Malware Analysis Report

2025-05-05 22:24

Sample ID 231009-3jce8abb24
Target WIN_20230904_22_44_24_Pro.jpg
SHA256 a5a99b75b4cfbf2ee2fa04e09d3b4714e4710d5edde4d4807b9a15449ee3199b
Tags
agilenet evasion persistence trojan upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

a5a99b75b4cfbf2ee2fa04e09d3b4714e4710d5edde4d4807b9a15449ee3199b

Threat Level: Known bad

The file WIN_20230904_22_44_24_Pro.jpg was found to be: Known bad.

Malicious Activity Summary

agilenet evasion persistence trojan upx

UAC bypass

Modifies WinLogon for persistence

Patched UPX-packed file

Downloads MZ/PE file

Disables RegEdit via registry modification

Disables Task Manager via registry modification

Checks computer location settings

Modifies system executable filetype association

Executes dropped EXE

UPX packed file

Loads dropped DLL

Obfuscated with Agile.Net obfuscator

Enumerates connected drives

Legitimate hosting services abused for malware hosting/C2

Drops file in Program Files directory

Enumerates physical storage devices

Modifies registry class

Suspicious use of WriteProcessMemory

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Enumerates system info in registry

Modifies Internet Explorer settings

Modifies data under HKEY_USERS

Suspicious behavior: AddClipboardFormatListener

Checks processor information in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Modifies Control Panel

Suspicious use of AdjustPrivilegeToken

NTFS ADS

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: GetForegroundWindowSpam

System policy modification

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-10-09 23:32

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-10-09 23:32

Reported

2023-10-09 23:41

Platform

win10v2004-20230915-en

Max time kernel

552s

Max time network

557s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\WIN_20230904_22_44_24_Pro.jpg

Signatures

Modifies WinLogon for persistence

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "explorer.exe, wscript.exe \"C:\\Program Files\\mrsmajor\\Launcher.vbs\"" C:\Windows\System32\wscript.exe N/A

UAC bypass

evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Windows\system32\wscript.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Windows\system32\wscript.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Windows\System32\wscript.exe N/A

Disables RegEdit via registry modification

evasion
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system\disableregistrytools = "1" C:\Windows\System32\wscript.exe N/A

Disables Task Manager via registry modification

evasion

Downloads MZ/PE file

Patched UPX-packed file

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\MrsMajor3.0.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Control Panel\International\Geo\Nation C:\Windows\system32\wscript.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\BossDaMajor.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Control Panel\International\Geo\Nation C:\Windows\system32\wscript.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Control Panel\International\Geo\Nation C:\Windows\System32\wscript.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\MrsMajor3.0.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Control Panel\International\Geo\Nation C:\Windows\system32\wscript.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\F589.tmp\eulascr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3E4A.tmp\eulascr.exe N/A

Modifies system executable filetype association

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\DefaultIcon C:\Windows\System32\wscript.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\DefaultIcon\ = "C:\\Program Files\\mrsmajor\\Icon_resource\\SkullIco.ico" C:\Windows\System32\wscript.exe N/A

Obfuscated with Agile.Net obfuscator

agilenet
Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\E: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\unregmp2.exe N/A

Legitimate hosting services abused for malware hosting/C2

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\mrsmajor\def_resource\@Tile@@.jpg C:\Windows\system32\wscript.exe N/A
File created C:\Program Files\mrsmajor\def_resource\creepysound.mp3 C:\Windows\system32\wscript.exe N/A
File created C:\Program Files\mrsmajor\def_resource\Skullcur.cur C:\Windows\system32\wscript.exe N/A
File created C:\Program Files\mrsmajor\mrsmajorlauncher.vbs C:\Windows\system32\wscript.exe N/A
File created C:\Program Files\mrsmajor\Doll_patch.xml C:\Windows\System32\wscript.exe N/A
File created C:\Program Files\mrsmajor\CPUUsage.vbs C:\Windows\system32\wscript.exe N/A
File created C:\Program Files\mrsmajor\default.txt C:\Windows\system32\wscript.exe N/A
File created C:\Program Files\mrsmajor\Launcher.vbs C:\Windows\system32\wscript.exe N/A
File created C:\Program Files\mrsmajor\MrsMjrGuiLauncher.bat C:\Windows\system32\wscript.exe N/A
File created C:\Program Files\mrsmajor\reStart.vbs C:\Windows\system32\wscript.exe N/A
File created C:\Program Files\mrsmajor\WinLogon.bat C:\Windows\system32\wscript.exe N/A
File opened for modification C:\Program Files\mrsmajor\CPUUsage.vbs C:\Windows\system32\wscript.exe N/A
File created C:\Program Files\mrsmajor\def_resource\f11.mp4 C:\Windows\system32\wscript.exe N/A
File created C:\Program Files\mrsmajor\DreS_X.bat C:\Windows\system32\wscript.exe N/A
File created C:\Program Files\mrsmajor\Icon_resource\SkullIco.ico C:\Windows\system32\wscript.exe N/A
File created C:\Program Files\mrsmajor\MrsMjrGui.exe C:\Windows\system32\wscript.exe N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies Control Panel

evasion
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Control Panel\Cursors C:\Windows\System32\wscript.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Control Panel\Cursors\Arrow = "C:\\Program Files\\mrsmajor\\def_resource\\skullcur.cur" C:\Windows\System32\wscript.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Control Panel\Cursors\AppStarting = "C:\\Program Files\\mrsmajor\\def_resource\\skullcur.cur" C:\Windows\System32\wscript.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\Control Panel\Cursors\Hand = "C:\\Program Files\\mrsmajor\\def_resource\\skullcur.cur" C:\Windows\System32\wscript.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "229" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" C:\Windows\system32\LogonUI.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00 C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History C:\Windows\system32\LogonUI.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\inifile\DefaultIcon\ = "C:\\Program Files\\mrsmajor\\Icon_resource\\SkullIco.ico" C:\Windows\System32\wscript.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\.sh C:\Windows\system32\OpenWith.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\媼軍㌀耀$\ = "sh_auto_file" C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\sh_auto_file\shell\Read C:\Windows\system32\OpenWith.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\sh_auto_file\shell\Read\command\ = "\"C:\\Program Files (x86)\\Adobe\\Acrobat Reader DC\\Reader\\AcroRd32.exe\" \"%1\"" C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\DefaultIcon C:\Windows\System32\wscript.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\mp3file\DefaultIcon C:\Windows\System32\wscript.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\inifile\DefaultIcon C:\Windows\System32\wscript.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3027552071-446050021-1254071215-1000\{7FA485F1-D563-431B-9E53-392B669D46FD} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\sh_auto_file C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\sh_auto_file\shell\Read\command C:\Windows\system32\OpenWith.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\DefaultIcon\ = "C:\\Program Files\\mrsmajor\\Icon_resource\\SkullIco.ico" C:\Windows\System32\wscript.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\mp4file\DefaultIcon\ = "C:\\Program Files\\mrsmajor\\Icon_resource\\SkullIco.ico" C:\Windows\System32\wscript.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\.sh\ = "sh_auto_file" C:\Windows\system32\OpenWith.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\DefaultIcon\ = "C:\\Program Files\\mrsmajor\\Icon_resource\\SkullIco.ico" C:\Windows\System32\wscript.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\mp4file\DefaultIcon C:\Windows\System32\wscript.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\Local Settings C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\媼軍㌀耀$ C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\sh_auto_file\shell C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\exefile\DefaultIcon C:\Windows\System32\wscript.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\mp3file\DefaultIcon\ = "C:\\Program Files\\mrsmajor\\Icon_resource\\SkullIco.ico" C:\Windows\System32\wscript.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\mp4file C:\Windows\System32\wscript.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 441750.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 291726.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\F589.tmp\eulascr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\F589.tmp\eulascr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3E4A.tmp\eulascr.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\3E4A.tmp\eulascr.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\F589.tmp\eulascr.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\3E4A.tmp\eulascr.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\system32\unregmp2.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\system32\unregmp2.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\shutdown.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\shutdown.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Users\Admin\Downloads\MrsMajor3.0.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Windows\system32\LogonUI.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4172 wrote to memory of 4848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4172 wrote to memory of 4848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4172 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4172 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4172 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4172 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4172 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4172 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4172 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4172 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4172 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4172 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4172 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4172 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4172 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4172 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4172 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4172 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4172 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4172 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4172 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4172 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4172 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4172 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4172 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4172 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4172 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4172 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4172 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4172 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4172 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4172 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4172 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4172 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4172 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4172 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4172 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4172 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4172 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4172 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4172 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4172 wrote to memory of 4416 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4172 wrote to memory of 3192 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4172 wrote to memory of 3192 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4172 wrote to memory of 4372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4172 wrote to memory of 4372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4172 wrote to memory of 4372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4172 wrote to memory of 4372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4172 wrote to memory of 4372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4172 wrote to memory of 4372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4172 wrote to memory of 4372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4172 wrote to memory of 4372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4172 wrote to memory of 4372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4172 wrote to memory of 4372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4172 wrote to memory of 4372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4172 wrote to memory of 4372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4172 wrote to memory of 4372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4172 wrote to memory of 4372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4172 wrote to memory of 4372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4172 wrote to memory of 4372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4172 wrote to memory of 4372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4172 wrote to memory of 4372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4172 wrote to memory of 4372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4172 wrote to memory of 4372 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

System policy modification

evasion
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Windows\System32\wscript.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System C:\Windows\system32\wscript.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Windows\system32\wscript.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System C:\Windows\system32\wscript.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Windows\system32\wscript.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system C:\Windows\System32\wscript.exe N/A

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\WIN_20230904_22_44_24_Pro.jpg

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9aad746f8,0x7ff9aad74708,0x7ff9aad74718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2860 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4656 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3452 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3452 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5436 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5420 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1784 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5880 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4700 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5924 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6020 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7088 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6880 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6484 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4472 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6208 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1748 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6496 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6520 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7112 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2156 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6336 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7196 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3468 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7484 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7456 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7364 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7700 /prefetch:8

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\Downloads\bin.sh"

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=D8273EA2FF31E546BCA2498357A684F4 --mojo-platform-channel-handle=1760 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=E54F799B86861C387FBD036CA8CC3F1A --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=E54F799B86861C387FBD036CA8CC3F1A --renderer-client-id=2 --mojo-platform-channel-handle=1776 --allow-no-sandbox-job /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5960 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7988 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7976 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x2fc 0x2ec

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3468 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1884 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2196 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7884 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6564 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7444 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5828 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7728 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6524 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7716 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8184 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2832 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3452 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5480 /prefetch:8

C:\Users\Admin\Downloads\MrsMajor3.0.exe

"C:\Users\Admin\Downloads\MrsMajor3.0.exe"

C:\Windows\system32\wscript.exe

"C:\Windows\system32\wscript.exe" C:\Users\Admin\AppData\Local\Temp\F589.tmp\F59A.tmp\F59B.vbs //Nologo

C:\Users\Admin\AppData\Local\Temp\F589.tmp\eulascr.exe

"C:\Users\Admin\AppData\Local\Temp\F589.tmp\eulascr.exe"

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\Downloads\MrsMajor3.0.exe

"C:\Users\Admin\Downloads\MrsMajor3.0.exe"

C:\Windows\system32\wscript.exe

"C:\Windows\system32\wscript.exe" C:\Users\Admin\AppData\Local\Temp\3E4A.tmp\3E5B.tmp\3E5C.vbs //Nologo

C:\Users\Admin\AppData\Local\Temp\3E4A.tmp\eulascr.exe

"C:\Users\Admin\AppData\Local\Temp\3E4A.tmp\eulascr.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6584 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7276 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3468 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2144,10593990990039511334,12494426058257656379,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7260 /prefetch:8

C:\Users\Admin\Downloads\BossDaMajor.exe

"C:\Users\Admin\Downloads\BossDaMajor.exe"

C:\Windows\system32\wscript.exe

"C:\Windows\sysnative\wscript.exe" C:\Users\Admin\AppData\Local\Temp\E0F3.tmp\E0F4.vbs

C:\Windows\System32\notepad.exe

"C:\Windows\System32\notepad.exe"

C:\Program Files\VideoLAN\VLC\vlc.exe

"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Downloads\SplitPing.aif"

C:\Windows\System32\wscript.exe

"C:\Windows\System32\wscript.exe" "C:\Program files\mrsmajor\mrsmajorlauncher.vbs" RunAsAdministrator

C:\Program Files (x86)\Windows Media Player\wmplayer.exe

"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" "C:\Program Files\mrsmajor\def_resource\f11.mp4"

C:\Program Files (x86)\Windows Media Player\setup_wm.exe

"C:\Program Files (x86)\Windows Media Player\setup_wm.exe" /RunOnce:"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" "C:\Program Files\mrsmajor\def_resource\f11.mp4"

C:\Windows\SysWOW64\unregmp2.exe

"C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon

C:\Windows\system32\unregmp2.exe

"C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT

C:\Windows\System32\shutdown.exe

"C:\Windows\System32\shutdown.exe" -r -t 03

C:\Windows\system32\LogonUI.exe

"LogonUI.exe" /flags:0x4 /state0:0xa3930055 /state1:0x41c64e6d

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 75.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 59.128.231.4.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 203.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
NL 88.221.24.122:443 www.bing.com tcp
US 8.8.8.8:53 122.24.221.88.in-addr.arpa udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
NL 88.221.24.122:443 th.bing.com tcp
NL 88.221.24.18:443 th.bing.com tcp
NL 88.221.24.18:443 th.bing.com tcp
NL 88.221.24.122:443 th.bing.com tcp
US 8.8.8.8:53 18.24.221.88.in-addr.arpa udp
US 8.8.8.8:53 login.microsoftonline.com udp
IE 20.190.159.23:443 login.microsoftonline.com tcp
US 8.8.8.8:53 23.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 services.bingapis.com udp
US 13.107.5.80:443 services.bingapis.com tcp
US 8.8.8.8:53 80.5.107.13.in-addr.arpa udp
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 126.22.238.8.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
US 140.82.114.3:443 github.com tcp
US 140.82.114.3:443 github.com tcp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 8.8.8.8:53 github.githubassets.com udp
US 185.199.111.133:443 avatars.githubusercontent.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 3.114.82.140.in-addr.arpa udp
US 8.8.8.8:53 133.111.199.185.in-addr.arpa udp
US 8.8.8.8:53 154.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 camo.githubusercontent.com udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 8.8.8.8:53 collector.github.com udp
US 8.8.8.8:53 api.github.com udp
US 140.82.113.22:443 collector.github.com tcp
US 140.82.113.22:443 collector.github.com tcp
US 140.82.112.6:443 api.github.com tcp
US 8.8.8.8:53 22.113.82.140.in-addr.arpa udp
US 8.8.8.8:53 6.112.82.140.in-addr.arpa udp
US 8.8.8.8:53 254.177.238.8.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 stackoverflow.com udp
US 104.18.22.201:443 stackoverflow.com tcp
US 104.18.22.201:443 stackoverflow.com tcp
US 8.8.8.8:53 apps.identrust.com udp
US 2.18.121.70:80 apps.identrust.com tcp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 cdn.sstatic.net udp
NL 142.250.179.170:443 ajax.googleapis.com tcp
US 104.18.19.90:443 cdn.sstatic.net tcp
US 104.18.19.90:443 cdn.sstatic.net tcp
US 104.18.19.90:443 cdn.sstatic.net tcp
US 104.18.19.90:443 cdn.sstatic.net tcp
US 104.18.19.90:443 cdn.sstatic.net tcp
US 8.8.8.8:53 www.gravatar.com udp
US 8.8.8.8:53 201.22.18.104.in-addr.arpa udp
US 8.8.8.8:53 70.121.18.2.in-addr.arpa udp
US 8.8.8.8:53 170.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 90.19.18.104.in-addr.arpa udp
US 192.0.73.2:443 www.gravatar.com tcp
US 192.0.73.2:443 www.gravatar.com tcp
US 192.0.73.2:443 www.gravatar.com tcp
US 8.8.8.8:53 i.stack.imgur.com udp
NL 199.232.148.193:443 i.stack.imgur.com tcp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 2.73.0.192.in-addr.arpa udp
US 8.8.8.8:53 193.148.232.199.in-addr.arpa udp
US 8.8.8.8:53 8.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 194.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 000a3f01f96da91aeb04b03a920eb641.safeframe.googlesyndication.com udp
NL 142.250.179.161:443 000a3f01f96da91aeb04b03a920eb641.safeframe.googlesyndication.com tcp
US 8.8.8.8:53 clc.stackoverflow.com udp
US 8.8.8.8:53 www.googletagservices.com udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
NL 142.251.36.1:443 tpc.googlesyndication.com tcp
NL 142.251.36.1:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 2.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 1.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 161.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 36.34.239.216.in-addr.arpa udp
US 8.8.8.8:53 cdn.cookielaw.org udp
US 104.18.131.236:443 cdn.cookielaw.org tcp
US 104.18.131.236:443 cdn.cookielaw.org tcp
US 8.8.8.8:53 geolocation.onetrust.com udp
US 172.64.155.119:443 geolocation.onetrust.com tcp
US 8.8.8.8:53 119.155.64.172.in-addr.arpa udp
US 8.8.8.8:53 236.131.18.104.in-addr.arpa udp
US 8.8.8.8:53 stackoverflow-privacy.my.onetrust.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 region1.analytics.google.com udp
US 216.239.32.36:443 region1.analytics.google.com tcp
NL 142.250.102.157:443 stats.g.doubleclick.net tcp
NL 142.250.179.163:443 www.google.be tcp
US 172.64.155.119:443 stackoverflow-privacy.my.onetrust.com tcp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 157.102.250.142.in-addr.arpa udp
US 8.8.8.8:53 163.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 malc0de.com udp
US 208.113.221.91:80 malc0de.com tcp
US 208.113.221.91:80 malc0de.com tcp
US 208.113.221.91:80 malc0de.com tcp
US 216.239.32.36:443 region1.analytics.google.com udp
US 8.8.8.8:53 91.221.113.208.in-addr.arpa udp
NL 142.250.179.170:443 ajax.googleapis.com udp
US 216.239.34.36:443 region1.analytics.google.com udp
US 8.8.8.8:53 de0de62a8f35cf15c7b2f927795426bc.safeframe.googlesyndication.com udp
NL 142.250.102.157:443 stats.g.doubleclick.net udp
US 8.8.8.8:53 www.malwareblacklist.com udp
US 64.91.248.15:80 www.malwareblacklist.com tcp
US 64.91.248.15:80 www.malwareblacklist.com tcp
US 8.8.8.8:53 ww1.malwareblacklist.com udp
DE 64.190.63.136:80 ww1.malwareblacklist.com tcp
US 8.8.8.8:53 15.248.91.64.in-addr.arpa udp
US 8.8.8.8:53 www.sedo.com udp
US 8.8.8.8:53 img.sedoparking.com udp
NL 172.217.168.196:80 www.google.com tcp
US 205.234.175.175:80 img.sedoparking.com tcp
US 8.8.8.8:53 www.adsensecustomsearchads.com udp
NL 142.250.179.206:443 www.adsensecustomsearchads.com tcp
US 8.8.8.8:53 partner.googleadservices.com udp
US 8.8.8.8:53 afs.googleusercontent.com udp
NL 142.251.36.1:443 afs.googleusercontent.com tcp
NL 142.251.36.1:443 afs.googleusercontent.com tcp
US 8.8.8.8:53 136.63.190.64.in-addr.arpa udp
US 8.8.8.8:53 196.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 175.175.234.205.in-addr.arpa udp
US 8.8.8.8:53 206.179.250.142.in-addr.arpa udp
DE 64.190.63.136:80 ww1.malwareblacklist.com tcp
NL 172.217.168.196:80 www.google.com tcp
US 8.8.8.8:53 cc.sedoparking.com udp
DE 64.190.63.210:443 cc.sedoparking.com tcp
US 8.8.8.8:53 be.insight.com udp
JP 23.207.104.189:443 be.insight.com tcp
JP 23.207.104.189:443 be.insight.com tcp
JP 23.207.104.189:443 be.insight.com tcp
JP 23.207.104.189:443 be.insight.com tcp
JP 23.207.104.189:443 be.insight.com tcp
JP 23.207.104.189:443 be.insight.com tcp
US 8.8.8.8:53 cdn-ukwest.onetrust.com udp
US 172.64.155.119:443 cdn-ukwest.onetrust.com tcp
US 8.8.8.8:53 app.launchdarkly.com udp
US 151.101.2.217:443 app.launchdarkly.com tcp
US 151.101.2.217:443 app.launchdarkly.com tcp
US 8.8.8.8:53 app-lon10.marketo.com udp
US 104.16.94.80:443 app-lon10.marketo.com tcp
US 8.8.8.8:53 assets.adobedtm.com udp
GB 96.16.109.56:443 assets.adobedtm.com tcp
US 8.8.8.8:53 189.104.207.23.in-addr.arpa udp
US 8.8.8.8:53 106.208.58.216.in-addr.arpa udp
US 8.8.8.8:53 226.21.18.104.in-addr.arpa udp
US 8.8.8.8:53 80.94.16.104.in-addr.arpa udp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 play.vidyard.com udp
US 8.8.8.8:53 cdn.lr-in-prod.com udp
US 8.8.8.8:53 use.typekit.net udp
US 151.101.1.181:443 play.vidyard.com tcp
US 151.101.1.181:443 play.vidyard.com tcp
US 2.18.121.142:443 use.typekit.net tcp
US 172.67.165.127:443 cdn.lr-in-prod.com tcp
US 8.8.8.8:53 s.go-mpulse.net udp
US 23.46.70.111:443 s.go-mpulse.net tcp
US 8.8.8.8:53 cdn.vidyard.com udp
US 18.239.18.33:443 cdn.vidyard.com tcp
US 151.101.1.181:443 play.vidyard.com tcp
US 8.8.8.8:53 56.109.16.96.in-addr.arpa udp
US 8.8.8.8:53 181.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 142.121.18.2.in-addr.arpa udp
US 8.8.8.8:53 127.165.67.172.in-addr.arpa udp
US 8.8.8.8:53 111.70.46.23.in-addr.arpa udp
US 8.8.8.8:53 33.18.239.18.in-addr.arpa udp
US 8.8.8.8:53 189.211.227.13.in-addr.arpa udp
US 2.18.121.142:443 use.typekit.net tcp
US 8.8.8.8:53 s3.amazonaws.com udp
US 52.217.100.62:443 s3.amazonaws.com tcp
US 8.8.8.8:53 px.ads.linkedin.com udp
US 13.107.42.14:443 px.ads.linkedin.com tcp
US 8.8.8.8:53 p.typekit.net udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 signals.aimtell.com udp
US 8.8.8.8:53 cdn.aimtell.io udp
US 8.8.8.8:53 c.go-mpulse.net udp
US 8.8.8.8:53 142.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 14.42.107.13.in-addr.arpa udp
US 8.8.8.8:53 62.100.217.52.in-addr.arpa udp
US 104.18.32.59:443 signals.aimtell.com tcp
US 104.22.70.231:443 cdn.aimtell.io tcp
US 2.18.121.136:443 p.typekit.net tcp
US 23.46.70.111:443 c.go-mpulse.net tcp
NL 142.250.179.163:443 www.google.be udp
US 8.8.8.8:53 events.launchdarkly.com udp
US 34.194.37.158:443 events.launchdarkly.com tcp
US 8.8.8.8:53 www.clarity.ms udp
US 13.107.246.67:443 www.clarity.ms tcp
US 8.8.8.8:53 cdn.aimtell.com udp
US 8.8.8.8:53 684dd330.akstat.io udp
US 8.8.8.8:53 c.clarity.ms udp
US 8.8.8.8:53 59.32.18.104.in-addr.arpa udp
US 8.8.8.8:53 231.70.22.104.in-addr.arpa udp
US 8.8.8.8:53 136.121.18.2.in-addr.arpa udp
US 8.8.8.8:53 158.37.194.34.in-addr.arpa udp
US 8.8.8.8:53 206.23.217.172.in-addr.arpa udp
US 8.8.8.8:53 67.246.107.13.in-addr.arpa udp
IE 68.219.88.97:443 c.clarity.ms tcp
US 8.8.8.8:53 c.bing.com udp
US 8.8.8.8:53 w.clarity.ms udp
US 23.96.124.156:443 w.clarity.ms tcp
US 23.96.124.156:443 w.clarity.ms tcp
US 8.8.8.8:53 97.88.219.68.in-addr.arpa udp
US 8.8.8.8:53 156.124.96.23.in-addr.arpa udp
DE 64.190.63.136:80 ww1.malwareblacklist.com tcp
DE 64.190.63.136:80 ww1.malwareblacklist.com tcp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 r.bing.com udp
NL 88.221.24.18:443 r.bing.com tcp
US 8.8.8.8:53 urlhaus.abuse.ch udp
US 151.101.2.49:443 urlhaus.abuse.ch tcp
US 151.101.2.49:443 urlhaus.abuse.ch tcp
US 216.239.34.36:443 region1.analytics.google.com udp
US 8.8.8.8:53 49.2.101.151.in-addr.arpa udp
US 8.8.8.8:53 195.179.250.142.in-addr.arpa udp
US 216.239.34.36:443 region1.analytics.google.com udp
US 8.8.8.8:53 w.clarity.ms udp
US 23.96.124.156:443 w.clarity.ms tcp
US 8.8.8.8:53 urlhaus.abuse.ch udp
US 8.8.8.8:53 github.com udp
US 140.82.113.4:443 github.com tcp
US 8.8.8.8:53 4.113.82.140.in-addr.arpa udp
CN 123.10.20.217:40244 123.10.20.217 tcp
CN 123.10.20.217:40244 tcp
CN 123.10.20.217:40244 tcp
US 8.8.8.8:53 217.20.10.123.in-addr.arpa udp
US 216.239.34.36:443 region1.analytics.google.com udp
US 8.8.8.8:53 w.clarity.ms udp
US 23.96.124.156:443 w.clarity.ms tcp
US 8.8.8.8:53 urlhaus.abuse.ch udp
NL 88.221.24.18:443 www.bing.com tcp
US 8.8.8.8:53 gmhealthcare.dothome.co.kr udp
KR 223.26.138.4:80 gmhealthcare.dothome.co.kr tcp
KR 223.26.138.4:80 gmhealthcare.dothome.co.kr tcp
KR 223.26.138.4:80 gmhealthcare.dothome.co.kr tcp
US 8.8.8.8:53 www.agenziaentrate.gov.it udp
NL 95.101.74.132:443 www.agenziaentrate.gov.it tcp
US 8.8.8.8:53 cdn.agenziaentrate.gov.it udp
US 8.8.8.8:53 4.138.26.223.in-addr.arpa udp
US 8.8.8.8:53 132.74.101.95.in-addr.arpa udp
US 8.8.8.8:53 aews-analytics.sogei.it udp
US 8.8.8.8:53 www1.agenziaentrate.gov.it udp
NL 95.101.74.132:443 cdn.agenziaentrate.gov.it tcp
NL 95.101.74.132:443 cdn.agenziaentrate.gov.it tcp
NL 95.101.74.132:443 cdn.agenziaentrate.gov.it tcp
NL 95.101.74.132:443 cdn.agenziaentrate.gov.it tcp
NL 95.101.74.132:443 cdn.agenziaentrate.gov.it tcp
NL 95.101.74.132:443 cdn.agenziaentrate.gov.it tcp
IT 217.175.50.133:443 aews-analytics.sogei.it tcp
IT 217.175.53.138:443 www1.agenziaentrate.gov.it tcp
US 8.8.8.8:53 133.50.175.217.in-addr.arpa udp
US 8.8.8.8:53 138.53.175.217.in-addr.arpa udp
IT 217.175.50.133:443 aews-analytics.sogei.it tcp
US 8.8.8.8:53 edge.microsoft.com udp
US 204.79.197.239:443 edge.microsoft.com tcp
US 8.8.8.8:53 239.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 27.178.89.13.in-addr.arpa udp
US 8.8.8.8:53 w.clarity.ms udp
US 23.96.124.156:443 w.clarity.ms tcp
US 8.8.8.8:53 client.wns.windows.com udp
NL 40.115.3.253:443 client.wns.windows.com tcp
US 8.8.8.8:53 be.insight.com udp
US 8.8.8.8:53 beacon.aimtell.com udp
US 8.8.8.8:53 insight.report-uri.com udp
US 8.8.8.8:53 analytics.aimtell.com udp
US 104.17.186.88:443 insight.report-uri.com tcp
US 18.238.243.28:443 analytics.aimtell.com tcp
US 8.8.8.8:53 253.3.115.40.in-addr.arpa udp
US 8.8.8.8:53 88.186.17.104.in-addr.arpa udp
US 8.8.8.8:53 28.243.238.18.in-addr.arpa udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
NL 88.221.24.18:443 th.bing.com tcp
NL 88.221.24.18:443 th.bing.com tcp
NL 88.221.24.18:443 th.bing.com tcp
US 104.22.70.231:443 cdn.aimtell.io tcp
US 8.8.8.8:53 imp.aimtell.com udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 www.reddit.com udp
US 151.101.1.140:443 www.reddit.com tcp
US 151.101.1.140:443 www.reddit.com tcp
US 8.8.8.8:53 www.redditstatic.com udp
US 151.101.1.140:443 www.redditstatic.com tcp
US 151.101.1.140:443 www.redditstatic.com tcp
US 8.8.8.8:53 styles.redditmedia.com udp
US 151.101.1.140:443 styles.redditmedia.com tcp
US 8.8.8.8:53 140.1.101.151.in-addr.arpa udp
US 151.101.1.140:443 styles.redditmedia.com tcp
US 8.8.8.8:53 a.thumbs.redditmedia.com udp
US 151.101.1.140:443 a.thumbs.redditmedia.com tcp
US 8.8.8.8:53 external-preview.redd.it udp
US 151.101.1.140:443 external-preview.redd.it tcp
US 151.101.1.140:443 external-preview.redd.it tcp
US 8.8.8.8:53 b.thumbs.redditmedia.com udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.251.36.45:443 accounts.google.com tcp
NL 142.251.36.45:443 accounts.google.com udp
US 8.8.8.8:53 d9.flashtalking.com udp
US 8.8.8.8:53 alb.reddit.com udp
US 8.8.8.8:53 tps.doubleverify.com udp
US 52.3.165.245:443 d9.flashtalking.com tcp
US 52.3.165.245:443 d9.flashtalking.com tcp
US 130.211.44.5:443 tps.doubleverify.com tcp
US 130.211.44.5:443 tps.doubleverify.com tcp
US 8.8.8.8:53 45.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 5.44.211.130.in-addr.arpa udp
US 8.8.8.8:53 245.165.3.52.in-addr.arpa udp
US 8.8.8.8:53 w3-reporting-nel.reddit.com udp
US 8.8.8.8:53 www.malwaredomainlist.com udp
US 3.141.96.53:80 www.malwaredomainlist.com tcp
US 3.141.96.53:80 www.malwaredomainlist.com tcp
US 8.8.8.8:53 53.96.141.3.in-addr.arpa udp
US 3.141.96.53:443 www.malwaredomainlist.com tcp
US 205.234.175.175:443 img.sedoparking.com tcp
US 8.8.8.8:53 partner.googleadservices.com udp
NL 142.251.36.1:443 afs.googleusercontent.com udp
US 8.8.8.8:53 www.malwaredomains.com udp
US 64.247.192.88:80 www.malwaredomains.com tcp
US 64.247.192.88:80 www.malwaredomains.com tcp
US 64.247.192.88:80 www.malwaredomains.com tcp
US 8.8.8.8:53 88.192.247.64.in-addr.arpa udp
US 8.8.8.8:53 riskanalytics.com udp
US 64.247.192.88:443 riskanalytics.com tcp
US 8.8.8.8:53 isc.sans.org udp
NL 108.156.60.23:80 isc.sans.org tcp
NL 108.156.60.23:80 isc.sans.org tcp
NL 108.156.60.23:443 isc.sans.org tcp
US 8.8.8.8:53 isc.sans.edu udp
US 45.60.103.34:443 isc.sans.edu tcp
US 8.8.8.8:53 23.60.156.108.in-addr.arpa udp
US 8.8.8.8:53 34.103.60.45.in-addr.arpa udp
US 45.60.103.34:443 isc.sans.edu tcp
US 8.8.8.8:53 blog.didierstevens.com udp
US 192.0.78.13:443 blog.didierstevens.com tcp
US 192.0.78.13:443 blog.didierstevens.com tcp
US 8.8.8.8:53 s0.wp.com udp
US 192.0.77.32:443 s0.wp.com tcp
US 192.0.77.32:443 s0.wp.com tcp
US 192.0.77.32:443 s0.wp.com tcp
US 192.0.77.32:443 s0.wp.com tcp
US 192.0.77.32:443 s0.wp.com tcp
US 192.0.77.32:443 s0.wp.com tcp
US 8.8.8.8:53 platform.twitter.com udp
US 192.229.163.25:443 platform.twitter.com tcp
US 8.8.8.8:53 didierstevens.files.wordpress.com udp
US 192.0.72.20:443 didierstevens.files.wordpress.com tcp
US 8.8.8.8:53 i0.wp.com udp
US 192.0.72.20:443 didierstevens.files.wordpress.com tcp
US 8.8.8.8:53 stats.wp.com udp
US 192.0.77.2:443 i0.wp.com tcp
US 192.0.76.3:443 stats.wp.com tcp
US 8.8.8.8:53 13.78.0.192.in-addr.arpa udp
US 8.8.8.8:53 32.77.0.192.in-addr.arpa udp
US 8.8.8.8:53 20.72.0.192.in-addr.arpa udp
US 8.8.8.8:53 25.163.229.192.in-addr.arpa udp
US 8.8.8.8:53 2.77.0.192.in-addr.arpa udp
US 8.8.8.8:53 3.76.0.192.in-addr.arpa udp
US 8.8.8.8:53 r-login.wordpress.com udp
US 8.8.8.8:53 pixel.wp.com udp
US 192.0.78.18:443 r-login.wordpress.com tcp
US 8.8.8.8:53 syndication.twitter.com udp
US 104.244.42.72:443 syndication.twitter.com tcp
US 8.8.8.8:53 18.78.0.192.in-addr.arpa udp
US 8.8.8.8:53 72.42.244.104.in-addr.arpa udp
US 192.229.163.25:443 platform.twitter.com tcp
US 192.229.163.25:443 platform.twitter.com tcp
US 192.229.163.25:443 platform.twitter.com tcp
US 192.229.163.25:443 platform.twitter.com tcp
US 192.229.163.25:443 platform.twitter.com tcp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 github.com udp
US 140.82.114.4:443 github.com tcp
US 8.8.8.8:53 4.114.82.140.in-addr.arpa udp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 collector.github.com udp
US 8.8.8.8:53 api.github.com udp
US 140.82.112.21:443 collector.github.com tcp
US 140.82.113.6:443 api.github.com tcp
US 8.8.8.8:53 21.112.82.140.in-addr.arpa udp
US 8.8.8.8:53 6.113.82.140.in-addr.arpa udp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 wmploc.dll udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 bf009481892dd0d1c49db97428428ede
SHA1 aee4e7e213f6332c1629a701b42335eb1a035c66
SHA256 18236c88bc4fe576f82223cca595133aa3b4e5fd24ebac9fd515b70e6f403ab4
SHA512 d05515ff319b0b82030bc9d4a27f0432b613488f945d1dae8b8dfe73c64e651eb39f4141a5d2e157e2afb43dd1dd95b6611c1003ac4e2e80511e6c5cd7cfdf11

\??\pipe\LOCAL\crashpad_4172_DRFKBHZADBQDDNRA

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7add1ebe22fa9e251b4e691cd4054d31
SHA1 9af99bbe3785db121397e2f4c8405cc26c47830b
SHA256 68828e4ef9fc87b86719ec336ed48d07b1b8c7f931e89350dad2af43cef761de
SHA512 7dcb7e1df93c119bc1bb37f438623b84f60bdd194463b2306ce197a4b3c16507624db3cc269c7989779297fc24699d40ce213b73dde450b63775bb7ade9ba45b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 7e407d98728e3686ce0b5ae809ba916b
SHA1 6fc688c97bfd1b97247e034b7d5e31c2db21700b
SHA256 1aeea6dca205cbb414b81d8c9ba0a8e92ede5465b97df977680df1979354eae4
SHA512 54104cb488c729ee1030cd35dba7ccd25fa1f8d5c1a85c7a4e90157c21dbecc434dcc2e53f6e095bdca047aa3b130fd913a613e6eb78aa8fd4b353c8b82f2599

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d02b81c126ad498b08920d7511b2615b
SHA1 d5267f5b29f7082fbb64b86dcaf706e9b8a2e77c
SHA256 be58ece437b7508db1be1e4eb76e648ff32d4860562ca3bc5fe1533dfc9b21c6
SHA512 9e5a1f6c35aff6c1c5ca4052aaede6c3f63c820913c0cb524900cac5b83de61bed775b01294774fe3d624d44749029ed1be95e9c3b01d48fea1905527a281414

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 25ac77f8c7c7b76b93c8346e41b89a95
SHA1 5a8f769162bab0a75b1014fb8b94f9bb1fb7970a
SHA256 8ad26364375358eac8238a730ef826749677c62d709003d84e758f0e7478cc4b
SHA512 df64a3593882972f3b10c997b118087c97a7fa684cd722624d7f5fb41d645c605d59a89eccf7518570ff9e73b4310432c4bb5864ee58e78c0743c0c1606853a7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\60246d58-78a7-4988-aed2-e5d7ceb3c3e5.tmp

MD5 4e404b6b4cc775aec4c1ab98cdd2098f
SHA1 36b26b17b164d54d73bbc1949e6f7aabdfa9a4a3
SHA256 856d54a9c18295a1a22d61d513e912af2b1b6db823d38c37bcb995428773d96d
SHA512 02ae65c84c314a4e9d8eb5a9194bc70a86051fe7529c491b86ab5c436cb62440f595a57bf113668458c6411bdd4de84529ca42ca5565e03b7b2889c9cdf50ce0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 004202483136cbaf55a342f6de3b1a13
SHA1 8550cd6fd4b9ff4bc6c07df2c744fb7a5019e395
SHA256 1b7c7ca1f340d17a571c6fb9b671aadf2f1261e17119ac3f9ad533f91b823fd6
SHA512 9d3665cfd394378c7a263c7b88176ddaa88e65090ae268d9d73a448ba7029efd84b3a8c614ff5285293d445b4310da09a869198668312ad413fbfd298d70457a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe589d54.TMP

MD5 630c54ea55031deb3de82045c0daae05
SHA1 41952077b1a3282eb4d8b97c3a5da13c3942aa2b
SHA256 cb276f11eba4691704bed64fc7c348a9ffd2a17797ed2d6382946fe759abd0c1
SHA512 00807fb68330323a2773aa5a1348cc79fe5bf22641bc4c57d68cf9f739efe0f175c61df3823d986f570b09b8d162576e2a2a2884b06a0c9068ea4a01006ea182

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a339ea8ec31b78860edc8a82eef7ae4d
SHA1 366ffe87609b4bd4a06061e5ffa3c6eea7a18aef
SHA256 f98e8965359e4fab93bd9ef46162e0200acc64b21d4001626d8f0e9c89696187
SHA512 fda6d4dac12241569e59348860f32ed4cf6ea7500dd0cd5bf4984303539623f38c95e7e2114ef6ab5b53a4e0e2a2ae9a318fe9925d062b122812bc429978930c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 891bd8a3b6c742e233bdd31973cc9c98
SHA1 167830955da83d3ef59b2b3d6429fa6c0104581e
SHA256 963608878d09bcbd5754c9fbd58229901ef6933bd2f589c370f496f7b6b6c3e9
SHA512 6634abf74d55e706a3ccbd396af9a1239d24c844fe89ddd03e98cb90285ab895d49f49b85cb2c417092567e653df1084de8c08c08ec0879c8831e70fda8f88d3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e44470b762c91838a9d225a255b0f490
SHA1 bb6a59ea9478a669f254ac3182ca9db3f4067727
SHA256 e9a1fa1700ea18ee824feaa3123ef0d7f808711370763d7702a709336c237c8e
SHA512 295143dfb775431de29711c50ea3fd973a948dd6ad38264f5d9fb9a4cb28ed49675ce716a55c7157379d3c76dc9d47763129713d28cc5046f8c33d3964971a82

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\556c991a-44f2-4f62-a185-8de0410a23f5.tmp

MD5 bf9e5cb4e56720a2c1b555d0c38aa237
SHA1 7834079ec67297a83a9ce3f45138b97b94e93074
SHA256 40c28d6b92299a89b44d1a401b5ba09fc377d21303eb7cf2f6c0cd1dbfdff6b7
SHA512 b454785dc7506cc3541e854cf03f5b2fae618b407bdcaf8c48ad5e07cb03a29c1b1843c32f6c2d737a8fd3d9df132c199326a5f894e9a94cdd02e71c303ecf98

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 2b278f355ac465cb40682306d73cc37b
SHA1 3b005a1c99d5dae97bd467e2591e62bc86b6ed31
SHA256 57efd6d1d3bccd6e5bef9074d8c92f41363993f138ffd52c386f1ecdbf107d75
SHA512 44a3da30329641eac397c6dc9046f19c564ba6292c5a27fe785a40bb75c11dc2ffa80048ee89864e7ee90d4d7ec232280bda6e02ab618e27646edbb6431587b7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 22b71f4d7aec32db83879a851f765219
SHA1 e8bd836b7f79c69d7ced7415edc20e05c655f964
SHA256 9f560f32ebd412a15e8cc8b9c1d167edf402e40a505a7983ef3a22c43be5c310
SHA512 a42abac53440a38e74029a87e3a981fb0d5120a6ed9b02313cefa994aec3ecb04b44668a2328a70b25a195f7244d3108e0388b8e7d8333fab33bdee924c7c1bf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a08b22ced5552309e556ac5754871b07
SHA1 23b44a7b17be5d934cceed6a1739044a27b46bda
SHA256 2d9c986e6c66e2471f3074744b4a81ca26fa2465f21672e580b3c629fe719e69
SHA512 c0c82b99859ba217d6bd453788077f83b0b0b16a3b2952b92c33a654d283d97b4b5af0be5ff0b229c599cc8ffdec460d508a33c098aa9851dca76c577ba978e2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3d3a8b6920c11b306dd4b8003a06209c
SHA1 c3305cd4961c0cc8d7bf22d8cb647c4458b6d7f9
SHA256 348591a6f33e78d4581a0321f6e024bab7d57cd02d75159756e65102fbb68941
SHA512 2051af4999121369b2451c10c40e90b74329605828bfe631b1f252963aa9198136abeac5299fe5c55a6ac2865883d43a0fe07255451cdae1910b3d641cba01f4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ac726192bea0062854d1ed8867b6f3e8
SHA1 def56910ffc4673917e6703fdde360cc76984f3f
SHA256 23b8b12fafd10e5bd535aee115bdf021af20194a26dd4839eb4aeb0ccc079cfd
SHA512 1e2b62a57fb2f1b8253bd0e97b494066b543399493a49586f229d557bd8b202322763eed46fe32acd858db60bc128c53a3a9d72faccfbea8d248eb01c5c47df0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1e7fc33dc8876992d6ab8f8c63151bca
SHA1 010a632a594428484e6bbc764b619f646d911d35
SHA256 9d428f831452d4f9d901c1797e0684c655a1d06a560f97055d583f77b4463a9a
SHA512 514794323b8192e9a8275ba2c0bcf6b8c5ff452f27b265f2210be308c7fb047a4cf6ae894749befc4b7550fa7aa2635df6973a4ad66687374b68e119019f386a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_be.insight.com_0.indexeddb.leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000032

MD5 e86965f9a9a5c5597743b14adba3c73c
SHA1 c4af1e9476d80626993c9a01de01c70a4a54bb72
SHA256 54d64df56a3f7e16ee603e1d679719a5151a7af77f9f34f97687b46532bd8eba
SHA512 161a207053eb26b4656bb9a0c65202a6b4131bfe2385db3b4be4313a01395b98f1c9130dc64c4e1dc302628ce1f2f11bd03dc75151d00617d95220350f4bacef

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

MD5 2cffca58146d228b9f5d09ff8a3f9830
SHA1 d98c40c91f07513ab7434f9060f09d1d070a7367
SHA256 90425d0ac7c4798b1c923212a5da989b119b32ec3b89dff50cc2e3867a968b1d
SHA512 23b16d327e10d7bc21953c11569dc6c681c1ad474c9b5e2270907a78733b03fcdcf3abfd45a647df933f732df3cd7b6431408b02320d1cbad23878bf45a56298

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

MD5 8f376c1ed91325215f29632881530838
SHA1 995e96ace35882b4d79645c96c188856b9a36b16
SHA256 7a9b16716c88f86b0dfed9b091d9729234615f5f254e8a7e887c2676e0a04fbd
SHA512 de00ad653c65d7fa475e6695e41a9be32380cde75353411bc67925b6c1a198d6782339cb4ca09dff16b6a1f118492311303cd460ed0e846058902910e64cf2ab

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

MD5 3e0dcc540b9405f542fb47c80048dba1
SHA1 f6b65b42a1124d78bc7a675cfa4a1ee6b54d4c7e
SHA256 e0ab4deab29d83ba39ca8c1d7065e8accfa04c8a7f1e36fa3cf94c97d088c7ad
SHA512 004c297ec750a3186f772a6865c046ebe1454bbde00541ea59d6b97f2653e7aa4b4ef640b4104bd86e73f736725ad04e1853cda524d25156339605f83a428f7f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

MD5 40b95a073cdf033a389d6c6d568d189d
SHA1 40d522d77effa87e8984b7375eb5897887ebea59
SHA256 41c37414eaf02e7160ef313df7ba3f215963944588280ba15b4cafa9a6464289
SHA512 bd551b8ba288a3bcc804e54f89fe7193f0b1ba46e68edf85005f031bb5b7eca51b04df5ecd6507d627f9132dfefc9ca11802e3b07b1c198231afb526c9605f41

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

MD5 fd2b58574f9637ba7ef639267349d848
SHA1 6eda5ea93f549ceb5693f6f1c038893fa56a510d
SHA256 75627d4b97e5e6294a8f88f5eeaf9b616696dc8600db9701c47ef05f067880ec
SHA512 9de7eb0ddaea236cbf912f4b87fa94c424cdea041e756200926c7e28bac860f69e0d9104a790678d1858cdd7101b25d1e25164a89f81a758f35bada3765c6893

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

MD5 0550db1ba6da662b396f963c7bd29ae4
SHA1 764371ba288eec353cd4c004e2d027c9ac56c2b5
SHA256 5082bc6bcccd572381b1ce77dacf2338e16aa99d0107e13f5b202bfe66f5bab3
SHA512 b0c18621913fb2584659adb9108429516e7c792001291e60d58f9fa56b1f69c69ecd8d0e0590a863302b13883a2e3682773131359f9eba217e777824684281cf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027

MD5 9879ce007ef4bc916323ea212d059fba
SHA1 22d47ffcadfed7f1c2bbf6a189d951460619e589
SHA256 8784120f465961640ab18d2670222e1ba150093ff278e05489e40d067ddb1ae4
SHA512 ef16af5299759698efdc2d704bc174960c69840d23fe1f06c78b3b952981041a156023b61cdc69f7e0171a402580de4b86119498219c3a0dc3967736f03000cf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

MD5 80ae70fa1b9e76d8c20830f3f769b18e
SHA1 eb322c33ef1816081ecf21d222caae0b9a4fe4c9
SHA256 55c5f4175f6041d6241524a7e5bb3001c2ab6976bacf01e30144fcc04c227334
SHA512 18ca85fc4fd338719bd5efde3b133482011b693a1cdab1462110796b4337fadac3db08bb6abfda2d8f4a52e9b2498899eb6d6a10298062608f686fcfd4383ab8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

MD5 d6b36c7d4b06f140f860ddc91a4c659c
SHA1 ccf16571637b8d3e4c9423688c5bd06167bfb9e9
SHA256 34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92
SHA512 2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

MD5 d341c3738f75f1da6a1e71712eebcbc7
SHA1 2753e989e2cdbe6f51f456fbb363b9d670f858a7
SHA256 be0a6843f56ec10f00749bfd6432e07a70e644c21fabcf3ab2c31a7c0794fe33
SHA512 353d831fdb002a1750ce4399e582f579575219037c3e61c70ab28e9bfebe82200450469f90930b3e022fda0dc7cab07c1450f6fa727417c178cbd12611a9eae1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

MD5 d94e0e0a05b178d5f668021e14c7a1d9
SHA1 d28e00ff7663ba19bc80a379643ef1cb20b4d2a6
SHA256 ce471ce8016410f68616f0b1f122fc43f2dbaa7fd747877fe19955f492c630e2
SHA512 aa62a9b26850343db5b05ba623b1db75281ffefd7d5b168fd1a4a85c28655b1f3f900edfab3ac57ee7c4ace83769265c9a44d7b19b1b0e9c7fd3e11dc6267831

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

MD5 2e86a72f4e82614cd4842950d2e0a716
SHA1 d7b4ee0c9af735d098bff474632fc2c0113e0b9c
SHA256 c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f
SHA512 7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

MD5 56d57bc655526551f217536f19195495
SHA1 28b430886d1220855a805d78dc5d6414aeee6995
SHA256 f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4
SHA512 7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

MD5 20b4214373f69aa87de9275e453f6b2d
SHA1 05d5a9980b96319015843eee1bd58c5e6673e0c2
SHA256 aa3989bee002801f726b171dcc39c806371112d0cfd4b4d1d4ae91495a419820
SHA512 c1e86e909473386b890d25d934de803f313a8d8572eb54984b97f3f9b2b88cbe2fb43a20f9c3361b53b040b3b61afb154b3ec99a60e35df8cf3563dabf335f54

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

MD5 907249cca6f76225195f5caed55b2d5c
SHA1 b3e75076549b75d0f053eb89b8d4cb01b3702b87
SHA256 e2951bb64228a8e8247c8c0af34e49c539e47306bb36f35af3f4cb7a581dff68
SHA512 937b63dfdc3731ae8379618d5a694312be4417048dcd7c86a3c12371375f101afe8fb7a9ae18440b904da926ff3e7af275e5648add7941f8e0067c16f24fa3fd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ddb586fe14b50b3f82f233d697774609
SHA1 d39b45ff8d5be7e83c2d92a3ea22c6d80bc46064
SHA256 111e31a60843bad7be1a940b0fac46ee2e60c5f0466b83d2db99554eded85d00
SHA512 e34b3146df9c289a3b1c0fadbdd22bd2a59c54ad5cf23a258b9edd0f6b09c771c8e853fc99b6cc0768c3f2fab17d85e882a910c2d92f24994e085994630bc9e8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 41503386ef8d829a259ff2aeb9af2c47
SHA1 f1358e71296aa24c8f3724e053af223a7196dead
SHA256 c760a0f5a444eeea9e65a823a2380cf93bc563360109398fc682b1c94df9b548
SHA512 25caab48d6f76a7fdf4488163b59764f15565f87b054b880d8e9ac8cce2bef82c759654ed58f0e18799b8b2f31a72d7a6c9f9e8fcb594251c4bf6a31bfcd25cf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 5f99e7f4a09949e373e2c555fe86c9af
SHA1 475087510c2748be2a33dc62626c26291eabe8ec
SHA256 3dcdfbe574c05b205310ac4223e0478981613ae9a2cc17f3baf27585c84ad997
SHA512 abd3a7a4d35df227610181dc6e25ceae349054278b9a1ed2854136543e9ad65231855afca9f3ed291c2255ee13f236a231b1364a632cac4b3c01dea5e4fe7481

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5a085e.TMP

MD5 b64244de41387e856ff699b497d8bf83
SHA1 95e954895bad19e3ee59d1ea5b9484a013f5cce6
SHA256 e3985a65e7e816ed801aa8c3d80d15393bbe81c8ec970e0eaa26370f95afe916
SHA512 7ab97d811464592a61496d34c6413ab5500a7c5cc778493ce71260be80cb6382461a514f940d035bcef8cc96a95e7b20dbe7814943cb88efcc7f95202b23ab9a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 a54cde1973b29f75030d98994a9a6f7d
SHA1 3f877dc3fe4b7fa0843db34b608bb075eec944a6
SHA256 0474a37958347948d4168e787b88e4799ff5c13d0790d6774163216401ba393c
SHA512 adc01585176888a3ff77c66b9b7a8dd8384e06b5fe1a7291d45bd94de10c8353c53e86f8f59e090b44959ea085b0489c9d18f42573fdf3328f80ad4c28c27c1c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000064

MD5 a9673bd087b4e5e2cd21862f8b7d8054
SHA1 0854f56b37b3c7c3938ebdd75a79be32c94b281d
SHA256 d4226b650de255fdc92e6ba1b89181c445fa23e82e86a1de62059ffde35081b2
SHA512 3e919945421b284915da26cd49d55db1e4c5b0530cfafec936982e2b6f400e372b98df78d1f07813a473cf9f26699e9c1ffa555904d6d2b4fc819b2c202afaba

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 593904bcc8b47cee7de964e897fd387a
SHA1 7048838ffcb7e2687d9f1aa92e11daf60f7e0b94
SHA256 2af48fcc4b4dacc88e9853caa62677b49d9ff5998ec6cef11ab49a33f1ac51bd
SHA512 a37269c1e9ec7d3b440d687ae0f9e8bbe9ef5ef5a7e1409605be6851a1c07b126b0e0b5038a08572fb89feb8414374230c6cc1b5152ca30b687f6a0f5b695a39

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\841ddf9b-f4e3-416a-b38e-f4ade7e6b6c9.tmp

MD5 07deb66b8702613eea7bdf7510c14558
SHA1 03fa671740ca5c36fa9429deca75aac1deb6dbb6
SHA256 e0c9e421d789977b634cfc6c71a1118d338d6989a65917aeab5febcb9e9b6600
SHA512 09013aec71f8043913251ad54e567544a7fe1f943830bc19df5048a16ad94b56332312d0b488624045dde338ec935b96d60e9de3bda37b6a33d2b1143fc2ab9e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 27e642d6fe75e2a55c77e84a48a1c0f5
SHA1 cc5c169c98bcf968038abd1cb79bd8030005c8a3
SHA256 2a85cb18c411b7a780cf57e32ef8ad62f91ff3e29708ef21726933303d95ce59
SHA512 2f61223fbc9ce21f50c8c530de8ce72f3bda1a5258b1c78b1d8fce38e646a8891958955c37d95730d35af2b3cd7988ff31c688da8bbbd314c1beb7b4af3c1b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 5a823ed03f3b5bd9039336e8d2fd29f7
SHA1 d7f2495efae9c3bc4a4bbe1ce4d6523868a0a5fd
SHA256 80b749b5590da6c26159832878c47966d1cbe48676a39677ef770e21b41a644a
SHA512 1293aa4682dc0622d78b9337f1e25d9707f6425a0ddb80fbe58d8ac84a0453ddc847455e253bbd50a5d3602e94516daeb7f1f0cae8a507d749e462fd11e7d6c4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 4a4ac9186e2228f570840e16e855da7d
SHA1 b3bc16e123101ec3f47d2cb5187c00a8dc20ba1e
SHA256 f02f5359354e9bffffacf7da4e9d5fe6ddd93443054c3f7b39fa212b702a0138
SHA512 31ce660244ec491c22838835082e71ce0d61169a32a2933739f85473f8c1e531a8b4dd967c8d4d174c4c3082ef01d4cbed3aa363d5e2e8055df5bd1b2d061c67

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e80ed44d66a14ef282fea3c11a14f25c
SHA1 5856d48112fa4fd21d084dc1a3874853a702c498
SHA256 ce6721aef03171b3363bc409bb925329cb629b076afc571b618e9400a2339ed5
SHA512 5455dbabf07cdb9d35b0e9c1c747fd02c3a246841b44016935746dbf98e0b1ff182af36c6d99561a365eb62d76a3201a2ab0b1fdb9db1de7dc13ebca81bb2bb1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000061

MD5 1825a5ca8f994c1798020cd93c021635
SHA1 41acf18895ad47148f5bb97318d7bb772b693ecf
SHA256 3806eead6ff35be4688b1366e79aee719c4abbc9b2d05ce34cec9c12a41f50d8
SHA512 65e8d3cfbe6964b693ff5f3e05935637e8184d4b180880fa05b863b26367bf17f75191cded95530c2209b88e6b775504fc65fadb349b11da9668475b7cb23aa9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e94390cbe2da6288160fae40191b4862
SHA1 84217998ef72be5696235a3c69b15b9259545bff
SHA256 481edc4d8a1d5ab54416177e986a2acf1e5b2bb37122860d46c845c856a9cdb4
SHA512 abc4cda85847e6fc12bac912b868d805ca881542566eabadb9cc6173368e647014c1774c65fc674dbd7b50598c0b84d7ed770e37c8f0250b1248bb2398441894

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 4da8325322a7dddc80ee354078544f0e
SHA1 d22af86f1596ef89fe9ed04ee28ac0ff0d3f2fb3
SHA256 ad0ad91b074d320a670b4ee7c473f61f2d65ded200a09767fefa00c9e3766ba3
SHA512 8644df8e5b6a20af93724ac99faaf7a595e35aa082bc75689ef7306a541815947ebaa0ded8be180b0d1e32028347654ad711d693497534a058b552488da87466

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 7eb9ad660cb6140e9f1c9440cf21bfef
SHA1 dcc1ad54417a4d771129a3600efc923d67bf2f6e
SHA256 58588b76343a46107cfeacc9551931f4172f31c5807997e2e3b028e6d0ccd786
SHA512 a58d28f0a8c5de7ff6b5faac27117e83ea2a561c04a85bd5c7fae3557c39d8f984e254b6d0bf9ac53a6fa1491d936fdb799d4fc1cc7b3ea3dd088ef20a887af9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 90091ec437a9231579cc8f705e163a42
SHA1 002b01351d9a101b31cc104d4e7bf2cd48f13bbc
SHA256 9c9f1898250fc0ca043434d41ae1e2e87b76700fa1b8b932a0d9b895f0641e50
SHA512 94f9fb98ec02d925c90af5777ac3c983c14d353624d821ca808b2b8b66c6a9b3921f7af2351f59751d9da892e8f56abbe3ea29ddc95a68a887c2dbad91cc6eea

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 ca912f6c0acceecdcc47feb48c8f1374
SHA1 bc050e10c8ea750473792d9bf0f91c92a49f1c2d
SHA256 8f28e29d77ed723004dff8ecd61fdb9205666f044c6d945afc4c0a61f8bf6a03
SHA512 7d65b3f5c394abdb17486cf5370e5d4957d217801e7a68836bd89532f97afedbe5dd4d00264062be1284af84bcd69472a93225e67b216f0da493bb6ddf249a15

C:\Users\Admin\Downloads\bin.sh

MD5 fbe51695e97a45dc61967dc3241a37dc
SHA1 1ed14334b5b71783cd6ec14b8a704fe48e600cf0
SHA256 2e4506802aedea2e6d53910dfb296323be6620ac08c4b799a879eace5923a7b6
SHA512 c35eab56ba59beb2ec2b362e4d1aae734fadc2d9db1d720439337dcade13ec9c7b68da9d03821efc7277abaf9bace342ff35593373e04c67327d5f7db460ad8a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 4c1aedc0bf22cc344838e68d1d7b384c
SHA1 f041777dc185885f5fc82f35e7191f78de30dc00
SHA256 d3128eb2242429e1e6a5ee7254fafc76620a9dc6556423549975b5296a2e1601
SHA512 62cc025a83dcddc31f5683f91925d05e27f325a2dce0ba74d5d8b51dd13a23402b3596333c1febced9d99394cc3f1352a81771e4c095a7d6ce632bdcbcd4c36e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 bc7ec737620400e0c0f17d19d543bbf9
SHA1 2103f37b1584206ff7e64de371b4612d0b279a34
SHA256 3926642f55b95e29c3c788f2d998198cd15794ae20da32b3e4423bb2acff4777
SHA512 fc036f19eec372d181fcc651fd8e89811a07aa961f465fe822443e6a8a29b7c9270dba1119dfe17195fb94b341ec1e9c8656b746a2966a1348fa8877d5c60941

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a19759fd18a5a40fe6cdc255036d2026
SHA1 61ada6dbce6949e58a712bb2cc957630d5c210aa
SHA256 88a347ffc90e63db8f22905c2ef413e3b893aafa4c80ec9d5f258646c27b6ddc
SHA512 eae2788bb5a764e83972633d0324b0fd88d2df4c2ee076829662e031f0ef1096218553fa14e0cc108da8237fc37016ef9c13e4c6482e86c7129e93aed5138a94

C:\Users\Admin\Downloads\bin.sh

MD5 fbe51695e97a45dc61967dc3241a37dc
SHA1 1ed14334b5b71783cd6ec14b8a704fe48e600cf0
SHA256 2e4506802aedea2e6d53910dfb296323be6620ac08c4b799a879eace5923a7b6
SHA512 c35eab56ba59beb2ec2b362e4d1aae734fadc2d9db1d720439337dcade13ec9c7b68da9d03821efc7277abaf9bace342ff35593373e04c67327d5f7db460ad8a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 4ae7117893bf21a31ea9058a25560f04
SHA1 18cbf124dbee5fc3f9b5c1bae2e6c338a2dfacfe
SHA256 feb163c1b56e18fe90e542e0ac71cddd5cab49116e1acac7a78eb1d50526a7d6
SHA512 ccef8cc209e6e888e89fc0f4386079f3d6c406813560e59a74217e5061119719733af9a5c1cc629f601d0b5cff10f68f469743d2a93849633f9a44ef5effb551

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a090e599b83b50167396f124db9bbb08
SHA1 40a4e5b4ec99b6c4a5e79b723de5598e3c24d52d
SHA256 555270dfea22ee7985f0108d94468ee91677c2a25bf9f26ba10efe620ee7427c
SHA512 341a1b81f227ddbb40080ca376234a89161e5d4e24ac84203be11e8263ea6e08f840eb9385a940171aaeffb346612880091ee76b3e431116cdc8e16656b3e854

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8858663fe92eb6e579d3e19a2693ad5b
SHA1 cb8e4e54c0fc3535ad75d98bd39fa914530a41f1
SHA256 87dc7749a1a05602f9578db2649f00b8bb3229592e4910f346f63aad1e178232
SHA512 e926c1c466efb4dfe510d1f9b0240ba33e4fd2adfc33fec06271e22ba33d1264876007f6f050fa9e150c1aec93af5731f7fdf514037e5b7511cb6d6aef086f9b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 54714ac2d30a4fae723250f07fbd35fc
SHA1 9a4c2ee1b339f95b03f6f930e6a12eb75af3339a
SHA256 d29e8e7e76eb20de678f690b3dd988cc0e5d781ae5d001aa634f2aab0d70b23e
SHA512 5ef3a51e1bb025ccee1e710c21aa6cedf58b489dcbf3d84dc0a9f5ffcec31c39a968d627d1f93a066e20dbe010a9ed646c7aaeea142eef39e1b775c9b0abab4c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000067

MD5 44d537ab79f921fde5a28b2c1636f397
SHA1 b2879f9e1d0985a96842bf7f55a2b2cc4c636d04
SHA256 3d1080625d3030e88357b3ac9aa377dcec23f1b529c4ad03f7a9a435ccae04be
SHA512 08836d89ba7c7b7645c9de36e2e856cdc31fbb1c3a4a83045848d772720b98d352fb11182471161ef07d01739953a6320355ffecf25a06881bb1111ba02a73cb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 306738fbac4a360f69943c39a6f81cea
SHA1 efeac46a7c603520684b7da15debd84e2a3caaa7
SHA256 26bf5800651788ca15e178e0cbc8e6afe2bff5ee3010e05a157ef03b25ab3af7
SHA512 1e28f9542882b6f47dbe6199ddddbe3bd68ee937c870e710a9bc0a73250eb41b7f347e22e4318bfd304773b3e4f0b1c5611267d2e6c3449681337dd7e2505e67

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 cbaf78371818d64d1173bffe9e2b2500
SHA1 e575ffbec0a7d86b9ec78c3ad21a9390e12eb21a
SHA256 3d2689100c343e622390ea40f95fc14cb8dad4a3c35c25603af1600a88dd9ad9
SHA512 062f7f16a9fc49ad568168bddd27eb1209e6edf017b41293f5f5475e695dd27f0382581cf728b53ec97732b9002a6d9e88c1d7d65aa74a857a12b7c2e6bee262

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0e04fe38909bfe09f71b0b67bf4b93b0
SHA1 3f30e370c694b9ebc493826e47ca2ad7a99d2b3c
SHA256 85b538fa2202cc83dae8f7a11d981912d64704ed44acfdbf9be244ae6ff6d6ab
SHA512 1f3c0fab332e5158264701f74aebdb72f73abe4b0d38604c6407d1d5a94698fe3793e4e8e198b7c3d12bcb53c62bf1d9f29ef499f11d46db38470efa9c410fb7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 09f16a60eef5e50f6e1e53bebb064727
SHA1 b71497db2ecce553d2f3376624ebb474f078f5c5
SHA256 f7d6ecec088212d5e2db84ee90b5a24f11eb88ab002c150de1b72c67750b3879
SHA512 72efa4a862caddf2d0f8713bd043bde0086f94250b1697be23d905e82e814c74c547a79fa5112ea0d923190cc57a25d96baac0f6b232f2f7cdb0f5bcf36d8322

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 e66bec850ff47e6adbc88337f5793750
SHA1 fd059e24bf22dfbc0d259d801ec23dd3a8c3820c
SHA256 9262890ec2eced350e90326989ec7bb3c64158ed622aa11b6b96dfc28b5cf771
SHA512 871d154e1b87820f4221f1561b73791878b1c2fccdfc2825f71e51873b90c5f55aeb0247f4d9d36afeb7874ff6243c2dd0e92ffd445b6d501363d79921af710b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 a6bc844724e83787f12a6d8c086a059a
SHA1 1c43db2625bc3ec0f3a6a7ab7f0855f66b200b2f
SHA256 5fdab7d4854d72c28166bd027fadc2dc8ebf048516fc8d96031217da0c050001
SHA512 8580fac5cd86fe5d01468ad1cd87ebd8cb2ef848aa77dc454fbf52440ee3d82da9f57e0e94b63a0bfd0d411e3c7a6818c0fddcc4dacd2e4182ffbc8767c31fbb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 f102b3711cb09ba5f0fe90e26bded2b3
SHA1 09e794037a1d83c25312dd123939f17afa0f7113
SHA256 8d940e8f3fa31af59788bf281bddb3e3f44348cd343237f9eaacd252f018f99c
SHA512 3959b90affc564633026ffa2d059be8c1b432bae3ddc2d03a9f16e2462615b6195db57bdd6af436c35af7893b9569e69adf5c94f8d9f470949fa343296d4d872

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

MD5 c2e3c144f359749c9e9808eca64257d2
SHA1 eca75b3ce4fbc041f8256689a81c7dc2bc5cc2e3
SHA256 e42091356819da9dfa73cbbf17d2e9e88da6eda201c38627165d29baa04de1a5
SHA512 cd717f7115dab4fd4ac7ec6a85915e6ba803ed9fb10313d8315637e95b46ff3859e4bda3247fb11137f53c94ef4dd74a49f5b7ad51acd1a6a201161d2133f3f6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

MD5 58d4ec17141f90f940c0c8cf1babf0c4
SHA1 188d4da38593a7fbffa950c4d7017a40bca8e8f1
SHA256 07a29e19ab31e312a9bbe223588b66408531bdca831a97fcf79fd30206010d4d
SHA512 fffa1a79c33b2212974a50474a1798a20e0667befa77391f97124347bbefd4bb7785e747aa02482240cacff1a5305c4d92702c7467554a0f0e7660105e8b9a24

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 33f3ce0170937eaae8c006f0cf8d2609
SHA1 ea9ca3bb0267b552c1fc12aba29bcfc5ad5a2025
SHA256 9f99e0ae4cf5f21408a032a39ed604aca8261de1339c6ccf82fc653dd8d94eb0
SHA512 4dc46db227aa743c522a186ed16be05c2358f09173117263a256c82f5e2fd6ffdcd6e6bbadef0f684991fdbd9a6c6a87ced403dd84385767da44400bed6dbcd9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

MD5 f0d11cde238eb54a334858a3b0432a3f
SHA1 7c764fe6f00cab8058caeba38eb7482088a378f4
SHA256 579adf148a5905868140df9075b90a2ff33c9070dfd35b3ab869a2d9aacd9a96
SHA512 b3e590c88b462004b29ced18027f640addd1ea6ce9ae584820054ca508ce7d626acb3bd729e3693b50ccdc5e4694b1aa400cb33a315a475de47f5b25ed964d02

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 fc69b565ff77af8d9b76dd0eba3e10bd
SHA1 2de3e07c699153a8e5102b9574ea6b46bb901562
SHA256 dacbabe3337d1a6fd50157bb640cf91cacfd72c98b7bd99157bc6cf7140e4c82
SHA512 b682bbde5de7340403b4d56a3eefb862dfb4066c5eaf552ca9a7a1fb3fddeca28ecfe3f8ee80171c2ecec0107d05ec9f21450fdf93e4b96be04c1a1c1574ad8a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a4bd022d9420dacf3172696e05e7da21
SHA1 90dc1fe97a0305e98d777e85b6727f7d0b646aec
SHA256 5407e0015051a8cf8947f66b8484f6d5b884600448a473d572cc3b169abfcf75
SHA512 eea85d58caae60ff9f175a67a092edb4fa3ccea6154c416738c5e7288610fec40e2ec7de9f0ae3dae7ba73f7b59eb5ea5513c5e0d06ed86f116f9bb34422b01c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_be.insight.com_0.indexeddb.leveldb\MANIFEST-000001

MD5 3fd11ff447c1ee23538dc4d9724427a3
SHA1 1335e6f71cc4e3cf7025233523b4760f8893e9c9
SHA256 720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed
SHA512 10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 aafa076e0c014e129d24c007cbda0cc6
SHA1 f6b249b851ae9e4cff46a9d380b9e89d5df2cd3c
SHA256 128f6314e28fe84bd1e5ca895ff98c8aafcea026710a7669d4b04d2c43bc5fb6
SHA512 dd5d5d364ddcfe3c7aba11b0374cd3ff6e3a882c81d7a2fb7789537a535e697c8423120018b786232d7e7eb6437ca2f24d00e8d9f7048b745468e3aeba3fcee8

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 c1bba85cab68aadae72144a9433ec3e6
SHA1 6d3befc703fc9f81a3ecc136dcf12c598f41d44a
SHA256 0ca38b496224fa7cadf3177f3a1724d12ec816ad192d6809fbcca37ca261d99a
SHA512 2203d394b089abb5b95438ee4dfdd22275cb5793a1de2fb918e27ab1845dde8f54aade5c4d9b92db7da3c0381fa71ddd01340f49b7d67637b0a8a4935cd8d05a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a9d83a317f13c78c3bbd04ae2d2d7f27
SHA1 fd38b85be9e55cbbe8b41eecc3c61ed37fb9656b
SHA256 f67eb2034d3c38c1cd41c1037544b94b2e3b95f6ef2492265bd7cda15f4e6eb9
SHA512 0b3a4c4bccde0dad025d7e496538220f6d007cf57f1a1868e6ccc02530efc4399d7892276264407a1847c0c32e8d0f5c10d19e0e5ffc3dc5ef06b9a332dd3b63

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 c3c78d2e49231c54d76e99883e963768
SHA1 b57d10deae0b72a7750b9c000183831074dc9005
SHA256 fe8afeaafc29fdb51593556d112e19d1018f0a5706ac51725bc57f50d6c81899
SHA512 2f0c338ee79369b67a06c7add18a730a3832b27060185cc6160c8cba8e90bff495ce58d1df5988691e758fcc0381e0f7b6570e9192da66d511d7d05e3106e79d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 df519e8082e4255b8ded24033be7ff31
SHA1 187242189c171cbe1937e0b2dea2d743a3cf40a0
SHA256 fb2c934414889228e331c6ef8ecb9e0d91b63a2120035d6e0a2a66d347fcb7fb
SHA512 2cff347a871e880ca637b1e1d77baf42d5ce141579f256f7f81045d89ac2cffaa3123a8f8a4f1e3590205429f151b87f2833ec9f3c7b034bc5de71cc097e580a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 080a8d078c24c45aa0cdda4aafc8a363
SHA1 9efa4275c37f45ea2d1ce448a56e0be52589a349
SHA256 296e0ff3a55afc6e04fa5cb9b38ceeedff10cea9821433373f1e2820deaa85c3
SHA512 1c9caf7ac79ee84b40ca3884677f62699694950cd8e34e1781e65a3879aba770b7ecf5c02c2318df97b87dac663c85342ba8189353577d5265b2e360a2642a98

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 7589eac6d25af3bdf0bd794da4e4ecb0
SHA1 a8eb6522bc8dfd65cf0cc2f0adb34fada34bd137
SHA256 8f4ecc38b22269762fc5e0b752f1c194d41353235458c31831a2cfe987af5d68
SHA512 c4f2e91fad6cd453121ee0f0df1067f0595fead43679caa1471a69bc3eb2da725cf60e2149d4d85821f268dd157372528b43239e329bf2ba09704240b4250c54

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7054c7b6ffc9b6c4_0

MD5 412e01d7d0c9cad552122c8485701ab5
SHA1 6c88d657868e10e6a5925beb2e56350ce55beaa1
SHA256 d6b8d9f805a30bfb2b6f2efbda40816175594e5613dc8347b11371516ae701d5
SHA512 100852964739b63578ed5f060b7656ff00af6cb56716ab09936069f072913d481c66783a26d0678683ddb96a85cd4f82a47f2fd0df132b5eabb4dc93ecba8116

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\74b88724f60b0383_0

MD5 bba318c5790199c432038ef280f5c1d8
SHA1 633d1820f84620c4f951cceb275376652a4da024
SHA256 a1b68c72bdd223103d4b244ccaf3a949d2a8ae8bea5ec08a0e29b12cd432a529
SHA512 470220fa7e7833d7ad045b801ff5b7c156a3c1a74fbb2a79085817fbf5017149c900408b8ffdcf52104336e75b86937d3d18b5b1acc0aabb163d7b43b15d4561

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b78572c02a866be6_0

MD5 dc30db9a7ac01064e2ea5a7c0891dd97
SHA1 4cd932f6dfabc7ab8fc1f37b829a13e393b43952
SHA256 0b374ae0681fa0eb0ae6745a5d55854da41a9f0cb914f009e3d32f9a7bee7dff
SHA512 dedadbb554a81958f929f3ea22171d71acf75580fc06754b49e3b2b1675c7effcf49a593a891437cffee67ba8d3c5f025e71bb883f046fcb4c76f007d8491797

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8e5987d08f7b6e11_0

MD5 c8736f89abbdb62a52fdaf20009bc4d1
SHA1 94a012fca23d618f590e01ee155764facb86ccdc
SHA256 0bf7a595c73f1358f6d76ce5f27b0488eaa6ed06acdfdae8c2a5e5f4eed351bc
SHA512 b765b552af812281385547619709dd1b837e66b40da9bc9bcaa91c591cbe9f7b11b88f4a83fb78493cc94c5eed03a98c937985ea0ffa88d063c737ebdd4a033f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 b1a3ae830df47d3e697f7342061d31f8
SHA1 d671fc382355fe988f6331c72b0be9172d17a441
SHA256 4128549a57ba5f88946d5c09f8f71988d3223dc613b806c6081d14907a9247af
SHA512 9542d05c9b18905bf5a18da45e830115b9f941daef7be128b47eab510bcc60de9b8b79248f41ef3a79b3c31641e744e4f0146a26ac83b53d1f3f8080c8befdb8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7d2d5d6bb90c476784f2a602f3841816
SHA1 0f3fb66f2a170ffb0181b37511450c8e346314ed
SHA256 0bf9f19fa0d78a44923d81b0ad573e7eedd3db04bcac5fa1f09012c38603be47
SHA512 a208fafaf32b24d26facdca3549fc670230e0199b46e6518a38bd16337b9730e9b0a580f90ce53268c77f8a865baa003dc83fbb9cbe28c492d200933c2878109

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 bc7c204e1ca8063ce3a1d9f37c5ea14a
SHA1 dde2030039083ab91d603807e870461b8bd20179
SHA256 20bb97ccb49edfa8b677619107bb4741c16e62c60e1873661597aa50e4666fee
SHA512 54a9826ec3b6b8085ee05179cfd55839d47ca55c3e271c1ff16141c296790e19354cbfe62cbd416205af651881b2078681bc9800a38a95e1725b39f6548857ab

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 8b59fb8d6910039d5d50f66b0a18e540
SHA1 e1f148ce8f32acf7efda924c440755ee8cad1c13
SHA256 fac3f9c1ad73b568e7e6621450714c2ac0d6a27149025a51c3abe76b05f58c6d
SHA512 b7f92a9d99f03005932e5914905748eabb113f82b549af94c9183d3d26d7dbbe195e76c02602363cdf62009640d01726c492f786229761e6588d90e4c674dd8b

C:\Users\Admin\Downloads\Unconfirmed 441750.crdownload

MD5 35a27d088cd5be278629fae37d464182
SHA1 d5a291fadead1f2a0cf35082012fe6f4bf22a3ab
SHA256 4a75f2db1dbd3c1218bb9994b7e1c690c4edd4e0c1a675de8d2a127611173e69
SHA512 eb0be3026321864bd5bcf53b88dc951711d8c0b4bcbd46800b90ca5116a56dba22452530e29f3ccbbcc43d943bdefc8ed8ca2d31ba2e7e5f0e594f74adba4ab5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 89ecd854806be8f42232553fdece1550
SHA1 ced531f489683dfecd903332d3b57d05cf6bd766
SHA256 ca68f51b691cea119a58c1fd483749f83c9b9aaad54bdd85719a4f0beb099fce
SHA512 7767b834479d5be951aab848705881fbcb3c7c2573363659de7c9c8fba2d9b47d34c32d04a0c324dec93e2ef370e7e5da5787d6d493ce426151099f78eae1aec

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 f0fb0353c3e0f72df1ef522009e2aff1
SHA1 9e1eb96cc96de5e13307ba23a8c4ddda2c116b49
SHA256 07561126fa97569f16072b042b7187d2fad0ff96547bcdf0f41aca6a8bd0dc3c
SHA512 64504ba5537222b6ce059707344fb5b3628b5872c965cfa8e5a3464575e45f0c4ce71dfefd9226aabcead305f5d6fdd17069077132bc74dafed5d5a082154d19

memory/5000-2693-0x00000000001C0000-0x00000000001EA000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\5a530dfd-bc51-4992-a05d-f09d41a331d4\AgileDotNetRT64.dll

MD5 42b2c266e49a3acd346b91e3b0e638c0
SHA1 2bc52134f03fcc51cb4e0f6c7cf70646b4df7dd1
SHA256 adeed015f06efa363d504a18acb671b1db4b20b23664a55c9bc28aef3283ca29
SHA512 770822fd681a1d98afe03f6fbe5f116321b54c8e2989fb07491811fd29fca5b666f1adf4c6900823af1271e342cacc9293e9db307c4eef852d1a253b00347a81

memory/5000-2699-0x00007FF9B3860000-0x00007FF9B39AE000-memory.dmp

memory/5000-2700-0x00007FF9A6330000-0x00007FF9A6DF1000-memory.dmp

memory/5000-2701-0x0000000002240000-0x0000000002250000-memory.dmp

memory/5000-2702-0x0000000002240000-0x0000000002250000-memory.dmp

memory/5000-2703-0x000000001D300000-0x000000001D4C2000-memory.dmp

memory/5000-2704-0x000000001DA00000-0x000000001DF28000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b39f2438ef501e08c4f28b98b5dadbad
SHA1 eb92e874446935b601d875d21e348f42f8e1f66b
SHA256 ff12c9bdf016e1fa9d14dd674068099f59a7accf91a5f6b8f7c1ea20a2e16ab5
SHA512 84aae2f97345d260cdf104ae4e757d4fba08461fced4605b037903f4d272a14173a4cded6b10090f97d93bda4ba9c142ab596fb8b3221df98d68d02905329d30

memory/5000-2723-0x00007FF9A6330000-0x00007FF9A6DF1000-memory.dmp

memory/5000-2724-0x0000000002240000-0x0000000002250000-memory.dmp

memory/5000-2726-0x00007FF9A6330000-0x00007FF9A6DF1000-memory.dmp

memory/3900-2732-0x00007FF9B3000000-0x00007FF9B314E000-memory.dmp

memory/3900-2733-0x00007FF9A6330000-0x00007FF9A6DF1000-memory.dmp

memory/3900-2734-0x0000000000C70000-0x0000000000C80000-memory.dmp

memory/3900-2735-0x0000000000C70000-0x0000000000C80000-memory.dmp

memory/3900-2736-0x00007FF9A6330000-0x00007FF9A6DF1000-memory.dmp

memory/3900-2737-0x0000000000C70000-0x0000000000C80000-memory.dmp

memory/3900-2738-0x00007FF9A6330000-0x00007FF9A6DF1000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\baec058c-93a2-4c81-8679-5200240315f9.tmp

MD5 a5f19205374e2549ecaa4782d3c03e8c
SHA1 ddfe6923bfa579581a3d13f0ab031f489fd77cad
SHA256 4f61db7f70c3c65b3aa62d2b9739cc7ea753154d41cf7ed5f4e5b19554a78552
SHA512 7e97b2fb2cd6525cf9fbb5a28142d198c4c0d2ec06ec27e4b541bab161acf2915bb69565e4c79023b57755d16a4e9afc82f7476759d44b56a292536802dcb9e3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 dbe70d2e1ec77a859711b9026cc3e87e
SHA1 21144ddbfab61bc7465a9f8ceb1ae8316a2b8c38
SHA256 1572ce0e8bf18d480f80a08e95df86f87d845af76914daf5351dd204d4a6b6f8
SHA512 f22273634f5b32d7f41b2820f1f2f7e442b155651ea0bbd1436cbcbbbe5a26072c3d58853c9689dd53a62c91f4d9cebbf5e95ab3e58dee3b1046a4b4bb5dbda3

C:\Users\Admin\Downloads\Unconfirmed 291726.crdownload

MD5 38ff71c1dee2a9add67f1edb1a30ff8c
SHA1 10f0defd98d4e5096fbeb321b28d6559e44d66db
SHA256 730a41a7656f606a22e9f0d68782612d6e00ab8cfe1260160b9e0b00bc2e442a
SHA512 8347782951f2647fe433482cb13186653afa32ee9f5be83a138c4ed47ff34d8de66a26e74b5a28ea21c1529b2078401922a9a26803772677b70489967c10f3e9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c4149fc03d651d2fe10d1353f2541627
SHA1 245fdcb7f563b8ccc9eb0dcf8002ba5d1489309a
SHA256 0783eb3ebd50943b501c1bc90e75819918be36a89e8f4497273dfc81e321587b
SHA512 27bc1228e6361aec79c28f3326e312c96e4b6ce080fbe150bf226ef768858783871498905c283dee8203fccdca10ec7529eeb7a79fb23857d105a759d2c8675a

C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini

MD5 cbf8f2f6547d366e97ad3c300245a0be
SHA1 15acbc163ccb93943074745c8447d6f59f0745af
SHA256 9207e30ee4ee85d861527aad9599e017bdb7c16009299cb06171448e7b4b9276
SHA512 1b65613d425d10ecced82f01c715ed19d9b5ce0acea9411af3ba4aac1853dd03f59ad3a21965dba9c2496e70421f02315b36c367b0cd1d3fceeef523c6b0c0ac

C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini.dA4100

MD5 64a194eb1b021e86dae01c1bf67ee959
SHA1 b15ffec42637d9018a3ba13795e5816c756631d2
SHA256 f4b7e71ad5fef2f7c1f97ca57d693f05e8906e610525a5995a412b2d09e5ff0b
SHA512 487f914f0978ea37f2c1c874f19a28595be86dfd169b717d36d8c5f8211132517a393f0c76a3b0942f6402b6b27d79e035c9136929ae11a75228eee00c045ad6

C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini.lock

MD5 2887f2fda9d1a45299b4c9ccef101ebd
SHA1 61c4bfc4099cdd2565fbfb4c550d9b7e8e9429e5
SHA256 e079099ffa7f60a1b8721a395762bd5ba47c96efd80514b8cb95f08fa1269ff4
SHA512 cfe539f6a20e7b33080aef341bbb4a1d6f1e5cfba94ff0356fd6253b5294d64f230c111e305aa7d12348c36c6bd11f0f3ec18d5602a7c35b57760e16ec22aee3

C:\Users\Admin\Desktop\MRS MAJOR WANTS TO MEET YOU 5.txt

MD5 e20f623b1d5a781f86b51347260d68a5
SHA1 7e06a43ba81d27b017eb1d5dcc62124a9579f96e
SHA256 afeebe824fc4a955a673d3d8569a0b49dfbc43c6cc1d4e3d66d9855c28a7a179
SHA512 2e74cccdd158ce1ffde84573d43e44ec6e488d00282a661700906ba1966ad90968a16c405a9640b9d33db03b33753733c9b7078844b0f6ac3af3de0c3c044c0b

C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML.bak

MD5 7050d5ae8acfbe560fa11073fef8185d
SHA1 5bc38e77ff06785fe0aec5a345c4ccd15752560e
SHA256 cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b
SHA512 a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

MD5 4b2e6fc105037c73fa198698d4468de4
SHA1 e2a4c007b9c77de7e8a10a82331718363b6f1307
SHA256 7387f7b94fdd60273ab43f17c13cd0d56c51701063f341064a83b8f7b6de33e6
SHA512 c7d524e8f9fa42ac8ffe45f2e61047833f20e7c729dcca48366cb278058d63b936527703f97b74b05ba533dd49065c8892c876d00c27cfb942bddbc3034c792e

C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

MD5 610ba8408066f9b00f6d23c1ab991eb5
SHA1 2c6dea4e3871c3cfdaf4d3b9f7570f410676cc60
SHA256 fb872ab0d1f91b1a1876aa719ca5d39876178c7920d53d2880b63e0946f98716
SHA512 4bf5b9fc60b486ac5f3303c68f67bdfceba76f2c8554d712225d881ccabc3a10811d1c16e061dccb39e714ced314982416489111740a2dc46c8b4c9a639242ce

C:\Users\Admin\AppData\Roaming\vlc\vlcrc.4100

MD5 478a4a09f4f74e97335cd4d5e9da7ab5
SHA1 3c4f1dc52a293f079095d0b0370428ec8e8f9315
SHA256 884b59950669842f3c45e6da3480cd9a553538b951fb155b435b48ff38683974
SHA512 e96719663cd264132a8e1ea8c3f8a148c778a0c68caa2468ba47629393605b197dd9e00efad91f389de9fcc77b04981a0cf87f785f3c645cdc9e4ebd98060ca1

memory/4100-3059-0x00007FF6E8CC0000-0x00007FF6E8DB8000-memory.dmp

memory/4100-3060-0x00007FF9B47D0000-0x00007FF9B4804000-memory.dmp

memory/4100-3061-0x00007FF9A72A0000-0x00007FF9A7554000-memory.dmp

memory/4100-3062-0x00007FF9A5200000-0x00007FF9A62AB000-memory.dmp

memory/4100-3063-0x00007FF9A4EA0000-0x00007FF9A4FB2000-memory.dmp