Malware Analysis Report

2024-09-22 15:28

Sample ID 240224-xpejwace9x
Target https://drive.google.com/file/d/15SC86gG8AepffXhD7HKVHz5hQgZLoMQs/view
Tags
pandastealer stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://drive.google.com/file/d/15SC86gG8AepffXhD7HKVHz5hQgZLoMQs/view was found to be: Known bad.

Malicious Activity Summary

pandastealer stealer

PandaStealer

Legitimate hosting services abused for malware hosting/C2

Uses Volume Shadow Copy WMI provider

Suspicious behavior: LoadsDriver

Enumerates system info in registry

Modifies Internet Explorer settings

Uses Volume Shadow Copy service COM API

Suspicious use of WriteProcessMemory

Suspicious use of SetWindowsHookEx

Uses Task Scheduler COM API

Suspicious behavior: AddClipboardFormatListener

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Checks processor information in registry

Modifies registry class

MITRE ATT&CK Matrix V13

Analysis: static1

Detonation Overview

Reported

2024-02-24 19:01

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-02-24 19:01

Reported

2024-02-24 19:04

Platform

win10v2004-20240221-en

Max time kernel

146s

Max time network

145s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/15SC86gG8AepffXhD7HKVHz5hQgZLoMQs/view

Signatures

PandaStealer

stealer pandastealer

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A drive.google.com N/A N/A
N/A drive.google.com N/A N/A
N/A drive.google.com N/A N/A

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 70e028305467da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 600c30305467da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{5B6017DE-D347-11EE-8F59-5651773DBBEF} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000754ff45c13fc19439e038a497576789e000000000200000000001066000000010000200000008d4d9d5b592610fac268fa0ae3530c57677e2e323e22e9481489435ea5bf8af8000000000e8000000002000020000000fc034311253a424ba369ad8e2a77d962a1eba64022c3b6de9cd7c78b0a0a6c39200000002f653875e9fe0bd11d66bfbe7ccb0df5f6ec8fe9c250aaa731d63403f7a65594400000007cc7de8a7822cbec452c26ed692c4d026cc5c00856957ede54d5a26a6a7ec3c46ee03c04590ed1127e7953de103b58062f54b115e79b07ad59621859037f271d C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000\Software\Microsoft\Internet Explorer\IESettingSync C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000\Software\Microsoft\Internet Explorer\MINIE C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000754ff45c13fc19439e038a497576789e0000000002000000000010660000000100002000000031c1f48848a3bfb3d15411e5004563fe14bd71732fc249892a2d15f84a8b3de9000000000e80000000020000200000008d2ab082667b034ab2660e92aa22a7b3825dfcfe92c9a860a50ab6efba085e1a20000000cd00f104b93b561b0302ae524b84b30cc3c05fd26b5b1f2131ba4b9259ab288240000000b63a6116f5a6f6a8708edede715f63f06f6542e5499a9164b8adb2fbabcb4f86ebbb606c59b9972553018a678c9a7591026dd5a89c61ac56c1b0078f776a4599 C:\Program Files\Internet Explorer\iexplore.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1392040655-2056082574-619088944-1000_Classes\Local Settings C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_Discord Nitro Generator + Checker.zip\Discord Nitro Generator + Checker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_Discord Nitro Generator + Checker.zip\Discord Nitro Generator + Checker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_Discord Nitro Generator + Checker.zip\Discord Nitro Generator + Checker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_Discord Nitro Generator + Checker.zip\Discord Nitro Generator + Checker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_Discord Nitro Generator + Checker.zip\Discord Nitro Generator + Checker.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_Discord Nitro Generator + Checker.zip\Discord Nitro Generator + Checker.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 5220 wrote to memory of 664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5220 wrote to memory of 664 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5220 wrote to memory of 1928 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5220 wrote to memory of 1928 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5220 wrote to memory of 1928 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5220 wrote to memory of 1928 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5220 wrote to memory of 1928 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5220 wrote to memory of 1928 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5220 wrote to memory of 1928 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5220 wrote to memory of 1928 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5220 wrote to memory of 1928 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5220 wrote to memory of 1928 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5220 wrote to memory of 1928 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5220 wrote to memory of 1928 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5220 wrote to memory of 1928 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5220 wrote to memory of 1928 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5220 wrote to memory of 1928 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5220 wrote to memory of 1928 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5220 wrote to memory of 1928 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5220 wrote to memory of 1928 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5220 wrote to memory of 1928 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5220 wrote to memory of 1928 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5220 wrote to memory of 1928 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5220 wrote to memory of 1928 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5220 wrote to memory of 1928 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5220 wrote to memory of 1928 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5220 wrote to memory of 1928 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5220 wrote to memory of 1928 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5220 wrote to memory of 1928 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5220 wrote to memory of 1928 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5220 wrote to memory of 1928 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5220 wrote to memory of 1928 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5220 wrote to memory of 1928 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5220 wrote to memory of 1928 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5220 wrote to memory of 1928 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5220 wrote to memory of 1928 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5220 wrote to memory of 1928 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5220 wrote to memory of 1928 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5220 wrote to memory of 1928 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5220 wrote to memory of 1928 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5220 wrote to memory of 1928 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5220 wrote to memory of 1928 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5220 wrote to memory of 1920 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5220 wrote to memory of 1920 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5220 wrote to memory of 2076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5220 wrote to memory of 2076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5220 wrote to memory of 2076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5220 wrote to memory of 2076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5220 wrote to memory of 2076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5220 wrote to memory of 2076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5220 wrote to memory of 2076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5220 wrote to memory of 2076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5220 wrote to memory of 2076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5220 wrote to memory of 2076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5220 wrote to memory of 2076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5220 wrote to memory of 2076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5220 wrote to memory of 2076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5220 wrote to memory of 2076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5220 wrote to memory of 2076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5220 wrote to memory of 2076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5220 wrote to memory of 2076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5220 wrote to memory of 2076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5220 wrote to memory of 2076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5220 wrote to memory of 2076 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Uses Task Scheduler COM API

persistence

Uses Volume Shadow Copy WMI provider

ransomware

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/15SC86gG8AepffXhD7HKVHz5hQgZLoMQs/view

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8ab5646f8,0x7ff8ab564708,0x7ff8ab564718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,3005603723744780479,18345320735459293287,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,3005603723744780479,18345320735459293287,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3005603723744780479,18345320735459293287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3005603723744780479,18345320735459293287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,3005603723744780479,18345320735459293287,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3005603723744780479,18345320735459293287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4672 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,3005603723744780479,18345320735459293287,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5628 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,3005603723744780479,18345320735459293287,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5628 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3005603723744780479,18345320735459293287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2116,3005603723744780479,18345320735459293287,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3728 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2116,3005603723744780479,18345320735459293287,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5920 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3005603723744780479,18345320735459293287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3005603723744780479,18345320735459293287,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6220 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3005603723744780479,18345320735459293287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,3005603723744780479,18345320735459293287,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:1

C:\Users\Admin\AppData\Local\Temp\Temp1_Discord Nitro Generator + Checker.zip\Discord Nitro Generator + Checker.exe

"C:\Users\Admin\AppData\Local\Temp\Temp1_Discord Nitro Generator + Checker.zip\Discord Nitro Generator + Checker.exe"

C:\Users\Admin\AppData\Local\Temp\Temp1_Discord Nitro Generator + Checker.zip\Discord Nitro Generator + Checker.exe

"C:\Users\Admin\AppData\Local\Temp\Temp1_Discord Nitro Generator + Checker.zip\Discord Nitro Generator + Checker.exe"

C:\Users\Admin\AppData\Local\Temp\Temp1_Discord Nitro Generator + Checker.zip\Discord Nitro Generator + Checker.exe

"C:\Users\Admin\AppData\Local\Temp\Temp1_Discord Nitro Generator + Checker.zip\Discord Nitro Generator + Checker.exe"

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE

"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Desktop\GrantClose.odt"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\DisableSkip.xhtml

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2676 CREDAT:17410 /prefetch:2

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalService -p -s fdPHost

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,3005603723744780479,18345320735459293287,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5244 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 71.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 drive.google.com udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
GB 172.217.169.78:443 drive.google.com tcp
GB 172.217.169.78:443 drive.google.com tcp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 78.169.217.172.in-addr.arpa udp
GB 172.217.169.78:443 drive.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.200.14:443 play.google.com tcp
US 8.8.8.8:53 ogs.google.com udp
US 8.8.8.8:53 apis.google.com udp
US 8.8.8.8:53 ssl.gstatic.com udp
GB 172.217.16.238:443 ogs.google.com tcp
GB 216.58.213.14:443 apis.google.com tcp
GB 216.58.213.14:443 apis.google.com tcp
GB 172.217.169.3:443 ssl.gstatic.com tcp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 3.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 227.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
GB 172.217.169.3:443 ssl.gstatic.com udp
US 8.8.8.8:53 www.google.com udp
GB 172.217.16.228:443 www.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
GB 142.250.200.14:443 play.google.com udp
NL 108.177.119.84:443 accounts.google.com tcp
GB 172.217.16.228:443 www.google.com tcp
GB 172.217.16.228:443 www.google.com tcp
US 8.8.8.8:53 content.googleapis.com udp
US 8.8.8.8:53 blobcomments-pa.clients6.google.com udp
NL 108.177.119.84:443 accounts.google.com udp
GB 142.250.178.10:443 blobcomments-pa.clients6.google.com tcp
US 8.8.8.8:53 drive-thirdparty.googleusercontent.com udp
GB 142.250.178.10:443 blobcomments-pa.clients6.google.com tcp
GB 216.58.213.14:443 apis.google.com udp
US 8.8.8.8:53 14.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 3.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 84.119.177.108.in-addr.arpa udp
US 8.8.8.8:53 228.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 10.178.250.142.in-addr.arpa udp
GB 142.250.178.10:443 blobcomments-pa.clients6.google.com udp
GB 172.217.16.228:443 www.google.com udp
GB 172.217.169.10:443 content.googleapis.com udp
US 8.8.8.8:53 peoplestackwebexperiments-pa.clients6.google.com udp
GB 142.250.200.10:443 peoplestackwebexperiments-pa.clients6.google.com tcp
GB 142.250.200.10:443 peoplestackwebexperiments-pa.clients6.google.com tcp
GB 216.58.201.97:443 drive-thirdparty.googleusercontent.com tcp
GB 142.250.200.10:443 peoplestackwebexperiments-pa.clients6.google.com udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
US 8.8.8.8:53 10.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 97.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 10.200.250.142.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 drive.usercontent.google.com udp
GB 142.250.179.225:443 drive.usercontent.google.com tcp
GB 142.250.179.225:443 drive.usercontent.google.com tcp
GB 142.250.179.225:443 drive.usercontent.google.com udp
US 8.8.8.8:53 225.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
GB 142.250.200.14:443 play.google.com udp
US 8.8.8.8:53 18.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 cocojambo.collector-steal.ga udp
US 8.8.8.8:53 cocojambo.collector-steal.ga udp
GB 172.217.169.3:443 ssl.gstatic.com udp
US 8.8.8.8:53 cocojambo.collector-steal.ga udp
US 8.8.8.8:53 185.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 114.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 46.28.109.52.in-addr.arpa udp
US 8.8.8.8:53 211.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 2.173.189.20.in-addr.arpa udp
GB 172.217.169.3:443 ssl.gstatic.com udp
N/A 239.255.255.250:3702 udp
N/A 239.255.255.250:3702 udp
US 8.8.8.8:53 c.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.f.f.ip6.arpa udp
US 8.8.8.8:53 161.19.199.152.in-addr.arpa udp
GB 172.217.169.3:443 ssl.gstatic.com udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 d4c957a0a66b47d997435ead0940becf
SHA1 1aed2765dd971764b96455003851f8965e3ae07d
SHA256 53fa86fbddf4cdddab1f884c7937ba334fce81ddc59e9b2522fec2d19c7fc163
SHA512 19cd43e9756829911685916ce9ac8f0375f2f686bfffdf95a6259d8ee767d487151fc938e88b8aada5777364a313ad6b2af8bc1aa601c59f0163cbca7c108fbc

\??\pipe\LOCAL\crashpad_5220_PJGZOUQZLNIFCRQA

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 343e73b39eb89ceab25618efc0cd8c8c
SHA1 6a5c7dcfd4cd4088793de6a3966aa914a07faf4c
SHA256 6ea83db86f592a3416738a1f1de5db00cd0408b0de820256d09d9bee9e291223
SHA512 54f321405b91fe397b50597b80564cff3a4b7ccb9aaf47cdf832a0932f30a82ed034ca75a422506c7b609a95b2ed97db58d517089cd85e38187112525ca499cd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e12cdb36a7669228634a886b748833f0
SHA1 cc46f1c2c8037b209435219581ff0108e908abd6
SHA256 da33b2cd54a2b76c1d4a2cb3729b98017b4f956565ae688ba1746bee1d69949e
SHA512 b4933da5a54f93a1f192a8e1b60c4a717ddc1e621476689cca6165abcb78090aa1d26f4d59a5cd4de737d9e356fa69c31fb8b78345662ce38e3db1d71148ffc2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\Downloads\Unconfirmed 668836.crdownload

MD5 6d037001b224adbafb9203e28412528a
SHA1 060162104120846e031a246cf7d602e2803c4e94
SHA256 11509d1c300588a8176d444e1d9971db236ec3a040d57706e54a6eb8a58271ed
SHA512 4c8d2972e875414527566bc64d407dcc59974c513dd996f3f43df052d6daa9cf8531a6b1b1014978863bc80c7d273ad6bffbdec3888193eacc7749a47fa1d4b5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 70c76e255a578cd678ea20a18b755817
SHA1 251d7671f2b35a9062f9490beaa2ec4c12784719
SHA256 08c8ae4bd5bf3dc133f5b43182760cda9e61023c2e811eb570ca32bded24727b
SHA512 8f0ed32e11a09708410c5aa0e38894d038944e1d46d18c6178b1730c14ba4d024f90180f9f9fedbe3523e7a4dbfdcc94dabf168e46ac7f9c35ee7598c5ae5275

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\c225198a-1ee0-4fe5-8d07-1a9ec387dd61.tmp

MD5 99cdd7534c3ed2e08f2fd6a6556a70c4
SHA1 6446838da2e108792a1abc3b1aa007d84115684f
SHA256 0ec30881d3351f3ebcb3948ed1f4e5fdcef93ab7be0dcfb83e7848cff2bc5ab1
SHA512 6024306221a61200792732bd68c2143ca2b0bdac0f3111ab1693afe28316aa180704e50eac67c832ba17a99e9ddb9dca703535d3e72153c2905d83e29ba90011

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 6c71ebe09a5d1ca05335f2a6c918f359
SHA1 067b9a2c3db3cb472bfecc4520d64b12528279dd
SHA256 64b38b2b9894a194fcb88173c7158a581f5dbaaf86c6335442d3acf1b8e2fb35
SHA512 bb2a3f7109c22177b9d3ef38dddc84bd777a9576170dc63739dd1d8bd2886af1bac555ce2c1fe2094bba0577dcc349c7b1c0ff3f5626379b5ab6f5d4eb320061

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 065d07afe3df9faac0cfddeeb9d69b8a
SHA1 f0d1d09db7045f8e1d8fd48ebc39947e7ac2456b
SHA256 7444ab6e28843922edd051de41e81f3c2bf82742de1d001c6fb76a78f949629d
SHA512 2c53ed328d8e03e440dcf268544b5e583d93f66d44f058c15fc4c7c9c76a5316df45fb5d8b1a0473f297460fb692a4eb5551bc3c0ad708e499beab5a5b8001ce

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

MD5 6419e6d24cffe5b121a3c27353cde1e4
SHA1 4a5d43bc35d0604799ace310b8d2c1374fd5a807
SHA256 b99e536e489598fa97e6c6721ad60da1e7c7742589383dcc5f521642d35b38b3
SHA512 b82540dd4f322a2813feb2a240f0dc09879cfd7cbc962afb9fc1c8cb222da0b7b68e95c2da3453a3f5d6cf71078822727d696116de57cf108968930e921bded1

C:\Users\Admin\AppData\Local\Temp\BOFUPMJWUSFVSNIBDJEE\PKSPOJEGLU.SMFSMLXSD

MD5 72145b626f40a517e1eaeb6da867bcfc
SHA1 128bff473a3c27309cf214b500b66c07f573dc92
SHA256 51f32a627b5e47ac5a8a869b2371e75175c1c0dda577db6468eb6d60f26a4c92
SHA512 20a22c87114fb59cd818e15818e7e361691a82eb54e762df15738f041f3e126914fa698cead1308f0a6fc566a8bc67c00e53f0e426693db59aeb09cbc2efc4a1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 85fb61e313d459e88d666cb48e2b1f06
SHA1 db12aa54a1f928eebe79b581d0fc676182fbd4a3
SHA256 c58cea3bffc5f9a67f1c5e9577c17a56b176aa1bf86cc0c15f77378dd60060e6
SHA512 96777c4a60bbbe832c1165764d2edad3d9daaf5009be80ec5dad23c699b2af49404e9e241a53450e0427b9e69b8f0b003517f3a5036ae550595c09e1a71c2fac

C:\Users\Admin\AppData\Local\Temp\BOFUPMJWUSFVSNIBDJEE\NEXEWRILCY.NYTJFQMCR

MD5 c9ff7748d8fcef4cf84a5501e996a641
SHA1 02867e5010f62f97ebb0cfb32cb3ede9449fe0c9
SHA256 4d3f3194cb1133437aa69bb880c8cbb55ddf06ff61a88ca6c3f1bbfbfd35d988
SHA512 d36054499869a8f56ac8547ccd5455f1252c24e17d2b185955390b32da7e2a732ace4e0f30f9493fcc61425a2e31ed623465f998f41af69423ee0e3ed1483a73

C:\Users\Admin\AppData\Local\Temp\BOFUPMJWUSFVSNIBDJEE\NEXEWRILCY.NYTJFQMCR

MD5 02d2c46697e3714e49f46b680b9a6b83
SHA1 84f98b56d49f01e9b6b76a4e21accf64fd319140
SHA256 522cad95d3fa6ebb3274709b8d09bbb1ca37389d0a924cd29e934a75aa04c6c9
SHA512 60348a145bfc71b1e07cb35fa79ab5ff472a3d0a557741ea2d39b3772bc395b86e261bd616f65307ae0d997294e49b5548d32f11e86ef3e2704959ca63da8aac

C:\Users\Admin\AppData\Local\Temp\BOFUPMJWUSFVSNIBDJEE\NEXEWRILCY.NYTJFQMCR

MD5 f70aa3fa04f0536280f872ad17973c3d
SHA1 50a7b889329a92de1b272d0ecf5fce87395d3123
SHA256 8d782aa65de6db3538a14da82216e96d5e0a3c60496726e3541a8165bccc65f8
SHA512 30675c5c610d9aa32a4c4a4d9c3af7570823cd197f8d2a709222c78e2cd15304bbed80e233e3674ec2f6e33d1961c67fd6a46dc8ba8b1a301cd0722932c03c84

C:\Users\Admin\AppData\Local\Temp\BOFUPMJWUSFVSNIBDJEE\NEXEWRILCY.NYTJFQMCR

MD5 349e6eb110e34a08924d92f6b334801d
SHA1 bdfb289daff51890cc71697b6322aa4b35ec9169
SHA256 c9fd7be4579e4aa942e8c2b44ab10115fa6c2fe6afd0c584865413d9d53f3b2a
SHA512 2a635b815a5e117ea181ee79305ee1baf591459427acc5210d8c6c7e447be3513ead871c605eb3d32e4ab4111b2a335f26520d0ef8c1245a4af44e1faec44574

C:\Users\Admin\AppData\Local\Temp\BOFUPMJWUSFVSNIBDJEE\NSKHOR.REWUOFFUME

MD5 b5441fe5a23327d64edc743d0b08ce27
SHA1 4c74c4a30aeb44f1c111cc063accaf58cbd06629
SHA256 5a4390abf24feac5ebbf727734982078d2d44016ed5c06e6ab8a8139211dfb10
SHA512 601e73b4fdc63c930df2e548a7b63c45233ed0f7e2e82d711d4e73d12834ecda7a075fb848a3522d63f86364a950dd6e77f49233bf68e084a8a34405d6376481

C:\Users\Admin\AppData\Local\Temp\BOFUPMJWUSFVSNIBDJEE\NEXEWRILCY.NYTJFQMCR

MD5 eeb59aae5d729b4a4a76dd9026b44160
SHA1 aaef198c6b0985039ad7ef282c6b8d264dbf7c11
SHA256 2f7b41687bbe97b66ef5c4045e6a071585616fe9e10056c1a699ca362d4c1688
SHA512 a8c19a942dfc1f8580f1ab72f298ecd7d120c3aa70059aa1df29f9c5b22a461e1c6765347080d1d96419836534fe70617832b75b47bb540581e7d1c3546cad69

C:\Users\Admin\AppData\Local\Temp\BOFUPMJWUSFVSNIBDJEE\QXSJVNXXOJXIDDWLXJDSO.OLJWSOPLSUYGOGTWPTP

MD5 eb8c851f62cd4e5845825cad262c85d6
SHA1 03979d3e532e673a158b39910d53d1d4ddeeb499
SHA256 8afb18cd681eace9f4db5c4a97836a567a82c09a0cc69f0c31334555f2002100
SHA512 3615c182469a2abb2baff1d9ad5f4c12eef870b30c15c6d9209561fd5a1fcf8532c20c6c3763006351983c5c41a14c2bb4a65fea86f0719610363cf5ef694532

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 3fe9b704197848fe9233fe65a680041c
SHA1 1627ab66d409e21a06761b1f3f726fcc1799501b
SHA256 ab90a59e2b624f6c3f870f0d8514803a5407ea584141299c251a2c62b9d8e0b6
SHA512 c310cc02301b8bdffacd8aac9fd769a798008fe34a829c45c266b321c1844fd30c984d47757b2334651421a010984296c3e7585853d37e0dcdf3181954454cd5

memory/4696-275-0x00007FF87A3B0000-0x00007FF87A3C0000-memory.dmp

memory/4696-277-0x00007FF8BA330000-0x00007FF8BA525000-memory.dmp

memory/4696-279-0x00007FF8BA330000-0x00007FF8BA525000-memory.dmp

memory/4696-278-0x00007FF87A3B0000-0x00007FF87A3C0000-memory.dmp

memory/4696-280-0x00007FF87A3B0000-0x00007FF87A3C0000-memory.dmp

memory/4696-276-0x00007FF87A3B0000-0x00007FF87A3C0000-memory.dmp

memory/4696-281-0x00007FF8BA330000-0x00007FF8BA525000-memory.dmp

memory/4696-282-0x00007FF87A3B0000-0x00007FF87A3C0000-memory.dmp

memory/4696-283-0x00007FF8BA330000-0x00007FF8BA525000-memory.dmp

memory/4696-284-0x00007FF8BA330000-0x00007FF8BA525000-memory.dmp

memory/4696-285-0x00007FF8BA330000-0x00007FF8BA525000-memory.dmp

memory/4696-286-0x00007FF8BA330000-0x00007FF8BA525000-memory.dmp

memory/4696-288-0x00007FF8BA330000-0x00007FF8BA525000-memory.dmp

memory/4696-287-0x00007FF877B00000-0x00007FF877B10000-memory.dmp

memory/4696-289-0x00007FF8BA330000-0x00007FF8BA525000-memory.dmp

memory/4696-291-0x00007FF8BA330000-0x00007FF8BA525000-memory.dmp

memory/4696-290-0x00007FF877B00000-0x00007FF877B10000-memory.dmp

memory/4696-292-0x00007FF8BA330000-0x00007FF8BA525000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

MD5 3925fef38ef0a74552dde9999936b848
SHA1 8bbeddd0e2a184910c36fb877dd2d77dd7562851
SHA256 eb1437a72da979f8118bd70e28b8633080d9c5000b0c0a86eda014093f3c1e33
SHA512 7cebce7040eeffa2c14640c06f2247c6bac36914b95d1d038140990bd9f258211283a2e1ece7f8f0182d31e128b98fa2f8a1dec5a9f3a6c9087a8ef19c314ff6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 dadaa317cf22e4bcaf3d6ba94a4aebea
SHA1 cfbf9ff382114ed7a32e5c5c27b1af4926a1321c
SHA256 ff14fa5f0caaa8f5f1ac2cad627c573663eaa380c47517a3c4d512e1217c7977
SHA512 9e619f8b071479d54549726d3d21e9b2b768739edec691f89b266654ea1842c1cdce376abc7a4cb1855685b81467e311cc5951b7da94e7290ebbd8b5a2afcc2c

memory/4696-327-0x00007FF87A3B0000-0x00007FF87A3C0000-memory.dmp

memory/4696-328-0x00007FF87A3B0000-0x00007FF87A3C0000-memory.dmp

memory/4696-329-0x00007FF87A3B0000-0x00007FF87A3C0000-memory.dmp

memory/4696-330-0x00007FF87A3B0000-0x00007FF87A3C0000-memory.dmp

memory/4696-331-0x00007FF8BA330000-0x00007FF8BA525000-memory.dmp

memory/4696-332-0x00007FF8BA330000-0x00007FF8BA525000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 1967341df5d551b55ae8f7c7885893e3
SHA1 3a142a6f77a0044b34e996051bdb48a818c1eb56
SHA256 c24c4a95cff8cab3d43de0dec206dc722a88452566f14a085a34f99daacf353c
SHA512 ceb855d029620ec24ab5fb05831f32828d419830d1093e26439cc1365a1a50c85969361f230fb21e1cb0e2b45b63f2281aab9f313abf98e4c17998bdc70fd42a

C:\vcredist2010_x64.log.html

MD5 43024d49fa948752267fe671633fed7c
SHA1 b2ff13c5ae8ec98d0306dd2ff8342646f2d07a11
SHA256 0eeb0536ad7542dac9140a41441f6d6857480b51d986a610175dcf10bf47e713
SHA512 ed1de12c38bfcf79efa928db106e4dba8c46b2a76af6a2a00e36ec01f2ed8d100eb0b283bc26b9977f1e8f14e522ae92ebaa98f9f712adb1bd4113894c698b2a

C:\vcredist2010_x64.log-MSI_vc_red.msi.txt

MD5 a05506a7cb3f469014f80fc863cc0256
SHA1 7db78a9af94798da45d645bc5a2e32b2a4d2458b
SHA256 c4dbf4386bf533677a75c02df882dd7ef59db047863709899740d88efbcbd324
SHA512 50e70e78d57f3193046172ce27df17c3f32b10f8a21ec15e9e12aa061fe9f886a328fba00b2bc1f444cf9e07435de23b01092492db32eef57abaf11275064b79

C:\vcredist2010_x86.log.html

MD5 5da5a3376ed064b6318e05e2f30b3bd5
SHA1 8082e0fd9a0a9a37c7ef6bfac65ad3b728c7c7fb
SHA256 f7809858e32d21d6cdc165a6070550fbe5edf8c6d75cf3ccc411ba3e023e4ea2
SHA512 a465fb6104b9a670c64d768d775deb5826e2d6d59025845171a3a7e909146561e1b818983d4ee344c61f80931467cee8e090e172649d1c52125a0e2b617478e6

C:\vcredist2010_x86.log-MSI_vc_red.msi.txt

MD5 080f56eb3d4c35b3b410ad599c001373
SHA1 c5d0c36aae490d8e6cee6bc2929eb508d4918a62
SHA256 2fd58149afa9ef0159f167db7f65002f1513ec4d7d4e2e2f54a66fb7cf880d5b
SHA512 a98d6c01891bcfe201d9c08b4ee58ab6044c24ca0734eb7cebf77a5cb797e3e3e5caba10ced088c22c41d76daa8bb01ecdf7b6db517e6ec8edc33f0487bee61c

C:\vcredist2012_x64_0_vcRuntimeMinimum_x64.log

MD5 c6423e869522fc1f095c69335c7aad60
SHA1 5c0472e15642c36ba3a2fe2a0ce3a8bb1c43bbed
SHA256 587e21162879f1a1f15042f0d14c57b3ef98ba16ed2fe4c2dfdac1ade2f91517
SHA512 3e49987e64e3b9e4f33a2fd244c1053cb2172ec0974906d56f900b4d50bfa99dba62a7f1248a5c6335e35821ce114bc8a739f71dabeaafc0d1516897f873916f

C:\vcredist2012_x64_1_vcRuntimeAdditional_x64.log

MD5 aef783ff172efd6470c20af8f35843d0
SHA1 0ad1c3d12faf46cb4e8923c9c914ec93530315db
SHA256 9f5e21adf2f0be437c6135cd856c57e7ad69d29923b31dfca2fbd7f766249f91
SHA512 cfe9bcbc45d26925876f8bf01c384e10875640f1ce9d015ed99928ab70badb608577909f86d0559b1e6d211dedad460ad700abae03a2eb1a6262ca26433b51ff

C:\vcredist2012_x86_0_vcRuntimeMinimum_x86.log

MD5 e7cc72cad72f1aa24a0b4492f400707d
SHA1 2cc8917f6d00c9f07a9bf76da7ec959632e73b68
SHA256 31581c80a57ef42f9a527fcdb48276ab9be946ac90027bfa97c10392eb521c34
SHA512 63eb6f5a8da2cf5e6e6cc0c384ab700c0c65483ee33232ab2aeeded086fd2cfc98bb3be208f086a1a5ca39581fb443a533627b90f0aaac05158278be87c4a560

C:\vcredist2012_x86_1_vcRuntimeAdditional_x86.log

MD5 4ffef47f06dd7668580043147e20bb54
SHA1 c8d39728be1199f8d15a0d975702ef92fde51ae1
SHA256 5dbb5de852dac098b736a16c0f0dace46049310653b7c615f55d8b023179d5a4
SHA512 f42d08c007d6803089f6b0c7f2959f389a692d83c9adaed34fd131675e1d04673885b8c2e2dfe010d43b646ae16359e1f7f3b634c7031278fe2114b1ce8c10f8

C:\vcredist2013_x86_000_vcRuntimeMinimum_x86.log

MD5 0a4dbaeeee2c723da7ded96f0b15c1e6
SHA1 a2dcaf38336c6e53e30a7e48ffc4aa0dbd2d9fe4
SHA256 80e8737e51914831e035f4911b145b5c111f2e252cdc36e988e36566c1f4fb47
SHA512 cae4b84935f20aa2506dd1bff3d31f5256d7c255937d49cd0c0661fc7a114494fee0e12862797f743399ac1ff9d99484cbe3d97af8a554dc92e4d5bbaa3ada96

C:\vcredist2013_x64_001_vcRuntimeAdditional_x64.log

MD5 b9ce1f054e230609b22b162eafae55ff
SHA1 95395b742a90f951df702f68c58f0acf14c2ab7a
SHA256 4a641451f2714116ccbef763369fec32c623de01e957169c22bbb8cef3da1f07
SHA512 3e295227f9bf874f115f2de61fc98c82a7d59e2ea7c6df8c7ad0648d53e1b0e80caa85b2497c110937cf0fd1173fbef88c48c4d5741ac7d516e8ca226f430593

C:\vcredist2013_x64_000_vcRuntimeMinimum_x64.log

MD5 1e9b52af6bdd1db6634d4c206b605812
SHA1 59eef438af5740b5c67789eb22b27238a017ecc5
SHA256 cbe9031229076f9ee1546d8ca681cb675216a0d8b3a2e2b5ff41a2ab7f9e8c6f
SHA512 6c7f8e2d5070690d5d91819bc8e649f95be7211e9a19e1d5d707f07c53e6f9580f6692e04920af4debdbb15a6b9694dadc292417a7b50a7a784e7a114636995d

C:\vcredist2013_x86_001_vcRuntimeAdditional_x86.log

MD5 db409a324e351811838749106390b3b6
SHA1 48b048e9ef5fd2b96c03a062339e45bdf90f968e
SHA256 72da53d1411b36d5530ff76ed095ac2f85ff3e81db7d0427e17125d2fa34f10c
SHA512 3fa005682c9a2725f95427dc80ec001441b08127926bedc43194f7e75d678df37e9169427705f238f5460ea8dfaf99a2a7ba9b7033dd3c09caa3db0d29195d29

C:\vcredist2022_x64_000_vcRuntimeMinimum_x64.log

MD5 9d2898481f1beee33891a97078bf93f4
SHA1 29003161b2a675edc2e91ebbbd902288f10c3d6f
SHA256 dd53da01045c50c58068756bb1a4fe103e4b20acf17e8c5a2e5a6186dff98e5c
SHA512 4d1914ecd98eff0e1e6ec92c74db825bba3b3598823f300d51cc53a9b92fb746980cc016b4fcbca3376440e7d0336766b8ebacebb46cf0d6f7d88560a75d81ae

C:\vcredist2022_x64_001_vcRuntimeAdditional_x64.log

MD5 151dd8739a7dcc234dbe478f7d6993ab
SHA1 7d55528fcde199760541728137f94ef33bab21dc
SHA256 968e10f09d86c2b92d6133587d168aef7c922435727e56f885a70603dce674c6
SHA512 d57fe8b7211df1592c544b85f705c79ff0cf0a55d95e014309c7d77f384d0ef813a7d0fd1811e7f5f1e4e8e077b28e73ab566a6831fc904aad3830486f6a11a9