tcp
US 188.114.96.0:80 formiklass.fun tcp
US 188.114.96.0:80 formiklass.fun tcp
US 188.114.96.0:80 formiklass.fun tcp
US 188.114.96.0:80 formiklass.fun tcp
US 188.114.96.0:80 formiklass.fun tcp
US 188.114.96.0:80 formiklass.fun tcp
US 8.8.8.8:53 easysofty.com udp
IT 179.43.170.230:443 easysofty.com tcp
IT 179.43.170.230:443 easysofty.com tcp
US 8.8.8.8:53 147.174.42.23.in-addr.arpa udp
IT 179.43.170.230:80 easysofty.com tcp
IT 179.43.170.230:80 easysofty.com tcp
US 8.8.8.8:53 youtube.com udp
NL 216.58.214.14:443 youtube.com tcp
NL 216.58.214.14:443 youtube.com tcp
US 8.8.8.8:53 i.ytimg.com udp
NL 142.251.36.22:443 i.ytimg.com tcp
NL 142.251.36.22:443 i.ytimg.com tcp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.179.141:443 accounts.google.com tcp
NL 142.250.179.141:443 accounts.google.com tcp
US 8.8.8.8:53 133.121.18.2.in-addr.arpa udp
US 8.8.8.8:53 73.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 watson.telemetry.microsoft.com udp
US 20.42.65.92:443 watson.telemetry.microsoft.com tcp

Files

memory/2428-0-0x0000023143320000-0x0000023143330000-memory.dmp

memory/2428-16-0x0000023143B40000-0x0000023143B50000-memory.dmp

memory/2428-35-0x0000023143ED0000-0x0000023143ED2000-memory.dmp

memory/788-76-0x000001FE7C160000-0x000001FE7C180000-memory.dmp

memory/788-91-0x000001FE7BBE0000-0x000001FE7BBE2000-memory.dmp

memory/788-94-0x000001FE7BC20000-0x000001FE7BC22000-memory.dmp

memory/788-98-0x000001FE7BC30000-0x000001FE7BC32000-memory.dmp

memory/788-105-0x000001FE7BCD0000-0x000001FE7BCD2000-memory.dmp

memory/788-110-0x000001FE7BCF0000-0x000001FE7BCF2000-memory.dmp

memory/788-115-0x000001FE7BD10000-0x000001FE7BD12000-memory.dmp

memory/788-120-0x000001FE7BD40000-0x000001FE7BD42000-memory.dmp

memory/788-124-0x000001FE7BD60000-0x000001FE7BD62000-memory.dmp

memory/788-127-0x000001FE7BDA0000-0x000001FE7BDA2000-memory.dmp

memory/788-129-0x000001FE7BDD0000-0x000001FE7BDD2000-memory.dmp

memory/788-163-0x000001FE7B100000-0x000001FE7B200000-memory.dmp

memory/788-168-0x000001FE7B100000-0x000001FE7B200000-memory.dmp

memory/2428-180-0x000002314A8D0000-0x000002314A8D1000-memory.dmp

memory/2428-182-0x000002314A8E0000-0x000002314A8E1000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\X6YHHZZX\favicon[1].ico

MD5 f3418a443e7d841097c714d69ec4bcb8
SHA1 49263695f6b0cdd72f45cf1b775e660fdc36c606
SHA256 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
SHA512 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

memory/2428-266-0x0000023143700000-0x0000023143702000-memory.dmp

memory/2428-269-0x00000231434E0000-0x00000231434E1000-memory.dmp

memory/2428-273-0x0000023143E30000-0x0000023143E31000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DFAB8A678FFC8FBF4C.TMP

MD5 55695964bc01dee0ec1df517e3a1d891
SHA1 4c4013834b88f06a9f2d6f338f5d7ad68e9bc6d1
SHA256 d0a7dd9645f736119e42bcd03be05321e34728d8c0c1577e37f455c298e6ec79
SHA512 6427030c64cdbba41b4dd49a48dbc7cb099cff61626b491a1f802352194783c55d2f9f165a6e84b82b8f51cb296749b58cf706f68b93d083a20952dca9c9ca46

\??\pipe\crashpad_3788_ZGXROLEVHHPLMBOJ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 74afe5171061fc372d5a6397e9ec399b
SHA1 da36029f5d05fef40c387ceb37ea3174e5639871
SHA256 8dc3bb858cd174bd0e4680ced437abc0bf55f29a17ca854e269a2a685c1e7063
SHA512 a1ab8b29c4a271d18ee971f0758b28260958daa6122637fbeba949863bad7893b21b9961743962809b8e7dd5c6a88e1326f19eba0caafa5b48b7f06def14136c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 60519d05b06db702d5df76ad04b36522
SHA1 f4d64b4070e19d377700cc53dae465f7df6536f3
SHA256 e79fb0d5e518120423dc10fb1570c6b338a4fe97c3debfb2ac2d2f6aec6824ed
SHA512 a7fb0cde5fb887bfa0c30052e737e5b6a81d7d7e573e2851fdb36d8d0ba13ae22e11c13c6d2d161cd7a581c9667de47be58fabe6780560c9fc41f7fb86d05b78

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 3a11e6b3f76d5ac7835968c07138f598
SHA1 8200c04dac7140d8cfe4dbaadae29895e4b846b4
SHA256 43a58358d009689f0ef76e6e3fe6324b8588a6b7e63a0209baf435b4fb913707
SHA512 b932555f8b54ca82e8094c1dccb8809c1548ceb70619d6809b2496785758777a37ef78db823c129c7da1dba1a0c0acd32c17133d12c778cb6a350a3fba5a2ca9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c58349940e050ddf4a19b91c33082250
SHA1 7dbed59ed29e1948992865871f34fbf38a55b640
SHA256 40d5279278c8c99287e2254bc716cc3da0406231daeb9d46cffc2bbfc79f9e4d
SHA512 f3aadc8ee1f7a581fbf22626f15835bc751cdadfacc4e9623618826b86b98c4b2ea5ea829c688faae590beb812f53136a2ab1edbce53cf815375437d9093ff2a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 5a6e1517283726a36687e70b0e7a6e50
SHA1 0e9241c4033b36214e27fa7afcb0976fe7cdbc5b
SHA256 5b03765d96a2f892ec5377abd759596f97498fe1d647b1cdf397cff083c0938c
SHA512 d54ad4e9505a42ba7cd0c51ec48786eb786df4908dfa2abbfa30c561f943d61c919cf45b81eb67e4cc394dc517cdd22001b0211194aaee61cbbd50124fd57521

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 082009c3683912fb8a9cbc0186caba0a
SHA1 63dd74bc5036dbc2476b49f4ae2f5e5719690a9d
SHA256 ec9efc105900f571e97116f87aef02b7e0462f24152d465a956c33bd0c1264e4
SHA512 b473f0d5ce32ed0e809cdda1a82b0cceeb670e27fceeed46278b677c05c20a0327c65d1af6e52d3839fe2f96d9c9924f3a9183cddb9d1d8bd2c31d7f68f18d72

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe58ea7a.TMP

MD5 f90470b733625fec6a49e75e928db5ab
SHA1 e17ad5cb9d9aabf594e6077c2d55c158a0afaad7
SHA256 fc12f507690f1313b10aa5fb5c2f134bcbd50894a7ee9c1419abc620acb190e1
SHA512 e8116866b3bba837b402e51880b416f769e51bc02651ea9952d46d55710ddcc562aa30988b3e6b5e63ee5c867e2e86f40cfe4400a42b79d24621bc3606cf6649

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 c2b8458477f2254449d1ae7a12f8492a
SHA1 e624d2701ab58cdecb1384c6fabb07947ad60190
SHA256 5be29ad9bccdb55518dcb46edec1495cbd69c2ba539ffa4b9963077b3c8aed9c
SHA512 68d2ba6ba8e5fbfd7ee013530d6aae7fe1d82f2e77c6b40f92b0a10e3b80b4768449cf88d56b70a322aaef1f5cd0092badf143dc01ef392d989910fe5d03ff0d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons Monochrome\16.png

MD5 a4fd4f5953721f7f3a5b4bfd58922efe
SHA1 f3abed41d764efbd26bacf84c42bd8098a14c5cb
SHA256 c659d57841bb33d63f7b1334200548f207340d95e8e2ae25aac7a798a08071a3
SHA512 7fcc1ca4d6d97335e76faa65b7cfb381fb722210041bdcd3b31b0f94e15dc226eec4639547af86ae71f311f52a956dc83294c2d23f345e63b5e45e25956b2691

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 7adfb02a89fcd3ccac93a1447d1edd0a
SHA1 5b69981ba1bb31c50c5cefab0f104dd767e3b14b
SHA256 883aa9e05ba6f74d04d4337737047094137db01bce07682c22a548e39d255087
SHA512 774c5cdc37de170554420fd47d48bad80a31f7c3c1fb06b7c7a961129773913d4db692a26b554d7211229ea7e7f602eaae72b2c3da943ec01f480bb60b25f38e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 e1ae9be4ca18f75a0c1f1f0f86310f89
SHA1 9a5de218103f734e6bed96a35d62c24b5fdd23e3
SHA256 a56a2138fce9a40a713eb83a061396d2b060986c5b93950b6e3725a238c2573e
SHA512 fe0e5fb9a94007c62d27d4770e3eb156c12ad261113fbbe14a061c2ac5fdad4e3ddcc0286eaf288e19315aedbff4dda9bc4f985b1160e3ca351fa55fe13068d5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5904c9.TMP

MD5 2ce45f5d66dd5782adf7643cab8e41a2
SHA1 6e3864004cb9156d0e33c4c109b297003de6cb48
SHA256 94d331e48f80c849196c8bd3801ca7001fc53fe13521c79e354f02a64f134b2d
SHA512 9eb948c3d55bdc15ce95e31c1cf22ea2abea6abc65ead64d0d6adfd7fa332d56678b42b36c9daeff4f0f2868d3c3cf853ab9d7a096e7fa32f1cf8652fa3f877f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 033320329701297cf0faeab45cb3108d
SHA1 a547020ed70469ee543d33050458349f480b85b7
SHA256 7e291834b28c23417e598cb5213e4a87d19cbb17a19feeb9ddca3164a8f3a8e1
SHA512 1f73597e1f91024a02ed50c11a72fc37d97c49c61b51597a7dff0d82ac2796756e3da728351e29397e96a141834b2a153cdf47679f62af3f5dbf34c45072fcfc

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 22a5e7aad563e0d0a10ce5853eb96b86
SHA1 b6171ca0d4556dd9e8f8b8963bfa7a2861347531
SHA256 652957f91e76fb8039687b45ea0b3f9a38e6752d027c34998a06c5578673bc49
SHA512 6881604adb8349573a228c55e56ea26f790c398aaba0548e51bfcc98174d92d94ad5862c335a17acdecd76aa9f4e825dff19ecddcd94a854bf8b69528388a66d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 1a4d6f7268041b6bcc7519bf82d716d3
SHA1 221bd6d28fc01ed71568e678fca627565ea78866
SHA256 1b97a7001984c71d1d3b6cde172d809cf2e790c2094e1d4acbd79cb58a26eef5
SHA512 a60b7e224cb11970574dc1c17c248ed1686fc0e101f9337acc5abdfd398b8cf62d225b4f30449dc395abf02c316a5b51c49ba4c6ef833bd0e3d2af98aa324c34

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 9832f24920869cbe61349b0b99e2a28d
SHA1 8764459ef0ae116d6588cc60ab872a5bcfe223cf
SHA256 2de9799212882bd5026607d881b6b1b5a1628ac367cd7af01bdedd029d13e3f8
SHA512 77dc194b01779b20279869fe0e48e0da90be093f88fcd7daa7de1836ddf89a5d6589faac7062559fbfb38901e5a1094bda0b9d504e661bb54c429d66180761ad

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe593c73.TMP

MD5 7f2b1898fa5b006d980e8e046b98c044
SHA1 b185e7b8893a7d036c7ac4ae50f6c9c78896b9d5
SHA256 be3d8619c3c5d91a8d009c36ee7149666cb3a8f89b181298afaa299b521fb43d
SHA512 7c375d8de427a5e628c88a11024c5cf83ce0d0f6ecc867c94f349dae8ac4ae40822141de3ee68529dd059a7ad1131d3b1ef9f7e1c6c524c745c3e006b3eb33d2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\4b988370-e7d8-487b-b8b9-0d4d40cce904\index-dir\the-real-index~RFe594e36.TMP

MD5 a866bcb4089cdd019a3563a3b07b4d31
SHA1 fb3e5bd53d7e08b121f2d13215d9014cf429c06b
SHA256 18ba782b7b05d6a646b1df69a3ec9647a2f17846ce86830d85e5c2ef19751e09
SHA512 5a9cfa11bc8939549d2004cd0bb7d9602b6776a6c83f92dc9172885b584603a191051a401fb0d141b4d73ece2afc2667d83726ad85af2046001447fc14c4e8fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\4b988370-e7d8-487b-b8b9-0d4d40cce904\index-dir\the-real-index

MD5 a599fc8da1a069199f30712b50a96f4d
SHA1 cb3a50d2d8fabb5595298ad33da3d822c92456f4
SHA256 6b4a7c084e5cfce9d07d1f874004a9a52dd1f6a4b38bd2ec9da6a43560347289
SHA512 a60906aabcb3ece80b7b028808976a23f71d2ebfa02cb4e623651efefca00a6e3973ef4336bd6faa736a7845342086469b3b62f8018c4613855d0796a159b0e3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\4b988370-e7d8-487b-b8b9-0d4d40cce904\7c249cee10a42897_0

MD5 7bf245232c8df261c5413756c682f529
SHA1 7c2fcf59a987ffa5a7d2d73ffbcc449afdf146eb
SHA256 30d3ae749b9fe51b94252ef9f0bcf1253af22dc8f9a1b39f950d06bf1e38261a
SHA512 c9f502282671c89ac9192585a468d8c8cee49a835783c04ebc591c310195a7b7f42c4ca07a7f3c0f5ea697035608e965d706b50601412d5915b9d2c4fec6860f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\3ee13c72-f041-4387-903a-981aef17c62a\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 7472ef7b9a801c7c814a74a2563aeb5e
SHA1 f3b25a6953ea7d7747111b6ef53166e2ed484ada
SHA256 bee1e1447a71d1f18888bc6845eddc6c2ba11cb9eb2964f5e02d3ff36b12c279
SHA512 55d310a0dc5f9bdc636677c547e4c2bd41916e0569086b64d207ad8772904b49559b9a81fd6ad71c5226036c5261da290e7d9d452f2b8a2bf49747f208e14688

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 6ef889187ca21c346a19289b43f93e7d
SHA1 717a84694bd6d809e8a1bbc1f8b4d2cf2200cc34
SHA256 cb7cf8cb50efed41e2d4afdbe66536441b6d674ae28af58664ea30814019eb83
SHA512 c4ac01ffc55a422980ec4578fb8c1c310faeda326772085ef0654d6c1aaf7479ac5c54d06c3c2380a82cb4c13aac13383b68b58800966ee8d209e15a7fe04492

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 5556a5b3db4347ef6ce63601f8630b1b
SHA1 4cd2c21fdd2449f1bb3d3608140a5f10c34edf53
SHA256 1cbcdd2a98a2aed066901798c83d7992dc1bb891b93f153db2d77153c5880080
SHA512 79d3e2c38feccfb9afc61068a276fe14edcb664f5db9c2a513916cd300da0917c42545747d0643d57b3bbd73b9e9646a35ecf6ffd7e833e03f8fe88dedd6374c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 88fd77504541ca3c19d81ef8a17267b8
SHA1 af6bf8e479828a68d3f6ad7a6b1d2e3f3511405b
SHA256 ab93e92adadce56b8e4ad69ea5a36ab4691a77b68dc7fcd66ded01908db9bec3
SHA512 8030ef3663799d81fb66dc9f4c43a4f8c64b38b08e2a6b3b26a26c196b7804f6fa45cd311795c8caba5802ae9c4f0b0d0f94b501fbb6c31b01e1eb3a39b0b8bd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 862a69580a770f251065a659a8d13b14
SHA1 04f3802d817054d135b7ba296c4a5fc4ed12d608
SHA256 3e0f99162016140612a2b63e2868902735b9768faf587bb12cd490c504251176
SHA512 17d597a3968b3854dd49365d5fb9a5d8705c0ed1425291bf39ed2aa152ebed6666b2d616b4e69e429a502dd4da9e9135f5961aa34412733a1f45b8a13c397351

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 e64319b58a4ece89873f43faad9340dc
SHA1 b9960518871919f80eafec53fb3545f8326d23b3
SHA256 87b9d251162835a7d2667cd54830378f1f908f9ef7888dfae600bed1f8828b20
SHA512 0f7003565709bc4dbf07811e3d17ea29162028d4479e6c8b4c7909e2b9fbd88529fba993351eaaabb8b8d788aff163adfb03962b2217eb92282352664c7f3662

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 8fd20bbff2aa34334fa97d371a82daae
SHA1 4eea310695483cb10cd1ae78afc2c6f42f249513
SHA256 101beb489f9a2dbaf8b1d1575786ba1e0b40ceceff285c0025f3408df0aacf40
SHA512 785eabaf3a3c6725bf3add19d4b0a8e5757888fb11fd7183dcac72dea8dc34b3181e35dd1e9554544ea48b9d8db2eb7054dfa82f2ddc59a95c8828fc6d673ee9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 b6b2b4a448366f4f2b426c94c4f10938
SHA1 951d4b5b27a54a0fde75a7a5da1043b429930c69
SHA256 134e22a86d6b5b9aa58b7049b0911625c1a67a7dc97f3f06613331f0fc6d544e
SHA512 8b770d76ce13e18d51c0260fcb801b73f2b17d2ea4e2740042cbf2a833067977eb4551f2b60dc44d4b2e15f83081365be15722fcb3ca31c896d8bdae697787ef

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 037be050309574e21ddd17cb4792c384
SHA1 5735f6c465f77ff60ba03416358d5ac64f0aba0b
SHA256 8c2c2c93e58b641af367614306b5cbe7a6f293c4b97e8569665e917dc652c95b
SHA512 2a89cf0a674350e506cafdacde9e980912d03a2ada7b81985c0813f357c3f0d7e38b975dc0763ee6387d213cbdf607afa3715a1cc3ffb9142dc5c2fa9b69239f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\b5c024ed-4733-4a11-b00e-18e3f351e455\index-dir\the-real-index

MD5 34b3973dc31ff0e5fe8e35729d6b33ae
SHA1 1e009aa463b4865834bf4b816013f6c38c228e02
SHA256 7608dd96eb0578f0d23429bd221f3facb54f42a839df45d628f1203372819081
SHA512 dffef1e3a2b2ec84bf9134c6a1c24776b799f49d1275a2a038cb33b98d313fb7f6b838cec4e939705a7f0027fbbbc0b783c8d4060ef4144db2e7c5be3b1ffb38

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\b5c024ed-4733-4a11-b00e-18e3f351e455\index-dir\the-real-index~RFe59baf9.TMP

MD5 f2c5ef3b1a942e6f0534b30cfa7d359f
SHA1 cdf053fe9aa0469abdc264674a9fddac71cb669f
SHA256 6879d28013bf197c3ff4dece66020d46696d16640fa29a2457ad3bf1d92f09fb
SHA512 22e345b4ccc836f7e02c2f4018f57646d5ff1d4e6ff3e1d701dd6a0147bd5d6349aa65bdedd5f296c1b6dd0996be1e76dd067349469ed99df6362b230ccb92d4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 59d509cc09f884821febae5fe0148fb0
SHA1 2d8329d2ff3e94e4fc9147dbd0f54891c5657787
SHA256 53ef86a989237d3fee466883b14b22b53165ebf54f2749a53efb99d4f4077008
SHA512 4a98f0f560848731ca59ee2f0fdfba88fdd76f1a9b307366c4f3c7446fa0e4434350f86ed2084f41c0845082ff9d4bde2f0c267889dee354a55dd5c79b97803f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 aeb32a5a1072cf86fd3e38935d3004b5
SHA1 2b2b5fe4919154748b78a42b84fbc13e20207111
SHA256 b4a644a81baf3b66157c22e8131260f243238bae55dd34c00e81005cdbcde83d
SHA512 8148ccc2cc896691957be6a30f8d00656c85785b71091f089611a4c02e1aa87f470bd1aaecb1c48d576aca2beb76288d8b0466a4d5a6c3b22abe8a39ebe8327a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 55a0e61c297eb7333acc61d3a5025e96
SHA1 191dfe5597bcfd541ef380c414a99e7334d9237d
SHA256 f81fadf4507135b6914bc110f5437ac0651809f99eae9caead48e3241a975362
SHA512 6dc90c01f797891ff8ab4b2ab260a7caaff04766816a55b1e39a9659031d1d034859d953a0772ea10d0fec65946afaa56d24ea13732c32d03ceded625975f3ec

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 c0604ddd4a497b655d8e3020a73288a6
SHA1 483427671de0026013e2d8cbe2b5f2975c2f003e
SHA256 60f7f7ff829e141d6edde06ad32c760c763e9ee90b83f54385fff6f2d06c04b4
SHA512 3f7f5fcb11843c7201d50422a60dbfabc113115a78a2ca740083ea43f37491078ddf87f45cd7f7a83bd946018a95fba02270c6b6188231b7ceba14ccfbc88e3f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 3b20d7a93576a61a7173465492898ea9
SHA1 2332bfdd5ec93261178b44c0bc85372abfeeab42
SHA256 5733cb2df23ad79a48b30bab3487e160bcd3681d7af5c92b2ec94015a6e6ab93
SHA512 c99e83057c2f126fca77186218f7a770df5438f1589fdea8f37bebe7201d0753dd1625f7a94626b59846567e52bcc395b3b168b7b5d2b072cafa6cfd358ce651

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 ce16f59ff11eecc77baef1ed704822f3
SHA1 183b2fc73495362d35897bf48387ff99e13e2efb
SHA256 2632d4dffdc18eabe8c5b31758c23a4e00c82c5f8cb7836e7bd23b4d20fe3856
SHA512 68fb343c454becd52ef8d4642b64d776e20cbc60f1d234c0035f1cec1965bfb54129af3fdddcacf70695cc0bd440912db96ce610bce4dffde158deccfb8f518a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\326b4bfc-5e3f-452a-8d75-16ba3f43cb37.tmp

MD5 b4c1d405bd7508236c79df5874aa6c2f
SHA1 a34aceb95d1c9df5c5f89d2eda9502c41ef46128
SHA256 4c0723726e9cd55ac0bc4791e7663274fa2ed3ff10d6d56f54ce57b60de1f51c
SHA512 3c44af3a681a02e0afc2ae2eb8b53bb4e5a162cbb24d819eeab03dc97f01d9bb172b2a3825981c511effc306abcc564583a0df074f0f0e278e6572fe01bddcfc

C:\Users\Admin\Desktop\package pswr 2023.rar

MD5 b15481522c3c9c81872a40d9f6d2a269
SHA1 34cc312859220e5f1e362a4293c7cdab26b7a695
SHA256 c86e7707c377202ce1d7c362a87df5a394b6ed166bd5198cde76d86b0bf809d6
SHA512 43443b3798921de20a5dc0deae09009c4956746d553c0f86272be3b7eeaf2e26449502b2bcf459b7ff2fcf57a224ed8c4d9788ea39774e4428796c4ad0f7c767

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 a2a8da61d28f2949be930775fea3bba6
SHA1 12c52eca2f0b58c6d812f73debc3dfcfc2a4eea7
SHA256 91735f363ca634b349bb95542c6fd9980f86cebeeb9e9bde9b3d64a549e3445e
SHA512 d0b112c3d7a459b09ebab6a48b62f593a2d81d84cca17537a676c867cab94f10c54177896b79e497280252161ab7d649dde0f0a2b2e18a40ef9d03f26dae433b

C:\Users\Admin\Desktop\licencu\application package\lic.exe

MD5 1e2d2f3f618279ed722045f6342793f6
SHA1 4b80a65885b4eb69fd6e240db592a8da8d7ad334
SHA256 400a80b5166f7ad96f834fecea54ba07244ef90a40a9878ecf843c3e140f304c
SHA512 dcec0fc10ba64fa47ea005fd9edc4b0396d613daba5723054e960766a3fa87b4dab06c522b200ab13dc135006f3f7adbb44c43c93fa9f0b2564c6d034dd41143

memory/5388-1440-0x0000000000980000-0x0000000000981000-memory.dmp

C:\Users\Admin\Desktop\licencu\application package\lic.exe

MD5 1e2d2f3f618279ed722045f6342793f6
SHA1 4b80a65885b4eb69fd6e240db592a8da8d7ad334
SHA256 400a80b5166f7ad96f834fecea54ba07244ef90a40a9878ecf843c3e140f304c
SHA512 dcec0fc10ba64fa47ea005fd9edc4b0396d613daba5723054e960766a3fa87b4dab06c522b200ab13dc135006f3f7adbb44c43c93fa9f0b2564c6d034dd41143

memory/5388-1460-0x0000000000400000-0x00000000007FB000-memory.dmp

memory/5388-1461-0x0000000000980000-0x0000000000981000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\a2e2a258-2b68-43c9-934f-10bb256b4551.tmp

MD5 3f932fe8f5ab196555505c283ebeac89
SHA1 eebe2e58ef80001bd54e17e2adb17e8c39aa1dff
SHA256 7b51042ff1d051a23ba7faf07d8aa4857974fbc9ee482d8ee38028ec7007846b
SHA512 6df2c2f2de35371a082568ea8b157dd7a093aa4b3fb6435ea827f7c385c2c0061fba0aaeb8c9056efd4a505d783615ba537e97d3f1f845f5b8fbaa5ac9087952

C:\Users\Admin\Desktop\licencu\application package\Settings.vbs

MD5 5b0bc179a07cdbe95ad6d65b9bfc9ac9
SHA1 681502f8ab169b4c9a88d3ccebe6fad16f59eb1e
SHA256 595b2c9b286f795ffe4324abf9d0cb58592455359e09144ae39d9dc38e793455
SHA512 adb7a06cc2a5a6a6689bb6723edf04ea2b8842e8f20965142a74eebc91cac87004639e9157f051873ce49066d316d371d7fac02b6ca5f1355bd51280ea7c4c25

C:\Users\Admin\Desktop\licencu\application package\package.exe

MD5 de704eab92359c98fdf6d286d4b13804
SHA1 31ba3454d90e0979885f054a3c4d23afea8f2370
SHA256 7c8e051e90fa67e6e19cd1dd725c8b182b00ec8bd5752bc145ad5dcd98ad625e
SHA512 920412f57af802cc8bb748c42305d269522fc3b0a40c9ce6df7d16532ca698e6fe74491e1aacd91bc5fbeb9efd29bda72d53c83abeb999826d04b200e740fcd7

memory/5252-1473-0x0000000003890000-0x0000000003891000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 6a9d0bea90651f0b47edce9ba9544139
SHA1 b1052fd30ec36c2f8427a83c3cbef98314a74671
SHA256 3b929b713a41b87c36fe06884af467169f6d48e280cda7fc010d0daa43af40f4
SHA512 1b095083a3c6f2be6549f3022e8c7b6742afdb06539ea419e6e2995a229491cf80195064076decbe46bd82077518aea916539278028dbd640d69b934f9b65946

C:\Users\Admin\Desktop\licencu\application package\data\data.dat

MD5 482fea846f4b85e7b7c575db91d0936e
SHA1 2d678fecc205a839a948c5815137193cfc902008
SHA256 af56f40979021e8c91fda864382434d99f45d83800a623bf0d6c9cd205e37969
SHA512 578bd6b87b6849cd258b495ed064e38fc26c8f886446f40c52743df03cf0267a91780edfe0586541895d32cc9798245709abf8ec6b599b111b32f1ee08a18e1a

C:\Users\Admin\Desktop\licencu\application package\data\program.PNG

MD5 e43f83995aa2eed038d815e473ffd40d
SHA1 eef70c930818ea7ff5a81ce36e64864032e790b7
SHA256 8fd2301e45e5bae7ecce9a9dcc916324638ac7c972f0bd568f8ae55e71cd3e6f
SHA512 1ec42fb060a77d4779ea6db66cc3cf58c5d16ab975b3669bdc48c57eb7946535dbd0553e02bd2264f5d4bb1f799a3098afa41371f291eca8f0ffd83e5d8e1387

memory/5252-1494-0x0000000000400000-0x0000000001A26000-memory.dmp

memory/5252-1495-0x0000000003890000-0x0000000003891000-memory.dmp

memory/792-1501-0x0000000000400000-0x000000000041C000-memory.dmp

memory/792-1505-0x0000000071B50000-0x000000007223E000-memory.dmp

memory/792-1506-0x0000000009380000-0x00000000093E6000-memory.dmp

memory/792-1507-0x0000000009DF0000-0x0000000009EFE000-memory.dmp

memory/5252-1547-0x0000000000400000-0x0000000001A26000-memory.dmp

memory/792-1552-0x000000000A100000-0x000000000A192000-memory.dmp

memory/1920-1554-0x0000000004940000-0x0000000004941000-memory.dmp

memory/3784-1560-0x000001DF28EF0000-0x000001DF28F10000-memory.dmp

memory/3784-1565-0x000001DF291A0000-0x000001DF291C0000-memory.dmp

memory/5388-1586-0x0000000000400000-0x00000000007FB000-memory.dmp

memory/792-1604-0x0000000071B50000-0x000000007223E000-memory.dmp

memory/5252-1605-0x0000000000400000-0x0000000001A26000-memory.dmp

memory/3688-1610-0x0000000000400000-0x0000000000475000-memory.dmp

memory/3688-1615-0x0000000000400000-0x0000000000475000-memory.dmp

memory/3688-1621-0x0000000000400000-0x0000000000475000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\LogFiles\edb.log

MD5 5ea66a05cbebf6ee0f3fd39dba7760a2
SHA1 e57a753ff1c65bd445d1f1fc23bad9b5cdcb2dd4
SHA256 0ea11ee03ef0f312d354536efd491e19c9a19e1cf88239465d18eac29e368f4d
SHA512 dba103df25d95fff2e8077ee8345518624d55411359bc709be01ef9be941de3cb0d31b23bd4d0640a3de927b8e808b59a1ee607cf4e1d812cb38bd3b4ebdae3c