Malware Analysis Report

2024-10-23 17:20

Sample ID 240219-2v6b1afa5w
Target https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqa3ZpU1JPQ21RNlNVaEhmT3o5QlV0dV9hYUI2d3xBQ3Jtc0trQWFOWTJYeUdKTGRpWThNb25tS3NEbk9BcHNvWWNJUDU0MGY5bUVlRHBtRXhBMXZ2VW1hejRQV0l5MTFoRFNMR2ZhVi1mbkZfQ1VTQ1Nsb2RXR19ZYm1uMEl6WnVEUXdVaWpFNDlFUEcxYzd3ZGVqUQ&q=https%3A%2F%2Fsites.google.com%2Fview%2Froblj&v=auiSP3878rw
Tags
povertystealer discovery spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqa3ZpU1JPQ21RNlNVaEhmT3o5QlV0dV9hYUI2d3xBQ3Jtc0trQWFOWTJYeUdKTGRpWThNb25tS3NEbk9BcHNvWWNJUDU0MGY5bUVlRHBtRXhBMXZ2VW1hejRQV0l5MTFoRFNMR2ZhVi1mbkZfQ1VTQ1Nsb2RXR19ZYm1uMEl6WnVEUXdVaWpFNDlFUEcxYzd3ZGVqUQ&q=https%3A%2F%2Fsites.google.com%2Fview%2Froblj&v=auiSP3878rw was found to be: Known bad.

Malicious Activity Summary

povertystealer discovery spyware stealer

Detect Poverty Stealer Payload

Suspicious use of NtCreateUserProcessOtherParentProcess

Poverty Stealer

Executes dropped EXE

Checks computer location settings

Drops startup file

Reads user/profile data of web browsers

Checks installed software on the system

Legitimate hosting services abused for malware hosting/C2

Accesses cryptocurrency files/wallets, possible credential harvesting

Suspicious use of SetThreadContext

Enumerates physical storage devices

Enumerates processes with tasklist

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of WriteProcessMemory

Suspicious use of SendNotifyMessage

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Suspicious use of SetWindowsHookEx

Modifies registry class

Checks SCSI registry key(s)

Enumerates system info in registry

Runs ping.exe

Suspicious use of FindShellTrayWindow

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-02-19 22:55

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-19 22:55

Reported

2024-02-19 22:58

Platform

win10v2004-20231222-en

Max time kernel

183s

Max time network

180s

Command Line

C:\Windows\Explorer.EXE

Signatures

Detect Poverty Stealer Payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Poverty Stealer

stealer povertystealer

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\7zO8DA97818\Electron.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\7zO8DAB0118\Electron.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\7zO8DABB418\Electron.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\7zO8DA0B949\Electron.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\7zO8DA25149\Electron.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\11058\RegAsm.exe N/A

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qemu-ga.exe C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\11058\RegAsm.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO8DA97818\Electron.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO8DAB0118\Electron.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\11058\Parking.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO8DABB418\Electron.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.001\11065\Parking.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.002\11068\Parking.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO8DA9E998\loader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO8DA29698\loader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO8DABC269\loader.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO8DA0B949\Electron.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO8DA25149\Electron.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\11058\RegAsm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.002\11068\RegAsm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.003\11205\Parking.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.004\11212\Parking.pif N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.001\11065\RegAsm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.002\11068\RegAsm.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qemu-ga.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.003\11205\RegAsm.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.004\11212\RegAsm.exe N/A

Reads user/profile data of web browsers

spyware stealer

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Checks installed software on the system

discovery

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A
N/A sites.google.com N/A N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000_Classes\Local Settings C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000_Classes\Local Settings C:\Program Files\7-Zip\7zFM.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1168293393-3419776239-306423207-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A

Runs ping.exe

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A
N/A N/A C:\Windows\SysWOW64\PING.EXE N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\tasklist.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\tasklist.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\tasklist.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\tasklist.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\11058\RegAsm.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\tasklist.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.001\11065\RegAsm.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.002\11068\RegAsm.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.003\11205\RegAsm.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7ZipSfx.004\11212\RegAsm.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1340 wrote to memory of 224 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 224 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 3204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 3204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 3204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 3204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 3204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 3204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 3204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 3204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 3204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 3204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 3204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 3204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 3204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 3204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 3204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 3204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 3204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 3204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 3204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 3204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 3204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 3204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 3204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 3204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 3204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 3204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 3204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 3204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 3204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 3204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 3204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 3204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 3204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 3204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 3204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 3204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 3204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 3204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 3204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 3204 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 4120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 4120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 1144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 1144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 1144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 1144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 1144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 1144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 1144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 1144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 1144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 1144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 1144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 1144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 1144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 1144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 1144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 1144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 1144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 1144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 1144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1340 wrote to memory of 1144 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Windows\Explorer.EXE

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqa3ZpU1JPQ21RNlNVaEhmT3o5QlV0dV9hYUI2d3xBQ3Jtc0trQWFOWTJYeUdKTGRpWThNb25tS3NEbk9BcHNvWWNJUDU0MGY5bUVlRHBtRXhBMXZ2VW1hejRQV0l5MTFoRFNMR2ZhVi1mbkZfQ1VTQ1Nsb2RXR19ZYm1uMEl6WnVEUXdVaWpFNDlFUEcxYzd3ZGVqUQ&q=https%3A%2F%2Fsites.google.com%2Fview%2Froblj&v=auiSP3878rw

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcfb5946f8,0x7ffcfb594708,0x7ffcfb594718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2032,688778899584631649,3740859519502688751,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,688778899584631649,3740859519502688751,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2032,688778899584631649,3740859519502688751,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,688778899584631649,3740859519502688751,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,688778899584631649,3740859519502688751,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,688778899584631649,3740859519502688751,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4996 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,688778899584631649,3740859519502688751,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4996 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,688778899584631649,3740859519502688751,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,688778899584631649,3740859519502688751,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,688778899584631649,3740859519502688751,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,688778899584631649,3740859519502688751,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5908 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,688778899584631649,3740859519502688751,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,688778899584631649,3740859519502688751,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,688778899584631649,3740859519502688751,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6460 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,688778899584631649,3740859519502688751,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6404 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,688778899584631649,3740859519502688751,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6672 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,688778899584631649,3740859519502688751,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,688778899584631649,3740859519502688751,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7016 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,688778899584631649,3740859519502688751,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6364 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,688778899584631649,3740859519502688751,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7208 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,688778899584631649,3740859519502688751,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2032,688778899584631649,3740859519502688751,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5104 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,688778899584631649,3740859519502688751,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8272 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,688778899584631649,3740859519502688751,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8112 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,688778899584631649,3740859519502688751,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8104 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,688778899584631649,3740859519502688751,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7940 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,688778899584631649,3740859519502688751,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6948 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,688778899584631649,3740859519502688751,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6964 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,688778899584631649,3740859519502688751,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8800 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,688778899584631649,3740859519502688751,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8560 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,688778899584631649,3740859519502688751,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8920 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,688778899584631649,3740859519502688751,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8972 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,688778899584631649,3740859519502688751,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7004 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,688778899584631649,3740859519502688751,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9360 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,688778899584631649,3740859519502688751,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8924 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,688778899584631649,3740859519502688751,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7936 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,688778899584631649,3740859519502688751,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9480 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2032,688778899584631649,3740859519502688751,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7028 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,688778899584631649,3740859519502688751,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\ElectronRob.rar"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,688778899584631649,3740859519502688751,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2028 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\7zO8DA97818\Electron.exe

"C:\Users\Admin\AppData\Local\Temp\7zO8DA97818\Electron.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k move Agenda Agenda.bat & Agenda.bat & exit

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Windows\SysWOW64\findstr.exe

findstr /I "avastui.exe avgui.exe nswscsvc.exe sophoshealth.exe"

C:\Users\Admin\AppData\Local\Temp\7zO8DAB0118\Electron.exe

"C:\Users\Admin\AppData\Local\Temp\7zO8DAB0118\Electron.exe"

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Windows\SysWOW64\findstr.exe

findstr /I "wrsa.exe opssvc.exe"

C:\Windows\SysWOW64\cmd.exe

cmd /c md 11058

C:\Windows\SysWOW64\cmd.exe

cmd /c copy /b Rate + Sim + Officially + Kevin + Newsletters 11058\Parking.pif

C:\Windows\SysWOW64\cmd.exe

cmd /c copy /b Desktops + Crafts 11058\k

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\11058\Parking.pif

11058\Parking.pif 11058\k

C:\Windows\SysWOW64\PING.EXE

ping -n 5 localhost

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k move Agenda Agenda.bat & Agenda.bat & exit

C:\Users\Admin\AppData\Local\Temp\7zO8DABB418\Electron.exe

"C:\Users\Admin\AppData\Local\Temp\7zO8DABB418\Electron.exe"

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Windows\SysWOW64\findstr.exe

findstr /I "avastui.exe avgui.exe nswscsvc.exe sophoshealth.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k move Agenda Agenda.bat & Agenda.bat & exit

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Windows\SysWOW64\findstr.exe

findstr /I "wrsa.exe opssvc.exe"

C:\Windows\SysWOW64\cmd.exe

cmd /c md 11065

C:\Windows\SysWOW64\cmd.exe

cmd /c copy /b Rate + Sim + Officially + Kevin + Newsletters 11065\Parking.pif

C:\Windows\SysWOW64\cmd.exe

cmd /c copy /b Desktops + Crafts 11065\k

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.001\11065\Parking.pif

11065\Parking.pif 11065\k

C:\Windows\SysWOW64\PING.EXE

ping -n 5 localhost

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Windows\SysWOW64\findstr.exe

findstr /I "avastui.exe avgui.exe nswscsvc.exe sophoshealth.exe"

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Windows\SysWOW64\findstr.exe

findstr /I "wrsa.exe opssvc.exe"

C:\Windows\SysWOW64\cmd.exe

cmd /c md 11068

C:\Windows\SysWOW64\cmd.exe

cmd /c copy /b Rate + Sim + Officially + Kevin + Newsletters 11068\Parking.pif

C:\Windows\SysWOW64\cmd.exe

cmd /c copy /b Desktops + Crafts 11068\k

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.002\11068\Parking.pif

11068\Parking.pif 11068\k

C:\Windows\SysWOW64\PING.EXE

ping -n 5 localhost

C:\Windows\System32\fontview.exe

"C:\Windows\System32\fontview.exe" C:\Users\Admin\AppData\Local\Temp\7zO8DA636E8\arialbd.ttf

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Users\Admin\AppData\Local\Temp\7zO8DA9E998\loader.exe

"C:\Users\Admin\AppData\Local\Temp\7zO8DA9E998\loader.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Users\Admin\AppData\Local\Temp\7zO8DA29698\loader.exe

"C:\Users\Admin\AppData\Local\Temp\7zO8DA29698\loader.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Users\Admin\AppData\Local\Temp\7zO8DABC269\loader.exe

"C:\Users\Admin\AppData\Local\Temp\7zO8DABC269\loader.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,688778899584631649,3740859519502688751,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5916 /prefetch:2

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\11058\RegAsm.exe

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\11058\RegAsm.exe

C:\Users\Admin\AppData\Local\Temp\7zO8DA0B949\Electron.exe

"C:\Users\Admin\AppData\Local\Temp\7zO8DA0B949\Electron.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k move Agenda Agenda.bat & Agenda.bat & exit

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.001\11065\RegAsm.exe

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.001\11065\RegAsm.exe

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Windows\SysWOW64\findstr.exe

findstr /I "avastui.exe avgui.exe nswscsvc.exe sophoshealth.exe"

C:\Users\Admin\AppData\Local\Temp\7zO8DA25149\Electron.exe

"C:\Users\Admin\AppData\Local\Temp\7zO8DA25149\Electron.exe"

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.002\11068\RegAsm.exe

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.002\11068\RegAsm.exe

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.002\11068\RegAsm.exe

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.002\11068\RegAsm.exe

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /k move Agenda Agenda.bat & Agenda.bat & exit

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Windows\SysWOW64\findstr.exe

findstr /I "wrsa.exe opssvc.exe"

C:\Windows\SysWOW64\cmd.exe

cmd /c md 11205

C:\Windows\SysWOW64\cmd.exe

cmd /c copy /b Rate + Sim + Officially + Kevin + Newsletters 11205\Parking.pif

C:\Windows\SysWOW64\cmd.exe

cmd /c copy /b Desktops + Crafts 11205\k

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.003\11205\Parking.pif

11205\Parking.pif 11205\k

C:\Windows\SysWOW64\PING.EXE

ping -n 5 localhost

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Windows\SysWOW64\findstr.exe

findstr /I "avastui.exe avgui.exe nswscsvc.exe sophoshealth.exe"

C:\Windows\SysWOW64\findstr.exe

findstr /I "wrsa.exe opssvc.exe"

C:\Windows\SysWOW64\tasklist.exe

tasklist

C:\Windows\SysWOW64\cmd.exe

cmd /c md 11212

C:\Windows\SysWOW64\cmd.exe

cmd /c copy /b Rate + Sim + Officially + Kevin + Newsletters 11212\Parking.pif

C:\Windows\SysWOW64\cmd.exe

cmd /c copy /b Desktops + Crafts 11212\k

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.004\11212\Parking.pif

11212\Parking.pif 11212\k

C:\Windows\SysWOW64\PING.EXE

ping -n 5 localhost

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qemu-ga.exe

"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qemu-ga.exe"

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.003\11205\RegAsm.exe

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.003\11205\RegAsm.exe

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.004\11212\RegAsm.exe

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.004\11212\RegAsm.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.youtube.com udp
GB 142.250.187.206:443 www.youtube.com tcp
GB 142.250.187.206:443 www.youtube.com tcp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 206.187.250.142.in-addr.arpa udp
GB 142.250.187.206:443 www.youtube.com udp
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 173.178.17.96.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 sites.google.com udp
GB 172.217.16.238:443 sites.google.com tcp
GB 172.217.16.238:443 sites.google.com tcp
GB 172.217.16.238:443 sites.google.com tcp
US 8.8.8.8:53 apis.google.com udp
GB 172.217.169.14:443 apis.google.com tcp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 14.169.217.172.in-addr.arpa udp
GB 172.217.169.14:443 apis.google.com udp
US 8.8.8.8:53 ssl.gstatic.com udp
US 8.8.8.8:53 play.google.com udp
GB 172.217.16.238:443 sites.google.com udp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
GB 142.250.200.14:443 play.google.com tcp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 www.mediafire.com udp
US 104.16.114.74:443 www.mediafire.com tcp
US 104.16.114.74:443 www.mediafire.com tcp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 74.114.16.104.in-addr.arpa udp
US 8.8.8.8:53 static.mediafire.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 www.google.com udp
GB 172.217.16.234:443 ajax.googleapis.com tcp
GB 142.250.178.4:443 www.google.com tcp
US 8.8.8.8:53 cdn.amplitude.com udp
AT 13.32.11.230:443 cdn.amplitude.com tcp
US 8.8.8.8:53 connect.facebook.net udp
GB 163.70.147.23:443 connect.facebook.net tcp
US 8.8.8.8:53 translate.google.com udp
GB 172.217.16.238:443 translate.google.com tcp
US 8.8.8.8:53 194.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 234.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 232.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 230.11.32.13.in-addr.arpa udp
US 8.8.8.8:53 23.147.70.163.in-addr.arpa udp
US 8.8.8.8:53 api.amplitude.com udp
US 35.167.20.203:443 api.amplitude.com tcp
US 8.8.8.8:53 translate.googleapis.com udp
GB 142.250.180.10:443 translate.googleapis.com tcp
US 8.8.8.8:53 region1.analytics.google.com udp
US 216.239.32.36:443 region1.analytics.google.com tcp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 www.google.co.uk udp
BE 142.251.173.157:443 stats.g.doubleclick.net tcp
US 8.8.8.8:53 69.110.32.13.in-addr.arpa udp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 10.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 203.20.167.35.in-addr.arpa udp
GB 216.58.204.67:443 www.google.co.uk tcp
GB 216.58.204.67:443 www.google.co.uk tcp
US 8.8.8.8:53 www.facebook.com udp
GB 163.70.147.35:443 www.facebook.com tcp
US 8.8.8.8:53 translate-pa.googleapis.com udp
BE 142.251.173.157:443 stats.g.doubleclick.net udp
GB 142.250.178.4:443 www.google.com udp
GB 216.58.204.67:443 www.google.co.uk udp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 157.173.251.142.in-addr.arpa udp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 35.147.70.163.in-addr.arpa udp
US 216.239.32.36:443 region1.analytics.google.com udp
GB 142.250.178.4:443 www.google.com udp
GB 172.217.16.234:443 translate-pa.googleapis.com udp
GB 142.250.180.10:443 translate-pa.googleapis.com udp
US 8.8.8.8:53 the.gatekeeperconsent.com udp
US 8.8.8.8:53 btloader.com udp
US 104.21.42.32:443 the.gatekeeperconsent.com tcp
US 104.22.74.216:443 btloader.com tcp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 www.ezojs.com udp
US 8.8.8.8:53 privacy.gatekeeperconsent.com udp
GB 172.217.16.238:443 translate.google.com udp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 172.64.129.8:443 www.ezojs.com tcp
US 104.16.56.101:443 static.cloudflareinsights.com tcp
US 172.67.199.186:443 privacy.gatekeeperconsent.com tcp
US 8.8.8.8:53 api.btloader.com udp
US 130.211.23.194:443 api.btloader.com tcp
US 8.8.8.8:53 ad-delivery.net udp
US 104.26.3.70:443 ad-delivery.net tcp
US 104.26.3.70:443 ad-delivery.net tcp
US 8.8.8.8:53 cdn.otnolatrnup.com udp
US 8.8.8.8:53 g.ezoic.net udp
US 104.19.215.37:443 cdn.otnolatrnup.com tcp
FR 13.39.145.251:443 g.ezoic.net tcp
US 8.8.8.8:53 apps.identrust.com udp
GB 96.17.179.184:80 apps.identrust.com tcp
US 8.8.8.8:53 go.ezodn.com udp
US 130.211.23.194:443 api.btloader.com udp
US 172.64.136.15:443 go.ezodn.com tcp
US 172.64.136.15:443 go.ezodn.com tcp
US 172.64.136.15:443 go.ezodn.com tcp
US 8.8.8.8:53 otnolatrnup.com udp
US 172.64.136.15:443 go.ezodn.com tcp
US 172.64.136.15:443 go.ezodn.com tcp
US 172.64.136.15:443 go.ezodn.com tcp
US 8.8.8.8:53 g.ezodn.com udp
US 8.8.8.8:53 ads.pubmatic.com udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
GB 142.250.179.226:443 securepubads.g.doubleclick.net tcp
GB 96.16.109.9:443 ads.pubmatic.com tcp
US 8.8.8.8:53 32.42.21.104.in-addr.arpa udp
US 8.8.8.8:53 216.74.22.104.in-addr.arpa udp
US 8.8.8.8:53 8.129.64.172.in-addr.arpa udp
US 8.8.8.8:53 186.199.67.172.in-addr.arpa udp
US 8.8.8.8:53 194.23.211.130.in-addr.arpa udp
US 8.8.8.8:53 70.3.26.104.in-addr.arpa udp
US 8.8.8.8:53 37.215.19.104.in-addr.arpa udp
US 8.8.8.8:53 251.145.39.13.in-addr.arpa udp
US 8.8.8.8:53 140.71.91.104.in-addr.arpa udp
US 8.8.8.8:53 198.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 15.136.64.172.in-addr.arpa udp
US 8.8.8.8:53 184.179.17.96.in-addr.arpa udp
US 8.8.8.8:53 bshr.ezodn.com udp
US 172.64.137.15:443 bshr.ezodn.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 216.58.201.98:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 tags.crwdcntrl.net udp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 8.8.8.8:53 bcp.crwdcntrl.net udp
US 8.8.8.8:53 ad.crwdcntrl.net udp
US 8.8.8.8:53 ut.pubmatic.com udp
AT 13.32.110.83:443 tags.crwdcntrl.net tcp
IE 52.209.197.114:443 ad.crwdcntrl.net tcp
US 151.101.1.229:443 cdn.jsdelivr.net tcp
IE 52.48.220.221:443 bcp.crwdcntrl.net tcp
GB 185.64.190.82:443 ut.pubmatic.com tcp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 226.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 9.109.16.96.in-addr.arpa udp
US 8.8.8.8:53 15.137.64.172.in-addr.arpa udp
US 8.8.8.8:53 98.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 83.110.32.13.in-addr.arpa udp
US 8.8.8.8:53 229.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 82.190.64.185.in-addr.arpa udp
US 8.8.8.8:53 114.197.209.52.in-addr.arpa udp
US 8.8.8.8:53 221.220.48.52.in-addr.arpa udp
US 8.8.8.8:53 226.20.18.104.in-addr.arpa udp
FR 13.39.145.251:443 g.ezoic.net tcp
GB 216.58.201.98:443 googleads.g.doubleclick.net udp
US 151.101.1.229:443 cdn.jsdelivr.net udp
US 8.8.8.8:53 97e7f05f0e46b931374dac5dfce96b00.safeframe.googlesyndication.com udp
US 8.8.8.8:53 script.4dex.io udp
US 8.8.8.8:53 hb.yellowblue.io udp
US 8.8.8.8:53 hbopenbid.pubmatic.com udp
US 8.8.8.8:53 bidder.criteo.com udp
US 8.8.8.8:53 rt.marphezis.com udp
GB 216.58.204.65:443 97e7f05f0e46b931374dac5dfce96b00.safeframe.googlesyndication.com tcp
US 8.8.8.8:53 htlb.casalemedia.com udp
US 8.8.8.8:53 prebid.smilewanted.com udp
US 8.8.8.8:53 onetag-sys.com udp
US 8.8.8.8:53 prebid.a-mo.net udp
US 8.8.8.8:53 d.vidoomy.com udp
US 8.8.8.8:53 cdn.prod.uidapi.com udp
US 8.8.8.8:53 cdn.id5-sync.com udp
US 8.8.8.8:53 static.criteo.net udp
US 8.8.8.8:53 cdn-ima.33across.com udp
US 8.8.8.8:53 invstatic101.creativecdn.com udp
US 8.8.8.8:53 oa.openxcdn.net udp
US 104.26.9.169:443 script.4dex.io tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
IE 52.210.170.222:443 hb.yellowblue.io tcp
US 178.128.135.204:443 rt.marphezis.com tcp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
US 104.18.36.155:443 htlb.casalemedia.com tcp
DE 51.89.9.251:443 onetag-sys.com tcp
NL 178.250.1.8:443 bidder.criteo.com tcp
ES 212.36.83.246:443 d.vidoomy.com tcp
ES 212.36.83.246:443 d.vidoomy.com tcp
ES 212.36.83.246:443 d.vidoomy.com tcp
ES 212.36.83.246:443 d.vidoomy.com tcp
ES 212.36.83.246:443 d.vidoomy.com tcp
US 172.67.10.198:443 prebid.smilewanted.com tcp
US 172.67.10.198:443 prebid.smilewanted.com tcp
US 172.67.10.198:443 prebid.smilewanted.com tcp
US 172.67.10.198:443 prebid.smilewanted.com tcp
US 172.67.10.198:443 prebid.smilewanted.com tcp
NL 178.250.1.3:443 static.criteo.net tcp
US 34.96.70.87:443 invstatic101.creativecdn.com tcp
US 104.22.52.86:443 cdn.id5-sync.com tcp
US 172.64.152.89:443 cdn-ima.33across.com tcp
US 34.102.146.192:443 oa.openxcdn.net tcp
NL 147.75.84.158:443 prebid.a-mo.net tcp
GB 216.58.212.225:443 tpc.googlesyndication.com tcp
AT 18.66.20.217:443 cdn.prod.uidapi.com tcp
US 104.26.9.169:443 script.4dex.io tcp
US 8.8.8.8:53 oajs.openx.net udp
GB 216.58.212.225:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 id5-sync.com udp
US 34.120.135.53:443 oajs.openx.net tcp
DE 162.19.138.117:443 id5-sync.com tcp
US 8.8.8.8:53 cdn.ampproject.org udp
US 34.120.135.53:443 oajs.openx.net udp
GB 142.250.187.193:443 cdn.ampproject.org tcp
GB 142.250.187.193:443 cdn.ampproject.org tcp
GB 142.250.187.193:443 cdn.ampproject.org tcp
GB 142.250.187.193:443 cdn.ampproject.org tcp
GB 142.250.187.193:443 cdn.ampproject.org tcp
US 8.8.8.8:53 65.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 169.9.26.104.in-addr.arpa udp
US 8.8.8.8:53 155.36.18.104.in-addr.arpa udp
US 8.8.8.8:53 222.170.210.52.in-addr.arpa udp
US 8.8.8.8:53 198.10.67.172.in-addr.arpa udp
US 8.8.8.8:53 251.9.89.51.in-addr.arpa udp
US 8.8.8.8:53 87.70.96.34.in-addr.arpa udp
US 8.8.8.8:53 89.152.64.172.in-addr.arpa udp
US 8.8.8.8:53 192.146.102.34.in-addr.arpa udp
US 8.8.8.8:53 158.84.75.147.in-addr.arpa udp
US 8.8.8.8:53 3.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 86.52.22.104.in-addr.arpa udp
US 8.8.8.8:53 225.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 246.83.36.212.in-addr.arpa udp
US 8.8.8.8:53 217.20.66.18.in-addr.arpa udp
US 8.8.8.8:53 204.135.128.178.in-addr.arpa udp
US 8.8.8.8:53 53.135.120.34.in-addr.arpa udp
US 8.8.8.8:53 117.138.19.162.in-addr.arpa udp
US 8.8.8.8:53 google-bidout-d.openx.net udp
US 34.98.64.218:443 google-bidout-d.openx.net tcp
GB 216.58.212.225:443 tpc.googlesyndication.com udp
DE 51.89.9.251:443 onetag-sys.com udp
US 8.8.8.8:53 download2289.mediafire.com udp
US 199.91.155.30:443 download2289.mediafire.com tcp
US 199.91.155.30:443 download2289.mediafire.com tcp
US 8.8.8.8:53 gum.criteo.com udp
NL 178.250.1.11:443 gum.criteo.com tcp
US 8.8.8.8:53 193.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 218.64.98.34.in-addr.arpa udp
US 8.8.8.8:53 30.155.91.199.in-addr.arpa udp
US 8.8.8.8:53 11.1.250.178.in-addr.arpa udp
US 104.19.215.37:80 otnolatrnup.com tcp
US 104.19.215.37:80 otnolatrnup.com tcp
US 8.8.8.8:53 woreppercomming.com udp
AT 3.161.119.119:443 woreppercomming.com tcp
US 8.8.8.8:53 dnacdn.net udp
US 8.8.8.8:53 ag.gbc.criteo.com udp
US 8.8.8.8:53 gem.gbc.criteo.com udp
FR 185.235.86.245:443 ag.gbc.criteo.com tcp
FR 178.250.7.13:443 dnacdn.net tcp
FR 185.235.86.100:443 gem.gbc.criteo.com tcp
US 8.8.8.8:53 226.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 119.119.161.3.in-addr.arpa udp
US 8.8.8.8:53 www.ovardu.com udp
US 172.67.174.4:443 www.ovardu.com tcp
US 8.8.8.8:53 www.opera.com udp
DE 3.127.11.50:443 www.opera.com tcp
US 8.8.8.8:53 cdn-production-opera-website.operacdn.com udp
US 8.8.8.8:53 www.googleoptimize.com udp
GB 104.84.85.174:443 cdn-production-opera-website.operacdn.com tcp
GB 104.84.85.174:443 cdn-production-opera-website.operacdn.com tcp
GB 104.84.85.174:443 cdn-production-opera-website.operacdn.com tcp
GB 104.84.85.174:443 cdn-production-opera-website.operacdn.com tcp
GB 172.217.169.14:443 www.googleoptimize.com tcp
US 8.8.8.8:53 13.7.250.178.in-addr.arpa udp
US 8.8.8.8:53 245.86.235.185.in-addr.arpa udp
US 8.8.8.8:53 100.86.235.185.in-addr.arpa udp
US 8.8.8.8:53 4.174.67.172.in-addr.arpa udp
US 8.8.8.8:53 50.11.127.3.in-addr.arpa udp
US 8.8.8.8:53 174.85.84.104.in-addr.arpa udp
US 8.8.8.8:53 www-static.operacdn.com udp
GB 104.84.85.174:443 cdn-production-opera-website.operacdn.com tcp
US 138.91.171.81:80 tcp
US 8.8.8.8:53 csync.smilewanted.com udp
US 8.8.8.8:53 js-sec.indexww.com udp
US 8.8.8.8:53 id.a-mx.com udp
US 8.8.8.8:53 id.hadron.ad.gt udp
US 8.8.8.8:53 ups.analytics.yahoo.com udp
US 8.8.8.8:53 match.adsrvr.org udp
US 8.8.8.8:53 id.crwdcntrl.net udp
US 8.8.8.8:53 pixel.rubiconproject.com udp
US 8.8.8.8:53 rtb.openx.net udp
US 8.8.8.8:53 x.bidswitch.net udp
US 8.8.8.8:53 cm.adform.net udp
US 8.8.8.8:53 www.redditstatic.com udp
US 8.8.8.8:53 pixel-sync.sitescout.com udp
US 8.8.8.8:53 static.hotjar.com udp
US 8.8.8.8:53 snap.licdn.com udp
US 8.8.8.8:53 cdn.taboola.com udp
US 8.8.8.8:53 tags.creativecdn.com udp
US 8.8.8.8:53 s.yimg.com udp
DK 37.157.4.29:443 cm.adform.net tcp
GB 195.181.164.17:443 tags.creativecdn.com tcp
US 151.101.1.44:443 cdn.taboola.com tcp
US 151.101.1.140:443 www.redditstatic.com tcp
US 104.22.4.69:443 id.hadron.ad.gt tcp
DE 3.75.62.37:443 ups.analytics.yahoo.com tcp
US 35.227.252.103:443 rtb.openx.net tcp
NL 131.153.158.209:443 id.a-mx.com tcp
NL 213.19.162.80:443 pixel.rubiconproject.com tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
AT 13.32.110.26:443 static.hotjar.com tcp
GB 88.221.135.104:443 snap.licdn.com tcp
NL 98.98.134.241:443 pixel-sync.sitescout.com tcp
US 172.64.149.180:443 js-sec.indexww.com tcp
US 52.223.40.198:443 match.adsrvr.org tcp
US 172.64.149.180:443 js-sec.indexww.com tcp
NL 131.153.158.209:443 id.a-mx.com tcp
DE 3.75.62.37:443 ups.analytics.yahoo.com tcp
US 104.22.4.69:443 id.hadron.ad.gt tcp
US 52.223.40.198:443 match.adsrvr.org tcp
US 35.227.252.103:443 rtb.openx.net tcp
NL 213.19.162.80:443 pixel.rubiconproject.com tcp
DK 37.157.4.29:443 cm.adform.net tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
NL 98.98.134.241:443 pixel-sync.sitescout.com tcp
US 151.101.1.140:443 www.redditstatic.com tcp
AT 13.32.110.26:443 static.hotjar.com tcp
US 151.101.1.44:443 cdn.taboola.com tcp
GB 88.221.135.104:443 snap.licdn.com tcp
GB 195.181.164.17:443 tags.creativecdn.com tcp
US 172.67.10.198:443 csync.smilewanted.com tcp
IE 54.216.166.217:443 id.crwdcntrl.net tcp
GB 87.248.114.12:443 s.yimg.com tcp
US 8.8.8.8:53 lb.eu-1-id5-sync.com udp
US 35.227.252.103:443 rtb.openx.net udp
DE 141.95.98.65:443 lb.eu-1-id5-sync.com tcp
DE 141.95.98.65:443 lb.eu-1-id5-sync.com tcp
US 8.8.8.8:53 a.vidoomy.com udp
US 8.8.8.8:53 a-prebid.vidoomy.com udp
ES 212.36.83.245:443 a-prebid.vidoomy.com tcp
ES 212.36.83.246:443 a-prebid.vidoomy.com tcp
US 8.8.8.8:53 17.164.181.195.in-addr.arpa udp
US 8.8.8.8:53 44.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 140.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 29.4.157.37.in-addr.arpa udp
US 8.8.8.8:53 103.252.227.35.in-addr.arpa udp
US 8.8.8.8:53 180.149.64.172.in-addr.arpa udp
US 8.8.8.8:53 69.4.22.104.in-addr.arpa udp
US 8.8.8.8:53 198.40.223.52.in-addr.arpa udp
US 8.8.8.8:53 209.158.153.131.in-addr.arpa udp
US 8.8.8.8:53 80.162.19.213.in-addr.arpa udp
US 8.8.8.8:53 241.134.98.98.in-addr.arpa udp
US 8.8.8.8:53 91.149.214.35.in-addr.arpa udp
US 8.8.8.8:53 37.62.75.3.in-addr.arpa udp
US 8.8.8.8:53 26.110.32.13.in-addr.arpa udp
US 8.8.8.8:53 217.166.216.54.in-addr.arpa udp
US 8.8.8.8:53 104.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 12.114.248.87.in-addr.arpa udp
US 8.8.8.8:53 65.98.95.141.in-addr.arpa udp
US 8.8.8.8:53 245.83.36.212.in-addr.arpa udp
US 151.101.1.140:443 www.redditstatic.com tcp
US 8.8.8.8:53 assets.a-mo.net udp
US 8.8.8.8:53 script.hotjar.com udp
US 8.8.8.8:53 ams.creativecdn.com udp
US 8.8.8.8:53 alb.reddit.com udp
US 8.8.8.8:53 trc.taboola.com udp
US 8.8.8.8:53 sp.analytics.yahoo.com udp
NL 185.184.8.90:443 ams.creativecdn.com tcp
US 8.8.8.8:53 px.ads.linkedin.com udp
US 104.19.158.19:443 assets.a-mo.net tcp
AT 13.32.110.124:443 script.hotjar.com tcp
US 151.101.1.140:443 alb.reddit.com tcp
IE 212.82.100.181:443 sp.analytics.yahoo.com tcp
US 8.8.8.8:53 static.smilewanted.com udp
US 13.107.42.14:443 px.ads.linkedin.com tcp
US 8.8.8.8:53 ssum-sec.casalemedia.com udp
US 8.8.8.8:53 ib.adnxs.com udp
US 8.8.8.8:53 sync.smartadserver.com udp
DE 37.252.171.52:443 ib.adnxs.com tcp
NL 89.149.192.200:443 sync.smartadserver.com tcp
US 8.8.8.8:53 secure.adnxs.com udp
NL 185.89.211.116:443 secure.adnxs.com tcp
US 8.8.8.8:53 19.158.19.104.in-addr.arpa udp
US 8.8.8.8:53 90.8.184.185.in-addr.arpa udp
US 8.8.8.8:53 124.110.32.13.in-addr.arpa udp
US 8.8.8.8:53 181.100.82.212.in-addr.arpa udp
US 8.8.8.8:53 14.42.107.13.in-addr.arpa udp
US 8.8.8.8:53 52.171.252.37.in-addr.arpa udp
US 8.8.8.8:53 200.192.149.89.in-addr.arpa udp
US 8.8.8.8:53 ice.360yield.com udp
US 8.8.8.8:53 u.openx.net udp
IE 3.248.126.2:443 ice.360yield.com tcp
US 35.244.159.8:443 u.openx.net udp
US 8.8.8.8:53 ap.lijit.com udp
IE 54.73.49.52:443 ap.lijit.com tcp
US 8.8.8.8:53 us.shb-sync.com udp
US 8.2.110.33:443 us.shb-sync.com tcp
US 8.8.8.8:53 ow.pubmatic.com udp
US 8.8.8.8:53 prebid-server.rubiconproject.com udp
US 8.8.8.8:53 rtb.mfadsrvr.com udp
NL 185.64.189.116:443 ow.pubmatic.com tcp
GB 142.250.180.10:443 translate-pa.googleapis.com udp
NL 213.19.162.71:443 prebid-server.rubiconproject.com tcp
US 8.8.8.8:53 sync.mathtag.com udp
US 8.8.8.8:53 pixel-eu.rubiconproject.com udp
US 8.8.8.8:53 ads.stickyadstv.com udp
US 8.8.8.8:53 sync.a-mo.net udp
US 8.8.8.8:53 cdn.indexww.com udp
US 216.200.232.253:443 sync.mathtag.com tcp
NL 213.19.162.90:443 pixel-eu.rubiconproject.com tcp
FR 154.54.250.151:443 ads.stickyadstv.com tcp
DE 18.198.96.60:443 rtb.mfadsrvr.com tcp
NL 147.75.84.158:443 sync.a-mo.net tcp
NL 147.75.84.158:443 sync.a-mo.net tcp
NL 147.75.84.158:443 sync.a-mo.net tcp
US 8.8.8.8:53 116.211.89.185.in-addr.arpa udp
US 8.8.8.8:53 2.126.248.3.in-addr.arpa udp
US 8.8.8.8:53 8.159.244.35.in-addr.arpa udp
US 8.8.8.8:53 52.49.73.54.in-addr.arpa udp
US 8.8.8.8:53 33.110.2.8.in-addr.arpa udp
US 8.8.8.8:53 116.189.64.185.in-addr.arpa udp
US 8.8.8.8:53 71.162.19.213.in-addr.arpa udp
US 8.8.8.8:53 90.162.19.213.in-addr.arpa udp
US 8.8.8.8:53 151.250.54.154.in-addr.arpa udp
US 8.8.8.8:53 60.96.198.18.in-addr.arpa udp
US 8.8.8.8:53 cs.admanmedia.com udp
US 8.8.8.8:53 t.adx.opera.com udp
US 8.8.8.8:53 ssbsync-global.smartadserver.com udp
US 8.8.8.8:53 id.rlcdn.com udp
US 8.8.8.8:53 image8.pubmatic.com udp
NL 82.145.213.8:443 t.adx.opera.com tcp
US 80.77.87.161:443 cs.admanmedia.com tcp
FR 178.32.197.52:443 ssbsync-global.smartadserver.com tcp
US 8.8.8.8:53 s.ad.smaato.net udp
NL 198.47.127.18:443 image8.pubmatic.com tcp
US 35.244.174.68:443 id.rlcdn.com tcp
US 8.8.8.8:53 s.amazon-adsystem.com udp
AT 13.32.110.72:443 s.ad.smaato.net tcp
US 52.46.155.104:443 s.amazon-adsystem.com tcp
US 8.8.8.8:53 8.213.145.82.in-addr.arpa udp
US 8.8.8.8:53 253.232.200.216.in-addr.arpa udp
US 8.8.8.8:53 52.197.32.178.in-addr.arpa udp
US 8.8.8.8:53 68.174.244.35.in-addr.arpa udp
US 8.8.8.8:53 161.87.77.80.in-addr.arpa udp
US 8.8.8.8:53 18.127.47.198.in-addr.arpa udp
US 8.8.8.8:53 72.110.32.13.in-addr.arpa udp
US 8.8.8.8:53 104.155.46.52.in-addr.arpa udp
NL 178.250.1.8:443 bidder.criteo.com tcp
ES 212.36.83.246:443 a-prebid.vidoomy.com tcp
DE 18.198.96.60:443 rtb.mfadsrvr.com tcp
US 35.244.174.68:443 id.rlcdn.com udp
US 8.8.8.8:53 t.pubmatic.com udp
NL 185.64.189.226:443 t.pubmatic.com tcp
US 8.8.8.8:53 hbx.media.net udp
GB 104.78.176.27:443 hbx.media.net tcp
US 8.8.8.8:53 27.176.78.104.in-addr.arpa udp
US 8.8.8.8:53 226.189.64.185.in-addr.arpa udp
US 8.8.8.8:53 ads.us.e-planning.net udp
NL 193.3.178.3:443 ads.us.e-planning.net tcp
FR 178.32.197.52:443 ssbsync-global.smartadserver.com tcp
GB 216.58.212.225:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 3.178.3.193.in-addr.arpa udp
GB 142.250.179.226:443 cm.g.doubleclick.net udp
GB 216.58.201.98:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 lexicon.33across.com udp
US 35.244.193.51:443 lexicon.33across.com tcp
US 8.8.8.8:53 51.193.244.35.in-addr.arpa udp
US 216.239.32.36:443 region1.analytics.google.com udp
US 8.8.8.8:53 focKpcZNFzOsLAPbkDVXv.focKpcZNFzOsLAPbkDVXv udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 w3-reporting-nel.reddit.com udp
NL 178.250.1.8:443 bidder.criteo.com tcp
DE 51.89.9.251:443 onetag-sys.com tcp
US 8.8.8.8:53 d.vidoomy.com udp
US 178.128.135.204:443 rt.marphezis.com tcp
ES 212.36.83.246:443 d.vidoomy.com tcp
ES 212.36.83.246:443 d.vidoomy.com tcp
GB 216.58.212.225:443 tpc.googlesyndication.com udp
GB 216.58.204.67:443 www.google.co.uk udp
US 8.8.8.8:53 s0.2mdn.net udp
GB 172.217.16.234:443 translate-pa.googleapis.com udp
GB 142.250.179.230:443 s0.2mdn.net tcp
GB 216.58.212.225:443 tpc.googlesyndication.com udp
GB 142.250.179.226:443 cm.g.doubleclick.net udp
GB 142.250.178.4:443 www.google.com udp
GB 216.58.201.98:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 230.179.250.142.in-addr.arpa udp
DE 146.70.169.164:2227 tcp
US 8.8.8.8:53 164.169.70.146.in-addr.arpa udp
DE 146.70.169.164:2227 tcp
NL 45.15.156.186:29975 tcp
US 8.8.8.8:53 focKpcZNFzOsLAPbkDVXv.focKpcZNFzOsLAPbkDVXv udp
US 8.8.8.8:53 186.156.15.45.in-addr.arpa udp
NL 45.15.156.186:29975 tcp
NL 45.15.156.186:29975 tcp
NL 45.15.156.186:29975 tcp
NL 45.15.156.186:29975 tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 3e71d66ce903fcba6050e4b99b624fa7
SHA1 139d274762405b422eab698da8cc85f405922de5
SHA256 53b34e24e3fbb6a7f473192fc4dec2ae668974494f5636f0359b6ca27d7c65e3
SHA512 17e2f1400000dd6c54c8dc067b31bcb0a3111e44a9d2c5c779f484a51ada92d88f5b6e6847270faae8ff881117b7ceaaf8dfe9df427cbb8d9449ceacd0480388

\??\pipe\LOCAL\crashpad_1340_DUAQXWCNTFGCKLHT

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\decbb1f3-78ad-465c-a229-16c64fba5ac0.tmp

MD5 5262dcb81059643deef54d81a9badc8b
SHA1 547fecd82793bab535803f785092e02cacf9521b
SHA256 831e03845119755f03732028eec5ef65f3fe0e9ef25093172b06cf12a3cce76d
SHA512 328fc391df45b1c84e0a99bb6d4b201a9e944a0f144babf066253b66e3f5aeff32b848a6a83dde766b83fe41725e3c27b607b8c8c64ff663841b43f5a99da0c2

memory/5080-33-0x00000221DD720000-0x00000221DD721000-memory.dmp

memory/5080-34-0x00000221DD720000-0x00000221DD721000-memory.dmp

memory/5080-35-0x00000221DD720000-0x00000221DD721000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

memory/5080-45-0x00000221DD720000-0x00000221DD721000-memory.dmp

memory/5080-46-0x00000221DD720000-0x00000221DD721000-memory.dmp

memory/5080-48-0x00000221DD720000-0x00000221DD721000-memory.dmp

memory/5080-49-0x00000221DD720000-0x00000221DD721000-memory.dmp

memory/5080-50-0x00000221DD720000-0x00000221DD721000-memory.dmp

memory/5080-39-0x00000221DD720000-0x00000221DD721000-memory.dmp

memory/5080-51-0x00000221DD720000-0x00000221DD721000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 6da623d089d7e786cb820751edccb514
SHA1 6b7a55a5772a4fe307a04da90e453cb7a33de3c9
SHA256 dc85226ebcc5ff661b03d4766b3f12ce719026831dfc32042a9cdbf219f7bb8f
SHA512 5e25083ac1a852212a46df9cd3097cdf55ecc3734c46b18913e8408c7ed963b82725ba8d263daa9e9be2b10ad1bd0733077532292bdf0cac7e35b1c80a447b26

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 14eb2a3dfce11477307f27f5424549f8
SHA1 57809723dab0c1a597679bea356ed5d7ce243033
SHA256 8fcfff362b83e98389274be55f97808529dec2b823eb47f79e8bb3bc7d476145
SHA512 11732be77f69da3ee92ad9913a24606c1e21ad34a3fe4788e18761b048777dcea548522c43a64b4e3f1e83837eea68d81903fe959c1c5d5ba031e2ef5a640274

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 1b1b142e24215f033793d1311e24f6e6
SHA1 74e23cffbf03f3f0c430e6f4481e740c55a48587
SHA256 3dca3ec65d1f4109c6b66a1a47b2477afaf8d15306a523f297283da0eccbe8b1
SHA512 a569385710e3a0dc0d6366476c457927a847a2b2298c839e423c485f7dcce2468a58d20133f6dc81913056fb579957e67f63cf1e20b910d61816210447cd1f1f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ee003dd490b3c54fc54c4552b9bca984
SHA1 2cb3ba43826f236c800830403a9fede6f94b9e26
SHA256 590e70db1fc0f91ff2eca1ecd3ae119545d411bec47c425ffca26e78cb5a0d50
SHA512 c60ee037a2a6c3c4ba3afd825aed6cd70801a66d930a0d1d72f7eac8ac9bf9f0d8ecd4b7cd8633210fa8c3373b48479341b1c61f4c3d2a6b2123c073e215390f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 16c83211c32bf469184acadbbef57512
SHA1 afeb919e1f0c17f328d8937b2fbf2ac7c1b01235
SHA256 8de5c0c58d2a0da22232549cdd71095a2742295b8054be9f9155a5fea7210d68
SHA512 0f3729c91948157c1b9f9ee066b22407cef84cbabb28de9a922019f2d85294fd4c19fe74b203b18ceaa6268ef369348a15326b4b7a2f95b5a9504066c4e0bdbf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 11f0f6ade334dd766f95cdd4a4062663
SHA1 21a965bb9fdeefbb4095db4bf32348252fd31cd9
SHA256 6c44bf7f4e164e78221d24b6fe628db0dfce918b3ab91774b29e9665aef07946
SHA512 4a64768acfd90d995c23d24fb4c611d112de16898e4131d1568627e38e9f36fb1586ae4c2343c74f8dafd27658f371e1b9d8ae0f55b7df57f691036d4b94234a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57a23b.TMP

MD5 5a1fcfc80ab7bc1087575d7163ed4079
SHA1 c528fb4471c7c2a1dcae3601e58be0515122f80b
SHA256 70e3c6495687e0236d4687836b390a431f7521e5ef1a97c28097b4908822a93f
SHA512 eab3c32920e61b4342c7df5b8af95d90a25edce87b96af35492c5e96e9df6e5f76943c46b712b21cffb79b0439b4592c9eb33b6626631cadff22517036af58e2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7c00edaeb16a162a5b5d0138e9c696f3
SHA1 a9eaac4cfe90e67dd67c615a8bf9d3ebd53a0e10
SHA256 852ed1e0713aabba3328cddfe92e2ecd71329493fe140f7e1d0359e7265e503d
SHA512 c8decffdb7764464177f70fb1a638fe7862d9b651cd6d0275507a46fb3c60ea4b29ef8576ff562ba26e1ff558f56456ca7ef9c2258f12c7aba6549ea2141098c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004f

MD5 87e8230a9ca3f0c5ccfa56f70276e2f2
SHA1 eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7
SHA256 e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9
SHA512 37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 099bca9623fa00a17dc0e0e41ca9a2ec
SHA1 a412f157c11079f7c25a7ed9462c554abf59f800
SHA256 3d5bcc23c48607b144a74fe814eb3b44045c720265d4d9331005a68b93f75262
SHA512 182d2c046b75c471a3f117dd37c64b28e10e0e8146bc76b4687663ad023ed6e98df861f7a788b4730f2bee23dd3e073adac03e17e4c683c383ae2e171f20ebc8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 de5f6f6d8267b2af9106550df6f1fec4
SHA1 4ae124239cb7f5d3960683ae39a17650f4323531
SHA256 4e32a0364ab089f16db5f13a962a69f9b726869112b577b056efcd40a8940666
SHA512 77a79bf7c88ebbf2932c61a276db5f3f24d42a0867ae9ab22cf1bfda1959de5dd6c1c541a300ab56fdd1a024176ce25d5642d1e2440dd81626ba6ca295fa4dd1

C:\Users\Admin\Downloads\ElectronRob.rar

MD5 9d6efe2e33a816ef58fcdcc6a44b53ed
SHA1 281f905402e0a8f1b08a06203decd831e0334e3d
SHA256 62e09ffbae42a36d9f992cda8d6d8285e1654575355fdc03cfcb426e159e59ce
SHA512 4b0dfc523cce8cd9d03d690f9a9cdd557fbdad67483f1a8f8571571f044285a53724f5f3f48bb05399fd4899374c0e34449f8fe654ca5d2b522ae6a5f729cd08

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d916d40017848dd8b623d5f581bb46c5
SHA1 239d0e530ba938c67c671c72ef34d9229faf8da4
SHA256 111f1da9b67209bffe05f26cd0067f96e274a953651d37e76b63b2ce91a71ecc
SHA512 eb193ae79c580811b34bdd4d0eeb0f00a5a07a43a707ac341e9c5446f17d13173aab043b4e7ec097b3e45659acc85897317d1d2da2bce3d9345e5b6d56491677

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 7c5398ad59d8a7d2860b5656357c0faa
SHA1 38d90896010b6376355254a2cffed6b1d7effae4
SHA256 c83df2769bb9d9f5ea2c7c441aad6222fd56ef8d712d9845d20fe62f105c66fb
SHA512 ebd57e98038fec39edf07884abab93e82fdd0a0c15f2bb4f7bf0955e693eb249a869d3f86d5b4b3f798a787d1f8de6c41f29b1363ab7e61615803eb4ab3d79b8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 fcbe3bf8ce446fe31ec29b42a345962b
SHA1 26fa2a1f15ceaff431ded387ad524116a151e7ec
SHA256 6393fc1af2a7e1d265198f575f98f6ecac722f140aa8b524840362c09af2fad8
SHA512 d4ebd854834e76ba0df10537e836e5babe83b10b049830aeccd5173261dd5b46b2eef1e20eb6f801129601a9b3b86a0b8d67af7c2da121da7300a7db80cb82cd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\64d51e58-2fbe-409f-8dfd-ccd420fcecad.tmp

MD5 1d1b2f098cbf79a58ab1e60da95ece84
SHA1 28eb5c77fc42eba21f9dafaf3da4b8d35b05740e
SHA256 5418004fcea60b750cf6dd512a024d4e158e9419c3ff3e20949b6d3f294d47e2
SHA512 46e194c5085e593a2d4a74f6d6b06a5750fda5e05cd7d7659c2a3bd18f7330c0b3710700556eab5460dc2d1d787db1ced443785ceec484ac2f63499670f34eb3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 2989c5635665710118c4f977b7cef5e5
SHA1 cfa8d7050bb9f8aa5f47faf5cb46ba8b2ca78c41
SHA256 8f519485ee7dd06690c3fb1b159a80aa2d100f5393abb26586f2a3e957576004
SHA512 6ecf670c49839b28522e5039c8826814720cffef56f107edad3417a4823883ade834b186856ba1f11af99dd7fc0396e4bde3c0282cac260d0e8348c208993ee4

C:\Users\Admin\AppData\Local\Temp\7zO8DA97818\Electron.exe

MD5 b9365cf5db51ca0c7be7ae8c756bdc36
SHA1 e131e54f56f6bdb6d625cc36489632c566db373c
SHA256 08af419eac40b70060ff44899f63d122507e91178e2d2d23bcbb90759ca48a32
SHA512 a423db1d7a2ecefda0ac796c97d73cbc964ce5c892839e48451674412268f151f16f853abf8c88a5189fc859226942dc77b8627b24afc4679fce6e80fa309d9f

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Agenda

MD5 84be9d39c853622f948f0963715dd7d7
SHA1 8417d86e3057bb97a90db5d898289c77f5007a01
SHA256 5af5c1257f8b82a3b75d826ed2219ce87b5b951f63ef1fe7ef68981c8d2cad46
SHA512 36bfa859edfba4465483f998888c1f6d1e2413f465fc8ca86313a5ff6cfb20b0b4abf8a1ad3e512b60627dcb7c3d56b405ec7b9c1d50df8b0b891ea98c590be8

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Rate

MD5 8a0b5a0cb6bd130b35253f17701b18a5
SHA1 a1b6d05d741c6a23ba081fe021d0293a43a478b4
SHA256 34035ccbeb5445ab0fe053cdaa7c9cbe456197763b19b5731d9a24bc574e173a
SHA512 a7d42f4b6a624ca83642172af0a5a67db4dec3015a613bd04464cb36bfe77b4b8d4cfb9e5a4281fe323769b8531eb6834cff3e526c14daee589205af2d2151b7

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Sim

MD5 a77a4b2535895e941a6b04adced00660
SHA1 ff4b9e57b6cc84a23f98e5bef3b9d4f9b2ac6895
SHA256 7fd8f4366ccc36aadb7640ab4bc89ea660b139790699176107de19aa17821da4
SHA512 b137123c6e249cb2f62e1329d14b98da02b6da8b9ee9bb93e8bd661939d0d6074a97abbfb88ee9736b3178904a2b0922161ecb8278f47ed0c8af51ed1c29edda

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\11058\Parking.pif

MD5 848164d084384c49937f99d5b894253e
SHA1 3055ef803eeec4f175ebf120f94125717ee12444
SHA256 f58d3a4b2f3f7f10815c24586fae91964eeed830369e7e0701b43895b0cefbd3
SHA512 aabe1cf076f48f32542f49a92e4ca9f054b31d5a9949119991b897b9489fe775d8009896408ba49ac43ec431c87c0d385daead9dbbde7ef6309b0c97bbaf852a

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Newsletters

MD5 f0cb00add562050fb113c63b8d565ce3
SHA1 3dff8eb31dcc00461fe553c923fa9669adfcf4dc
SHA256 a5c8778695f435441447309f14e14fcccfda579f087ef460607a2817a72511c3
SHA512 fa159af81b82f0714ce22abce5c13d430d75080dae396f41b7bb914fcb1115ebe345c9d11ca04359734babc8fb842b6783fb13d01715af8e3a1f9b893bc6ebf9

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Kevin

MD5 e34e4592f6825b7e779adbf914216af5
SHA1 267a120db921bf5ced410226f80663c7476390d1
SHA256 36c293a698908452c0933d5190987fae8259ee12453f35746563cb9b5902b767
SHA512 e75f093eb179124c31f1501e905b8a4fdc316fc05eec9fdda18630eb96461ffc5baa3d1acad05d9b187f32636cdc2aaeb5555b3f64ec6c2cd3e86a99ba36560e

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Officially

MD5 de6766a3fa2f7aca6e959cf4452573ae
SHA1 b6858a5730266cdf3e2ed64181b707979fbaad7b
SHA256 96bc72c835f63542e5793b7dbf3adbc0844d0e73c3225968e1f88eb68b5e0530
SHA512 e5eac20e0979e3bab06d6e2022d9fe491538b2ebdfad0e251151920b8769dbf3f7b7e4e94a3d9dc7ee0c3ee50546d184bfa9c118dc03f5e6dc3e74fd4c7ea9ce

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\11058\k

MD5 59ba4b04710d8e6fab7b4c6e3cc639e5
SHA1 8f5d6965914a55f7a7a9a1eee60ebdefaef312a8
SHA256 f0bba22b273586bc492b117f90de4e14c55e0b5304b0dfa8d90f675cc1c6c76b
SHA512 0471c37ffd2703c2d2988725409daa43c4454172898ed080d2b5b928ad5c034680c71a84f181f405b675b765fd028ee2fd16ff2b7569be4ee5ca9d530b117708

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Crafts

MD5 ea7698521f51a5eeb2b18716cc594a6c
SHA1 351a38abb41abc0521c34a2f35609e44a824805a
SHA256 519bd2b5dd03306da46ace6baf49025182d42e204b9d4d3ea84aaf25fc908d7c
SHA512 6cac00028105f3364d4186230d1e3e0fcf14976d45f35de0c8bdf6240761b9b368ca2f454cd1573651daa11e32b493a536c373948ec1228741aa7e25a165e13a

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Desktops

MD5 f2f3a0d52007c71281666caa21e78211
SHA1 76eed58f7e5610f03e1db835180fb070183f2112
SHA256 a393d7469d1c9eb74f4438b69a41502cfaceff7d27cf05604b4462fb6c4423a4
SHA512 8965ef625de9f24485c88e74f4291eaeb75fe263dd6da9cb5226dc2268cfdda2a5a5480976d8f1737d8e58aab8375f12b5c1a8447e6213cc0ee20063ec961762

memory/6604-698-0x0000000076F21000-0x0000000077041000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zO8DA636E8\arialbd.ttf

MD5 ac8ce60bf9ef976a52176e90335cab62
SHA1 77307ba38a136e1329c595f001a4dff1e98274d1
SHA256 be221654612db226df09f0246de80d4e1aaf07d4484a7117ee34c303358fa44f
SHA512 3fdbebb145c6fcc825808dd011d893bba944c36fbfb69b35a711389a46f0c8e7aa6fe8b3a562b7453e0acec6d2aac5a7535404f8b3efac494b575ada5532d4d6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 c91f9a8a738983400294f2e43825568b
SHA1 ff17c8167f32dec2d35e63f238364b977383d736
SHA256 438c00a34c19126086110e6aff0a2e6cc8c961e82cb3680cdc351830e5e7ed80
SHA512 de81252d7c4988b0d6c11a8977d8bb10027fffbc661de660765c163feb4d739747ec84ea18ea13576a7d95f67b4d894df8483c90c79f618489cbd3afd8901dc7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c

MD5 91ce41fccb77d96dce2d738e6b9cb167
SHA1 4beae19a90b16916792c88d651f123b627a25fce
SHA256 5189d731040fb20bd486c8a67cceb62b49a329eef42abeacf1828d26cd73d23a
SHA512 4267dfdc5dcc859c8432c79c16351decf348e8d92b4b3608be944e93c1afa1d822dc23bd202f1318179ae5877764a70b97793571d980adcea8ec8dc714cb2619

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d

MD5 41c2e7b0e6aa227ccbccf9ff65ce30b5
SHA1 afae04787131d8bf53f45f97fa84a31f03f86907
SHA256 60e1c433b16d34ce86ad5ab9faedd15de3ccdbc31d3e640f02433f8a66358a42
SHA512 dbc01951f9bdd804c734becf0fa56464097631e9f9893a1f71627e97116928afb7fe056db75ea1ddf9cacd25b832aa646807391970dbf8734a4f09b6166eacb6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d0c5abcfc13abc90f66944ac4653cf97
SHA1 6892e53c4ca1bae182d7876da4afefb330217dce
SHA256 4a7c5d9899bf58b6f3249bc5714cf1d36c932319f5dd7589d676d67b243463c3
SHA512 78688fc29afad874e72ba1d83e7367d12f52d8822fa4ed9fb408c54345fb125731244897db89c16a960460a7d846b46818de0f0efbbd91c0e7c56887cd1b9a17

C:\Users\Admin\AppData\Local\Temp\7zO8DA9E998\loader.exe

MD5 7616b1df832a2a22416d2157795419ba
SHA1 c1a73a0c7c979902b3a9218c6ca7e8d557562cc7
SHA256 411b16a9da220c8533d6403f92226fad78e086dc6e76b6f56f346fbb4228946f
SHA512 5790e494e2c8f46ee615bf0ca3f842ebb1ca70f2270b0f86da3851498b2a2275985f2125ae895c1f0ca5613c39bb7e0c67e831172e3edf99277625e38fb2a08f

memory/7152-844-0x00000000021C0000-0x00000000021D4000-memory.dmp

memory/7152-846-0x0000000004B40000-0x00000000050E4000-memory.dmp

memory/7152-848-0x0000000002450000-0x0000000002464000-memory.dmp

memory/7152-849-0x0000000004B30000-0x0000000004B40000-memory.dmp

memory/7152-847-0x0000000004B30000-0x0000000004B40000-memory.dmp

memory/7152-850-0x0000000004B30000-0x0000000004B40000-memory.dmp

memory/7152-845-0x00000000729A0000-0x0000000073150000-memory.dmp

memory/7152-851-0x0000000004B30000-0x0000000004B40000-memory.dmp

memory/5316-854-0x0000000000400000-0x000000000040A000-memory.dmp

memory/5316-857-0x0000000000400000-0x000000000040A000-memory.dmp

memory/7152-858-0x0000000002470000-0x0000000004470000-memory.dmp

memory/7152-861-0x00000000729A0000-0x0000000073150000-memory.dmp

memory/5316-860-0x0000000000400000-0x000000000040A000-memory.dmp

memory/5316-862-0x0000000000400000-0x000000000040A000-memory.dmp

memory/5316-863-0x0000000000400000-0x000000000040A000-memory.dmp

memory/2524-876-0x00000000729A0000-0x0000000073150000-memory.dmp

memory/2524-875-0x0000000002170000-0x0000000002184000-memory.dmp

memory/2524-877-0x0000000004900000-0x0000000004910000-memory.dmp

memory/2524-880-0x0000000004900000-0x0000000004910000-memory.dmp

memory/2524-879-0x0000000004900000-0x0000000004910000-memory.dmp

memory/2524-878-0x0000000004F40000-0x0000000004F54000-memory.dmp

memory/3820-888-0x0000000000400000-0x000000000040A000-memory.dmp

memory/2524-889-0x0000000002460000-0x0000000004460000-memory.dmp

memory/2524-893-0x00000000729A0000-0x0000000073150000-memory.dmp

memory/5316-894-0x00000000011D0000-0x00000000011D1000-memory.dmp

memory/5316-890-0x0000000000400000-0x000000000040A000-memory.dmp

memory/4612-903-0x0000000002150000-0x0000000002164000-memory.dmp

memory/4612-904-0x00000000729A0000-0x0000000073150000-memory.dmp

memory/4612-905-0x0000000004A90000-0x0000000004AA0000-memory.dmp

memory/4612-906-0x0000000004A90000-0x0000000004AA0000-memory.dmp

memory/4612-913-0x0000000002520000-0x0000000004520000-memory.dmp

memory/6664-914-0x0000000000400000-0x000000000040A000-memory.dmp

memory/6664-916-0x0000000000400000-0x000000000040A000-memory.dmp

memory/4612-915-0x00000000729A0000-0x0000000073150000-memory.dmp

memory/6664-917-0x0000000000400000-0x000000000040A000-memory.dmp

memory/6664-920-0x0000000000400000-0x000000000040A000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 c8f24c9c5b9647d551d385b7f019739f
SHA1 5b9f0cd4afa5844e15799a5b29825f15a2107584
SHA256 ae75445afa3166fb16284151a5a76a938ec1263d77b87373c224d053aecf0a60
SHA512 83e7a11cc513bb64d860d1e4924f3fda31d74587c9b2a07b177a7a8d82528242543d7bb090547b0a805a536f9d33ae8d92fd9dc5aaaea1a06ae5eded1bf5494c

memory/6604-932-0x0000000000F30000-0x0000000000F31000-memory.dmp

memory/6236-963-0x0000000000F00000-0x0000000000F42000-memory.dmp

memory/6236-974-0x0000000072180000-0x0000000072930000-memory.dmp

memory/6236-975-0x00000000052E0000-0x00000000052F0000-memory.dmp

memory/6236-986-0x0000000006C00000-0x0000000007218000-memory.dmp

memory/6236-988-0x0000000005B90000-0x0000000005BA2000-memory.dmp

memory/6236-987-0x0000000005C60000-0x0000000005D6A000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7ZipSfx.002\11068\RegAsm.exe

MD5 0d5df43af2916f47d00c1573797c1a13
SHA1 230ab5559e806574d26b4c20847c368ed55483b0
SHA256 c066aee7aa3aa83f763ebc5541daa266ed6c648fbffcde0d836a13b221bb2adc
SHA512 f96cf9e1890746b12daf839a6d0f16f062b72c1b8a40439f96583f242980f10f867720232a6fa0f7d4d7ac0a7a6143981a5a130d6417ea98b181447134c7cfe2

memory/6236-997-0x0000000005BF0000-0x0000000005C2C000-memory.dmp

memory/6236-999-0x0000000005E70000-0x0000000005EBC000-memory.dmp

memory/6236-1005-0x0000000005F90000-0x0000000005FF6000-memory.dmp

memory/6236-1006-0x0000000006680000-0x0000000006712000-memory.dmp

memory/6236-1007-0x0000000006720000-0x0000000006796000-memory.dmp

memory/6236-1008-0x0000000006660000-0x000000000667E000-memory.dmp

memory/6236-1009-0x0000000007720000-0x0000000007770000-memory.dmp

memory/6236-1010-0x0000000007E40000-0x0000000008002000-memory.dmp

memory/6236-1011-0x0000000008540000-0x0000000008A6C000-memory.dmp

memory/5348-1015-0x0000000001200000-0x0000000001242000-memory.dmp

memory/5348-1016-0x0000000072180000-0x0000000072930000-memory.dmp

memory/5348-1017-0x00000000056E0000-0x00000000056F0000-memory.dmp

memory/6584-1018-0x0000000000760000-0x00000000007A2000-memory.dmp

memory/6584-1019-0x0000000072180000-0x0000000072930000-memory.dmp

memory/6584-1020-0x0000000004C40000-0x0000000004C50000-memory.dmp

memory/700-1023-0x0000000000FD0000-0x0000000000FD8000-memory.dmp

memory/700-1025-0x00007FFCEBE20000-0x00007FFCEC8E1000-memory.dmp

memory/6236-1024-0x0000000072180000-0x0000000072930000-memory.dmp

memory/5348-1030-0x0000000072180000-0x0000000072930000-memory.dmp

memory/5720-1031-0x0000000000B10000-0x0000000000B52000-memory.dmp

memory/5348-1032-0x00000000056E0000-0x00000000056F0000-memory.dmp

memory/5720-1033-0x0000000072180000-0x0000000072930000-memory.dmp

memory/6584-1034-0x0000000072180000-0x0000000072930000-memory.dmp

memory/6584-1035-0x0000000004C40000-0x0000000004C50000-memory.dmp

memory/6432-1036-0x0000000000F30000-0x0000000000F72000-memory.dmp

memory/700-1037-0x00007FFCEBE20000-0x00007FFCEC8E1000-memory.dmp

memory/6432-1038-0x0000000072180000-0x0000000072930000-memory.dmp

memory/6432-1039-0x00000000055E0000-0x00000000055F0000-memory.dmp

memory/5720-1040-0x0000000072180000-0x0000000072930000-memory.dmp

memory/5720-1041-0x0000000072180000-0x0000000072930000-memory.dmp

memory/6432-1042-0x0000000072180000-0x0000000072930000-memory.dmp