Malware Analysis Report

2024-11-30 12:27

Sample ID 231001-bkkdnsgc41
Target Snow Hub.exe
SHA256 0241ac5112b4f0a5dc50a7dde3a34b2f96af15017571db04b466df6910d97691
Tags
pyinstaller pysilon upx persistence
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

0241ac5112b4f0a5dc50a7dde3a34b2f96af15017571db04b466df6910d97691

Threat Level: Known bad

The file Snow Hub.exe was found to be: Known bad.

Malicious Activity Summary

pyinstaller pysilon upx persistence

Pysilon family

Detect Pysilon

Executes dropped EXE

Checks computer location settings

Loads dropped DLL

UPX packed file

Legitimate hosting services abused for malware hosting/C2

Adds Run key to start application

Unsigned PE

Detects Pyinstaller

Enumerates physical storage devices

Modifies Internet Explorer settings

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Enumerates system info in registry

Checks processor information in registry

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Checks SCSI registry key(s)

Suspicious use of SetWindowsHookEx

Suspicious use of FindShellTrayWindow

Suspicious behavior: GetForegroundWindowSpam

Modifies registry class

Kills process with taskkill

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-10-01 01:12

Signatures

Detect Pysilon

Description Indicator Process Target
N/A N/A N/A N/A

Pysilon family

pysilon

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-10-01 01:12

Reported

2023-10-01 01:42

Platform

win7-20230831-en

Max time kernel

1801s

Max time network

1812s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1416 --field-trial-handle=1208,i,1352840862602815095,10984995822095088863,131072 /prefetch:2

Signatures

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1416 --field-trial-handle=1208,i,1352840862602815095,10984995822095088863,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3188 --field-trial-handle=1208,i,1352840862602815095,10984995822095088863,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --mojo-platform-channel-handle=3316 --field-trial-handle=1208,i,1352840862602815095,10984995822095088863,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3536 --field-trial-handle=1208,i,1352840862602815095,10984995822095088863,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3284 --field-trial-handle=1208,i,1352840862602815095,10984995822095088863,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3184 --field-trial-handle=1208,i,1352840862602815095,10984995822095088863,131072 /prefetch:8

C:\Users\Admin\AppData\Local\Temp\Snow Hub.exe

"C:\Users\Admin\AppData\Local\Temp\Snow Hub.exe"

C:\Users\Admin\AppData\Local\Temp\Snow Hub.exe

"C:\Users\Admin\AppData\Local\Temp\Snow Hub.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4036 --field-trial-handle=1208,i,1352840862602815095,10984995822095088863,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --mojo-platform-channel-handle=4124 --field-trial-handle=1208,i,1352840862602815095,10984995822095088863,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --mojo-platform-channel-handle=1988 --field-trial-handle=1208,i,1352840862602815095,10984995822095088863,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 --field-trial-handle=1208,i,1352840862602815095,10984995822095088863,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=3836 --field-trial-handle=1208,i,1352840862602815095,10984995822095088863,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=2044 --field-trial-handle=1208,i,1352840862602815095,10984995822095088863,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --mojo-platform-channel-handle=3696 --field-trial-handle=1208,i,1352840862602815095,10984995822095088863,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=1028 --field-trial-handle=1208,i,1352840862602815095,10984995822095088863,131072 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 apis.google.com udp
DE 172.217.23.206:443 apis.google.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 encrypted-tbn1.gstatic.com udp
NL 142.251.36.46:443 encrypted-tbn1.gstatic.com tcp
NL 142.251.36.46:443 encrypted-tbn1.gstatic.com tcp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
NL 142.251.36.14:443 encrypted-tbn0.gstatic.com tcp
DE 172.217.23.206:443 apis.google.com udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
NL 142.250.179.202:443 content-autofill.googleapis.com tcp
NL 142.251.36.14:443 encrypted-tbn0.gstatic.com udp
US 8.8.8.8:53 id.google.com udp
US 8.8.8.8:53 github.com udp
US 140.82.113.3:443 github.com tcp
US 140.82.113.3:443 github.com tcp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
NL 142.250.179.202:443 content-autofill.googleapis.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 192.178.49.195:443 beacons.gcp.gvt2.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
NL 142.250.179.202:443 content-autofill.googleapis.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 192.178.49.195:443 beacons.gcp.gvt2.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 github.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.133:443 user-images.githubusercontent.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
NL 142.250.179.202:443 content-autofill.googleapis.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 id.google.com udp
NL 142.251.36.3:443 id.google.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 192.178.49.195:443 beacons.gcp.gvt2.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 beacons3.gvt2.com udp
GB 216.58.208.99:443 beacons3.gvt2.com tcp
GB 216.58.208.99:443 beacons3.gvt2.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 192.178.49.195:443 beacons.gcp.gvt2.com udp
US 192.178.49.195:443 beacons.gcp.gvt2.com udp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI12202\ucrtbase.dll

MD5 0e0bac3d1dcc1833eae4e3e4cf83c4ef
SHA1 4189f4459c54e69c6d3155a82524bda7549a75a6
SHA256 8a91052ef261b5fbf3223ae9ce789af73dfe1e9b0ba5bdbc4d564870a24f2bae
SHA512 a45946e3971816f66dd7ea3788aacc384a9e95011500b458212dc104741315b85659e0d56a41570731d338bdf182141c093d3ced222c007038583ceb808e26fd

C:\Users\Admin\AppData\Local\Temp\_MEI12202\api-ms-win-core-localization-l1-2-0.dll

MD5 3589557535bba7641da3d76eefb0c73d
SHA1 6f63107c2212300c7cd1573059c08b43e5bd9b95
SHA256 642b01bb93d2cb529acf56070d65aae3202fd0b48d19fd40ec6763b627bcbee6
SHA512 7aedf3cf686b416f8b419f8af1d57675096ab2c2378c5a006f6ecbf2fe1ad701f28b7be8f08c9083230cf4d15d463371e92a6032178cd6c139d60b26fbd49b06

\Users\Admin\AppData\Local\Temp\_MEI12202\ucrtbase.dll

MD5 0e0bac3d1dcc1833eae4e3e4cf83c4ef
SHA1 4189f4459c54e69c6d3155a82524bda7549a75a6
SHA256 8a91052ef261b5fbf3223ae9ce789af73dfe1e9b0ba5bdbc4d564870a24f2bae
SHA512 a45946e3971816f66dd7ea3788aacc384a9e95011500b458212dc104741315b85659e0d56a41570731d338bdf182141c093d3ced222c007038583ceb808e26fd

C:\Users\Admin\AppData\Local\Temp\_MEI12202\python311.dll

MD5 5792adeab1e4414e0129ce7a228eb8b8
SHA1 e9f022e687b6d88d20ee96d9509f82e916b9ee8c
SHA256 7e1370058177d78a415b7ed113cc15472974440d84267fc44cdc5729535e3967
SHA512 c8298b5780a2a5eebed070ac296eda6902b0cac9fda7bb70e21f482d6693d6d2631ca1ac4be96b75ac0dd50c9ca35be5d0aca9c4586ba7e58021edccd482958b

\Users\Admin\AppData\Local\Temp\_MEI12202\api-ms-win-core-file-l2-1-0.dll

MD5 bfffa7117fd9b1622c66d949bac3f1d7
SHA1 402b7b8f8dcfd321b1d12fc85a1ee5137a5569b2
SHA256 1ea267a2e6284f17dd548c6f2285e19f7edb15d6e737a55391140ce5cb95225e
SHA512 b319cc7b436b1be165cdf6ffcab8a87fe29de78f7e0b14c8f562be160481fb5483289bd5956fdc1d8660da7a3f86d8eede35c6cc2b7c3d4c852decf4b2dcdb7f

C:\Users\Admin\AppData\Local\Temp\_MEI12202\api-ms-win-core-file-l2-1-0.dll

MD5 bfffa7117fd9b1622c66d949bac3f1d7
SHA1 402b7b8f8dcfd321b1d12fc85a1ee5137a5569b2
SHA256 1ea267a2e6284f17dd548c6f2285e19f7edb15d6e737a55391140ce5cb95225e
SHA512 b319cc7b436b1be165cdf6ffcab8a87fe29de78f7e0b14c8f562be160481fb5483289bd5956fdc1d8660da7a3f86d8eede35c6cc2b7c3d4c852decf4b2dcdb7f

\Users\Admin\AppData\Local\Temp\_MEI12202\api-ms-win-core-timezone-l1-1-0.dll

MD5 b9a20c9223d3e3d3a0c359f001ce1046
SHA1 9710b9a8c393ba00c254cf693c7c37990c447cc8
SHA256 00d9a7353be0a54c17e4862b86196a8b2bc6a007899fa2fbe61afd9765548068
SHA512 a7d5611c0b3b53da6cac61e0374d54d27e6e8a1af90ef66cd7e1b052f906c8b3f6087f4c6de0db3ae0b099df7689ecde6c815a954b728d36d9d3b5d002ccf18e

C:\Users\Admin\AppData\Local\Temp\_MEI12202\api-ms-win-core-timezone-l1-1-0.dll

MD5 b9a20c9223d3e3d3a0c359f001ce1046
SHA1 9710b9a8c393ba00c254cf693c7c37990c447cc8
SHA256 00d9a7353be0a54c17e4862b86196a8b2bc6a007899fa2fbe61afd9765548068
SHA512 a7d5611c0b3b53da6cac61e0374d54d27e6e8a1af90ef66cd7e1b052f906c8b3f6087f4c6de0db3ae0b099df7689ecde6c815a954b728d36d9d3b5d002ccf18e

\Users\Admin\AppData\Local\Temp\_MEI12202\api-ms-win-core-file-l1-2-0.dll

MD5 2b36752a5157359da1c0e646ee9bec45
SHA1 708aeb7e945c9c709109cea359cb31bd7ac64889
SHA256 3e3eb284937b572d1d70ce27be77b5e02eb73704c8b50feb5eb933db1facd2fc
SHA512 fc56080362506e3f38f1b3eb9d3193cdb9e576613c2e672f0fe9df203862f8a0f31938fa48b4ff7115dfe6016fa1fd5c5422fdc1913df63b3fde5f478a8417a1

C:\Users\Admin\AppData\Local\Temp\_MEI12202\api-ms-win-core-file-l1-2-0.dll

MD5 2b36752a5157359da1c0e646ee9bec45
SHA1 708aeb7e945c9c709109cea359cb31bd7ac64889
SHA256 3e3eb284937b572d1d70ce27be77b5e02eb73704c8b50feb5eb933db1facd2fc
SHA512 fc56080362506e3f38f1b3eb9d3193cdb9e576613c2e672f0fe9df203862f8a0f31938fa48b4ff7115dfe6016fa1fd5c5422fdc1913df63b3fde5f478a8417a1

\Users\Admin\AppData\Local\Temp\_MEI12202\api-ms-win-core-processthreads-l1-1-1.dll

MD5 774aa9f9318880cb4ad3bf6f464da556
SHA1 3a5c07cf35009c98eb033e1cbde1900135d1abf8
SHA256 ba9fbd3a21879614c050c86a74ad2fffc0362266d6fa7be0ef359de393136346
SHA512 f7b57afb9810e3390d27a5469572fb29f0f1726f599403a180e685466237dff5dec4fdce40105ef1bb057e012d546308213e7cec73e0d7d3c5815eec8189a75d

C:\Users\Admin\AppData\Local\Temp\_MEI12202\api-ms-win-core-processthreads-l1-1-1.dll

MD5 774aa9f9318880cb4ad3bf6f464da556
SHA1 3a5c07cf35009c98eb033e1cbde1900135d1abf8
SHA256 ba9fbd3a21879614c050c86a74ad2fffc0362266d6fa7be0ef359de393136346
SHA512 f7b57afb9810e3390d27a5469572fb29f0f1726f599403a180e685466237dff5dec4fdce40105ef1bb057e012d546308213e7cec73e0d7d3c5815eec8189a75d

\Users\Admin\AppData\Local\Temp\_MEI12202\api-ms-win-core-localization-l1-2-0.dll

MD5 3589557535bba7641da3d76eefb0c73d
SHA1 6f63107c2212300c7cd1573059c08b43e5bd9b95
SHA256 642b01bb93d2cb529acf56070d65aae3202fd0b48d19fd40ec6763b627bcbee6
SHA512 7aedf3cf686b416f8b419f8af1d57675096ab2c2378c5a006f6ecbf2fe1ad701f28b7be8f08c9083230cf4d15d463371e92a6032178cd6c139d60b26fbd49b06

\Users\Admin\AppData\Local\Temp\_MEI12202\python311.dll

MD5 5792adeab1e4414e0129ce7a228eb8b8
SHA1 e9f022e687b6d88d20ee96d9509f82e916b9ee8c
SHA256 7e1370058177d78a415b7ed113cc15472974440d84267fc44cdc5729535e3967
SHA512 c8298b5780a2a5eebed070ac296eda6902b0cac9fda7bb70e21f482d6693d6d2631ca1ac4be96b75ac0dd50c9ca35be5d0aca9c4586ba7e58021edccd482958b

memory/2892-1302-0x000007FEF3FC0000-0x000007FEF45A9000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2023-10-01 01:12

Reported

2023-10-01 01:42

Platform

win10v2004-20230915-en

Max time kernel

1803s

Max time network

1153s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Snow Hub.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\Control Panel\International\Geo\Nation C:\Windows\System32\WScript.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\Control Panel\International\Geo\Nation C:\Windows\System32\WScript.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\System\Snow Hub.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\Snow Hub.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Snow Hub.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Snow Hub.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Snow Hub.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Snow Hub.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Snow Hub.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Snow Hub.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Snow Hub.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Snow Hub.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Snow Hub.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Snow Hub.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Snow Hub.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Snow Hub.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Snow Hub.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Snow Hub.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Snow Hub.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Snow Hub.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Snow Hub.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Snow Hub.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Snow Hub.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Snow Hub.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Snow Hub.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Snow Hub.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Snow Hub.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Snow Hub.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Snow Hub.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Snow Hub.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Snow Hub.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Snow Hub.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Snow Hub.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Snow Hub.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Snow Hub.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Snow Hub.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Snow Hub.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Snow Hub.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Snow Hub.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Snow Hub.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Snow Hub.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Snow Hub.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Snow Hub.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Snow Hub.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Snow Hub.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Snow Hub.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Snow Hub.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Snow Hub.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Snow Hub.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Snow Hub.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Snow Hub.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Snow Hub.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Snow Hub.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Snow Hub.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Snow Hub.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Snow Hub.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Snow Hub.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Snow Hub.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Snow Hub.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Snow Hub.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Snow Hub.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Snow Hub.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Snow Hub.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Snow Hub.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Snow Hub.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Snow Hub.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Snow Hub.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Snow Hub = "C:\\Users\\Admin\\System\\Snow Hub.exe" C:\Users\Admin\AppData\Local\Temp\Snow Hub.exe N/A

Legitimate hosting services abused for malware hosting/C2

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\taskkill.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1141987721-3945596982-3297311814-1000\{4283231E-83E0-41F3-9D9C-EF5AFE2C2D49} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000_Classes\c_auto_file\shell\open C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000_Classes\c_auto_file\shell\edit\command C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000_Classes\Local Settings C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000_Classes\.c\ = "c_auto_file" C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000_Classes\c_auto_file\shell C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000_Classes\c_auto_file\shell\open\command C:\Windows\system32\OpenWith.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000_Classes\c_auto_file\shell\open\command\ = "%SystemRoot%\\system32\\NOTEPAD.EXE %1" C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000_Classes\.c C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000_Classes\c_auto_file C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000_Classes\c_auto_file\shell\edit C:\Windows\system32\OpenWith.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000_Classes\c_auto_file\shell\edit\command\ = "%SystemRoot%\\system32\\NOTEPAD.EXE %1" C:\Windows\system32\OpenWith.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\Snow Hub.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\cmd.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\cmd.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\cmd.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\cmd.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4344 wrote to memory of 3444 N/A C:\Users\Admin\AppData\Local\Temp\Snow Hub.exe C:\Users\Admin\AppData\Local\Temp\Snow Hub.exe
PID 4344 wrote to memory of 3444 N/A C:\Users\Admin\AppData\Local\Temp\Snow Hub.exe C:\Users\Admin\AppData\Local\Temp\Snow Hub.exe
PID 3444 wrote to memory of 3592 N/A C:\Users\Admin\AppData\Local\Temp\Snow Hub.exe C:\Windows\system32\cmd.exe
PID 3444 wrote to memory of 3592 N/A C:\Users\Admin\AppData\Local\Temp\Snow Hub.exe C:\Windows\system32\cmd.exe
PID 3444 wrote to memory of 1428 N/A C:\Users\Admin\AppData\Local\Temp\Snow Hub.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 3444 wrote to memory of 1428 N/A C:\Users\Admin\AppData\Local\Temp\Snow Hub.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 3444 wrote to memory of 1724 N/A C:\Users\Admin\AppData\Local\Temp\Snow Hub.exe C:\Windows\system32\cmd.exe
PID 3444 wrote to memory of 1724 N/A C:\Users\Admin\AppData\Local\Temp\Snow Hub.exe C:\Windows\system32\cmd.exe
PID 1724 wrote to memory of 1356 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\System\Snow Hub.exe
PID 1724 wrote to memory of 1356 N/A C:\Windows\system32\cmd.exe C:\Users\Admin\System\Snow Hub.exe
PID 1724 wrote to memory of 3024 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 1724 wrote to memory of 3024 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\taskkill.exe
PID 1108 wrote to memory of 2184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1108 wrote to memory of 2184 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1108 wrote to memory of 2244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1108 wrote to memory of 2244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1108 wrote to memory of 2244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1108 wrote to memory of 2244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1108 wrote to memory of 2244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1108 wrote to memory of 2244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1108 wrote to memory of 2244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1108 wrote to memory of 2244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1108 wrote to memory of 2244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1108 wrote to memory of 2244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1108 wrote to memory of 2244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1108 wrote to memory of 2244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1108 wrote to memory of 2244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1108 wrote to memory of 2244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1108 wrote to memory of 2244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1108 wrote to memory of 2244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1108 wrote to memory of 2244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1108 wrote to memory of 2244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1108 wrote to memory of 2244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1108 wrote to memory of 2244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1108 wrote to memory of 2244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1108 wrote to memory of 2244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1108 wrote to memory of 2244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1108 wrote to memory of 2244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1108 wrote to memory of 2244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1108 wrote to memory of 2244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1108 wrote to memory of 2244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1108 wrote to memory of 2244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1108 wrote to memory of 2244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1108 wrote to memory of 2244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1108 wrote to memory of 2244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1108 wrote to memory of 2244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1108 wrote to memory of 2244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1108 wrote to memory of 2244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1108 wrote to memory of 2244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1108 wrote to memory of 2244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1108 wrote to memory of 2244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1108 wrote to memory of 2244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1108 wrote to memory of 2244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1108 wrote to memory of 2244 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1108 wrote to memory of 3096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1108 wrote to memory of 3096 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1108 wrote to memory of 2308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1108 wrote to memory of 2308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1108 wrote to memory of 2308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1108 wrote to memory of 2308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1108 wrote to memory of 2308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1108 wrote to memory of 2308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1108 wrote to memory of 2308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1108 wrote to memory of 2308 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\Snow Hub.exe

"C:\Users\Admin\AppData\Local\Temp\Snow Hub.exe"

C:\Users\Admin\AppData\Local\Temp\Snow Hub.exe

"C:\Users\Admin\AppData\Local\Temp\Snow Hub.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "ver"

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x3fc 0x2ec

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command "Add-MpPreference -ExclusionPath \"C:\Users\Admin\System\""

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c C:\Users\Admin\System\activate.bat

C:\Users\Admin\System\Snow Hub.exe

"Snow Hub.exe"

C:\Windows\system32\taskkill.exe

taskkill /f /im "Snow Hub.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff867d946f8,0x7ff867d94708,0x7ff867d94718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,11367028001828270405,1072535865423964639,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2040 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2028,11367028001828270405,1072535865423964639,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2352 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2028,11367028001828270405,1072535865423964639,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2888 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,11367028001828270405,1072535865423964639,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3524 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,11367028001828270405,1072535865423964639,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,11367028001828270405,1072535865423964639,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4600 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,11367028001828270405,1072535865423964639,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,11367028001828270405,1072535865423964639,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5360 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,11367028001828270405,1072535865423964639,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5360 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,11367028001828270405,1072535865423964639,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1

C:\Windows\system32\rundll32.exe

C:\Windows\system32\rundll32.exe C:\Windows\system32\PcaSvc.dll,PcaPatchSdbTask

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,11367028001828270405,1072535865423964639,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3508 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2028,11367028001828270405,1072535865423964639,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3972 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2028,11367028001828270405,1072535865423964639,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5220 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,11367028001828270405,1072535865423964639,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,11367028001828270405,1072535865423964639,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4892 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,11367028001828270405,1072535865423964639,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,11367028001828270405,1072535865423964639,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3556 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,11367028001828270405,1072535865423964639,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3604 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,11367028001828270405,1072535865423964639,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5868 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,11367028001828270405,1072535865423964639,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,11367028001828270405,1072535865423964639,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3608 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,11367028001828270405,1072535865423964639,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4456 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,11367028001828270405,1072535865423964639,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6112 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,11367028001828270405,1072535865423964639,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6244 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2028,11367028001828270405,1072535865423964639,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1148 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2028,11367028001828270405,1072535865423964639,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5792 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_004ny7-main.zip\004ny7-main\lol.vbs"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c time 01:47:07

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2028,11367028001828270405,1072535865423964639,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5936 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,11367028001828270405,1072535865423964639,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6120 /prefetch:1

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,11367028001828270405,1072535865423964639,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6424 /prefetch:2

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_The-Big-Malware-Repo-main.zip\The-Big-Malware-Repo-main\LokiBot Collection\0vbc.exe\vbc.exe.infected"

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=EEC4DAFFFF22BB7A1AC37D1AA0D4C11B --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=EEC4DAFFFF22BB7A1AC37D1AA0D4C11B --renderer-client-id=2 --mojo-platform-channel-handle=1752 --allow-no-sandbox-job /prefetch:1

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=E5C98690380DB9F0F0784AF5B7FB980A --mojo-platform-channel-handle=1760 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=4645B2541E53800AB68B2056CB18D82F --mojo-platform-channel-handle=2336 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=D0FD758EF37290E3EEBEB6C90D13DCD7 --mojo-platform-channel-handle=2440 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=33B9AC2F0A8193E0F60F7CA31EDE212A --mojo-platform-channel-handle=2008 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_The-Big-Malware-Repo-main.zip\The-Big-Malware-Repo-main\Ransomware Collection\ContiLocker.exe.infected"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,11367028001828270405,1072535865423964639,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3484 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,11367028001828270405,1072535865423964639,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,11367028001828270405,1072535865423964639,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1388 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,11367028001828270405,1072535865423964639,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:1

C:\Windows\System32\WScript.exe

"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_004ny7-main.zip\004ny7-main\lol.vbs"

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c time 01:47:07

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Temp1_004ny7-main.zip\004ny7-main\main.c

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,11367028001828270405,1072535865423964639,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6808 /prefetch:1

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /7

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,11367028001828270405,1072535865423964639,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2660 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,11367028001828270405,1072535865423964639,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2668 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,11367028001828270405,1072535865423964639,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2672 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,11367028001828270405,1072535865423964639,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=3716 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,11367028001828270405,1072535865423964639,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --mojo-platform-channel-handle=5680 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,11367028001828270405,1072535865423964639,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=5856 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,11367028001828270405,1072535865423964639,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=6800 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,11367028001828270405,1072535865423964639,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=4560 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 208.194.73.20.in-addr.arpa udp
US 8.8.8.8:53 240.81.21.72.in-addr.arpa udp
US 8.8.8.8:53 76.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 108.211.229.192.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 8.8.8.8:53 59.128.231.4.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 5.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 22.160.190.20.in-addr.arpa udp
NL 88.221.24.18:443 www.bing.com tcp
US 8.8.8.8:53 18.24.221.88.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
NL 88.221.24.18:443 th.bing.com tcp
NL 88.221.24.18:443 th.bing.com tcp
NL 88.221.24.41:443 th.bing.com tcp
NL 88.221.24.41:443 th.bing.com tcp
US 8.8.8.8:53 41.24.221.88.in-addr.arpa udp
US 8.8.8.8:53 login.microsoftonline.com udp
NL 20.190.160.17:443 login.microsoftonline.com tcp
US 8.8.8.8:53 17.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 9.57.101.20.in-addr.arpa udp
US 8.8.8.8:53 services.bingapis.com udp
US 13.107.5.80:443 services.bingapis.com tcp
US 8.8.8.8:53 80.5.107.13.in-addr.arpa udp
US 8.8.8.8:53 72.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
US 140.82.112.3:443 github.com tcp
US 140.82.112.3:443 github.com tcp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 8.8.8.8:53 github.githubassets.com udp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 3.112.82.140.in-addr.arpa udp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 154.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 collector.github.com udp
US 140.82.113.22:443 collector.github.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 api.github.com udp
US 140.82.113.5:443 api.github.com tcp
US 8.8.8.8:53 22.113.82.140.in-addr.arpa udp
US 8.8.8.8:53 5.113.82.140.in-addr.arpa udp
US 8.8.8.8:53 repository-images.githubusercontent.com udp
US 185.199.111.133:443 repository-images.githubusercontent.com tcp
US 8.8.8.8:53 133.111.199.185.in-addr.arpa udp
US 8.8.8.8:53 codeload.github.com udp
US 140.82.114.9:443 codeload.github.com tcp
US 8.8.8.8:53 9.114.82.140.in-addr.arpa udp
US 8.8.8.8:53 aefd.nelreports.net udp
US 2.18.121.76:443 aefd.nelreports.net tcp
US 2.18.121.76:443 aefd.nelreports.net tcp
US 8.8.8.8:53 76.121.18.2.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 camo.githubusercontent.com udp
US 8.8.8.8:53 137.0.85.104.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 83.121.18.2.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
US 140.82.112.4:443 github.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 4.112.82.140.in-addr.arpa udp
NL 88.221.24.18:443 www.bing.com tcp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
NL 88.221.24.18:443 th.bing.com tcp
NL 88.221.24.41:443 th.bing.com tcp
NL 88.221.24.41:443 th.bing.com tcp
NL 88.221.24.18:443 th.bing.com tcp
US 8.8.8.8:53 login.microsoftonline.com udp
IE 20.190.159.23:443 login.microsoftonline.com tcp
US 8.8.8.8:53 23.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 codeload.github.com udp
US 140.82.114.9:443 codeload.github.com tcp
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 nw-umwatson.events.data.microsoft.com udp
US 52.168.117.172:443 nw-umwatson.events.data.microsoft.com tcp
US 8.8.8.8:53 172.117.168.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI43442\ucrtbase.dll

MD5 0e0bac3d1dcc1833eae4e3e4cf83c4ef
SHA1 4189f4459c54e69c6d3155a82524bda7549a75a6
SHA256 8a91052ef261b5fbf3223ae9ce789af73dfe1e9b0ba5bdbc4d564870a24f2bae
SHA512 a45946e3971816f66dd7ea3788aacc384a9e95011500b458212dc104741315b85659e0d56a41570731d338bdf182141c093d3ced222c007038583ceb808e26fd

C:\Users\Admin\AppData\Local\Temp\_MEI43442\python311.dll

MD5 5792adeab1e4414e0129ce7a228eb8b8
SHA1 e9f022e687b6d88d20ee96d9509f82e916b9ee8c
SHA256 7e1370058177d78a415b7ed113cc15472974440d84267fc44cdc5729535e3967
SHA512 c8298b5780a2a5eebed070ac296eda6902b0cac9fda7bb70e21f482d6693d6d2631ca1ac4be96b75ac0dd50c9ca35be5d0aca9c4586ba7e58021edccd482958b

C:\Users\Admin\AppData\Local\Temp\_MEI43442\ucrtbase.dll

MD5 0e0bac3d1dcc1833eae4e3e4cf83c4ef
SHA1 4189f4459c54e69c6d3155a82524bda7549a75a6
SHA256 8a91052ef261b5fbf3223ae9ce789af73dfe1e9b0ba5bdbc4d564870a24f2bae
SHA512 a45946e3971816f66dd7ea3788aacc384a9e95011500b458212dc104741315b85659e0d56a41570731d338bdf182141c093d3ced222c007038583ceb808e26fd

C:\Users\Admin\AppData\Local\Temp\_MEI43442\VCRUNTIME140.dll

MD5 4585a96cc4eef6aafd5e27ea09147dc6
SHA1 489cfff1b19abbec98fda26ac8958005e88dd0cb
SHA256 a8f950b4357ec12cfccddc9094cca56a3d5244b95e09ea6e9a746489f2d58736
SHA512 d78260c66331fe3029d2cc1b41a5d002ec651f2e3bbf55076d65839b5e3c6297955afd4d9ab8951fbdc9f929dbc65eb18b14b59bce1f2994318564eb4920f286

memory/3444-1294-0x00007FF858380000-0x00007FF858969000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI43442\VCRUNTIME140.dll

MD5 4585a96cc4eef6aafd5e27ea09147dc6
SHA1 489cfff1b19abbec98fda26ac8958005e88dd0cb
SHA256 a8f950b4357ec12cfccddc9094cca56a3d5244b95e09ea6e9a746489f2d58736
SHA512 d78260c66331fe3029d2cc1b41a5d002ec651f2e3bbf55076d65839b5e3c6297955afd4d9ab8951fbdc9f929dbc65eb18b14b59bce1f2994318564eb4920f286

C:\Users\Admin\AppData\Local\Temp\_MEI43442\python311.dll

MD5 5792adeab1e4414e0129ce7a228eb8b8
SHA1 e9f022e687b6d88d20ee96d9509f82e916b9ee8c
SHA256 7e1370058177d78a415b7ed113cc15472974440d84267fc44cdc5729535e3967
SHA512 c8298b5780a2a5eebed070ac296eda6902b0cac9fda7bb70e21f482d6693d6d2631ca1ac4be96b75ac0dd50c9ca35be5d0aca9c4586ba7e58021edccd482958b

C:\Users\Admin\AppData\Local\Temp\_MEI43442\base_library.zip

MD5 2f6d57bccf7f7735acb884a980410f6a
SHA1 93a6926887a08dc09cd92864cd82b2bec7b24ec5
SHA256 1b7d326bad406e96a4c83b5a49714819467e3174ed0a74f81c9ebd96d1dd40b3
SHA512 95bcfc66dbe7b6ad324bd2dc2258a3366a3594bfc50118ab37a2a204906109e42192fb10a91172b340cc28c12640513db268c854947fb9ed8426f214ff8889b4

C:\Users\Admin\AppData\Local\Temp\_MEI43442\_ctypes.pyd

MD5 1adfe4d0f4d68c9c539489b89717984d
SHA1 8ae31b831b3160f5b88dda58ad3959c7423f8eb2
SHA256 64e8fd952ccf5b8adca80ce8c7bc6c96ec7df381789256fe8d326f111f02e95c
SHA512 b403cc46e0874a75e3c0819784244ed6557eae19b0d76ffd86f56b3739db10ea8deec3dc1ca9e94c101263d0ccf506978443085a70c3ab0816885046b5ef5117

C:\Users\Admin\AppData\Local\Temp\_MEI43442\python3.DLL

MD5 b711598fc3ed0fe4cf2c7f3e0877979e
SHA1 299c799e5d697834aa2447d8a313588ab5c5e433
SHA256 520169aa6cf49d7ee724d1178de1be0e809e4bdcf671e06f3d422a0dd5fd294a
SHA512 b3d59eff5e38cef651c9603971bde77be7231ea8b7bdb444259390a8a9e452e107a0b6cb9cc93e37fd3b40afb2ba9e67217d648bfca52f7cdc4b60c7493b6b84

C:\Users\Admin\AppData\Local\Temp\_MEI43442\python3.dll

MD5 b711598fc3ed0fe4cf2c7f3e0877979e
SHA1 299c799e5d697834aa2447d8a313588ab5c5e433
SHA256 520169aa6cf49d7ee724d1178de1be0e809e4bdcf671e06f3d422a0dd5fd294a
SHA512 b3d59eff5e38cef651c9603971bde77be7231ea8b7bdb444259390a8a9e452e107a0b6cb9cc93e37fd3b40afb2ba9e67217d648bfca52f7cdc4b60c7493b6b84

memory/3444-1302-0x00007FF867200000-0x00007FF867223000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI43442\libffi-8.dll

MD5 08b000c3d990bc018fcb91a1e175e06e
SHA1 bd0ce09bb3414d11c91316113c2becfff0862d0d
SHA256 135c772b42ba6353757a4d076ce03dbf792456143b42d25a62066da46144fece
SHA512 8820d297aeda5a5ebe1306e7664f7a95421751db60d71dc20da251bcdfdc73f3fd0b22546bd62e62d7aa44dfe702e4032fe78802fb16ee6c2583d65abc891cbf

memory/3444-1305-0x00007FF868520000-0x00007FF86852F000-memory.dmp

memory/3444-1316-0x00007FF859E40000-0x00007FF859E6D000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI43442\libogg-0.dll

MD5 6ffebd7d283079e9029c7f29d8ca7fba
SHA1 b470b09c8aa2f3e42bcff8392d95b6259cb87555
SHA256 0d9a915ea29ed4da271f86dbcfa90b52064a26b5136af590b2bb430d5dd6a67e
SHA512 2b9a9b5f298eefccf0a08af52d7c2c803db19ab9f3cedad2bb19df50466527c05e31f956b6018c9a337565448249465eba8952e9e8397b728b7f76e4f0561c68

memory/3444-1356-0x00007FF867C70000-0x00007FF867C89000-memory.dmp

memory/3444-1357-0x00007FF8678B0000-0x00007FF8678C4000-memory.dmp

memory/3444-1358-0x00007FF857CB0000-0x00007FF858028000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI43442\libmodplug-1.dll

MD5 072093b2671589d4ce465de2b92ebee4
SHA1 821d9827286271859640984df28e01b4a37341fb
SHA256 04d07b4dcae8d3998156d563df20881ba790c32389aca23ade91de9cf9f4a3d4
SHA512 522d5faa8d17017f1891374a23d6e653cd62b51818734bf1f7343248d09e1e314ae49821595818fe69af62c9e51debca4ae384e421ad8fa658aced95f977379e

C:\Users\Admin\AppData\Local\Temp\_MEI43442\libjpeg-9.dll

MD5 6e67e46f957f50215b7e68c9091db53f
SHA1 e969fa4858351c95c337352dd0578fe5a83403f0
SHA256 24b25fe9ebe303496973c4d11144b053a5f5a03eabf53f9d8eab0c15fdbfbffe
SHA512 86af5560269ef21490f5343ea3e0522f35e271d42e64f61a2f05471302856de79d34bf00658e1667d7145af48667627fa3897bca2fc479928ab9a62ecba81396

C:\Users\Admin\AppData\Local\Temp\_MEI43442\libcrypto-1_1.dll

MD5 dffcab08f94e627de159e5b27326d2fc
SHA1 ab8954e9ae94ae76067e5a0b1df074bccc7c3b68
SHA256 135b115e77479eedd908d7a782e004ece6dd900bb1ca05cc1260d5dd6273ef15
SHA512 57e175a5883edb781cdb2286167d027fdb4b762f41fb1fc9bd26b5544096a9c5dda7bccbb6795dcc37ed5d8d03dc0a406bf1a59adb3aeb41714f1a7c8901a17d

C:\Users\Admin\AppData\Local\Temp\_MEI43442\freetype.dll

MD5 522257e451efcc3bfe980f56d3fed113
SHA1 f5e12321517f523842943ea7f3ba74d449dba1f4
SHA256 8c74376e7932eebcd084191b40774056b32525ba48e375d942754cdc4fc03c60
SHA512 d590cd813281278be4aec86af3713216dd306399b4910221a2447a3200accbca1b5f8d9495bf21f69ff8e09e5465a71c715a85ce0d87cdc26cbf27b0fae2cc4c

C:\Users\Admin\AppData\Local\Temp\_MEI43442\crypto_clipper.json

MD5 28ace1f269a7b6ddc508fe2ef995eb89
SHA1 fc25b159929682bff11e6d3b413acba80300418a
SHA256 8011959661b3c6efee432bdc16b358de1c371aaccdbec068c9e65004262f988e
SHA512 4c1172eead25d9c6037729ad372975d545153213dba99e7308308f1f1c6594bb1322b6c1332e44bd3677458160211046762a5dbf72564e4c7d36f7371177dcd2

C:\Users\Admin\AppData\Local\Temp\_MEI43442\api-ms-win-crt-utility-l1-1-0.dll

MD5 57d3ee548db3a503ac391af798e0e2a2
SHA1 d686a96c5046d6d7a022c4266a5d0014745360a4
SHA256 2c80280e51c242466e10a36a0bf2a341607983b6f6648f93b0718b34ab5285c5
SHA512 f3ea9c8f2f230d23bc878e37044599b2c77f0bf6dd84b07c2f87a84263fb9ac7f44732f05e14781b6046afb2a39f27135c96d2da2ab9605bd00e55d9b0fffb0b

C:\Users\Admin\AppData\Local\Temp\_MEI43442\api-ms-win-crt-time-l1-1-0.dll

MD5 816a8932759bdb478d4263cacbf972e3
SHA1 ac9f2bed41e340313501aa7d33dcd369748f0496
SHA256 ce9a8e18923d12e2f62ce2a20693113000fc361cc816773037c155c273b99e7c
SHA512 5144f01bee04455d5b9a7b07e62f4afb928605331213eb483265016640198c175dc08673903ed5bc16b385ee76657aa4303776233d04347d9d1daadce39525c4

C:\Users\Admin\AppData\Local\Temp\_MEI43442\api-ms-win-crt-string-l1-1-0.dll

MD5 f9297b9ff06295bc07b7e5281b1face0
SHA1 d0eb0fddbb3eb187df0f0e5f9ddffcfc2e05f9b7
SHA256 c56a2ee0cc6dc1e7283b9bda8b7b2dba957329cb4bc9aca4cd99f88e108f9c04
SHA512 bec6222776015996eba744698d3254945dfe4bb4dc0d85528ee59a0f3b5fc5bb054bbf496d562cfc7b4cc81b4d3df5c53761931162a0091a49386233afba4f9c

C:\Users\Admin\AppData\Local\Temp\_MEI43442\api-ms-win-crt-stdio-l1-1-0.dll

MD5 8341f0371e25b8077fe61c89a9ef8144
SHA1 fc185203e33abed12e1398440cb2ee283ca9541a
SHA256 bd9a5d4554ef1a374257e8dd9436d89f686006ed1fd1cc44364b237bf5b795ff
SHA512 9c7e4e8d8e9e620f441ab5106820ec021d2b2323f44ed8cc8ec9673745dbc531347356f1ff195d63b62b09cc5c27e8f8641ce25be12ee9b700b5fc766337228b

C:\Users\Admin\AppData\Local\Temp\_MEI43442\api-ms-win-crt-runtime-l1-1-0.dll

MD5 364bc49cc7034f8a9981ade1ce565229
SHA1 fbd76c1842d1ccf563ece2db32fff4c71e7ca689
SHA256 6254fd07ace88685112e3a7b73676aabf13a1b1bc30c55dd976b34fea12b7f1d
SHA512 65e59e3358eb1bf26823c9538c74d343e7383591c021d2b340ef68aa9a274d65b15b30bbbe55f4b32e3a08fc79d4e179a6ce92eadb8c4be09a2c35c348ce10af

C:\Users\Admin\AppData\Local\Temp\_MEI43442\api-ms-win-crt-process-l1-1-0.dll

MD5 e3914d51afd864a6c6587aa9192c491b
SHA1 bae85701809bc259a8744aafa45cd7159e6c13f8
SHA256 28257cc063431f78284335ce3002ffb71b75c1e7ccabf5417bb42392c35564b4
SHA512 43b1445a80d309ec73d52d6cf68f4533a132fb55ab672e5e2a878bb42c1cb36d6e4c504d43fa4923e692c8be600f3f9d5a5edde80602636cb726eedfca23dfb8

memory/3444-1359-0x00007FF864F20000-0x00007FF864F39000-memory.dmp

memory/3444-1360-0x00007FF867FD0000-0x00007FF867FDD000-memory.dmp

memory/3444-1361-0x00007FF85F530000-0x00007FF85F54C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI43442\api-ms-win-crt-private-l1-1-0.dll

MD5 2e25e89a72ed18ba5d246bc525805de4
SHA1 63a1a4315e0d3f5b238dbc846d3e3c1492f18d06
SHA256 462c97364a7b6fcd5e4308c3e6971b696edb6a03c38a2df5049c1f0df2006d35
SHA512 4a47c9f44f61c68de721627027e88fa0cdf07830f024aeeaf5feb8a4618b37841bf01d9f456641ff97bcabf82de125ae0bd3482e4cb8d148fcb1898e2a7dd647

C:\Users\Admin\AppData\Local\Temp\_MEI43442\api-ms-win-crt-multibyte-l1-1-0.dll

MD5 0b057fa3a94c782da362d225c5974d12
SHA1 ca27a53ff2be1250e33045989e0fb515dfdfe3f3
SHA256 e1c519fef1622d35a05dd60e6464492f7b8ee6bbceee01563db82be66edb1346
SHA512 2dc6ef4d2d1f1bc050cba52e1a96242468fa25372f216e399163bce2e5e17c4911e097106f5727db4379c9fb603091b32f1e818695b362596037d7a6f43e06c7

C:\Users\Admin\AppData\Local\Temp\_MEI43442\api-ms-win-crt-math-l1-1-0.dll

MD5 a592d1b2ecc42d1a083f0d34feae2444
SHA1 29718af390f832626fcdcc57c107333cdb5743e1
SHA256 18a827b01de7b1a3d5c8d17b79ad2462a90308124448a9b8c47eccda39c3a095
SHA512 44bed6d24f1fa35b10d2b2b1574e7baf10182e60fdcb6cba5dd9de5cd7a5183198925e4fa5a7e2896564a30f7b70de69691713118d59bf5162ce35aff5bcf7a6

C:\Users\Admin\AppData\Local\Temp\_MEI43442\api-ms-win-crt-locale-l1-1-0.dll

MD5 75f1a5f65790560d9544f3fb70efba51
SHA1 f30a5751901cfffc250be76e13a8b711ebc06bcc
SHA256 e0e02ea6c17da186e25e352b78c80b1b3511b5c1590e5ba647b14a7b384af0f8
SHA512 b7e285ca35f6a8ae2ccbe21594d72152175301a02ad6b92fe130e1e226a0faad1bfad1bd49857401549c09b50feee2c42c23ca4c19b2845cad090f5b9e8e8f63

C:\Users\Admin\AppData\Local\Temp\_MEI43442\api-ms-win-crt-heap-l1-1-0.dll

MD5 4b038cdc70357d2dec440717ac344a52
SHA1 f67ba87f6830858845a5763381a47893af061bf8
SHA256 6a24e9cfb0efd9e1b90053d4ebd87fc35144e61ae3f6555c7d400542d648e2b5
SHA512 9557f15fa3c06de89ea8be0c959b94575a1c4587151687730f9e66fed095feb882d43ea32262000f871e6d860ce0c6c341cf5509a6ce81866f6d0efacb8526fe

C:\Users\Admin\AppData\Local\Temp\_MEI43442\api-ms-win-crt-filesystem-l1-1-0.dll

MD5 102a8c01049ef18cc6e8798a9e5d57f4
SHA1 9adef547e03032d8c5525cc9c7d4512fbeb53948
SHA256 e13edab280e7b3410d7f4ce30a8e8cae64f38652d770fc3bf223206f0c57aaa5
SHA512 a9fbc726f33399f55f70967f3f1bf374589eaad9581d9e94228d39afa06cdce31ed25bdc04805aad361c7cafbeb56ca39f6693259d67457199d4423a61b32263

C:\Users\Admin\AppData\Local\Temp\_MEI43442\api-ms-win-crt-environment-l1-1-0.dll

MD5 e41612752a7dfbbe756322cf48e106b9
SHA1 0ec106e926c9837a43e1d7ec8d1a5f03edd5ec3d
SHA256 4bb9d36e0e034652f2331ddb43ee061608f436cbc9e5771b4d27b28fa10f5248
SHA512 9bed9399e896d1cc58cc06e8d7ec6cc3345be6d15ca307c670e0f282c9ebe48a6cc1b145c2ecf94d84214cddff8f0d0d720ea984478c74c98e2499c2184638c9

C:\Users\Admin\AppData\Local\Temp\_MEI43442\api-ms-win-crt-convert-l1-1-0.dll

MD5 87e2934e49d7d111f383673f97d5029e
SHA1 267603d5510b775de3667f7d92bfaa3bd60e6533
SHA256 fb9dd774b25ab8e661c922caffb976c37a4d10a631ab65665da60016ef0c4d7c
SHA512 e6025ad419359ad3e06cc7a3b3b7436464dbbc71b91653833575264a5f8b0d781844a411bcd915d404b9a8c0a056eaf6d4d412723936845b53bfb5368bf5f7a7

C:\Users\Admin\AppData\Local\Temp\_MEI43442\api-ms-win-crt-conio-l1-1-0.dll

MD5 9eb2c06decaae1a109a94886a26eec25
SHA1 307ce096bee44f54a6d37aab1ef123fb423ed028
SHA256 da8fd2fe08a531d2331c1fbee9f4ae9015b64f24a2654a7f82418c86b4ab6909
SHA512 7e701cb00a4cab8d5b3ecf55a16fef0103f9be1aa3fd7b53c7bab968708c21e8d1c763ad80a7a8d6c76dd45ddd244c9c9e8944455c2025b4195660b61ac1e8b7

C:\Users\Admin\AppData\Local\Temp\_MEI43442\api-ms-win-core-util-l1-1-0.dll

MD5 f7fdc91ac711a9bb3391901957a25cea
SHA1 1cebc5497e15051249c951677b5b550a1770c24f
SHA256 de47c1f924dc12e41d3a123b7dcce0260e7758b90fb95ec95c270fc116fc7599
SHA512 0e03c998622d6bf113e8d3b4dab728974391efecf59df89f938bd22240488e71885c05fb0fa805948b3d9645758409a0966299b26625aa36e3fd6e519ee22769

C:\Users\Admin\AppData\Local\Temp\_MEI43442\api-ms-win-core-timezone-l1-1-0.dll

MD5 b9a20c9223d3e3d3a0c359f001ce1046
SHA1 9710b9a8c393ba00c254cf693c7c37990c447cc8
SHA256 00d9a7353be0a54c17e4862b86196a8b2bc6a007899fa2fbe61afd9765548068
SHA512 a7d5611c0b3b53da6cac61e0374d54d27e6e8a1af90ef66cd7e1b052f906c8b3f6087f4c6de0db3ae0b099df7689ecde6c815a954b728d36d9d3b5d002ccf18e

C:\Users\Admin\AppData\Local\Temp\_MEI43442\api-ms-win-core-sysinfo-l1-1-0.dll

MD5 e4893842d031b98cac1c6f754a2a3f8d
SHA1 2b0187134e40d27553a85dd4ec89dd6c40e58a24
SHA256 abe4c1464b325365d38e0bc4ae729a17a7f6f7ba482935c66e6840e1b0d126c5
SHA512 fc61a66fdc7213857f204bd0b20671db7092e0010e07b5e0e8e8408ace8ac5b6e696a7d9fc969233b2b3ad5dae4d3b291b007ff27a316e7fb750bfc93257c532

C:\Users\Admin\AppData\Local\Temp\_MEI43442\api-ms-win-core-synch-l1-2-0.dll

MD5 b962237df7ea045c325e7f97938097cb
SHA1 1115e0e13ecc177d057e3d1c9644ac4d108f780a
SHA256 a24dd6afdb4c4aa450ae4bc6a2861a49032170661b9c1f30cd0460c5dc57e0f7
SHA512 19ac4cccaaa59fbae042d03ba52d89f309bd2591b035f3ec3df430ff399d650fcf9c4d897834a520dea60dc0562a8a6f7d25a1fffcd32f765a4eaffe4c7d5ea2

C:\Users\Admin\AppData\Local\Temp\_MEI43442\api-ms-win-core-synch-l1-1-0.dll

MD5 bccc676f2fb18c1a1864363e5a649a88
SHA1 a095a83a32a4a65fe16aa0be9a517239fac5db0d
SHA256 9d3f803dc791d2ff2e05059f9bb9207cc8f4134e1ac05f20edd20cfadd6e72c0
SHA512 55aab9fa6f7c4904e4beea4ce250f45fb71c2dd6a6f099f4017101ebc45c0a6e303b6a222f49c971992cafe8988a042b7ef8e94671be858c926105021514737a

C:\Users\Admin\AppData\Local\Temp\_MEI43442\api-ms-win-core-string-l1-1-0.dll

MD5 b65933f7bcadc7072d5a2d70ecba9f81
SHA1 c53561755b9f33d0ae7874b3a7d67bedcb0129d8
SHA256 eadf535795df58d4f52fc6237fe46feb0f8166daca5eaaa59cec3cee50a9181d
SHA512 4cbb8bda8609404fe84ca36a8cbfe1d69c55dee2b969231b2fa00ca9139d956196a2babbb80a1a2bb430a34e6bd335294f452bcbe9e44411561ebdf21e4aba91

C:\Users\Admin\AppData\Local\Temp\_MEI43442\api-ms-win-core-rtlsupport-l1-1-0.dll

MD5 0b30c6862b5224cc429fe2eb2b7bf14b
SHA1 5c3affa14e3bfdafe09e9841a2920b57c7fcbc56
SHA256 d9c6f93c4972db08c7888d55e8e59e8aba022d416817d65bc96e5a258c859b5f
SHA512 b378f2a2812245ea948d81a925d041dbd7e7a8fb2770cf7dd47643da20f5c685c6121479f95b293177a9480290b17c49e7b4fc10d33734cf883d2c614daae1bf

C:\Users\Admin\AppData\Local\Temp\_MEI43442\api-ms-win-core-profile-l1-1-0.dll

MD5 1be729c6d9bf1b58f435b23e7f87ba49
SHA1 4b2df3fab46a362ee46057c344995fa622e0672a
SHA256 4c425fbb8d2319d838733ab9cec63a576639192d993909e70cf84f49c107f785
SHA512 ceccc5ff2bd90a91cfbb948f979576795ff0a9503ddaafd268c14306f93d887975bd376b62ed688be51bb88b3a0c54ef332be93b4b0d8737b5ab70a661b11416

C:\Users\Admin\AppData\Local\Temp\_MEI43442\api-ms-win-core-processthreads-l1-1-1.dll

MD5 774aa9f9318880cb4ad3bf6f464da556
SHA1 3a5c07cf35009c98eb033e1cbde1900135d1abf8
SHA256 ba9fbd3a21879614c050c86a74ad2fffc0362266d6fa7be0ef359de393136346
SHA512 f7b57afb9810e3390d27a5469572fb29f0f1726f599403a180e685466237dff5dec4fdce40105ef1bb057e012d546308213e7cec73e0d7d3c5815eec8189a75d

C:\Users\Admin\AppData\Local\Temp\_MEI43442\api-ms-win-core-processthreads-l1-1-0.dll

MD5 73586decad3b3d90653750504b356a5c
SHA1 39a7ee1660ca1291314ef78150e397b1d8683e03
SHA256 34f560c3e56f40db5df695c967b6e302e961085bc037bb9a1c2d2c866a9df48f
SHA512 9ec299e930d2b89ad379613f8fa63669ec7c858da8a24608b92175f42b0be75f8aa2e1727dabf7638ae9d2942d03840f288eab53f2c9f38dbea1325f1ea8b22b

C:\Users\Admin\AppData\Local\Temp\_MEI43442\api-ms-win-core-processenvironment-l1-1-0.dll

MD5 4f1303827a67760d02feb54e9258edb1
SHA1 340d7029c39708d14da79b12a0e2ed0a8bc7c020
SHA256 77fc9adf1a734d9717700b038b98b4337a494fc4f7e1e706c82e97dbca896fd8
SHA512 20f067d1c2749c709e4fc45da8d9eb5b813f54d0e09fa482d00bc4a7e5744c587d0afc00cdd5263b4223fe94baa3f8ca110d010339f9e3f1c6b2700888dbe3d0

C:\Users\Admin\AppData\Local\Temp\_MEI43442\api-ms-win-core-namedpipe-l1-1-0.dll

MD5 d1bc9b3a7aa94d10c41fa16210aa9dba
SHA1 a358b824b1f26ead420d2100e5f1a3fb74af2b7a
SHA256 75652caf05e86adc88ed214fd208b4a289489cac2b28fd358e302e2e7c3c338f
SHA512 149478dfca0165d5a68e89070017cda3400926284eaa2143a810138ff710079cde413c031721de5b58cb834f03d4c5df5b4bd6c2bdb65687755ad77cae778b30

C:\Users\Admin\AppData\Local\Temp\_MEI43442\api-ms-win-core-memory-l1-1-0.dll

MD5 064fb2e1b5e90796a68d1edf91269ad3
SHA1 6e3a8c568f038879b7b102975a4471b2489f5493
SHA256 3500935e638f7d0ae2bf564bf77f9329811329261185fcdb9cd702b999889ffd
SHA512 821f091529d45531811a73664473cebb372a310d855e1a4c1a028ad4dc7d36146d3030dcf10de8a4a4bf16fb535fe3d0d2e1fcd22959690842388abb177b0036

C:\Users\Admin\AppData\Local\Temp\_MEI43442\api-ms-win-core-localization-l1-2-0.dll

MD5 3589557535bba7641da3d76eefb0c73d
SHA1 6f63107c2212300c7cd1573059c08b43e5bd9b95
SHA256 642b01bb93d2cb529acf56070d65aae3202fd0b48d19fd40ec6763b627bcbee6
SHA512 7aedf3cf686b416f8b419f8af1d57675096ab2c2378c5a006f6ecbf2fe1ad701f28b7be8f08c9083230cf4d15d463371e92a6032178cd6c139d60b26fbd49b06

C:\Users\Admin\AppData\Local\Temp\_MEI43442\api-ms-win-core-libraryloader-l1-1-0.dll

MD5 d042aa497ce2a9f03296f8de68ed0680
SHA1 f483a343a18b960630ccf0e6de2f82883550f3bf
SHA256 de3d2c5519f74a982f06f3f3fda085571c0cdcf5ad8d2d331c79d9c92062bdc3
SHA512 4e157c8701860982ce0dec956fe4bfb684d2db3eaa9e784f179d385be905fd0551ba90cc27c54179fc39a693d9c742364f2bf1a5444424ba5eae38103b5f0e02

C:\Users\Admin\AppData\Local\Temp\_MEI43442\api-ms-win-core-interlocked-l1-1-0.dll

MD5 5872cb5ca3980697283aab9007196ae6
SHA1 26e8de47d9bee371f6c7a47f206a131965b6b481
SHA256 0dff50774693fcb71782b5e214419032a8c00b3031151d93be5c971b6f62cd45
SHA512 9b3e2fa9f66d29bfc7a4ca5d673b395bcda223a85fd06c94a11217047c1a312148c9c6270d7f69dfef06b25f8b5ad46717a829bde55f540c804a4ba4c4af070c

C:\Users\Admin\AppData\Local\Temp\_MEI43442\api-ms-win-core-heap-l1-1-0.dll

MD5 a8b967b65232ecce7261eaecf39e7d6d
SHA1 df0792b29c19d46a93291c88a497151a0ba4366d
SHA256 8fcc9a97a8ad3be9a8d0ce6bb502284dd145ebbe587b42cdeaa4262279517c1d
SHA512 b8116208eb646ec1c103f78c768c848eb9d8d7202ebdab4acb58686e6f0706f0d6aaa884e11065d7ece63ebbd452f35b1422bd79e6eb2405fb1892758195ccbb

C:\Users\Admin\AppData\Local\Temp\_MEI43442\api-ms-win-core-handle-l1-1-0.dll

MD5 567ff20a8d330cbb3278d3360c8d56f5
SHA1 cdf0cfc650da3a1b57dc3ef982a317d37ffb974d
SHA256 47dfbe1ecc8abc002bd52dcd5281ed7378d457789be4cb1e9bee369150d7f5c8
SHA512 1643e900f13509f0ef9c7b7f8f2401fb3b6f2c0c39b512c623615df92b1e69df042ef1a0c6aace82173ce5d4d3c672c1636d6ee05545ce5c3b7374ab745e0e87

C:\Users\Admin\AppData\Local\Temp\_MEI43442\api-ms-win-core-file-l2-1-0.dll

MD5 bfffa7117fd9b1622c66d949bac3f1d7
SHA1 402b7b8f8dcfd321b1d12fc85a1ee5137a5569b2
SHA256 1ea267a2e6284f17dd548c6f2285e19f7edb15d6e737a55391140ce5cb95225e
SHA512 b319cc7b436b1be165cdf6ffcab8a87fe29de78f7e0b14c8f562be160481fb5483289bd5956fdc1d8660da7a3f86d8eede35c6cc2b7c3d4c852decf4b2dcdb7f

C:\Users\Admin\AppData\Local\Temp\_MEI43442\api-ms-win-core-file-l1-1-0.dll

MD5 abf9850eb219be4976a94144a9eba057
SHA1 3d8c37588b36296240934b2f63a1b135a52fcee2
SHA256 41c5c577fea3ce13d5beb64ce0920f1061f65bcf39eafa8cd3dfc09ff48bcf76
SHA512 dfaafb43ce7f05b2db35eac10b314fb506c6aada80f6c4327b09ec33c170478ebd0eea19f1c6ca2e4832bfa41f769046deca8f15d54b7966134d166ee6036bda

C:\Users\Admin\AppData\Local\Temp\_MEI43442\api-ms-win-core-file-l1-2-0.dll

MD5 2b36752a5157359da1c0e646ee9bec45
SHA1 708aeb7e945c9c709109cea359cb31bd7ac64889
SHA256 3e3eb284937b572d1d70ce27be77b5e02eb73704c8b50feb5eb933db1facd2fc
SHA512 fc56080362506e3f38f1b3eb9d3193cdb9e576613c2e672f0fe9df203862f8a0f31938fa48b4ff7115dfe6016fa1fd5c5422fdc1913df63b3fde5f478a8417a1

C:\Users\Admin\AppData\Local\Temp\_MEI43442\_lzma.pyd

MD5 3798175fd77eded46a8af6b03c5e5f6d
SHA1 f637eaf42080dcc620642400571473a3fdf9174f
SHA256 3c9d5a9433b22538fc64141cd3784800c567c18e4379003329cf69a1d59b2a41
SHA512 1f7351c9e905265625d725551d8ea1de5d9999bc333d29e6510a5bca4e4d7c1472b2a637e892a485a7437ea4768329e5365b209dd39d7c1995fe3317dc5aecdf

memory/3444-1362-0x00007FF857990000-0x00007FF857A48000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI43442\_lzma.pyd

MD5 3798175fd77eded46a8af6b03c5e5f6d
SHA1 f637eaf42080dcc620642400571473a3fdf9174f
SHA256 3c9d5a9433b22538fc64141cd3784800c567c18e4379003329cf69a1d59b2a41
SHA512 1f7351c9e905265625d725551d8ea1de5d9999bc333d29e6510a5bca4e4d7c1472b2a637e892a485a7437ea4768329e5365b209dd39d7c1995fe3317dc5aecdf

memory/3444-1363-0x00007FF859E10000-0x00007FF859E3E000-memory.dmp

memory/3444-1365-0x00007FF85FBE0000-0x00007FF85FBEB000-memory.dmp

memory/3444-1364-0x00007FF8671F0000-0x00007FF8671FD000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_MEI43442\_bz2.pyd

MD5 2d461b41f6e9a305dde68e9c59e4110a
SHA1 97c2266f47a651e37a72c153116d81d93c7556e8
SHA256 abbe3933a34a9653a757244e8e55b0d7d3a108527a3e9e8a7f2013b5f2a9eff4
SHA512 eef132df6e52eb783bad3e6af0d57cb48cda2eb0edb6e282753b02d21970c1eea6bab03c835ff9f28f2d3e25f5e9e18f176a8c5680522c09da358a1c48cf14c8

C:\Users\Admin\AppData\Local\Temp\_MEI43442\api-ms-win-core-errorhandling-l1-1-0.dll

MD5 98340ffd2b1d8affef27d4b1260aeac5
SHA1 b428b39aa814a7038a1ddff9b64b935f51833a26
SHA256 7388a019922e9a0a3d05a8605a5307e3141b39f7d57b7faca5d34e72adfd5fa5
SHA512 6165c5be0360d55403e9dfd4e9df4ff9a12e5fb6057ed9278da09e688751487e46d9dd64949375c00764cbb4355cc13a1ea714055050f2ab7d432977b8443f81

C:\Users\Admin\AppData\Local\Temp\_MEI43442\api-ms-win-core-debug-l1-1-0.dll

MD5 a00ebd3cf88d668be6d62a25fa4fb525
SHA1 edb07eafd08991611389293e2be80f8ee98f1e62
SHA256 b44646453584305d4edf8ab5f5d1adea6b9650bd2b75f8486fc275be52b86433
SHA512 d63f0e9f2e079ee06aa3ab96a0bd2d169564896027b731ee2597327bdc55456c5fd0c2d8c7e68165fc80bbc3fe0c24a3388d4c3615f33fc9f9fc0b205ae9ba7a

C:\Users\Admin\AppData\Local\Temp\_MEI43442\api-ms-win-core-datetime-l1-1-0.dll

MD5 3095c9577395249e105410bdcc585f77
SHA1 7dfc0c81f8f28cbf36c5acdb83523569b430b944
SHA256 c08be448195f46c4b423d0ce0c2cdc343e842ff1f91b16a8d3c09d5152150917
SHA512 555568fc23ade238bcc13a447520d395546def4409a002d795dd3abea03b15321491bc63c97f4ed8eb78aa411a0b1267dce5c528e51dcac8ca9e93b8f5265786

C:\Users\Admin\AppData\Local\Temp\_MEI43442\api-ms-win-core-console-l1-1-0.dll

MD5 a148dc22ea14cd5578de22b2dfb0917f
SHA1 eaccb66f62e5b6d7154798e596eabd3cef00b982
SHA256 7603e172853a9711fbdc53b080432ad12984b463768dbc3aa842a26f5b26ae23
SHA512 4e3c927692fc41889b596273aea8bbd776cf7644dae26c411c12bda23cd3299a5c9adc06a930294310f002de74592a244767378fc9e37ec76e86bfa23f4c0478

C:\Users\Admin\AppData\Local\Temp\_MEI43442\_bz2.pyd

MD5 2d461b41f6e9a305dde68e9c59e4110a
SHA1 97c2266f47a651e37a72c153116d81d93c7556e8
SHA256 abbe3933a34a9653a757244e8e55b0d7d3a108527a3e9e8a7f2013b5f2a9eff4
SHA512 eef132df6e52eb783bad3e6af0d57cb48cda2eb0edb6e282753b02d21970c1eea6bab03c835ff9f28f2d3e25f5e9e18f176a8c5680522c09da358a1c48cf14c8

C:\Users\Admin\AppData\Local\Temp\_MEI43442\_ctypes.pyd

MD5 1adfe4d0f4d68c9c539489b89717984d
SHA1 8ae31b831b3160f5b88dda58ad3959c7423f8eb2
SHA256 64e8fd952ccf5b8adca80ce8c7bc6c96ec7df381789256fe8d326f111f02e95c
SHA512 b403cc46e0874a75e3c0819784244ed6557eae19b0d76ffd86f56b3739db10ea8deec3dc1ca9e94c101263d0ccf506978443085a70c3ab0816885046b5ef5117

C:\Users\Admin\AppData\Local\Temp\_MEI43442\python3.dll

MD5 b711598fc3ed0fe4cf2c7f3e0877979e
SHA1 299c799e5d697834aa2447d8a313588ab5c5e433
SHA256 520169aa6cf49d7ee724d1178de1be0e809e4bdcf671e06f3d422a0dd5fd294a
SHA512 b3d59eff5e38cef651c9603971bde77be7231ea8b7bdb444259390a8a9e452e107a0b6cb9cc93e37fd3b40afb2ba9e67217d648bfca52f7cdc4b60c7493b6b84

C:\Users\Admin\AppData\Local\Temp\_MEI43442\libffi-8.dll

MD5 08b000c3d990bc018fcb91a1e175e06e
SHA1 bd0ce09bb3414d11c91316113c2becfff0862d0d
SHA256 135c772b42ba6353757a4d076ce03dbf792456143b42d25a62066da46144fece
SHA512 8820d297aeda5a5ebe1306e7664f7a95421751db60d71dc20da251bcdfdc73f3fd0b22546bd62e62d7aa44dfe702e4032fe78802fb16ee6c2583d65abc891cbf

memory/3444-1366-0x00007FF858380000-0x00007FF858969000-memory.dmp

memory/3444-1367-0x00007FF867200000-0x00007FF867223000-memory.dmp

memory/3444-1368-0x00007FF857960000-0x00007FF857983000-memory.dmp

memory/3444-1369-0x00007FF857840000-0x00007FF85795C000-memory.dmp

memory/3444-1370-0x00007FF8678B0000-0x00007FF8678C4000-memory.dmp

memory/3444-1372-0x00007FF857800000-0x00007FF857838000-memory.dmp

memory/3444-1371-0x00007FF857CB0000-0x00007FF858028000-memory.dmp

memory/3444-1374-0x00007FF859FF0000-0x00007FF859FFB000-memory.dmp

memory/3444-1375-0x00007FF859400000-0x00007FF85940C000-memory.dmp

memory/3444-1376-0x00007FF8577F0000-0x00007FF8577FB000-memory.dmp

memory/3444-1373-0x00007FF85F1C0000-0x00007FF85F1CB000-memory.dmp

memory/3444-1377-0x00007FF8577E0000-0x00007FF8577EC000-memory.dmp

memory/3444-1379-0x00007FF8577C0000-0x00007FF8577CE000-memory.dmp

memory/3444-1378-0x00007FF8577D0000-0x00007FF8577DD000-memory.dmp

memory/3444-1380-0x00007FF8577B0000-0x00007FF8577BC000-memory.dmp

memory/3444-1381-0x00007FF8577A0000-0x00007FF8577AC000-memory.dmp

memory/3444-1382-0x00007FF857790000-0x00007FF85779B000-memory.dmp

memory/3444-1383-0x00007FF857780000-0x00007FF85778B000-memory.dmp

memory/3444-1385-0x00007FF857760000-0x00007FF85776C000-memory.dmp

memory/3444-1384-0x00007FF857770000-0x00007FF85777C000-memory.dmp

memory/3444-1387-0x00007FF857720000-0x00007FF85772C000-memory.dmp

memory/3444-1388-0x00007FF857700000-0x00007FF857715000-memory.dmp

memory/3444-1389-0x00007FF8576C0000-0x00007FF8576D4000-memory.dmp

memory/3444-1386-0x00007FF857730000-0x00007FF857742000-memory.dmp

memory/3444-1390-0x00007FF857590000-0x00007FF8575D0000-memory.dmp

memory/3444-1391-0x00007FF857580000-0x00007FF85758E000-memory.dmp

memory/3444-1392-0x00007FF85F1D0000-0x00007FF85F1DB000-memory.dmp

memory/3444-1393-0x00007FF864F20000-0x00007FF864F39000-memory.dmp

memory/3444-1394-0x00007FF85A000000-0x00007FF85A00C000-memory.dmp

memory/3444-1395-0x00007FF857750000-0x00007FF85775D000-memory.dmp

memory/3444-1396-0x00007FF8576E0000-0x00007FF8576F2000-memory.dmp

memory/3444-1397-0x00007FF8576A0000-0x00007FF8576BB000-memory.dmp

memory/3444-1398-0x00007FF8575F0000-0x00007FF857602000-memory.dmp

memory/3444-1399-0x00007FF8575D0000-0x00007FF8575E5000-memory.dmp

memory/3444-1400-0x00007FF8684E0000-0x00007FF8684FC000-memory.dmp

memory/3444-1401-0x00007FF857990000-0x00007FF857A48000-memory.dmp

memory/3444-1402-0x00007FF868480000-0x00007FF8684DD000-memory.dmp

memory/3444-1403-0x00007FF868400000-0x00007FF868429000-memory.dmp

memory/3444-1404-0x00007FF85F570000-0x00007FF85F59E000-memory.dmp

memory/3444-1405-0x00007FF859B90000-0x00007FF859BB3000-memory.dmp

memory/3444-1406-0x00007FF859A10000-0x00007FF859B87000-memory.dmp

memory/3444-1407-0x00007FF8683F0000-0x00007FF8683FB000-memory.dmp

memory/3444-1408-0x00007FF8683E0000-0x00007FF8683EB000-memory.dmp

memory/3444-1409-0x00007FF85F560000-0x00007FF85F56C000-memory.dmp

memory/3444-1410-0x00007FF859A00000-0x00007FF859A0C000-memory.dmp

memory/3444-1411-0x00007FF8599F0000-0x00007FF8599FB000-memory.dmp

memory/3444-1412-0x00007FF8599E0000-0x00007FF8599EC000-memory.dmp

memory/3444-1413-0x00007FF8599D0000-0x00007FF8599DD000-memory.dmp

memory/3444-1414-0x00007FF8599C0000-0x00007FF8599CE000-memory.dmp

memory/3444-1415-0x00007FF8599B0000-0x00007FF8599BC000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_h4qi1i31.m5k.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/3444-1545-0x00007FF858380000-0x00007FF858969000-memory.dmp

memory/3444-1546-0x00007FF867200000-0x00007FF867223000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\logs\executed_at_2023-10-01_01-13-05.log

MD5 dc72e3f110197a45019357994084eeae
SHA1 b8a4bf93ce6750bba26f6a63505eb82b6725eac2
SHA256 38f9951af4bbd4f6b8ece0192e0787f09de914448b85a9940fda50e5190249e2
SHA512 3271d15f1350f1a8e3844d16f3fdec6dfb20a7e4d8b7b0fa92d7e1a554eaa9ec7e91618b20a8a529aa46625e9f59e336471931343ea6d3a34d8c9a54d2afcc0c

memory/3444-1573-0x00007FF857960000-0x00007FF857983000-memory.dmp

memory/3444-1575-0x00007FF857800000-0x00007FF857838000-memory.dmp

memory/3444-1581-0x00007FF858380000-0x00007FF858969000-memory.dmp

memory/3444-1583-0x00007FF867200000-0x00007FF867223000-memory.dmp

memory/3444-1584-0x00007FF868520000-0x00007FF86852F000-memory.dmp

memory/3444-1589-0x00007FF859E40000-0x00007FF859E6D000-memory.dmp

memory/3444-1587-0x00007FF867C70000-0x00007FF867C89000-memory.dmp

memory/3444-1591-0x00007FF8678B0000-0x00007FF8678C4000-memory.dmp

memory/3444-1593-0x00007FF857CB0000-0x00007FF858028000-memory.dmp

memory/3444-1595-0x00007FF864F20000-0x00007FF864F39000-memory.dmp

memory/3444-1597-0x00007FF867FD0000-0x00007FF867FDD000-memory.dmp

memory/3444-1599-0x00007FF85F530000-0x00007FF85F54C000-memory.dmp

memory/3444-1601-0x00007FF859E10000-0x00007FF859E3E000-memory.dmp

memory/3444-1603-0x00007FF857990000-0x00007FF857A48000-memory.dmp

memory/3444-1605-0x00007FF8671F0000-0x00007FF8671FD000-memory.dmp

memory/3444-1609-0x00007FF8576E0000-0x00007FF8576F2000-memory.dmp

memory/3444-1611-0x00007FF8576C0000-0x00007FF8576D4000-memory.dmp

memory/3444-1615-0x00007FF8575F0000-0x00007FF857602000-memory.dmp

memory/3444-1614-0x00007FF8576A0000-0x00007FF8576BB000-memory.dmp

memory/3444-1613-0x00007FF857800000-0x00007FF857838000-memory.dmp

memory/3444-1612-0x00007FF857840000-0x00007FF85795C000-memory.dmp

memory/3444-1610-0x00007FF857960000-0x00007FF857983000-memory.dmp

memory/3444-1608-0x00007FF85FBE0000-0x00007FF85FBEB000-memory.dmp

memory/3444-1607-0x00007FF857700000-0x00007FF857715000-memory.dmp

memory/3444-1617-0x00007FF8575D0000-0x00007FF8575E5000-memory.dmp

memory/3444-1619-0x00007FF857590000-0x00007FF8575D0000-memory.dmp

memory/3444-1620-0x00007FF857580000-0x00007FF85758E000-memory.dmp

memory/3444-1624-0x00007FF8684E0000-0x00007FF8684FC000-memory.dmp

memory/3444-1627-0x00007FF868400000-0x00007FF868429000-memory.dmp

memory/3444-1626-0x00007FF868480000-0x00007FF8684DD000-memory.dmp

memory/3444-1631-0x00007FF859B90000-0x00007FF859BB3000-memory.dmp

memory/3444-1633-0x00007FF859A10000-0x00007FF859B87000-memory.dmp

memory/3444-1630-0x00007FF85F570000-0x00007FF85F59E000-memory.dmp

memory/3444-1644-0x00007FF8598E0000-0x00007FF859915000-memory.dmp

memory/3444-1646-0x00007FF859820000-0x00007FF8598DC000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 4d25fc6e43a16159ebfd161f28e16ef7
SHA1 49941a4bc3ed1ef90c7bcf1a8f0731c6a68facb4
SHA256 cee74fad9d775323a5843d9e55c770314e8b58ec08653c7b2ce8e8049df42bb5
SHA512 ea598fb8bfe15c777daeb025da98674fe8652f7341e5d150d188c46744fce11c4d20d1686d185039c5025c9a4252d1585686b1c3a4df4252e69675aaf37edfc1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1fddbf57f56312ef2288a00cb28672e3
SHA1 7f0341cd7aaa1ad69dec9381eb52a78948bba448
SHA256 06b1849fc729c8b3a02760409a5b4ed2ae7dd8184778845d38b8c094c117bfef
SHA512 a50048ec525c85bf607d04d27fa315deb7e603822808771921dd601342fe067eff5bb0c77a20874ed6ce840d4a71b6acc83872a7b9286fcf843c48cacc249bf9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d38187051c42b4239483f90b343d6fb6
SHA1 835ea40fd650b702441c8e300cdbc57ae622fd9b
SHA256 dab156e548c620e8561f07116706d03e44dffe6f0da6d321cbd1e816b1c8fd64
SHA512 dba57edc0c13ba84c0da3821ea3a11fbb9a7e37034246fbad12073244a41a841b8c5d8b7effb08d85c01f2b8148f3a93ba33d0082983655d68f4f0bf00881ea8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 77d88165245be8953401e40add6d7d11
SHA1 4f3f5e34ba3ad67c13facbe6151e80a25287271d
SHA256 1507140ee83eff822ac0f4e20f26f6759bf6f85725742e2f1e101cb77291e46f
SHA512 e3e9394639342cf72af0bc4764fab83b9982394165f83ac15976784fb0486dcb2afa3b2f977e18e12b900ba128192f3130fe7f10fe44d993f6b3cb0cbfe8a2bd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 d555d038867542dfb2fb0575a0d3174e
SHA1 1a5868d6df0b5de26cf3fc7310b628ce0a3726f0
SHA256 044cac379dddf0c21b8e7ee4079d21c67e28795d14e678dbf3e35900f25a1e2e
SHA512 d8220966fe6c3ae4499bc95ab3aead087a3dd915853320648849d2fc123a4acd157b7dba64af0108802522575a822651ecc005523c731423d9131ee679c2712f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

MD5 7f64f527eb916de76d5559f2af78c4c5
SHA1 a08d47d130d2025d8c678609fa857e4da5d34105
SHA256 76c12bca3ea33b6d5d0c248b8a7935e467a3cd35257cae3829d16a3dc5abf891
SHA512 6c706f7a5465a6bd002c004726e35719a1df7a8ce84d3ca620db22ae9016c4285cc344e8d080898fca2212b9c2e801e43951a55b46244e080086bf1dcedee56f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

MD5 c3c0eb5e044497577bec91b5970f6d30
SHA1 d833f81cf21f68d43ba64a6c28892945adc317a6
SHA256 eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb
SHA512 83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

MD5 a687ae36c922a910a0715f7a9e24d63b
SHA1 8101c7def2ef9d443f1aed85394553ba9e21f9c7
SHA256 2f20bd8b5aae2ba23672fc28a2c9dc68a577caf023aa420e19d8f500bd4f44df
SHA512 733fd626af7440320df4c1c5d58968b5fd507954ce4b803e666d5300f7bb36ffa9e5b0d84441702d8319b3f3032470f1e1287a2fd1d349ae09a839113739512f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

MD5 2e86a72f4e82614cd4842950d2e0a716
SHA1 d7b4ee0c9af735d098bff474632fc2c0113e0b9c
SHA256 c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f
SHA512 7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

MD5 710d7637cc7e21b62fd3efe6aba1fd27
SHA1 8645d6b137064c7b38e10c736724e17787db6cf3
SHA256 c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b
SHA512 19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

MD5 20b4214373f69aa87de9275e453f6b2d
SHA1 05d5a9980b96319015843eee1bd58c5e6673e0c2
SHA256 aa3989bee002801f726b171dcc39c806371112d0cfd4b4d1d4ae91495a419820
SHA512 c1e86e909473386b890d25d934de803f313a8d8572eb54984b97f3f9b2b88cbe2fb43a20f9c3361b53b040b3b61afb154b3ec99a60e35df8cf3563dabf335f54

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

MD5 2e0ba2f77fbfe3e0bba7a349df175f04
SHA1 52d4a4c17d7a136e4ecafe307ae6757e6ff684a0
SHA256 6774f8a1149b0c16efeeefb2f77246aebe1534e20b84a4d9f2dea26142109315
SHA512 04bf7ecbf4eebe63649a3d788ae8692d906c5ccb2837977f837c54d404bdaa4a1be3ab484e4836778305a29d18c9ccc8ab6516d17d1f7c685fac0f5cb61ab460

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 4ed95901bba00cc8a95a4e4f5a990734
SHA1 b101f363d588172993113a31ca2eb493f892f9b5
SHA256 9bbec454e63496d3ab86c19d7146995f5623159f3e3c773c0616186a2e2d0849
SHA512 376c49abaa61dfb045b593b38f89d1342daed6ec2d87fc41e72a8364ec52748954b0cd40e3aa29dd87bf4c09986ca4a5e4df8fb8b901ffba250ccc06d0259e45

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5a730e.TMP

MD5 bf7f3b3b8352a30d8f6c5f21abe653e9
SHA1 d6a9b7b3fcd6d0d0674c9ef6fac5d0bb6db89a32
SHA256 c5a4a0e8268d0bc8aed45eb1f5a93c641ea7179039019835e2b753351b06f4ff
SHA512 544c10f7ba4d42865b781560cafc2bdae93315a93525712365c040ffe16db6cd5d0ec2d9460561f2673fc1379f252f1d463579516f17bdd403d2e58a39c0f4eb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 64090f0dd115da86673a4c3bd970b535
SHA1 5bd433a2ef58b7a6827ffa83cea5fc56017c9f61
SHA256 7e904e0cccfacb831fec10fd8a3b41abb14539e12c1ae26f7d1d428834ad3192
SHA512 f4c14d4ae5035fb5252342ae805414c21753f15cf5ab618f0c248784f1951c5535c33f054549a3d8cc004482e3e596c851da87521e78ca653bb3e6af4a49680e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 ffe10e0f8ba1e0b899c52ac58658f53d
SHA1 6095afb9604c2d654f9a11ceb6c9ae335779674c
SHA256 fa7f076ad148b0c01f95fde1e07dc704d0ae43b72c60c531b2734686df1c17e8
SHA512 46422c31b2a32d0259e373c5157efee5cae16825fb71243f48c0b483cadb13523ed91aac9cd738344ad1629b12f6327506a40fca2d5b522273932e73ab243c4f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 e84bdae219288348ac4f32ae04d59085
SHA1 5f1b556be516b52e21a3525f7df1b5109e26c1e7
SHA256 4702d43854ca895025a7bf917873c9e2e40e12ce49419bb93ebb8c21dd8254ad
SHA512 1dd4fec29648b9781f6fbf41c02a8785e67ab69b36898f15965754e5c2efdde7ddf23880dd436c3b24a1cf6dec0f09696b14eaf4dc9dfe23013883da0ab793fe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 db251071fcd975fb1a113dae793d317c
SHA1 51172ca73abb0f9deb62b0621c0b8823241de5ef
SHA256 5692645ab7bff8daa14a85047fc8ede412dcd62cfc1c272dfb1657b0fefff353
SHA512 34200dd1886f170ba8d818c6bff94d58db79f396158d2afe4c9897d11aa3fa724c597ca6fa8af3cdc61011d72ce3f711fa3813a49b6d466a85348a2114c3c43c

C:\Users\Admin\Downloads\004ny7-main.zip

MD5 5b8fc5664c298aa3fbb2a12273986258
SHA1 1da2a45d162770a2aaf3d02df95c00c7fe27386f
SHA256 9100d8c4ce60761929d59eb5e7eb99467834e51a5365d7fe7ee14426c5b64acc
SHA512 bc1698d1b682ff57f0b9a9aa74af8b4ddf69664237e9a351831577e9de0eeea1845ae48255d0f0ce65fbe922e9b53e2ba05a31e0acc99f8ea63760fc069aa27c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ef71aeb795c1fdf809cd409d1fb626bf
SHA1 c8887a03f2384ecf96faf1b08b2a841593bc0c4d
SHA256 d326b12d70efa875ef212300636abb562273a2c0917dcc98406f8e0769130b8f
SHA512 76c3ec5589d4ab151df23bed47560b1cd36c0a6b0a00e11c71d126f7bd811a0d64c8cd89e7556971e4ab277430a7db99771e351b619822591a5c2dbf74f68c45

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 33a118771239638caa91988c66fe1243
SHA1 9f5eee2d2f0c0a7eef8d2109afdcdc6d8771e3f4
SHA256 6b90c3e35e07c909492cc5e28271dd8d8053b5f85453d5dbfc6621f23dbc9fb8
SHA512 b22234916eddcdc2642f4763a27288d4e39b967079b1a74704e10de79715e2de013f233a4c0af975a2236b1a2ab442ff3da107fe328a30e2202b50f9752e2f7c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 6e01e89e5fe6cfb0c324f5a1fba43839
SHA1 1bde2f88c614ba2708246baac822cef133b5b731
SHA256 8b42e6cac8f075a7f55dc402dd56f6d210ad0fbd8b27d4fa78b077488549036a
SHA512 688074cb005ff8be77d3e3494bcd47aa032225b9acb62a7c0a13142c2e20894d90885462c2ac5c978ca293fc1298ca68b54f426c0a20609ec21fc5e52c1b1bff

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 c099c235ce86ee584d21c85760350a17
SHA1 185e080518e034f46332dc0dd7c53950341e1ee5
SHA256 602c817ab7d176a994b1e94fbd323e8f2d9eed510ac94d1f1a2f30c4b4179f06
SHA512 f03dadaf954fc6018aced4499a9b9101532a40d7debafd039677883a1bcc5679d8ecc419eb87769e871815519dbf2e12b5fa46864b7b4c1060b471b992bc7125

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 7ba3246d132675e19fbfc2489df2c6a5
SHA1 1026eb2e2edd2ebb0ab7ab3a0e1eb43c2d95617c
SHA256 b34318226990862164bf76b5d25796006655dd97d2754e2e9acdeb948217622f
SHA512 bc99a59e746dafa617b6e68e03c2ddb1c58a626bcd6e21b390d3375c8858613e8bdab16ce9d8bedd1e41d47323206b98aa8180498cca463af808be536208537a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 22d3f4b49f18ae293d28eec83ac1c401
SHA1 51d1791e2f581d625a222d17e686a6c7d76566d9
SHA256 7ad1408be701e63630babe74391a4589dffee4a1f469024e460de39fc17547b6
SHA512 43ce38c042f6246652459145af354ec862253493edaada02c5d4069dc2a512566e67c0476f3f3f8d109b9db0fcfa81ce0308ef5607533ffa8253d4f4c8b06b20

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

MD5 dfebed356b9e9c20964f39b0d39225e7
SHA1 536942ce00298496575699de701a768d2ed7e96e
SHA256 1f0a44e9c95a31f7c96609cadf3c598f581a390b2901fd548f931e5e1866b1f0
SHA512 1040e0eaed659c5265d9bab1a77adf5578dae3cf3c50c20d4352ccbb000cacab6e8a714d9be6049f9be94091c6ea9347ef2bcd3a4e4f4fbbad9da6253c312e6f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 9eecdab0ed25758a08ceb5bd88c5e1ac
SHA1 f35123d80cfe8b59bafe189dc14e3e135b9b1c16
SHA256 3b4de9a80744c9cccb4a4e435724f11fca5ef995e90fad5f5c9cbf80bcb5cbb3
SHA512 211c8eda53e6dc28ff685b886d2ef5fde222e0c8659f7481479bd8c860df87d6956f94ff8c725dc3322d49310f3f106fd372d168cb0aeb4b9c62fb7dd2880dba

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1f55fa307ca5729a470303b8241b7740
SHA1 d3a0755799288c071e9febfc617e36be4a6eede5
SHA256 8a8bdbe3ed3eed5a08e6a6d13afd254d3cfa76612616e84440f09635203dfe2b
SHA512 94cf8e5bd875414e5f40e3138be45c02de97d6a1d48caa24ab6bc8e812eedfc424bbe4ad037a01cb768fb9f29f1525b727439ab3da1aac2ca48237f0204044b4

C:\Users\Admin\Downloads\The-Big-Malware-Repo-main.zip

MD5 0200fa51ca5c0d039b5dbb5a972a39bb
SHA1 621f1fa52ed823aff4caec959279e53fd966d083
SHA256 766be786fb4a1c6fd600db396ec6dd3d73c4f347465e5edd37bacaeff1b2534a
SHA512 249b59b6baa651e290efea6669ccbb5d2620a1d164829088331ade3d73331442581e3758390ce67ba4c179120b9ddb345692dc01d0a5d1755c3f8dfb50bae4a2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 9dc00bd0051faaaf8e0c86b82570c787
SHA1 d8d49bff899d96e699fb5c2eaff93b454a854ff8
SHA256 a300b60cd0373024defc751adfb8c1cc7b0305559b057181459b0f26680f5e2b
SHA512 4441f31fcee952efbe57659800e167b9b70c8e7e33f754066474b8e7731f87b10755d8624cc0d4be6b9a00e521afd76d0c12e3b9d2fbb20c5f160da634e0febf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 5394f39aba734dede97032258474098a
SHA1 85f75cf344bab086124131f62cf2ae8b8b9ba5b9
SHA256 4ed00cf202ddd1d8ac0d7e029a5d705a64f2145f7e63042d9a13150c6b8370a7
SHA512 a9d44d0e8244e06dabc1973970ad20c78178bd0475592155875f873c730df72a6b8d8dadfe57df044d8e1123cd816340a2fecd76d8f858ac9baf17fec88ba339

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 7779989a8763f1eb5b43b9d959ae0dbb
SHA1 a54e779caeea92c63b136303b4b89ad29bf5ea2e
SHA256 2cf708be010b68466dcfa9b6b59d7216f1f8c0f9517f5463c4c5e6b713e35b98
SHA512 e034e2db323189b683d67f11dbc2476f546a399d986717a8d4fe60a407fd399b1da672a80bfb236ac498f88031a3ba9a842c544e53d4c52cb61302b1081aaa2e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 98907b474bf1f22dae82a8ebc23784a3
SHA1 6c6af4e2fc3ebca0a84401446ef73b3231ba0cbe
SHA256 abfc5ce8c413f12c2483bf3fc6db40eff4d3af9f51e2e7c10f15d7d7e5764b37
SHA512 bd99bf20649c9002ec88ab984da2d51d243d952d7a27a205443ef4bc086a35a08cfcad66cf463cc4ebaeedec1dde5b85764716f6c5f10b4d3ef8a7bc49b5ee5e

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

MD5 b30d3becc8731792523d599d949e63f5
SHA1 19350257e42d7aee17fb3bf139a9d3adb330fad4
SHA256 b1b77e96279ead2b460de3de70e2ea4f5ad1b853598a4e27a5caf3f1a32cc4f3
SHA512 523f54895fb07f62b9a5f72c8b62e83d4d9506bda57b183818615f6eb7286e3b9c5a50409bc5c5164867c3ccdeae88aa395ecca6bc7e36d991552f857510792e

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

MD5 752a1f26b18748311b691c7d8fc20633
SHA1 c1f8e83eebc1cc1e9b88c773338eb09ff82ab862
SHA256 111dac2948e4cecb10b0d2e10d8afaa663d78d643826b592d6414a1fd77cc131
SHA512 a2f5f262faf2c3e9756da94b2c47787ce3a9391b5bd53581578aa9a764449e114836704d6dec4aadc097fed4c818831baa11affa1eb25be2bfad9349bb090fe5

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

MD5 2d91ea9520c58b41d92ecc7de3c61e57
SHA1 b9e7caaabc045e21fed39d488fed47779b7f094f
SHA256 383c06cb4549824689960c10cf3f4d170ccecb8d19c486b090b1b803bdc27b9a
SHA512 aa2316e773e3fa2cad9d50625cc6442b7abfffb11a79ccc49abaf55b0b5a1eb505b5ee85b43ec6e0c54615a7971d874dac55829f36b00ab06eb9252fa58b5c6a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

MD5 94246655a061947d4939944cabf392b3
SHA1 fd5dbb13bb1705e0ba74f0b18970d4bf549856fc
SHA256 5dc70ea464e9b8bc2c8525f9882c06d740e683ad1c1276811327564d742f36ab
SHA512 417f4ce76a18ec5eb916cc2d511915b87c435f5fd08a509ee2b11608b73b77d1b7da9fd7fc551503790e41592e790ba915e46205ce083e8ccc97cb5263ccb813

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

MD5 58d4ec17141f90f940c0c8cf1babf0c4
SHA1 188d4da38593a7fbffa950c4d7017a40bca8e8f1
SHA256 07a29e19ab31e312a9bbe223588b66408531bdca831a97fcf79fd30206010d4d
SHA512 fffa1a79c33b2212974a50474a1798a20e0667befa77391f97124347bbefd4bb7785e747aa02482240cacff1a5305c4d92702c7467554a0f0e7660105e8b9a24

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

MD5 c2e3c144f359749c9e9808eca64257d2
SHA1 eca75b3ce4fbc041f8256689a81c7dc2bc5cc2e3
SHA256 e42091356819da9dfa73cbbf17d2e9e88da6eda201c38627165d29baa04de1a5
SHA512 cd717f7115dab4fd4ac7ec6a85915e6ba803ed9fb10313d8315637e95b46ff3859e4bda3247fb11137f53c94ef4dd74a49f5b7ad51acd1a6a201161d2133f3f6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

MD5 683a8a718fb740f383a74f83d40e8946
SHA1 ad3521b6dd0fd3e61081f588d1c78230f7213b6b
SHA256 846e0f81afc6d1311221baf17eb998482cd8ea9e67f6eafb638f983fc645edef
SHA512 2333639eb25499e4a91b883807177a6554f92803ec6f3f3465cfd0deca5a9dab1e32324ad34d88cf9e37fb6f5369dbc6a1b6cc38cb20402cdcf7beacecfe6485

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

MD5 5affb369fa82443bbc68065579423965
SHA1 7d8913421a51494086ac6d71821a35fb5d30ce65
SHA256 5e531ea6393819d5a4468cc25c5aaa9295169ca56e3dd704071e0d7fd4ad2c24
SHA512 e8d090b415aa265a66160b6bd4c6bdae10a34da44e1397aa28d1af562f461d2dbf8a01e97bbea22ec9af190ea43f9b04e3dce35d7a69e1c8529ce5db5152bd89

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

MD5 49943bc015e9713f646c021a2f9a7f48
SHA1 7bcd637eb823b04c425775fa8c914e8b8f2ac2a5
SHA256 f6e0b13ad81727a0d9317a3049fd06ecf2c473060e9d6e4f8eb564a1d82ad289
SHA512 2203c2dbe9482b0b351a3f70ea0ba9f63dcc87a66d4a4db63a060dd7dd04cb73a73bced407d57c2bcf26cf7ed78b18c7555c87b22db9bd744cb6491cd040305d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

MD5 be63353ea188ce3991dcb8ff4832231c
SHA1 29347617a1297d98b7c9817124213d88f89c43cb
SHA256 9fa2992750d333ad93ee443858685aa12ef366454bb7b8ca3c840609a3f1473c
SHA512 3ab339faf7062affb6b94977bdc28b9272b1abc33088891c2d6be3498af8d1f64165e4762fa8cdd9be84b1a29ce4a24b3b2786568774d06ebcc9c522e1e7b733

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

MD5 b40661cbdddbbba81b0f60d05a2e27c9
SHA1 5235f2625ede7ec3fed83508d35bbcb7a8d7bd29
SHA256 d776afd7c04ef35360ed0508c6b260bfb20aa345ca692ea30a7fb210dde54d5e
SHA512 ef4830607031b85bd829a70f19a451c912585bb433bc7e81f5032c031ef4232f95578b4248a260bc835cfe77928da90cab389ae8705e935a565f38b6ecbfda36

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

MD5 28f14992149ac0b87a2d0ae6ff775de9
SHA1 125391d933ee28e3bf96e52b3a2b4d4cd9472787
SHA256 939a20974c0a691a151ad785d7ea38f2da7b16711ee757aa1589af5704c54f8c
SHA512 efbd5091bcc8c02d9375a75521005da96bce9ea5396ae53ea21908063f9ab1207c1e8a37590255233f84b3bd79f829644808d2f80885ad05e05aeb228687f21d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0da4c76a2fd3a7f0_0

MD5 24d221e29ec84bba9822d2d9f248806b
SHA1 53e9870996f02c72ee82c5d13a8d428f31efcb05
SHA256 ad6853102187f856535a494bf00ab088dfdd6218569cead5042f57540be1b7db
SHA512 b740e2fc569cbdfb71d3f632f961263470cb14722dda2e270fda76f2002be571b6e85ee36ca116808fcc93dd1d5ed274635d493c61e9bc79a9b07a69748f6f6d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e2bde93672469011_0

MD5 b2cfb84cac4a05cba70d2bb26747844c
SHA1 1777c0a0c238f6e00f4b4ebb04c07172d0880940
SHA256 d93451e563c119eeb21959a0990e0ddf87bb455e89a158c928f447d1b7664ae4
SHA512 b20d59feb5ce86017a0e46fc14a543ae214f2d19d2d707fc2f13eea5c555e68634f1befb95f6367bb4bff949bfd082e54d9f59eb8a7333caa1cd267811effcf7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\480d7854ff270ef9_0

MD5 381fde7e58d49a36614502704fc6fd05
SHA1 fe180883d3462f7176fc766d73d204844d8bf552
SHA256 850a43e0cf0901282b4a45073d6b0bf79ed98bf9af2e4ecfed92dc662eca05aa
SHA512 45d66526456cfef738d8640cf4b14882894bc47eb9f1abf13c42aac1d5db7a38884272e7f54785498f07ac8c3699d3219d18ed6aba980cd96286713258baabee

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a899ec14a68a10fc_0

MD5 d742affede387ceb7ec427efceec2905
SHA1 d5a9d38ae7eb8eb306addec9a0528a71dce1047a
SHA256 6edcf6af216e1e22022991df2ad2b9febe4fdf53c755d220d65c224f7834b75e
SHA512 e74620114c2b8b33ee58468475a9766d3516daba89504c162704e42ea3643d0481cd4997f42a9d8b2e6ff26f88c010546ba8fbf193416234081c7c7e9f5cd2c1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a872b22fa81715bb_0

MD5 104497f03e08064ed9cc223272194065
SHA1 29eed758b3991e7f8ec51b7b7fd55370afe4c98f
SHA256 1ccb2c0ce65136eb10ae9867720e9831211438ebf185218985fd3e2ec04add15
SHA512 ee7f5bd034bfbfc26111a545a05324a88feb9c7a034246bed3882271f96d48da66c38601693fc23c7f07f8d17bee60b981b705846dfde8e6abc8a929e2564209

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5e426f9e1ba0811d_0

MD5 fc79a429149297e2256a5d71fff2ca22
SHA1 00352b4aa6dc935755196a360ccdb58ef10904eb
SHA256 8f590a19760bc352ef5a1e6a165afe3a13964d865e73304fed13da832f267d80
SHA512 62f4102f93a2dc83e34109d602883cc438d7ddb3a631d75ed19722bc78ab55b287e67fef0b9adf7495d47b34619761a4813d3e69f07826b930b828e363a4d916

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\db08a2451da5cabe_0

MD5 fa3de960381d938ba1997806a3e03985
SHA1 39e7c09fbdbb04e3bb80110397ad8af24ca88135
SHA256 53246e6d6cc9b7b8176255f278b22321f21f6b2c6a47c60e05cb0dd9f3226817
SHA512 5a8d0c9256f2c8c99012dc8edd6ccbd3e503e14745d24ee930bdab56f0a8efd0dc019a3368000bc230dd8ce95d9f0ed67c5386777d329336f1aeb0784cabfe0f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\439eb6759928b2cf_0

MD5 867bea6b0dd130362de05a4a80d394e4
SHA1 e04458a8b4c06eab2cc258f1f109125ef496ae7d
SHA256 576da0ac57022ec47c36fbfd35a6b371330955b49cc6b6b3c0f6a4b9ce50e241
SHA512 995bc7d102e90a89c7dae4efb7bd5c7babbdd984bb2ebf50e95204bd5b91a620573980acd0910eab1163ff5ddc4923089492c4f8234d64a8a4c288488b8f05be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ffdcf617e2e2d636_0

MD5 57f5cf00618765a08071fc2679809059
SHA1 068bebf853751367357153d6349938cc6637727c
SHA256 05fe63d176b0d12774645e00936e9d399f21d7393867775b430472dec9117385
SHA512 0b4bf793972b45bfccb5353e4bb545fd07a0794e7899f1c55a0c7a183a2c71e8903ac33cccd2b838cc1f6d0d877652437c9c8f8b3406a66f07cb53be92b94b45

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3d2f594c4ebdff5b_0

MD5 204ab53915363bcd67e9f54dbba047a0
SHA1 a62f106bdf006f70bcca336996aaa0894349bf1c
SHA256 2a6afad4bd0c6b8773878221ec44a623d312f0d0cde415824ae2c46f8c19d9a2
SHA512 5ef1e52ede698278f995e3d503ae56ddc91645dccd02c452d4f8b1cf0b6a7260746fd1fe5e48b5b99b2e99c5cfb01c1efbd13fa3f29ca8b92080cd52477b7451

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

MD5 c32520f88e9a2706bf30bade0cd137ec
SHA1 b3cc901b533fb0bd77da03502c748114d87b8b91
SHA256 0861dd49a443ed0611f8ca39d833742cb04703af35280eba4ad6be5e7a6ff17b
SHA512 cd63a24ab81e60ccf9040437485769787a6dcffd4887895e89a0687880003e1cd5cbde2a332985821b1aac24740880f29bf4a699680929cbd720b698c1d9e804

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

MD5 b3651e618098746c8784d8f2feb975da
SHA1 f84dc5e2231456a8eb6741f0a7d3d737d64abc14
SHA256 78faf57d9f3ab2ef0a7acf46fac725982c6fc12602464119adcc8a13d8374c13
SHA512 ae540878b51a58b19c50ec17f1a80cb9ad242e9fda9ce8cba67c7f5f982ffd9a3befba651c45bd2efa99a78811c3ed850ec3ef27846457099ab043a48454f682

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 66da9c15bfe45e2b567f6bccd45b50fd
SHA1 f7bea7a95c320635854a757334259a601c3aaad9
SHA256 3092a73d01bdc1373943be87a344bebc6564578a2b0aad72842be5d3e43495bc
SHA512 ddc0efe8f7a4ea61413be7df8e85b43abc80d18b1e2b07edbab9c655246a3b40a6cd40053e15362b8bbd5b8e76a6555ecaff4de281226cb74c13bf5fbd36aead

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d04279f78d3dcb2c1e4a1892b7735900
SHA1 98064f70d23ffc6eee180863635e3e48f0b7f5b5
SHA256 8d5248f943c73bdc54643a6aa2379c42eb332158395644b897cf5a5e0f95496c
SHA512 8676588e4f0e1b007d3383226eb2acae29d479e4dbef951f3ecf40ed88ddfec76577be58a787161d724338187dce44007c118cbaf711460df1a20c824ac299b6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 85756898d7c0a32e2f4295319cfdbbe0
SHA1 3cf4cef816909f05bd5fc9e895d422282b4ccad8
SHA256 a4640b4d2dc23abfde3b4b2b3380617f93fad40b1a0a853e525384c225f25299
SHA512 852b2e6e7022f379e4193c2e3452ee3d2ba255a8daab6112c73cb5207b51504c43da80fd6aacaadae94a16e3f39b9ca89769819c9d8351b30ab0b003bedbf552

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 1c4958f94d9fe5e22c8fa330e63e0843
SHA1 47de964be8b80876f0fec8a72dd29dba372c495c
SHA256 283c07cb072be5ebcc24308ac66d9b63dc928bb0fafc6d5060de3e19b9093f49
SHA512 25b8993569fc013700281a2aa1b576681c1fd88a09ff9624a72cb55e3e0aed9dc425a3e98e36cb8330bb98e52745a2916d829c101b679d919a659991565ac2e2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 23cf0cdd8a8ac4b20a8cc5d8c86c1b78
SHA1 11d8b8e21e123cb401fee383fa3df3702ce1eaa4
SHA256 d42a3988557d9bdcb8787675caa9ab4cac2f9cca096a26372e5666c286b7d27f
SHA512 66beea806bc3d62917c2347e462d3739bbb9028b730b752b051be2216b4b6842de88e1a41cefe23eb7bb7259b72caabb0f62b1f2298eb3ab6087258b48dee00b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 fd804ab22511168710bd346b7f425b09
SHA1 9fbca0ad568f6a9a719ca2173b5002390cdd00eb
SHA256 d14d1df634f042ab567c0189bf0ceca9e8554dae24ad2892bd00e216e91a6b31
SHA512 c08fcea9a5d7b0d843ac3b78808b5c9527af346c09c5141244d8842165d323d44672c26938c8615766bc4a96bf08cb79b91aa6d6627a33b2caa84216bd4e5b80

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ed381b0ed4d7966b2caa9d0ff93b1649
SHA1 d1846a9190f58d23294368273351c5a4ff7e5dc6
SHA256 0aee5e48ad11fcf886b496b329ce8ea6503ca820873034de4e6ce54fdb568647
SHA512 8d8a3e2a204a0806e86660143c02483a5295a102be1c6139b099f6e2a49ff9ab7c9422eb28da962b41d3ad39b8b5ab406955fa24c2e39aa5f0e6909988338163

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 379e898e78368b5de0b632509f1029bf
SHA1 b6c5d8e42d9bae6b5b8a91a29f1ac8607ef343fc
SHA256 ab49a7c7bce72b59c660e73792c591abc41854c2591d7fe101fec0b4aa2b5b7a
SHA512 9fbbbd6916ea4ea359062472369a294242fefe901657342262e6febcf3999eb66ba5afd89790ca16bdbb844eb997ce698d63a65cec308684e3716879cb338655

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 4e47ae7f3f071d4e67afae242f782025
SHA1 8cdf4a02e53751852e672d5d3d3bee65ae154b73
SHA256 38a3481ec2480c7f1b54ec6249368b1e96b1a50c9a0126609a06bf3e928dc59b
SHA512 2e93cce9f524256d88b69a8a0ad4fe26bc122d2d355f9ba9a95e40a3544baf4c443f77e3f0e41c23ddaa814ea5466feb97c5359e072054346fb8fd2a0a45e1d2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata

MD5 abae37ea5e7cd729eda16868ff16bca4
SHA1 a62dcb7e4428005c618fbeed267c73fbc4a56275
SHA256 8616ef4945916124064986ed0222a9cecfbe90c97432417020e3e8044f0a572b
SHA512 72e9d04f2d6e1531fbe3cf797fa617524e5b3df8a13dc66263e3c841b97471affc03cb8840719f5359228867d6bb7bedb69e582d03c993678d248b308ff8df72

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

MD5 ba219565a1197a4513e05b0784d59627
SHA1 4cb28f367ffe0c209a48ea3391086dc50a737eec
SHA256 47285b52127f223dc40e947f362bf5dd16c2fe6855f60f32afe19728576a4c34
SHA512 1523fba75f2f270847aa0e11fb7568e73095b4bc207384cc4b5f816a59d01568c064e070ca0230e4102ea8dde918ae8882df0beade570df73882ee520500ba74

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\b5a44651-3a59-48ea-ac03-c92260a2f7c2.dmp

MD5 c0029f462f50940c6051b3a96ba1608b
SHA1 4ecd62c9231cf9dc3380d1478c4c6642998c1d36
SHA256 1755569cc46e77bfe898370c8e0240b9d7ff0e36db66c6265de8c90c22921ba2
SHA512 56d09c06ceecead102b6221cad7620fc146688690173463a4c60a3bf3a22b02cce8dd6884bb84d04235f271e2d05f78c73306af927a00ab82d23355a4c7ef4c1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 d05dfaa872e47115e58b43e8ecdc976c
SHA1 27628f9f169b3e5d12c3e2b2bd70e129b91168d9
SHA256 00d818c82c66df2eb6f02d51481eea2c03c705a4202a8c1be8f58090ea42ec70
SHA512 87ac7eb30d8a33589e2064d4e54224784526bef9ffacbb6be8b1d07e51c6ee2384f9664eb686ca05148fd03f5762394a975a8992554245ae4b0d643f199a61ae

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 52077adfd9c56604b6206ac8d824ef2c
SHA1 d33c82e362e4da93c7eb9cf0a807dc2a1ce7c141
SHA256 83b62172f89c80a3687b7debc9708ae400cf404e0ce272a852976565accfb035
SHA512 9c8db48e597b5cbcd037c62e4605dd493dac038e4ffdcf6c8bce622106a47ebcdec594fadce3e236835fc2bba7c24dcdf80230eb9e088a41120f6eb94cf77af3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\21ff2130-cc60-492d-8bab-e6feb323d47c.dmp

MD5 9c4855c41b90fcf2be5e91583e201b9c
SHA1 cfe59710744a52e46eb9b0f4adc3d8190014851e
SHA256 73bb90c5dd167d34931ae2ab4a32d8ffd3a91b6a16aff58b62ab4ad15a4d7526
SHA512 ebb5d9998e38b4d80929f5ca19fafbe6d007e287be9550248f1c9ee148cdbf7a0121670c355e67ef6dc53d2505cd053fae4a2b9e4746c8052eb7dbf3a8374188

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 5c30de0434568ab2c18541e476f5e317
SHA1 ff546d18bca2848e26e46c000b783074d5d23e2b
SHA256 d3a11561198660df7f60b015411092fdf66de9b5561b0df91b73360bea47757f
SHA512 f16030610c0abb5ee1f1fca455cd075820f4362e5bb3e033cc4b161b4031a9217dabdaf4fe1c1c835d56d1dd0543c51476c447aa381fad90c233516974b89a2f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\98f9d6b6-a5d6-4025-92a2-4a55f2f1fabf.dmp

MD5 28fb4d5935a7b5b2fe61e4ffe2bbd780
SHA1 58da7c9755a84559bab0f13207224e67e81a06d3
SHA256 3a7c3bdcaf449aec54a0f4bb5a6e7f6a07ddd152f2cc92958342f54ab6e2db1c
SHA512 3650974b078b3f59f35c5fc06b91d94e367f2300b3e8cc510d4e74b998c71f95e645150b46c5354a443285d3d99996692c872f8bfe7bed0ef7944feba5ea0515

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\5e1e6017-8229-45dc-bbf0-c7cf66886290.dmp

MD5 f74ecff157ff96c671e864527268ab72
SHA1 3e0b9604141acea6ed11cbcfe86e721370a66e2d
SHA256 62b234fe940849a02c6f39643063d64561c13e480c6f9532f864eb747d3d80fc
SHA512 c83f79aaed44174b79885372b7b6cd9826f24d1055f0c65ed562ebe3bacd88dd5de0c22c978cc2bec8ebd7560e8cd209b9600c372f4dbd351030742a2b2289f1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 2611e246fa0b7b0385d574412c15228f
SHA1 7b884813d83c7b802f5b62dbe80b6d73b811a9bf
SHA256 e32df385281e6e1fe8ed5752ffebe2fc0acaab851120d4d9c520f19d3d660ae0
SHA512 643c60e673679c49774d7cced2e89daa6022173aa176072d0b5e45a83f78e34dd6e0c97850c3736fa7760e874d22e0a6cbd866953714f435294d5ac70f8053ac

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata

MD5 68aecdfdadf84df8899205b6375c2cdb
SHA1 6b1d971b10aad05218a2f4c1a977f3c333ad1f6e
SHA256 0a6ef1a663988e9a4f182dcfdf8e26fd29befa0c4a2d08255e04d573a96b1680
SHA512 5e37430d956e53820e21ce3ad57c269209689583a33e1bf9a0bdeec71c6906d04191c1bda0c3730108ec925994775f6f2a4b6686f052b5c761babe8803eb9c27

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\8e8aba48-27fd-430f-928c-657c97a79837.dmp

MD5 49dd5784f93e3f6581db262d45fb016a
SHA1 19421827915ffe359ef6fad6b8c566e6e05909ea
SHA256 2f7481cf4a68882a740bdfeb0f08c89875fa4691c113d76d7288a2c20ce3ef84
SHA512 281f3578c1852e359409fe9aec6c2a558333658121fa8a8c82c22dfb9cf02cde24e966f7cd1d1ca2b86e6af998289e2382e31bb131de114ab2e0375b7f0803dc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata

MD5 d8b59ca3fce98fd2ef8832340bf92d80
SHA1 9224dfd6abfff7f00f9551890d46a45c63367f94
SHA256 000afd06ec54877fd27da2654ebc4630437d1878ead6c7f4d8cfc67ae1972421
SHA512 db4f55728d5fe01e59bf8acb3af1e225d8522eb213e8b09dd250794c14892ad94a9174b434901cd7e8103ef96e2f99c40d2d7ca95c3f6f97a56d451fe29bb0fd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\9473b659-63e0-460b-abfc-bd3094095762.dmp

MD5 cf19902be57340304f6ff76f3152f6ab
SHA1 f716a6182cba72b3088a858560cfe14290845307
SHA256 b9f12850993cd597a0ceeedf2d3f4569b28b6069f112a720356ac349c7db5d57
SHA512 bcc24dde013c5d37c36711f00349ca875b7b3c774470b6eeccb3480827facf943f56fe8e5ba5501ceebe896372e235d4d4547792259031d78b8bc2126ee11442

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 4a5ef4aa6ae5ebf20c31a0d7d0400140
SHA1 8f8cc701b84e27e66522e69a1d2009be6999d0d5
SHA256 567335c1d6234ccc41287d6251443ad71b2f4e2f2fcb4e589b37485441b77395
SHA512 0d90c5965feac14c7d71848434653cda54c4d946c943756daefd9327021d822c5c2bbc30102afb793a46cbfd5e0d42c5480ea3052db14feacdb511d4a1daf19d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata

MD5 12e19183d7212664c94848bdea374196
SHA1 a10930d60beb5eb9914b3116c3e2d0e5e9980a60
SHA256 51f0046851357612d1001920cf3568cbd09c0ef0106fbcfd590f21c82fba6f9a
SHA512 321f25eebfe73f7bbfb734eca3ba84d8d0f59e6e50e408ae6ce0a7b255b5605f23e68657d51f3d2b253bf7cc60173e45a362bc576347f2b96f30113abf287435

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\e7ade543-7cb6-457f-b9b5-0e607b9f3eea.dmp

MD5 8e2284e6b36bfabaa9497ed707736baa
SHA1 192b43a20043bbd7c1da12f052b6ea8fe9ca0a25
SHA256 1e7f7d4cc9e6c0668d77659db6203d16b8889657d7350be81cc5da20cfa12346
SHA512 775a8a14ec769ddac7fdee09f375b3eb272bd46e3c7052c2f965888f002d3b5df647e08371834bb63f8eeea4b5f040686e388061fcf7428b08050f0a02790b9a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata

MD5 8b3a06360a80454a7111383c9e132d38
SHA1 12d1e0b3276ffc8b1a60a3edf08d29755fb341e6
SHA256 b29d5f05506319a07ecd6b203718a1f8a95d48b378bb916d3657b6e89059675a
SHA512 fafe6a91c0d8679746088f8c8e35d244013c5edea2e87fd1ed4e7ce96e43c1f5c84b6f8bc04a88b0bffa19d5199616c9893124740f938f00a2e48e08909ec227

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\36d286ea-762d-429b-8d54-0cccede0b815.dmp

MD5 efcf2d59fa351c4dfc15071ab6e722ef
SHA1 6bbc82d48b74ff92156f786f970c5cbf170b8718
SHA256 bf2cb57098249756efe8dc7778957f9b9b4b19985c22f6809793ce5d4c2e1f29
SHA512 1cc1f6d8bb47457ac391affebd87d9914ef16ff743c099e2d78004d1606278324062d0de2a04ed4fb40ae7f79e4997587c2221b0058be11586a7f10c87714f6f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 11902245b6c9151340c8e37e314afcb6
SHA1 4a1bb2fcc8c6a8e5884d24f3f656ffebe7f3d246
SHA256 87281336012201a2bfb8f39f9808c3101be8e60e517de8a510af50bccfd34820
SHA512 11411e76ab4a7bec0ba683f773644646c0836ff53efc66b76e6e963841a3b8402d7bb90c5291d9d63c83424e03827ff6bdf18ea44880ca48fcf0cbb20dfb65e7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\54b43591-4fb4-4fc5-bdc7-b469c3fa5469.dmp

MD5 d1415caeb157ce7f342ee2068ad3e476
SHA1 29220320be44c61050362c94352ad31ecadc533b
SHA256 7ea57fbc4bb78bf3cb6b44b77d5e8767bb61607cc38ed88900b01d29770803ad
SHA512 d469892d7f27a430fe720d541f4cc8e95a22f0d3188d65191971be94d03cf0b0375e43a7be579c08bec4e14ecd00a952366b3145b55b85e4a2a508ed59ba6fc8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e