Malware Analysis Report

2025-06-16 05:44

Sample ID 240301-3dtsbaeh41
Target http://www.tekdefense.com/downloads/malware-samples
Tags
asyncrat rat
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file http://www.tekdefense.com/downloads/malware-samples was found to be: Known bad.

Malicious Activity Summary

asyncrat rat

AsyncRat

Legitimate hosting services abused for malware hosting/C2

Drops file in System32 directory

Program crash

Modifies Internet Explorer settings

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: GetForegroundWindowSpam

Opens file in notepad (likely ransom note)

Suspicious use of SendNotifyMessage

Suspicious use of FindShellTrayWindow

Enumerates system info in registry

Modifies registry class

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SetWindowsHookEx

Checks processor information in registry

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-03-01 23:24

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-03-01 23:24

Reported

2024-03-01 23:40

Platform

win10v2004-20240226-en

Max time kernel

968s

Max time network

955s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.tekdefense.com/downloads/malware-samples

Signatures

AsyncRat

rat asyncrat

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A camo.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat C:\Windows\System32\svchost.exe N/A
File created C:\Windows\system32\perfh009.dat C:\Windows\system32\lodctr.exe N/A
File created C:\Windows\system32\perfc00C.dat C:\Windows\system32\lodctr.exe N/A
File created C:\Windows\system32\perfh010.dat C:\Windows\system32\lodctr.exe N/A
File created C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSStmp.log C:\Windows\System32\svchost.exe N/A
File created C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSSres00001.jrs C:\Windows\System32\svchost.exe N/A
File created C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSSres00002.jrs C:\Windows\System32\svchost.exe N/A
File created C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.jfm C:\Windows\System32\svchost.exe N/A
File created C:\Windows\system32\perfh007.dat C:\Windows\system32\lodctr.exe N/A
File created C:\Windows\system32\perfh00C.dat C:\Windows\system32\lodctr.exe N/A
File created C:\Windows\system32\perfc010.dat C:\Windows\system32\lodctr.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.jcp C:\Windows\System32\svchost.exe N/A
File created C:\Windows\system32\perfc007.dat C:\Windows\system32\lodctr.exe N/A
File created C:\Windows\system32\perfc009.dat C:\Windows\system32\lodctr.exe N/A
File created C:\Windows\system32\perfh00A.dat C:\Windows\system32\lodctr.exe N/A
File created C:\Windows\system32\perfh011.dat C:\Windows\system32\lodctr.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat C:\Windows\System32\svchost.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.log C:\Windows\System32\svchost.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.jtx C:\Windows\System32\svchost.exe N/A
File created C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.chk C:\Windows\System32\svchost.exe N/A
File created C:\Windows\system32\perfc00A.dat C:\Windows\system32\lodctr.exe N/A
File created C:\Windows\system32\perfc011.dat C:\Windows\system32\lodctr.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.chk C:\Windows\System32\svchost.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings C:\Windows\system32\mspaint.exe N/A
Key created \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\.md C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\md_auto_file\shell\open\command C:\Windows\system32\OpenWith.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\.sln\ = "sln_auto_file" C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\.md\ = "md_auto_file" C:\Windows\system32\OpenWith.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\户ﲭༀ耀\ = "md_auto_file" C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\md_auto_file\shell\open C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\.sln C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\sln_auto_file C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\sln_auto_file\shell C:\Windows\system32\OpenWith.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\md_auto_file\shell\open\command\ = "%SystemRoot%\\system32\\NOTEPAD.EXE %1" C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\sln_auto_file\shell\Read\command\ = "\"C:\\Program Files (x86)\\Adobe\\Acrobat Reader DC\\Reader\\AcroRd32.exe\" \"%1\"" C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\md_auto_file\shell\edit C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\md_auto_file\shell C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\md_auto_file\shell\edit\command C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\sln_auto_file\shell\Read C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\户ﲭༀ耀 C:\Windows\system32\OpenWith.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\md_auto_file\shell\edit\command\ = "%SystemRoot%\\system32\\NOTEPAD.EXE %1" C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-275798769-4264537674-1142822080-1000\{BBE533D7-E4D3-4684-B365-53D94B07E5B8} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\md_auto_file C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\sln_auto_file\shell\Read\command C:\Windows\system32\OpenWith.exe N/A

Opens file in notepad (likely ransom note)

ransomware
Description Indicator Process Target
N/A N/A C:\Windows\system32\NOTEPAD.EXE N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\system32\mspaint.exe N/A
N/A N/A C:\Windows\system32\mspaint.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\Downloads\COMPILED\AsyncRAT\AsyncRAT.exe N/A
N/A N/A C:\Users\Admin\Downloads\COMPILED\AsyncRAT\AsyncRAT.exe N/A
N/A N/A C:\Users\Admin\Downloads\COMPILED\AsyncRAT\AsyncRAT.exe N/A
N/A N/A C:\Users\Admin\Downloads\COMPILED\AsyncRAT\AsyncRAT.exe N/A
N/A N/A C:\Users\Admin\Downloads\COMPILED\AsyncRAT\AsyncRAT.exe N/A
N/A N/A C:\Users\Admin\Downloads\COMPILED\AsyncRAT\AsyncRAT.exe N/A
N/A N/A C:\Users\Admin\Downloads\COMPILED\AsyncRAT\AsyncRAT.exe N/A
N/A N/A C:\Users\Admin\Downloads\COMPILED\AsyncRAT\AsyncRAT.exe N/A
N/A N/A C:\Users\Admin\Downloads\COMPILED\AsyncRAT\AsyncRAT.exe N/A
N/A N/A C:\Users\Admin\Downloads\COMPILED\AsyncRAT\AsyncRAT.exe N/A
N/A N/A C:\Users\Admin\Downloads\COMPILED\AsyncRAT\AsyncRAT.exe N/A
N/A N/A C:\Users\Admin\Downloads\COMPILED\AsyncRAT\AsyncRAT.exe N/A
N/A N/A C:\Users\Admin\Downloads\COMPILED\AsyncRAT\AsyncRAT.exe N/A
N/A N/A C:\Users\Admin\Downloads\COMPILED\AsyncRAT\AsyncRAT.exe N/A
N/A N/A C:\Users\Admin\Downloads\COMPILED\AsyncRAT\AsyncRAT.exe N/A
N/A N/A C:\Users\Admin\Downloads\COMPILED\AsyncRAT\AsyncRAT.exe N/A
N/A N/A C:\Users\Admin\Downloads\COMPILED\AsyncRAT\AsyncRAT.exe N/A
N/A N/A C:\Users\Admin\Downloads\COMPILED\AsyncRAT\AsyncRAT.exe N/A
N/A N/A C:\Users\Admin\Downloads\COMPILED\AsyncRAT\AsyncRAT.exe N/A
N/A N/A C:\Users\Admin\Downloads\COMPILED\AsyncRAT\AsyncRAT.exe N/A
N/A N/A C:\Users\Admin\Downloads\COMPILED\AsyncRAT\AsyncRAT.exe N/A
N/A N/A C:\Users\Admin\Downloads\COMPILED\AsyncRAT\AsyncRAT.exe N/A
N/A N/A C:\Users\Admin\Downloads\COMPILED\AsyncRAT\AsyncRAT.exe N/A
N/A N/A C:\Users\Admin\Downloads\COMPILED\AsyncRAT\AsyncRAT.exe N/A
N/A N/A C:\Users\Admin\Downloads\COMPILED\AsyncRAT\AsyncRAT.exe N/A
N/A N/A C:\Users\Admin\Downloads\COMPILED\AsyncRAT\AsyncRAT.exe N/A
N/A N/A C:\Users\Admin\Downloads\COMPILED\AsyncRAT\AsyncRAT.exe N/A
N/A N/A C:\Users\Admin\Downloads\COMPILED\AsyncRAT\AsyncRAT.exe N/A
N/A N/A C:\Users\Admin\Downloads\COMPILED\AsyncRAT\AsyncRAT.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Users\Admin\Downloads\COMPILED\AsyncRAT\AsyncRAT.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\Downloads\COMPILED\AsyncRAT\AsyncRAT.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\Downloads\COMPILED\AsyncRAT\AsyncRAT.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\mspaint.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4504 wrote to memory of 5024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4504 wrote to memory of 5024 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4504 wrote to memory of 2496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4504 wrote to memory of 2496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4504 wrote to memory of 2496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4504 wrote to memory of 2496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4504 wrote to memory of 2496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4504 wrote to memory of 2496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4504 wrote to memory of 2496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4504 wrote to memory of 2496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4504 wrote to memory of 2496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4504 wrote to memory of 2496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4504 wrote to memory of 2496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4504 wrote to memory of 2496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4504 wrote to memory of 2496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4504 wrote to memory of 2496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4504 wrote to memory of 2496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4504 wrote to memory of 2496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4504 wrote to memory of 2496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4504 wrote to memory of 2496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4504 wrote to memory of 2496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4504 wrote to memory of 2496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4504 wrote to memory of 2496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4504 wrote to memory of 2496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4504 wrote to memory of 2496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4504 wrote to memory of 2496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4504 wrote to memory of 2496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4504 wrote to memory of 2496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4504 wrote to memory of 2496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4504 wrote to memory of 2496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4504 wrote to memory of 2496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4504 wrote to memory of 2496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4504 wrote to memory of 2496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4504 wrote to memory of 2496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4504 wrote to memory of 2496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4504 wrote to memory of 2496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4504 wrote to memory of 2496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4504 wrote to memory of 2496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4504 wrote to memory of 2496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4504 wrote to memory of 2496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4504 wrote to memory of 2496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4504 wrote to memory of 2496 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4504 wrote to memory of 652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4504 wrote to memory of 652 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4504 wrote to memory of 3892 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4504 wrote to memory of 3892 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4504 wrote to memory of 3892 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4504 wrote to memory of 3892 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4504 wrote to memory of 3892 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4504 wrote to memory of 3892 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4504 wrote to memory of 3892 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4504 wrote to memory of 3892 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4504 wrote to memory of 3892 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4504 wrote to memory of 3892 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4504 wrote to memory of 3892 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4504 wrote to memory of 3892 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4504 wrote to memory of 3892 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4504 wrote to memory of 3892 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4504 wrote to memory of 3892 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4504 wrote to memory of 3892 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4504 wrote to memory of 3892 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4504 wrote to memory of 3892 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4504 wrote to memory of 3892 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4504 wrote to memory of 3892 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.tekdefense.com/downloads/malware-samples

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd753846f8,0x7ffd75384708,0x7ffd75384718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,2041617895120548667,15111619205825486625,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,2041617895120548667,15111619205825486625,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,2041617895120548667,15111619205825486625,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2041617895120548667,15111619205825486625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2144 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2041617895120548667,15111619205825486625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,2041617895120548667,15111619205825486625,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5336 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,2041617895120548667,15111619205825486625,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5336 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2140,2041617895120548667,15111619205825486625,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5348 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2041617895120548667,15111619205825486625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2140,2041617895120548667,15111619205825486625,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5652 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2041617895120548667,15111619205825486625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6168 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2140,2041617895120548667,15111619205825486625,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6164 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2041617895120548667,15111619205825486625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6464 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2140,2041617895120548667,15111619205825486625,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1764 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2041617895120548667,15111619205825486625,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2041617895120548667,15111619205825486625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6336 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2041617895120548667,15111619205825486625,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6784 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2041617895120548667,15111619205825486625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2041617895120548667,15111619205825486625,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6444 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2041617895120548667,15111619205825486625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6708 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2041617895120548667,15111619205825486625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2041617895120548667,15111619205825486625,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7008 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2041617895120548667,15111619205825486625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6760 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2140,2041617895120548667,15111619205825486625,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=1656 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2140,2041617895120548667,15111619205825486625,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6788 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2041617895120548667,15111619205825486625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6008 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2041617895120548667,15111619205825486625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6604 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2041617895120548667,15111619205825486625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1364 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2041617895120548667,15111619205825486625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2140,2041617895120548667,15111619205825486625,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4136 /prefetch:8

C:\Windows\system32\mspaint.exe

"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_Malware-Sample-Sources-main.zip\Malware-Sample-Sources-main\contrib\VirusSamples-logo.png" /ForceBootstrapPaint3D

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s DsSvc

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Temp1_Malware-Sample-Sources-main.zip\Malware-Sample-Sources-main\README.md

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,2041617895120548667,15111619205825486625,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4688 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2140,2041617895120548667,15111619205825486625,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=1356 /prefetch:8

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Temp1_Malware-Sample-Sources-main.zip\Malware-Sample-Sources-main\README.md

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2041617895120548667,15111619205825486625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4632 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2041617895120548667,15111619205825486625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6876 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2041617895120548667,15111619205825486625,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2041617895120548667,15111619205825486625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2041617895120548667,15111619205825486625,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2041617895120548667,15111619205825486625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6944 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2041617895120548667,15111619205825486625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2588 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2041617895120548667,15111619205825486625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2041617895120548667,15111619205825486625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x490 0x4ec

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2041617895120548667,15111619205825486625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6496 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2041617895120548667,15111619205825486625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6916 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2041617895120548667,15111619205825486625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6796 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2041617895120548667,15111619205825486625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6356 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2041617895120548667,15111619205825486625,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6428 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2041617895120548667,15111619205825486625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6212 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2041617895120548667,15111619205825486625,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6404 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2041617895120548667,15111619205825486625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7036 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2140,2041617895120548667,15111619205825486625,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5728 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2041617895120548667,15111619205825486625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2140,2041617895120548667,15111619205825486625,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6280 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2041617895120548667,15111619205825486625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2041617895120548667,15111619205825486625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3096 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2041617895120548667,15111619205825486625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7736 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2041617895120548667,15111619205825486625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8080 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2140,2041617895120548667,15111619205825486625,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2041617895120548667,15111619205825486625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4788 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2140,2041617895120548667,15111619205825486625,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2664 /prefetch:8

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_Mass-RAT-master.zip\Mass-RAT-master\Mass-RAT.sln"

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=CBADA897FB50F825173BB3C6F7EF439C --mojo-platform-channel-handle=1752 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=2EA8CFE438832D5D69FF014369AD503A --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=2EA8CFE438832D5D69FF014369AD503A --renderer-client-id=2 --mojo-platform-channel-handle=1744 --allow-no-sandbox-job /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=594B78CDCD6649D915C5F054F045703B --mojo-platform-channel-handle=2296 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=FE4248204023F3ACD64F4D47E7B7528E --mojo-platform-channel-handle=2420 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe

"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=799E0BDCEB0B2A40E2E2C354023BD2C4 --mojo-platform-channel-handle=2324 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Temp1_Mass-RAT-master.zip\Mass-RAT-master\README.md

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Temp1_Lime-RAT-master.zip\Lime-RAT-master\.gitattributes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2041617895120548667,15111619205825486625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3140 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2140,2041617895120548667,15111619205825486625,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7888 /prefetch:8

C:\Users\Admin\Downloads\COMPILED\AsyncRAT\AsyncRAT.exe

"C:\Users\Admin\Downloads\COMPILED\AsyncRAT\AsyncRAT.exe"

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Users\Admin\Downloads\COMPILED\AsyncRAT\Stub\Stub.exe

"C:\Users\Admin\Downloads\COMPILED\AsyncRAT\Stub\Stub.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 176 -p 4920 -ip 4920

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4920 -s 772

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\COMPILED\AsyncRAT\Fixer.bat" "

C:\Windows\system32\lodctr.exe

lodctr /r

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\COMPILED\AsyncRAT\AsyncRAT.exe.config

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2140,2041617895120548667,15111619205825486625,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5016 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd753846f8,0x7ffd75384708,0x7ffd75384718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2016,1051484208724173552,8720833617908248491,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2028 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2016,1051484208724173552,8720833617908248491,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2016,1051484208724173552,8720833617908248491,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2768 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,1051484208724173552,8720833617908248491,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3460 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,1051484208724173552,8720833617908248491,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3484 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,1051484208724173552,8720833617908248491,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,1051484208724173552,8720833617908248491,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2016,1051484208724173552,8720833617908248491,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3476 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2016,1051484208724173552,8720833617908248491,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3476 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2016,1051484208724173552,8720833617908248491,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3888 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,1051484208724173552,8720833617908248491,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3532 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,1051484208724173552,8720833617908248491,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,1051484208724173552,8720833617908248491,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,1051484208724173552,8720833617908248491,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6020 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,1051484208724173552,8720833617908248491,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,1051484208724173552,8720833617908248491,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 www.tekdefense.com udp
US 198.185.159.160:80 www.tekdefense.com tcp
US 198.185.159.160:80 www.tekdefense.com tcp
US 198.185.159.160:80 www.tekdefense.com tcp
US 198.185.159.160:80 www.tekdefense.com tcp
US 198.185.159.160:80 www.tekdefense.com tcp
US 198.185.159.160:80 www.tekdefense.com tcp
US 8.8.8.8:53 194.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 160.159.185.198.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 www.paypalobjects.com udp
SE 192.229.221.25:443 www.paypalobjects.com tcp
SE 192.229.221.25:443 www.paypalobjects.com tcp
US 8.8.8.8:53 bruteforce.gr udp
US 8.8.8.8:53 infosecalways.com udp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
US 8.8.8.8:53 pentestlab.wordpress.com udp
US 8.8.8.8:53 securabit.com udp
US 8.8.8.8:53 thenewtech.tv udp
IE 74.125.193.95:80 ajax.googleapis.com tcp
US 8.8.8.8:53 www.joshuagauthier.com udp
IE 74.125.193.138:80 www.google-analytics.com tcp
IE 74.125.193.95:80 ajax.googleapis.com tcp
IE 209.85.202.95:80 fonts.googleapis.com tcp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 138.193.125.74.in-addr.arpa udp
US 8.8.8.8:53 25.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 95.193.125.74.in-addr.arpa udp
IE 209.85.202.95:80 fonts.googleapis.com tcp
IE 209.85.203.94:80 fonts.gstatic.com tcp
US 8.8.8.8:53 feedproxy.google.com udp
US 8.8.8.8:53 www.novainfosec.com udp
US 8.8.8.8:53 www.room362.com udp
US 8.8.8.8:53 www.securitytube.net udp
US 8.8.8.8:53 www.twitter.com udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 95.202.85.209.in-addr.arpa udp
US 8.8.8.8:53 94.203.85.209.in-addr.arpa udp
US 8.8.8.8:53 static1.1.sqspcdn.com udp
US 151.101.0.238:80 static1.1.sqspcdn.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 238.0.101.151.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 198.185.159.160:80 www.tekdefense.com tcp
GB 92.123.128.133:443 www.bing.com tcp
GB 92.123.128.133:443 www.bing.com tcp
US 8.8.8.8:53 133.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 r.bing.com udp
GB 92.123.128.164:443 r.bing.com tcp
GB 92.123.128.181:443 r.bing.com tcp
GB 92.123.128.181:443 r.bing.com tcp
GB 92.123.128.164:443 r.bing.com tcp
US 8.8.8.8:53 181.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 164.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 login.microsoftonline.com udp
IE 40.126.31.71:443 login.microsoftonline.com tcp
US 8.8.8.8:53 services.bingapis.com udp
US 13.107.5.80:443 services.bingapis.com tcp
US 8.8.8.8:53 80.5.107.13.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
DE 140.82.121.4:443 github.com tcp
DE 140.82.121.4:443 github.com tcp
US 8.8.8.8:53 4.121.82.140.in-addr.arpa udp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 8.8.8.8:53 camo.githubusercontent.com udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 185.199.110.133:443 raw.githubusercontent.com tcp
US 185.199.110.133:443 raw.githubusercontent.com tcp
US 185.199.110.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 154.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 133.110.199.185.in-addr.arpa udp
US 8.8.8.8:53 collector.github.com udp
US 140.82.112.21:443 collector.github.com tcp
US 140.82.112.21:443 collector.github.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 api.github.com udp
DE 140.82.121.6:443 api.github.com tcp
US 8.8.8.8:53 21.112.82.140.in-addr.arpa udp
US 8.8.8.8:53 6.121.82.140.in-addr.arpa udp
US 8.8.8.8:53 codeload.github.com udp
DE 140.82.121.10:443 codeload.github.com tcp
US 8.8.8.8:53 10.121.82.140.in-addr.arpa udp
US 8.8.8.8:53 29.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 aefd.nelreports.net udp
GB 88.221.135.107:443 aefd.nelreports.net tcp
GB 88.221.135.107:443 aefd.nelreports.net udp
US 8.8.8.8:53 107.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 89.65.42.20.in-addr.arpa udp
US 8.8.8.8:53 api.github.com udp
DE 140.82.121.6:443 api.github.com tcp
US 8.8.8.8:53 api.github.com udp
DE 140.82.121.5:443 api.github.com tcp
US 8.8.8.8:53 5.121.82.140.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
DE 140.82.121.4:443 github.com tcp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 81.171.91.138.in-addr.arpa udp
US 8.8.8.8:53 us-cert.cisa.gov udp
GB 104.84.93.133:443 us-cert.cisa.gov tcp
GB 104.84.93.133:443 us-cert.cisa.gov tcp
US 8.8.8.8:53 www.cisa.gov udp
GB 104.84.93.133:443 www.cisa.gov tcp
US 8.8.8.8:53 133.93.84.104.in-addr.arpa udp
GB 104.84.93.133:443 www.cisa.gov tcp
GB 104.84.93.133:443 www.cisa.gov tcp
GB 104.84.93.133:443 www.cisa.gov tcp
GB 104.84.93.133:443 www.cisa.gov tcp
GB 104.84.93.133:443 www.cisa.gov tcp
US 8.8.8.8:53 cse.google.com udp
US 8.8.8.8:53 www.dhs.gov udp
US 8.8.8.8:53 dap.digitalgov.gov udp
GB 104.84.76.115:443 www.dhs.gov tcp
IE 13.224.68.106:443 dap.digitalgov.gov tcp
US 8.8.8.8:53 www.google.com udp
IE 74.125.193.103:443 www.google.com tcp
US 8.8.8.8:53 s.go-mpulse.net udp
GB 2.19.168.132:443 s.go-mpulse.net tcp
US 8.8.8.8:53 76.140.162.3.in-addr.arpa udp
US 8.8.8.8:53 106.68.224.13.in-addr.arpa udp
US 8.8.8.8:53 103.193.125.74.in-addr.arpa udp
US 8.8.8.8:53 97.202.85.209.in-addr.arpa udp
US 8.8.8.8:53 115.76.84.104.in-addr.arpa udp
US 8.8.8.8:53 132.168.19.2.in-addr.arpa udp
US 8.8.8.8:53 c.go-mpulse.net udp
GB 23.39.224.128:443 c.go-mpulse.net tcp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 128.224.39.23.in-addr.arpa udp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
US 216.239.32.36:443 region1.google-analytics.com udp
GB 92.123.128.161:443 www.bing.com tcp
US 8.8.8.8:53 161.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 r.bing.com udp
GB 92.123.128.146:443 r.bing.com tcp
GB 92.123.128.146:443 r.bing.com tcp
GB 92.123.128.161:443 r.bing.com tcp
GB 92.123.128.161:443 r.bing.com tcp
US 8.8.8.8:53 146.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 tse4.mm.bing.net udp
US 8.8.8.8:53 aefd.nelreports.net udp
GB 88.221.134.139:443 aefd.nelreports.net udp
US 8.8.8.8:53 139.134.221.88.in-addr.arpa udp
GB 92.123.128.161:443 r.bing.com tcp
US 8.8.8.8:53 github.com udp
DE 140.82.121.4:443 github.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 api.github.com udp
DE 140.82.121.6:443 api.github.com tcp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 github.com udp
DE 140.82.121.4:443 github.com tcp
US 8.8.8.8:53 api.github.com udp
DE 140.82.121.5:443 api.github.com tcp
DE 140.82.121.5:443 api.github.com tcp
DE 140.82.121.4:443 github.com tcp
DE 140.82.121.5:443 api.github.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
GB 92.123.128.161:443 www.bing.com tcp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
GB 92.123.128.194:443 th.bing.com tcp
GB 92.123.128.194:443 th.bing.com tcp
GB 92.123.128.180:443 th.bing.com tcp
GB 92.123.128.180:443 th.bing.com tcp
US 8.8.8.8:53 194.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 180.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 repository-images.githubusercontent.com udp
US 8.8.8.8:53 codeload.github.com udp
DE 140.82.121.9:443 codeload.github.com tcp
US 8.8.8.8:53 9.121.82.140.in-addr.arpa udp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 github.com udp
DE 140.82.121.3:443 github.com tcp
US 8.8.8.8:53 3.121.82.140.in-addr.arpa udp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 api.github.com udp
DE 140.82.121.5:443 api.github.com tcp
US 8.8.8.8:53 objects.githubusercontent.com udp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 collector.github.com udp
DE 140.82.121.5:443 api.github.com tcp
US 140.82.114.22:443 collector.github.com tcp
US 8.8.8.8:53 22.114.82.140.in-addr.arpa udp
GB 92.123.128.181:443 www.bing.com tcp
US 8.8.8.8:53 github.com udp
DE 140.82.121.3:443 github.com tcp
US 185.199.110.133:443 objects.githubusercontent.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 collector.github.com udp
US 8.8.8.8:53 api.github.com udp
US 140.82.113.21:443 collector.github.com tcp
DE 140.82.121.5:443 api.github.com tcp
US 8.8.8.8:53 21.113.82.140.in-addr.arpa udp
DE 140.82.121.5:443 api.github.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 1eb86108cb8f5a956fdf48efbd5d06fe
SHA1 7b2b299f753798e4891df2d9cbf30f94b39ef924
SHA256 1b53367e0041d54af89e7dd59733231f5da1393c551ed2b943c89166c0baca40
SHA512 e2a661437688a4a01a6eb3b2bd7979ecf96b806f5a487d39354a7f0d44cb693a3b1c2cf6b1247b04e4106cc816105e982569572042bdddb3cd5bec23b4fce29d

\??\pipe\LOCAL\crashpad_4504_KZHFYGWZXWIAJMLP

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 f35bb0615bb9816f562b83304e456294
SHA1 1049e2bd3e1bbb4cea572467d7c4a96648659cb4
SHA256 05e80abd624454e5b860a08f40ddf33d672c3fed319aac180b7de5754bc07b71
SHA512 db9100f3e324e74a9c58c7d9f50c25eaa4c6c4553c93bab9b80c6f7bef777db04111ebcd679f94015203b240fe9f4f371cae0d4290ec891a4173c746ff4b11c1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5587a379781ef21c71d3ed6ded7eac59
SHA1 4992cd6966b234ea6d31938b270f52d51bf2fd66
SHA256 7a08bb96eb1934a9b813a19db30c8e80cd9d908f8cf70fde07994187a52904e0
SHA512 cd5af549b3ca276f457b846c88d762f22c48a502eed2f86679fc7818e0d88f0532c1ad71f9bec2c0ccd5c6e0c8d9b37c30355a187ce5fe06d6b339b5590fccf4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d0d41b3a2824af9dd513127920732c0d
SHA1 c3f9c6322e3b5f46500d36d55c07044d4b7659e9
SHA256 819f5d32a8bdc78499037e93e8d4c716ed6051f55d5ca9e51948bc9c5912dd29
SHA512 a628093e2e83f8b3ad7c92c7ae0968dd5c4734b68dc2ca9e08653220bc156ea6db97c3ccbe11e949c37627dc5a400fc3580035e3e07984cd49435d7d7227a86e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 52b32d82c08850604300b5d03727a1d0
SHA1 b15848f35e51a708fde38e4727040c54ae01d7b1
SHA256 15faefa7ddda2ebc4442a17644531a31acdc34cc9799faf7bf518c23d0dd63ed
SHA512 36e83e5e5ea933ff5fbdf00dcd966473f88691cc10cde9ba9c56d96d1424f3861422aee7cfef35f8f67c00a1d51ff892a868da2f16a25396ceece2449e48694d

C:\Users\Admin\Downloads\854137.exe.zip

MD5 4a2995c31077d6ecf95e15ee1e72489f
SHA1 0f6845417c93380961932c305713106e8dacc83f
SHA256 4967fa8105bb39ff58c2ebd2dcb9e3767f7ccc8713f36f73627eaaeaad28a1f6
SHA512 a98be9aed7076c07e5b1941b95cdeddd695b8d1991b892b45f55cba59b206a92e02595769c102c5e1c7178ae1a379f288eabe06af302b33a1ab64a7683b961cc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 070dbc4ace13a229be078dd89e39ccfa
SHA1 216b2d7e060098b6797a465a0948771aca5505bb
SHA256 6a48e841bd92fdf13a7784b4ec28d9f9ebe30b5ac1aa919537f74287fc50dbca
SHA512 2c79daa227f0c2f1890a2f93e13820a55f8d675ba25a992e7c76d5709a9ebe2fc42f8423021e2f9e0f2c3e9ea9c6380b492126a09a7bc4332c3fa0574392f034

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 93b9a31e0ed2ca710018e704aaf4011c
SHA1 912a3bef5a32957ad7cdc0f90f1f96d230a7e994
SHA256 ce8eda237e09c99e4be626bdaddfeb1d7c394c9ec1d5775e676a06fe2f19fa74
SHA512 46e0807e7d96617da16d5ac824e1426c7c4465e67c113b824bda7b2fba9c417a4505baeae5d35d915d29b558613cd1980cfe5437c20eef00369eba7708fce075

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 78635c147ffab18983c52ea8900da7d0
SHA1 216a9e431d15e2ddb8c5ac46d885001ae8d6494b
SHA256 614a9bf7cbc78f22beef4a51f02ebd56caadf4d3d01f7c6f5e70b58f15473a63
SHA512 b1b692489e5faeb095a24de2a33f5999b54756495077a3098ac40c6a2df09b8abed7970ccf6f9929cf03e2fff5e38518e75e33c04b485f1cca4bd473c24cf01b

C:\Users\Admin\Downloads\Google_Adobe_FlashPlayer.exe.zip

MD5 49d4e1a194d2c196372c278fcff4a8f9
SHA1 bb7829e930de6e6234e9f884f5bb1d7ce791aa49
SHA256 83d20a96986dfd0ab3022cd3f684018d9a44282b7c3346e484d4c2657fbb9ea7
SHA512 c339cf0cb7dfd86c8ada0f1e73f9641deefc46a37232a647ec5525d55c79cc4665dfaeb70f5e0622395e076cf58e3cae652f93767f04f02a41d84f815fa024c4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 fda18d81efc1619fcebbd872bdf26bd6
SHA1 d076a7271ac8ec0d5cee04bfc6e1a61942301b2b
SHA256 72a5bb2faacbe7214c5e1794e2eea12ae1c25c057575c1f8b1263eb75cc50879
SHA512 d164f7d2bb254185ec1a3df932ab7ec43258e60a36b6b3f7105ef18db6cd3f21b1f8af2941d651e712057f7ea14684ddabc2072554fb7297a102099e47d6982c

C:\Users\Admin\Downloads\1.exe.zip

MD5 79306f904f2ef2a1c77edb8237193cd5
SHA1 d901c014087522d5f0a54cd47be39539bcc9fd55
SHA256 fff71db83a124406933f2c10b2a60e490ca0c8c8c9443ea0ad60024a46557412
SHA512 b190379d0902c6625a6bdb629c0789d4b8feed001ae71bf864442e075a4c2bf29f3b36c92fb9b8f7cfb44276f9f68daf3386309ab0e5721b0e760f35c4e78e3d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 baa245ca65b491dec888dd386f6b727b
SHA1 2893fbe2f615e274dbdc4da3c5fb8b2c780bdafb
SHA256 502ca0f5c6bcddcb6df0747e5e56d14cdf148149bbe847a70a3a49bfcc2aaad9
SHA512 f73d32f151fe860a90d9ee22f7ff7c2e5a545a2bd51f634084a1c72947240d055f24a1d897030a3e032ac1d33ed4510973b05565c331a68b404eb03e117c370f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5c02cef3025f4954ab8788c58761dea0
SHA1 f7aaae92879e70d1b7a17318aa42aefbdacde138
SHA256 3ac16a953a1367688101340f28e822a6c4220f47d8374f378ddc4907c8a2e32c
SHA512 d98049ca67edc26545071aa6b5d5b7b812377808e64278cd873e6a2ec328a44d077d2f99dc59158d21a992f54e5a849aeef9f30cb8b7ab71553cc476f117f0da

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 a6b498b85358ea6ea6c78776047fbe06
SHA1 1ce243c9adf8970963ef954bf4feeea48268acf3
SHA256 abc7a09e2edaf8f3ae4a839dbaa593d543d7f841c383bdcd091e57dcd9e3aac8
SHA512 b946000ed89badda592cc88540306ca45663d9a02ea0c6f692fd8b99ab2496122d441e6dda462b3cb9e38593827139beeece8fe9c54a117595603d43ba649e95

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 3bde93e70ef553f49543c0e0aac4ef7a
SHA1 ae732be445ee76b103fa70026962918c5195ac33
SHA256 956df3c58b072b2c0c732e06599862f12a32a69eafc056b222da11fa7d011f11
SHA512 98c81b7aeba33ed9053e34c979e6703fcdfc30409f6e8c1f7aef606e0ecc34b5c1f7a7f423846cd45566be233d9c0c5cac16104fc9e4e24bc25590323a4bd3ce

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5870c6.TMP

MD5 669cf2817898b5d1978880c595657a1d
SHA1 dcb761881cf1e7c9627065b029d3f04cdc0ce0dd
SHA256 54662ac4d1ffd9bb8950fc80842c619da5b00fed78b7678653e8654859d58f67
SHA512 3f76ec74068247b708fe8edd5773f4183919964939871d6fe53aa2709d96c4ac6df23b4131d1c8a19f821986775b9de4624960124212f76356124d3fe82530ee

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d30eb8d44460b994fa6ee6a11b51ce31
SHA1 f4179021f4bd374ad0a082c5367028c86cfd3503
SHA256 9e662c4c6881de0cd94b282a96bc19be19b70f38eeec06aee29d1bd445e7cb53
SHA512 5089c63c812098b4bb3742f0b3b60550ca9d2fd6ed8c680d57fbb2224dddcfc4440bac9a840a5c7875fab39ce396c3b50245d3a71d750521d8ca5d8f1b874d52

C:\Users\Admin\Downloads\Malware-Sample-Sources-main.zip

MD5 cf53409ee3de7bca5d9918d345f42c35
SHA1 a08d052ff5a9157e030618356396c2eb3fb316eb
SHA256 1e6cc37325fa35072c79d64743a8bc0d9211b032495a8248d1161467f91df308
SHA512 7c5e0ff423def9d4f017c3900b83c5376bd8b81cc1b7846164e88b1a6a8f2e77911f2020e87817f6c4cec0d43cfe5d726c84e85ee66ccbb28c6b2068175ae33d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d4a79efb87ba87e74926024749502572
SHA1 e6cde2bcc376f75f426c077cd630a451b12777eb
SHA256 04e388217a00b094cf1b5f2b56b0a9a14d6003b286643fabc979baa56e6e3987
SHA512 7ababf537ef9b024cf249af670c7412c466c6133542226d053470a181ee6300f5a9a7ec52d85cb9d5ec7efbd19599b26b31c00abdfa97494c4ce3577b1333963

memory/4164-499-0x0000017994C60000-0x0000017994C70000-memory.dmp

memory/4164-503-0x0000017994CA0000-0x0000017994CB0000-memory.dmp

memory/4164-510-0x000001799CF60000-0x000001799CF61000-memory.dmp

memory/4164-512-0x000001799CFE0000-0x000001799CFE1000-memory.dmp

memory/4164-514-0x000001799CFE0000-0x000001799CFE1000-memory.dmp

memory/4164-515-0x000001799D070000-0x000001799D071000-memory.dmp

memory/4164-516-0x000001799D070000-0x000001799D071000-memory.dmp

memory/4164-517-0x000001799D080000-0x000001799D081000-memory.dmp

memory/4164-518-0x000001799D080000-0x000001799D081000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 26d31646f7763e4c00145ffdfd9dbe7e
SHA1 e07ec5c2ba7fad1b596264efb0e16c8263050988
SHA256 5090b3b17a2c585180b87374081c282ad0147586720b37d6624b0cab59d828a6
SHA512 be38c32fc3ac2d6278e8a00dfe5f9c0936cb499319220fdeef932cfca37f3cd3fb6d27b2ee9ea9321341ea5f8d29d35ae06fd7108c0919215ff5aef601fa7379

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 6629cf0a470c7bde0aa504d8bdee4f31
SHA1 87a47172dff2dcd55a86781d788ad7e39418ad99
SHA256 c07b88680de3c021476c781d74958433a4a5f8dd8b540a18bdfe4b7ebc35663b
SHA512 0e7fe203f8a0cb3d22b82d21ae8cc992ebc7ce74d237cee84b8875a8ae5bdae52d51a5f1f58c4e9026795a357b2e6fed37e058aedb5779a7e24b468bb44834ff

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 a17fd43503fbb98482831bb978d904ff
SHA1 81744f5a1d75d190388e41dcb5f95298f8056d8d
SHA256 05cfa9f0461ee6223802eb070c782c20f87460fe6afd5f19aeba2dcd1ead2ff1
SHA512 672a110377aaeb5c01a9d3b74c4dff06e7aec7ef3fb22f4b0b70f63ff674d6ebfa254f1afb4db9b9c5eb226543297a950eabbbb73c51907bc83572920b05c4f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 201b089cfce2fb27a9234b156399e94a
SHA1 f15ec4ca1dcb13217169825347f75b61b5641298
SHA256 e8654e846f3a81e746d01510c6a496ecec9037db63593b42e1b85b9497c8b38a
SHA512 14c28937de565bbe65309f7df53f9c5be26f2643b2b419df908e66de61e67cfe82bdbcdb50b8b853c09259362a69b5cc5d2672579a7ca0af97c2f717ab231017

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 802074364b9239e7af6c42bfe9a2d1bb
SHA1 96034e211aea7582cb516515800c7cddec151571
SHA256 05165a79d335f96fe49f3d8ed634a7456c89444caa7cee0989f9604d27eab9c8
SHA512 07be613e78e5bd55b8e3bf6d096d28a03564e927db96383ecbca5a77b878b3b041d7c137d636c601106faadbe243122fbafc7e2249745eb308a09f4f67bf0d51

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 91a934ca0e5169c6118a581de739a49c
SHA1 76f6d846b2550f941e7e00e0a57cd5c72ab827a2
SHA256 a2e150511db31da71771894b4818b43abcbe0ea9976aefad38dcfa5156276c4b
SHA512 dd63d4701972c8e7937f4e763cec292606e989471584356c78825645dbd874f9effe9b0fe16fe49eda6a16bb11a9a649d6a4864dd0e9eab1d3430e433f8f27b6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 cd86da732990fe08a3e935e13b7f25ce
SHA1 b4075f50328a82c3fa2245a2be2a64bc9097f109
SHA256 299b30b65129118779017b5a58bada96dcce550675eb93e90e698c6271b225d8
SHA512 b5a4d2fa395a14ef59736e6886660f7766c3df7aa3720337a97dd9627a32885290bcbe12745054ecc1831ed612685ad6c74da089d88ec6547b9c8033494ca8ed

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a3a63fb2c3c1950534ce8b1971b61598
SHA1 8398e4cc15842d98976a372309d4843a6c86f6de
SHA256 a4e6b9194d729fdcc4ae485e6bd67155537a60a680a03748c943c31d8e76598b
SHA512 c8bf852161666d6f2dfbe84f7191dbb13c14853884c0a4adaa115f977b4773eb17d3ba56c49a51add486d08810665f039fa27c26f4d523552367fffafb9f2440

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 28ee6a1fa0ce6741fb6834d72ec87896
SHA1 e0292af17dda45ca3ce63454831590e342ce8119
SHA256 eebe05b84a29c77c60cb3d7ec35a045ad1295f5902bacbfcd5a53a50e770764e
SHA512 ace4ad83d30fee247999b57d36e9fa49183a4f5e4258c888ad4fb284c88aede73994372ef8cee666e7c2ea025067504e96283abaada1f6b8c4d5123d6565821d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 228a411132aa16bcaba8f6719544b73b
SHA1 65171302352dfd3cffa8d0ca288ab5b3a42d0922
SHA256 66cc03568080784f4b95d0183ee45cc3892cbd0bccfc9fd17b1cabd6a5e5626e
SHA512 f79283181c166e78db555df255525ee85de52938faf01a2e78d57a8c00da258fd4ce3ae0069ac5717960d59bc2ab8903d93ed1037efe294bb64f18dd8dc73351

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 c38faeb7191b978f33b2577079280404
SHA1 1295ff80a2662f4f2a27636d25dd98973f73a6e0
SHA256 9935ce2e7014978bd3891d9b79ec3ebfc9acad526a239df271dcf83afaf0adb0
SHA512 606fc8730b1b365376edf11f20faee6b4cba5f66d9c26775071183588dcccbccc04e3205d17c95101c53c5e483d9d7e5f4bac0c84eb881940bd01b2a71ce4f03

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

MD5 ed8322298d06f491f494f5e8c388e69c
SHA1 dd1c8c0595ce620796e61b7c832127d657b5099e
SHA256 1d64b5180af2d9f5091394e9438cb25adf84ab3073a0d1e6ceb2376a94e77275
SHA512 f79c93c22fb38a2d2a00995b1d0e3944e037c23f11362b8f2468b4d9808c8377b2484831a34e84f2f3d86934d3ae369a635f1459776d4d9b353fb6dc757134d0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

MD5 e562aa584409a79d9174919c1065f2e3
SHA1 d9dd1d50ab52b6b475baaf995eddbdb37545c2a7
SHA256 786d1ba73e48a4e2d26cff209e77a859c0f71e7cabff025db82f6e6fd7013507
SHA512 834825915c3f6273fd34ca174f3000d308fd2b7c3a081d4ebe9ea390e49e39e64e329ba369d6402cefe2595ad5a3718f99525c69b7a2e48eacde965ef6b2906f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

MD5 8b2813296f6e3577e9ac2eb518ac437e
SHA1 6c8066353b4d463018aa1e4e9bb9bf2e9a7d9a86
SHA256 befb3b0471067ac66b93fcdba75c11d743f70a02bb9f5eef7501fa874686319d
SHA512 a1ed4d23dfbe981bf749c2008ab55a3d76e8f41801a09475e7e0109600f288aa20036273940e8ba70a172dec57eec56fe7c567cb941ba71edae080f2fdcc1e0c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

MD5 2a06917fd5d3ea2c7a338528c5874cac
SHA1 aaa0afe8021b2ffc5bccb0dbc66ff2ddc84509ec
SHA256 02183d70bb9f43e753ae3c34c3bda9a7fbbbb0ec774c711c263d3a54ff970476
SHA512 1d1ed0af85c32080d17f6370eb3fe639beae8794e965e1def462dfd5ce53e36949b996c6220570782712ee8d8aaf1e1bee1a34e7000805421144247bcdc26762

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

MD5 e3c321ef088d2b913659c2c1d004be2d
SHA1 b3c22a8b4e51c97ea9a0ea82f898adc88fc74499
SHA256 8d0c890ef816f03ebd62e0389e50def14b6362812bd0d5cb75cc9feaa67e08cd
SHA512 abeec3d8df3e3c12e4d5a737b66677088abd3a0466f8c3c3848e662e2623fcff90108d6f50ce77968dadf457ea2f97809cd1f44b2efab0cff3b65e3ab388b1eb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

MD5 ce9fe310a8b8ed92ae2c8472ff3b59ca
SHA1 59b1ef50b9181ea7b2ff15c6b3aee5b5b9d1e637
SHA256 886630a4fffcd5467a13460abee5fe70b262befa51b6353ea902a02e8ce112a1
SHA512 31c68e2fd65c6bad73ec409e6ddd9b1593bd3ad92ed5af979752ab4cd41bcc2f896a9be992c6ceeb232db9687c57c0abd3e35185c1e84199e6e87aeae84d099b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

MD5 93ab4cf70b3aa1641a4b258c3fe03f24
SHA1 cba2ddecb8e019e6e5a91dcf867c6d6094f39b63
SHA256 d6c2f9f2bb35841cdb53abb660544e6e6f44e39d6542323992cc1c63e998fa16
SHA512 70fa907afd9b52ed54a3cf755e394c40a3ff7a83041540b435cba47d889c1c9401afc9fb23a5e879d85bed42fd5df40cd7540d428b3ee7a9cdc278a314770884

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

MD5 063fe934b18300c766e7279114db4b67
SHA1 d7e71855cf6e8d1e7fbaa763223857f50cd1d4bd
SHA256 8745914e0214bcd9d2e6a841f0679a81084ef3fc3d99125876bee26653f4253e
SHA512 9d0dfc21306b3a56c2ecdf1265392271969e3765e161e117c8765125b34793e24458217cf6514b364f351f47e65baaaf5856be0d13406a789f844d6ba8c7075f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

MD5 24ab2f3a8c26685b6be9d07b5ef7df00
SHA1 cd316ec3208392f5b2846e668337938511998388
SHA256 54364a48157dd6f58c16da41f7cf4e0ea32c2ccf432e5b0623b87223c8c3696b
SHA512 efab865d8590020d7069146b82d66a3e35d586a8672eaa4de3d3cd158680fd20aa7cc4520cae3a59ff10569e1ac9c295c171e27d3f364cf1ef3642cc696b9c89

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

MD5 77a781823d1c1a1f70513ffeda9e996d
SHA1 60776ceeb79ed41e7cd49b1ee07b1e09ff846f25
SHA256 b093599957b103def2cc82ffd2d42d57a98292ace5a6596e3e4439a6cce063b2
SHA512 9aa66273ad419e1fc4ee825ec9e9fea4297139eca060572d3f59ed9bccbf2e1dbd03a006a0a35c6d37196e8297ec9a49fb787f0a31c3772b17911603eca62aac

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e33cc11b3732a8d63e2c7109f0e787ed
SHA1 3301a1cc15ed20a4a2b09f0f263db08e1fe02fd5
SHA256 61480b927757e25ee31a712438e28afda5f6622309163ea3087ef54294570796
SHA512 0ce490577e0b98dd392b9bc3ecd2f624032b7f0f77ea1186045f6be3def13afab20c4a0594de15d1bd3a6d504346c114c774d5e0da96a02aa9597e06963ce5a7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 11b56ae4bb9edb5bfd5b924395590d6a
SHA1 68bb8f503ee89c41e36346ad3525d426f3d83842
SHA256 984d6926614879ad4d86903c4b12a99d5b3a77552fc8be0c7252c53f1d0569e5
SHA512 60f45e33dc195f587542f4f5031ccdcbf3d10edc2684e0b437fd4ebdf623c4e7a4ab3c94b844875777e2c7b3058ef04aa61de93ebe1c3f28c6a0b6e694a1c22f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

MD5 5706ccb3009fb468289af97e12661d4c
SHA1 f275a1cdfc1b2901cf2d7f769a5a3f30b7736119
SHA256 00582e4ba0e1ab0c95895b13da6aadaa5d0eeee2ab1d68c32d11ca2f1616f8f3
SHA512 58c1e839ce86f3e1918bbac23dd9917448f5a764a444d1c0588288937306396bea83e00571f51d8b0781982b5de744efcddd70f3a49dde8466581854e81fee06

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

MD5 a127a49f49671771565e01d883a5e4fa
SHA1 09ec098e238b34c09406628c6bee1b81472fc003
SHA256 3f208f049ffaf4a7ed808bf0ff759ce7986c177f476b380d0076fd1f5482fca6
SHA512 61b54222e54e7ab8743a2d6ca3c36768a7b2cf22d5689a3309dee9974b1f804533720ea9de2d3beab44853d565a94f1bc0e60b9382997abcf03945219f98d734

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

MD5 2e86a72f4e82614cd4842950d2e0a716
SHA1 d7b4ee0c9af735d098bff474632fc2c0113e0b9c
SHA256 c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f
SHA512 7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

MD5 d6b36c7d4b06f140f860ddc91a4c659c
SHA1 ccf16571637b8d3e4c9423688c5bd06167bfb9e9
SHA256 34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92
SHA512 2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

MD5 56d57bc655526551f217536f19195495
SHA1 28b430886d1220855a805d78dc5d6414aeee6995
SHA256 f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4
SHA512 7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

MD5 b38fbbd0b5c8e8b4452b33d6f85df7dc
SHA1 386ba241790252df01a6a028b3238de2f995a559
SHA256 b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd
SHA512 546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

MD5 2d495d06b1b3b300d1c8c4f9d716033a
SHA1 ccb282d4c2d272cd9387bfd0eb9be99d038b0945
SHA256 7be26f915c519ff68347100c2f9ae3e0fd64b58320aeb2d26e9744ad397a47dd
SHA512 b81054926b7e3a4ea918609522740296cfee44f11e8c3fbe3321e5ef958cd9caacff5bdbcf70fe4294df1f30822ffbf53d04ed871761d9068f4f7095f2e3e20b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0d67668ed906f20279d3b0bd1866a6a3
SHA1 d71d3acf0ab2ccef41d146d06affbc7c9ff8f568
SHA256 4c9824204cb85e4e9a3a89d409dde297d00c6dc7a985dd0f581a288ff4e315ba
SHA512 379ac36970f51cd6d2d9bc87a2e0eff7aaae5c20ce79ca1aae7b810e3bab4a14f59337881c2f412b65ff59d90e458b247d56d0017a6cb87fdff59e99b760ffa3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 45f47a91f9100fbd233a2cdaad7ca086
SHA1 100c32ef8ccd852b74857d5f4195870435616572
SHA256 8474bbdfda70d2b6c859789e8426d78390eb1262cfea3b64c7935f921b93f4ff
SHA512 75ecd269e5276bb2eb356a7fc6d7c74b2b565fe1dd0b3cca3ecf42ed431476806ff84b3a92e6fd80bc7429cc0c52851fe522a10c3c3a5e098463ddf5670c95ae

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

MD5 bc9faa8bb6aae687766b2db2e055a494
SHA1 34b2395d1b6908afcd60f92cdd8e7153939191e4
SHA256 4a725d21a3c98f0b9c5763b0a0796818d341579817af762448e1be522bc574ed
SHA512 621386935230595c3a00b9c53ea25daa78c2823d32085e22363dc438150f1cb6b3d50be5c58665886fac2286ae63bf1f62c8803cb38a0cac201c82ee2db975c4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

MD5 3cd0f2f60ab620c7be0c2c3dbf2cda97
SHA1 47fad82bfa9a32d578c0c84aed2840c55bd27bfb
SHA256 29a3b99e23b07099e1d2a3c0b4cff458a2eba2519f4654c26cf22d03f149e36b
SHA512 ef6e3bbd7e03be8e514936bcb0b5a59b4cf4e677ad24d6d2dfca8c1ec95f134ae37f2042d8bf9a0e343b68bff98a0fd748503f35d5e9d42cdaa1dc283dec89fb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

MD5 68f0a51fa86985999964ee43de12cdd5
SHA1 bbfc7666be00c560b7394fa0b82b864237a99d8c
SHA256 f230c691e1525fac0191e2f4a1db36046306eb7d19808b7bf8227b7ed75e5a0f
SHA512 3049b9bd4160bfa702f2e2b6c1714c960d2c422e3481d3b6dd7006e65aa5075eed1dc9b8a2337e0501e9a7780a38718d298b2415cf30ec9e115a9360df5fa2a7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

MD5 3051c1e179d84292d3f84a1a0a112c80
SHA1 c11a63236373abfe574f2935a0e7024688b71ccb
SHA256 992cbdc768319cbd64c1ec740134deccbb990d29d7dccd5ecd5c49672fa98ea3
SHA512 df64e0f8c59b50bcffb523b6eab8fabf5f0c5c3d1abbfc6aa4831b4f6ce008320c66121dcedd124533867a9d5de83c424c5e9390bf0a95c8e641af6de74dabff

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\aae4a0bf-f761-4565-826a-c64a9c881ec3.tmp

MD5 b2c7840b480fab56710f7674ad8306d8
SHA1 a68d845e3316ba63331538043682709e168e2c41
SHA256 ec9ef2e516cb40166c0ff583fa031d35b2eac6ba523d317c6a0c5397445ec01a
SHA512 251bf75f8371abd43e2922d0bcf78e28f01c0796e726157e2093a519aa559abb6d61d421195ab4d1837236410f46940114c4c74d1ba6ad41fa9ac94d361aa961

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8c98da66d993e81ca3e548698aee09d2
SHA1 13a9689dc8c7a5c6150967aa20281f477ef79322
SHA256 43e0d36c309d68b5fc25d20206e02c6aea67bae9ed9aeeab051205696d428414
SHA512 4f22ff1d2ae079528ccc91386dd221e400dca1f25d920e5b75a1cabe811ca2670933ffc0eb4e41a175d2a5ccf54233910954200b9607f08b78ed1d495f45caf5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

MD5 03884ae475b588939b9d8700841ec35c
SHA1 10993d72f304e9dd794d9e81b941e90531b3e52f
SHA256 a9c59977f187119ea233834a4b999502cc0a8f4897187fe159d61592bb6c88f3
SHA512 628b4a8830d7460efe1d4493776ecdf1a421ca5fba75ce0e07417d5b4a3edd44abed0b95a382e8272c512616d1fa74c0dce31afc59c294b3c05a35ed4cd7592c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

MD5 9c9826fe7f73c9653a44e461bd02aa59
SHA1 a5a393937e2f6d0295e076d7681c055e6164a666
SHA256 08608aa6f907b9e5b93fe2db70c630c4d0d31199752a0880b129d52cb0213d17
SHA512 f7f2d655bc1df5166329e97732c959c7ec4b9adbd298e44ccb603991982485b64783b88e910dc0d3c3a18d14a0465f885dcfecb14847c1cdeaace62c301f111c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a

MD5 7b6beab870253f89a016b9482758f3d0
SHA1 1ddcbba166b117e90b2f7fae0ca98dc0ac088b3f
SHA256 dd5f37d236f7447a5bd6498f1d6c40e4481f735430c0d18f5c018f64f25241c3
SHA512 5bb32ec5b52ded4d9b5fb908ef87fec957080e710cb685c6b6e99b28f0c61aafd83ff7fcd4b24fb1b9fca9b9ddd654a4fb50b515fe3686a5fff761bdb875ee24

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 b4cc415dee18ac17a8ce07e2b604328c
SHA1 ef6980d26f5f14d7caa49ec0865dea93797dd1e5
SHA256 ea523fb6cd1bd7a9444c2d35c283523ae4b4e171e3772f9a904f759b1d16390e
SHA512 40a3644f918564757e411b5a0379fe362e02cc2f81e23d3d7445b900bda5ca5ef39871ea3aaf15597b3ce8e954530b9879df00ebddbeea1d68164c06e8b39e53

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9f6a2152bf21ea148f8844b3e340c532
SHA1 add1aa0b2823958f4b121741f09be3d03e3bfdbc
SHA256 dd2ddee39840a0f4e231abc243a3887be194da7fe05a1ba2df759fea4c8febb9
SHA512 138b8d6f1e2fbf428015f4ad80d28123d758c61fd0bc1f5e4ebcc7b73ccca4ec7fbe3cd56d7c0a3ad76dafcd42fe120583ade53fa64544e5078c9f34d13bf6fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 61aee709ecda68ceddac647a1523b10a
SHA1 0b85b0034f74b8ea84b0e837787903c223dc7c3d
SHA256 a644ee140c88693e7f0bc4b6b1f1165c89e4ac0d055751912840d00f46c6fafa
SHA512 425ce9704feb3a783505ac738ec595c92e86ff5dc08b9221e0658f920e03fd6db568b518d6fede656a7699d4300564ed102fd0404a6863dafde5b0deffa2647a

C:\Users\Admin\Downloads\Ransomware.Rex.zip

MD5 50188823168525455c273c07d8457b87
SHA1 0d549631690ea297c25b2a4e133cacb8a87b97c6
SHA256 32856e998ff1a8b89e30c9658721595d403ff0eece70dc803a36d1939e429f8d
SHA512 b1a58ebcc48142fa4f79c600ea70921f883f2f23185a3a60059cb2238ed1a06049e701ccdab6e4ea0662d2d98a73f477f791aa1eec1e046b74dc1ce0a9680f70

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 f1f56f982de4e4ecbb840ad695b2443e
SHA1 c9b9996e3f3db9ad2117b17ff9cb520bd52f53e1
SHA256 39ec71dfcbd7e8da2dce1ef55c04a1fcac37895ea32af9be5e4fa0a96a910d72
SHA512 59b375029187eb39126e4ec218b8b41a32d53c09bacdd9edcab0971b18def7b376e7ae4f41f863847dc9f9518b1e6e892cc9ec4de21b528ee21d685e9e45e624

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 19925b5da4364c23e1cc5606970ceb04
SHA1 dc79319acdf076942d498eec9d05754fa7d1d8a5
SHA256 1a7b211421104ca7c34df3f7f657c9895f5976b3aa76c2d31f304bbdbb4eed52
SHA512 0b13783e8af0c6917064b4fce5ae55f3aeea5b41b5fb389cbeda15e35342177c36039ccfd1e75817379349cb7d85d28a0c99548e002d25007089937da595b992

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 7655785a2b34f736bb846e94f403e9f4
SHA1 5da3ba3505ead39168a873683192017d258d68df
SHA256 99b5f71c8e8c5dec1f5063ed1f59cc97cc8713ac21f1c3e72340ff4c81423f3f
SHA512 5cbb63b52a382cd9c73ff584138bbccc832b0c6099001332c7c2cdc582206b0c7e4301301c943171b161b5b8672c18488d104cb765292dcb15670b60ca269438

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c57efddd40cd7594d64069601e327137
SHA1 04c4df82b00b3631c9a37b4fddcf715fecaefbdd
SHA256 10e74639e6666a7ef6683a1a94601b00008839773bd52139853558df52be0e16
SHA512 d8d62294032f5f2077750bf9ec2615faa67822c753edd2169f5da802923b540b7a885c0724e9e111052eecec56519c341e909549da4e2cca7c1c2ab2ac807f7a

C:\Users\Admin\Downloads\Ransomware.WannaCry.zip

MD5 efe76bf09daba2c594d2bc173d9b5cf0
SHA1 ba5de52939cb809eae10fdbb7fac47095a9599a7
SHA256 707a9f323556179571bc832e34fa592066b1d5f2cac4a7426fe163597e3e618a
SHA512 4a1df71925cf2eb49c38f07c6a95bea17752b025f0114c6fd81bc0841c1d1f2965b5dda1469e454b9e8207c2e0dfd3df0959e57166620ccff86eeeb5cf855029

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 3d30b8fe69b9a566d1b2c14d09661ecf
SHA1 3a24392d3fa42c898152a383a903daf34fd8f2d3
SHA256 336905e1368f9de5172cc883c819dbe3e58436861a57bd9110b15aa4f2b48095
SHA512 92b322707b016acecf0c8900b0ef7485db78e2d97ed34d3ce873017d696f206259a2b642ea424d4ab8f646f07dcf7e8fbc28068952955f54d177db180a660091

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 3c8e180bd5e8f045d04f5b72c1fda04b
SHA1 e23b29dd80fbb2f7d7a06e4693a8133c5f09a047
SHA256 02ef1556834505422779699f6caa9c3fca1f61d3edff3f1e7bd46aaa7c635163
SHA512 63ef40a946d9568477cbab22750d99587c933ba76a4a0f1fec8b7db93d8e5beb8aa001af85d27f614e33c94a7e718e90451a3246a6f63d51aa860c490a4c58fa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9412c8b664751f90_0

MD5 d99a0956ba472adc3c70e3d34b6d8ef6
SHA1 fc17260a554cef6d4f0e9162f8b27cd863515ea5
SHA256 9c7c3b567fa786171b14eaa80f49141a4e9f145f1895fe3df7bf305b14007239
SHA512 8635e510234e9fb5dc8038a3e46c0cbc01e8c6742983172d912fd17c180dd88d1dedfd43545ed66edac58108abe13974a697fbbad1d7d23f0dd927eb99346368

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\53ac5abc87e80789_0

MD5 fa70cd33549007a072c99abe74df118c
SHA1 d93b9dfda42d58d46c5d66587c32fd624672daad
SHA256 7d42c7f41e446f0d1fe4cffe7a46fd08a7e242c2981beac06193f7b9557f2d18
SHA512 928470ba1a3014767d8cc606624ba7292da8e67efbacb311d6a02bb9c7d1e0f1ebc61c159c6cf23845239a7d3ff620b5abaafe98fdf1e2c2eb375801ad6bff64

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f89251fac2b69325_0

MD5 2e31014161daa2b2f80d8e2541ff42e9
SHA1 f45708e441574e98e259d53b1486105bcbd01114
SHA256 8cb8ca3626a2ac5f8eb70d967103281872ad0e1906ea6f517dd6f60589a7a954
SHA512 cf3427e5ed0e027de1a328af03e440a60944523f956b1149120a6f134c198d09212bf7f990da843e19ea294f3a5d51d8b1244e873755f16b62d68607d9808df9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\95a7df08-10ac-4549-8ef9-4553a5535db8.tmp

MD5 f4de128266e7defe5221997f35227a8e
SHA1 25b12d30f5b607188710f8f931b38379541c5e5f
SHA256 9d98b96455db5b983023e81eb635030b17e04a9c724e5112f08ce2f6daca3755
SHA512 3d2486db755926103062736c240e133571017a331df1f633240ed920f404a98feffdae89f1d51d47d9337478c69cf288936399cf8ed5b50476d1027ef0309e68

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 232d167651a1772fa2dd04f011dc8d5f
SHA1 e4f1efac25ba01abbc548aeb171b189aea7cf2ca
SHA256 d38e80d76ad12db8e96795e5b6f7b81b8de2a5346015cfb93b642e34e824e36e
SHA512 d00215d3169f6a25d0c9709c0bd4c1c182330243f3adbe9257f6c1dcc43547080f77b3ea49e659668a36f5a57125b9c31548eb7063f9401a5ee8468fb3e3ab18

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 eda592e90c45e3f9bbe204b708b8c552
SHA1 b9feefed292cffa6121b676b6b891ff057f68a9d
SHA256 7c8745d83e9e959717cef4d0425384d334c661ca60e482fb7018314ec84b8aed
SHA512 e2c06e010ad2d4c89654db5f8f3df299670b9b70acaf43be4e4436eddd093ab985686f2bf3b06a8fb80d5db9f26251acb525eb4ad766b3a9b74ec082389a8c88

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 02648912133210e3a085b6980a940cd3
SHA1 122a916b00a14ddc30de51c2d8c5308c0a6fab16
SHA256 d6163d303e5f4bdc936d25ad6366c6317e33371dbea034e5c11a076744da8c54
SHA512 d669f7ba23ffb06401973d465b960b5d3c94f6015bd0621f36b497ca635c37d69271331e3d5893ce449bd1e17b98d3615350483a46a4a445a9f485fc5e57e411

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d5632be854973466be747cb47fc8dbd6
SHA1 2a1cfa61a49cab1b3408401676c2f4ad688e29c2
SHA256 edcbb877e537f631700905795f76411fa159b1587358e44d9cc4cd2f76819fe7
SHA512 b4c51ea18b53f1bff08da8fe6e68d8378d0129debeb117eec218ef8be9f7e6b64c5a10a97f8a4f86d260e5ccd4bc434f69c50b097dfe7cdcf88f8cb3256c54f5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 b716ca6c927382359ce5a4e489d9f8f9
SHA1 5f1aae836c632dda5fbcc43777ab3dcb5b5116b9
SHA256 a925ece66fa65f09add029a4c9a3140db0816323d4a00f66c5ece92975161d6a
SHA512 dd32ed87242ee9d8b93fedad807d55affb1175bd814180cdaec633a1e8addad968209e9fe01f7118e7599f7ed57b35c134816c5d2785c49952b541eace6582bb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9fe4d21aa901769b_0

MD5 f0aa0a07104f59507f753e33a74d1dfa
SHA1 8ac8a46b38e303e27394a47fec9f96d2da311826
SHA256 6999b76d40570155f788fb20f0eb870913b634d954bc3ed260145cd30d51d8fa
SHA512 a09f5696c970a58d244d302094af6f7eef5fa4f1538ca12be9e29da7210a3cc3f60c1909f76a8b5a5c55b688be0cd4f1d179a86757e801d0dddc73c1db452bf7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\fb9846e0ec264d61_0

MD5 27cb8382ce07909e1b86583d78699992
SHA1 6c87a8f4ec8ab73eb390dfd3c41cbb2ae0aa9692
SHA256 ecfd3cfcf3f74423505b280c4b5b0a5af1e104d4df4577bf574cafb1cef5d959
SHA512 86be31ea7e1e9b61d932309f6784ad7ebc43b68daab34fa6a638541722db623846718b8b3979858b7ffaf6346254acbc60d75846558be23d3b37dd500aa3e9bf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f66233e72c393c10_0

MD5 42b689a955be87faf88681881560135d
SHA1 dc41c8c1d7625093021b006aa1aa05c3cf24d4b4
SHA256 f10e46d5740c67e80776ac8997f3b3be2e09d1dbb368e4554020ef5959c171c4
SHA512 fe97a5acfd2aac4c4ca34a795163fde8f211511a979923097a8fdb16ca0e455345245906a6e9329e4d9c69a5b12f1f69e6647a538aa628a83483b5cc752ba81e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\89911cb6f335fb55_0

MD5 77fcc28b160213396fb6c3f264f6688e
SHA1 31cc30d243e595378a84387660db82a2d30f7c0f
SHA256 7131277aa6ca5cc0cde7c8a73bd6f1f831fd133804065506b98806633a014f8e
SHA512 ad7efc6fa73a71cbb1bee639a122a17ba8823860b453fa3222c0f6fc64a89ceaac24b4341616fe6976f1ccd3411d3a53addab75b5c9ee5d44e49a6b42c0b1ebe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b55e27f8f44d80ba_0

MD5 4592c73860d4427bba52ac8b8d2318d4
SHA1 bc2f789670287271913ac292d6c9ae00e00483ad
SHA256 3caf98fd55e4205c54471ec198140f72ce59dfad5caa83f928bb5f5162bf3134
SHA512 5498c77c85edd96712fc738748b1bdc89ea2b805460cdea0787aa27542e0a1d3dee52af5f5dd1dc1eb3142a99b806e990002bb8e4b4021edca41fb9cf37087d4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\91c0c0568eec2384_0

MD5 b25e00ff07519ea4635dc67def0f026d
SHA1 0837e0d99233c1608f40bba6110482032615eed2
SHA256 bbcc07e95df5d156da5d5232c3be3bfbae73c8aa97d1ae83fc2a785ab7e99405
SHA512 7a97203eec75bb924495367c863d6c6711c95d40960d1fda69a57009d751e30dfac23cfaad9224d7243ace59a3bb77b72d59a35afb9443f894def7cfa60a6d95

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ebe10eab84535fd9_0

MD5 ef00fe5f884e598ea8ee5707a39671b0
SHA1 7d04a4d61405836b2296347b3c6812fd100aa820
SHA256 16a4d71fe44c32a68e4f1b587f9120d207f3228b960ac1ff6e7ea0fa650c280f
SHA512 f90aba9008787d882045d36cb405507222196c38b57e216cc38b7f048acbff20cb8033429d002a4d2df8834a5843b2db5c25af28938f6ff065d4323aeb577694

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f7f4848d5ac56948_0

MD5 9f986d9abf412f601f97ffacbe261da4
SHA1 fc5267ed73052f64e22af2d27ffd5efd31e55f73
SHA256 d56b9ba65044b3afae9be83383281b3d34b5649f27906573bdf1d59fba43f293
SHA512 ed53de0761f2a047e6791f442f98cce0d1243506374da040adffcbc8a0c2bc165d02dd41582711197f62ae443a05c1dd9a7e2ff64f75bba95fc0041e637a593a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\29ee49a9e002c15f_0

MD5 8ed9a5aabd33a50a97f1431325548902
SHA1 f634432a5613f93874f5447436254d3328669947
SHA256 d7804f8cab07d76ee6df1737235b77b15b49d5be8c2f69026d7dc10b23e29aa4
SHA512 e83291f236a27959a736998d848932db0963452a3cd97942449a840b2635a06b887c4eaec858e044a263adcd6d368d827bcd17a15ee156274fd27aec15fc6572

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\84ef792e97c5476a_0

MD5 f8c682bda704fce7d8f2758693101d16
SHA1 c7271b3caea8f9272733ec011c09a00e01becebd
SHA256 586060561ee4e08d361af127a1abe857096b644edf61be6e078d1dfe627b07a6
SHA512 3c70ca538f60f074a9605f974f668d16778aa784132f139ae7e89a7323942188c738bde582cb26cdc517eda5d45185449c251c5a5c28c7f099ff8ddac70a0a06

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ade44207b4253689_0

MD5 f0403fdcbbe40cd175c804926450bd42
SHA1 60a0062e1aa39f331cd253afac91a58e7a77f24e
SHA256 15ee98b39f1062c4a14a07b15b330ee7595e74276790b500f83ed06fe994b18c
SHA512 75e509d0d10347f2938a041762228b1a189188762c3e344dc1c59b0500802cee36152067aa0db5994e544def2052fd5bf523c53a06870feca7f85c209ad03032

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\286a1787eb6b73cf_0

MD5 818a284d8ecd62add74f48773d6e2963
SHA1 6ae58f5c556cc44d9106c3453a010ba5eb852093
SHA256 89fa6a4be2cf90892060978f9c0b6dea4e9f29742ba88cfe72d47d1ced82eb3d
SHA512 395fcbd5732151ec74630ad545388dc570e7b30f128e1cf42f8352659d09bd0c52c330b53d957ae79c5e29cb0bcfa9bc83052495cb74b4be792f325af4b1a955

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3a3c8393d90e5773_0

MD5 447d6d302e580338bb8b96fa5076e4a9
SHA1 362aa48eed614d6ecf2109c5be7b79dd62d66a60
SHA256 d37930b5313e259b78475daa5d36bb569cb41975276fce29c1a1cbaa49187804
SHA512 7f640a3030a6ca32a8c044bacef7d8c5f6fc9a5e44a7fd5c45e9696dc3de1b1b2a8f3de9149b896cbb2a9dc501c8986415629907698dc7b0ee4742cd209eb60f

C:\Users\Admin\Downloads\Unconfirmed 502687.crdownload

MD5 f682c099f671c74e32330f7afd74b986
SHA1 d251c762cdfba83ee94fecdb689d4e3a7b28dd5f
SHA256 5e849467489d872226d14a5e69637c35bf88ca14067017c46bc981152a805889
SHA512 f4e3c683819f6bb53b2a80baea5dd7c7fba6545c11ea2a42525faf520725177f5d56d664d1aece6c776ca02e361fde929718fe83777d970948b51c23dc0f2826

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 54bd565aee4bc41753760509e447bf23
SHA1 c6aa8bf6a0bec70b4274cdf9744412420adef496
SHA256 3005d78a4c03e8dfcb56d12dd725290054176df92b6166fc98a0cf2ba78c472b
SHA512 e32cd41ae4bf19a06984e63c0613df1936a1892c93f25ed47b6fb6cfda1f70fcfa84ff54986de4a868a81cab33ff2f9a19ef7acbb75ae5ca8a07b7e3fe76f4d3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9f90f5d329eeaa83e972297bb826c4cd
SHA1 c284ed3aed67b06885c1f7565fa9880b5f2cfe14
SHA256 5bd188e556ee820e9579b69452a83fb887af86375d81a5d8213ab3d9f5bff235
SHA512 2a791c83e5c0986fa87aa5453eda9e70d578640c2fa85a20fa33b8567707934fcc43536dcc2313917445c64567755b7b4efaa943837c38064eafd075c6e1f575

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 2055fec05d211e911b25d9e4911ef940
SHA1 6ad1640b24716afafce5dfc845a9907055d3c19f
SHA256 8b2af2a928a8d3f166683b9f2413dffd92e62bc7bade4f69a7c279704de9b827
SHA512 99bc38fb7c4617fb734c3a4240644d58b6923df0fc2db7415fd79082cd2c0ce513f5848451457040a2ebfad1f30a26461060248d51f5a4570121ee8a454447e6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 bfced785c1622754a28a7a3b8ec01dab
SHA1 62baba64480cf908d5e3337f51754524c3e141c7
SHA256 ad03545afef8363ec6dcdf990c826dd3ce1f822e3b244b5a6d4e5f4a772afd5b
SHA512 8f4cf471231d88f13b02fac744f7640442a9aa3aec3206cf02621b679b2fc6032c14a8a769019ed5205b05b2b2b99f29751d8eb8cbb9a20fa8c7b855616735d8

C:\Users\Admin\Downloads\Mass-RAT-master.zip

MD5 b1e511620fe955f79a01cc692f13a76d
SHA1 f061b31a59000f113f17d2abf0b0245e16e2db87
SHA256 e41c946319d0c8a78032327ec2d6709e9102e2e7c42d9b20147e0f5641754709
SHA512 58f27f5f4c5251d79159ff524df070f522bd2b34600ebf7b7b202df7de53709b02c3f68788664ee296dc60cbdbfee0c6b116f0afd4dadc0aceed9e9e2e9b406b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e0ae61b8fe2bbd6c46db746508694733
SHA1 88f773253cd329aad14f34d12d92ace905ae5823
SHA256 31a1f4e443a812af28e8919cc639c7c34888bf31cfb9e83ee055e29afb2fa10a
SHA512 1e3a23520e1a45d8947f0ed0b38a783ed6ba5e2d76b81ee1b2b060a53688ac6038c174ffc7d5def4556de8d609082ace886229c311fe2532ad95d2c708c5a08f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 1ee2d13cd25a187042e264db3daa6509
SHA1 ccdc1183987b6c6a5757aba810075bf1b6cfbb61
SHA256 b38678ec5dc7d28e92f09222d8183fb2dd9c535eb991380bcd18e4f3da44c2af
SHA512 1d76840e4b381c406975dbdea033ecd1e12eda37bc6ee1e26641d628a4cb2110b24caa2f11ac21d0b5dbb588ec027a4a3431310be70ae3a8b3420fd12b19591d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 67281df994473517de7bf28345048a6b
SHA1 ed25e1b7d036fc276f78bb392916444fc80f40eb
SHA256 1fb81045a4e6206e1028c1e7f9aba0c5f8dcbd59ee772aee44c4fca2bd2473ac
SHA512 a7a9be1db0f80e8add172abf0a49ddc2e6c330f4cbe54da3e14c42c32bc9bdefb993787d3e047d27a78522ed8f0dcfd7f074c8b2553a43231615b63993bc48bf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 3fa7983c1954c8e675e9e96f6b0b296e
SHA1 763392c58803e0d548f7b417eab23ead55c68474
SHA256 437779643d398484ea77fb36f65456735a19869454d299a82c0d3ca316c43d21
SHA512 2abdd210ad792ff5756bd1e4bef5941f59b14c85f5f7c4723609b8323900e5542647205461f50334b61e7d713849bd151dbbc1f2cb8e3a1df464d7b82962b7e5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4acaf0d5c04a52c3_0

MD5 c3808c62c9caa1f77a6a66e86325f95a
SHA1 7c44c48a7e0e4637209c7f6d2df27bff6ff19151
SHA256 738c606dff1d22a1b906ae3a2d1c225dacc2ab7eed260d04efb5404fafd0981c
SHA512 eae24dac2c54e0e70352626f6eaf173360eaf537ef6ed20a5917dad88483b3fbaca140722b790680a497a18af1c7c354b0b31ab87ddeab0e6f53002cb2580801

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ad378ac73d7aff3808df2695bd8e98a6
SHA1 1f627f5304825706a90653b17d744f2b9c957593
SHA256 034f3d7284b2d485c813ce6ac173a1ca2dd3d9e9000748ab11bd6f63cbe824b3
SHA512 4c184fc518b10f6cef013362c1544cb398b9ccf4b9e5a3620eaa26e9965f14353989b64da91f8a2dc655078a99e459cee425aefc47989d4dc5f7257a2ce40382

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 31a13ab986fd8a9b55ec71a926409eec
SHA1 9ff8bf3d327a25019c45893b9f0c056f11485fa8
SHA256 1774f1f204dfa6e81af50b52d91860411828bf0edcef22c5a5c52539f827c15f
SHA512 68b59ccac5d23d6593ce8052cfdc645f77cb2abdfbca79665a936090d5871bb468da26a2ff0be3458728dcffeba228dfcf7f2a7fc72dc3067ff819a8cb4d9a0b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 6acebdd2ba52c9b67eb16eb76c94c126
SHA1 b0da65512f1073d90226a93ce216082e682a183c
SHA256 6d504140b759e2f67c02aca7c3cef5e089fb8f767d24b64b84f76c2cd4758e4d
SHA512 a365aa4d550c2e0c917da7015ba0c126011e5ea1a7331ff827a6c9ac8f91710445af7297e5d17d6e136f93cca3886196416c47f4aa88c1531db31b44bb48713b

C:\Users\Admin\Downloads\COMPILED.zip

MD5 30b1961a9b56972841a3806e716531d7
SHA1 63c6880d936a60fefc43a51715036c93265a4ae5
SHA256 0b29711ec115c27f4cd6963b9ea1e4febf15624f1c17d1c018611ee3df8c333c
SHA512 9449065743226bd15699e710b2bab2a5bb44866f2d9a8bd1b3529b7c53d68e5ecba935e36406d1b69e1fb050f50e3321ef91bc61faac9790f6209fec6f930ed0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 50b69da0f15caf58ac288af2ee7722f0
SHA1 6d1cd5df6066876928fce0d415a0be4ce9d9cb4f
SHA256 9dc3ce9204b692fca5d77d9bb6573026a29d5736825ab59be1f7f1fc9605296d
SHA512 156492de02fb4a05e4f5c69ecd8fec9276212b9cc3126a9176b03582b7a70730a8d94df37b3691add64a621663e89a668dbde3480283467e526e35647dc157bc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 da0f774c385a38e0aeacf467f9f9284b
SHA1 bdc9113e69e8bdc96a4d66fc37411bcfd596a5a9
SHA256 86f374db7222f0796ef5c6b88dfb7cc9935e577c5e1ca76e945a1cc795ea6ffa
SHA512 c7883a0772913d2fb28928a8bdfc03ae8a5572ce38a6d1a34a14315ca6589a8c3d07fb74d5026d8bc337f7d3a6f0b33aee866a946fefcad8126ba817efb647a6

memory/4760-2646-0x000002B5CF660000-0x000002B5CFCCA000-memory.dmp

memory/4760-2647-0x00007FFD61770000-0x00007FFD62231000-memory.dmp

memory/4760-2648-0x000002B5D0110000-0x000002B5D0120000-memory.dmp

memory/4760-2650-0x000002B5EA2A0000-0x000002B5EA4F2000-memory.dmp

memory/4760-2651-0x000002B5D0110000-0x000002B5D0120000-memory.dmp

memory/4760-2652-0x000002B5D0110000-0x000002B5D0120000-memory.dmp

memory/4760-2653-0x000002B5ECE10000-0x000002B5ECE1A000-memory.dmp

memory/4760-2654-0x000002B5EDB10000-0x000002B5EDB22000-memory.dmp

memory/4760-2655-0x000002B5EDB30000-0x000002B5EDDB0000-memory.dmp

memory/4760-2663-0x00007FFD61770000-0x00007FFD62231000-memory.dmp

memory/4760-2664-0x000002B5D0110000-0x000002B5D0120000-memory.dmp

memory/4760-2665-0x000002B5D0110000-0x000002B5D0120000-memory.dmp

memory/4920-2668-0x0000000000F60000-0x0000000000F70000-memory.dmp

memory/4920-2669-0x00000000752C0000-0x0000000075A70000-memory.dmp

memory/4920-2670-0x00000000752C0000-0x0000000075A70000-memory.dmp

C:\Users\Admin\AppData\Local\Server\AsyncRAT.exe_Url_rlcfuditezizgbmskmstccdixoxy2jyu\0.5.8.0\user.config

MD5 f71f55112253acc1ef2ecd0a61935970
SHA1 faa9d50656e386e460278d31b1d9247fdd947bb7
SHA256 d1ad588a08c8c0799d7a14509f1e0a7ae04c519102ed9d328a83fe65999e6179
SHA512 761b5c13e39bd4ae21d298084bbe747ae71c383fedf9a51fd5e9723a8b3b4547de459d82bac7f3f8f3bfc11cfb0528a4f1057b51996d7d046583109a53317b44

C:\Users\Admin\AppData\Local\Server\AsyncRAT.exe_Url_rlcfuditezizgbmskmstccdixoxy2jyu\0.5.8.0\user.config

MD5 5bf9253f4e0b1793475841d80b4cfb01
SHA1 e6ba58d19d5cb582ee2da463265e76c66b5f6f65
SHA256 e4d9c595d88c12e2aedc06b8cad0f45fbcbdaa341aad528836d7471a983aa711
SHA512 db42628012c28422cd8ace63162e902b786823938ea455031b2dc84b13235a49626bce09498bfb83aa0ff4be05a08f21665ca0bcd69ff617f598bf0b30ba0bd1

C:\Users\Admin\Downloads\COMPILED\AsyncRAT\Fixer.bat

MD5 52ab2690a33a51804764be81820504aa
SHA1 36af53e8b27ea737c255402156c77c5f9be17aa0
SHA256 5255fa89ba49c5f1f2c81d66d42e3b16305296945683954eab1492ed11b90b4c
SHA512 95579203bd7e3f2104ad2f886b162f9938d6e371ba351b0b9c5fb5d3368d674f22f4c2ccc54aece5a9ab5f044ca9deeed63a4ad30ffd42787c54807c8396f21b

C:\Windows\System32\perfc011.dat

MD5 50681b748a019d0096b5df4ebe1eab74
SHA1 0fa741b445f16f05a1984813c7b07cc66097e180
SHA256 33295c7ee1b56a41e809432bc25dd745ba55b2dc91bfa97aa1f55156880cd71a
SHA512 568439b3547dcbcce28499d45663fdd0e2222f6c5c90053769ce2585f65721f679c071393328bde72c9a3f03da4c17abb84b8303897688b59598887ceb31438e

C:\Windows\System32\perfc010.dat

MD5 bea0a3b9b4dc8d06303d3d2f65f78b82
SHA1 361df606ee1c66a0b394716ba7253d9785a87024
SHA256 e88439ae381e57e207ce09bbf369859c34b239b08124339534dcc935a89ac927
SHA512 341132d443cd41acf0a7eaee0d6883c40d8a4db8c59e056211e898c817c2847377f0208ed3a40e0fd6f73f0196ffcc680c55754e160edafd97036739861a6c88

C:\Windows\System32\perfh00C.dat

MD5 518020fbecea70e8fecaa0afe298a79e
SHA1 c16d691c479a05958958bd19d1cb449769602976
SHA256 9a139a16fe741593e50fa5e1e2a0c706c0eba7f4d1e1a7a91035428185fde125
SHA512 ff910efee092c2b4a3fa1114f745feb7d01a38b55b0345e0118cdc601a056f79035bd92c76b49559480b515da4cd66d2fbe789baacdde67485cab989ff009b2e

C:\Windows\System32\perfc00C.dat

MD5 8b4b53cf469919a32481ce37bcce203a
SHA1 58ee96630adf29e79771bfc39a400a486b4efbb0
SHA256 a7b3a2b6c67e98cf2b13684c8774113c4ed4f60cd6fc673d4c9dcb360c60ce42
SHA512 62217e68c9e4c7b077e127040318c603e2f2cbcc5517ce0cfc6189e43023f8d8a05b8e694b2a35d4b409241136a1067749b7b6e2049d6910246d8c0fa6e9e575

C:\Windows\System32\perfh00A.dat

MD5 49032045f6bcb9f676c7437df76c7ffa
SHA1 f1bf3ba149cd1e581fe12fb06e93d512fe3a241b
SHA256 089f30c1e60f038627531d486659fab66a8b927d65e4eca18f104d6ae4c7f641
SHA512 55b459b7787e6efacdcc17adb830dc3172a316ff8dd3b14a51bf4496a9479f513ae279a839674b472c1424170ee4aa63a5d45fc7fbd38a533a885282858c74f1

C:\Windows\System32\perfc00A.dat

MD5 69c02ba10f3f430568e00bcb54ddf5a9
SHA1 8b95d298633e37c42ea5f96ac08d950973d6ee9d
SHA256 62e5660f9018da67d3c6727c39e9690650beb62749df0b4c00e6085f36c8e94e
SHA512 16e4d29324c2b50e1347532cd0982a149a7c67c4f27a743bbad8609ac662c3e00fa1be645b1b5f23adca3abd60c812f3f87d669f5ffb42b90ca5026dcbf2824e

C:\Windows\System32\perfh009.dat

MD5 50362589add3f92e63c918a06d664416
SHA1 e1f96e10fb0f9d3bec9ea89f07f97811ccc78182
SHA256 9a60acb9d0cb67b40154feb3ff45119f122301ee059798c87a02cc0c23e2ffce
SHA512 e21404bc7a5708ab1f4bd1df5baff4302bc31ac894d0940a38b8967b40aac46c2b3e51566d6410e66c4e867e1d8a88489adccf8bdcaec682e9ddabc0dac64468

C:\Windows\System32\perfh007.dat

MD5 312d855b1d95ae830e067657cffdd28c
SHA1 8133c02adeae24916fa9c53e52b3bfe66ac3d5a3
SHA256 ca3f8056e3e2378509ab24f8b8471e5fccac403a5413be518ac35bbb42a2e2cf
SHA512 f25c1a81a582a2a5e3142bd97f425c6ee5c26f878b1155232002fff1e4a3528bc371fb962da256c281e05c6c537160a4f48e00ea1fcf3e9887097f8ca6ec2b14

C:\Windows\System32\perfc007.dat

MD5 bc3d1639f16cb93350a76b95cd59108b
SHA1 47f1067b694967d71af236d5e33d31cb99741f4c
SHA256 004818827ecc581f75674919f4605d28eed27e3f2229ae051d6849129eef40e9
SHA512 fe44f3dbd009d932491af26c3615e616bc0042741dc3815ffb4d2b8d201efd8ab89f7cdd747406609393f005a596a6e9ea8e3f231bc150dc406c2adb8f806249

C:\Windows\System32\perfh011.dat

MD5 ab91dd7fa8878b8d14608522cc38102e
SHA1 c4cf62ad6183a2d341fb3de756cb672516897183
SHA256 7aae74ee957962add631778e45a174693a15a2e9ca48e151f2fb5e31488eecf7
SHA512 f1202cbb56c93182d1aec675d9d069d1156d2cbe11cc6b05358f0e83786e4a04b0a6ba42be378574d01b8d17a3f2e38110d45f7d7a10cd89f8d7d8c83ff35455

C:\Windows\System32\perfh010.dat

MD5 f9fcefdf318c60de1e79166043b85ec4
SHA1 a99d480b322c9789c161ee3a46684f030ec9ad33
SHA256 9c92309f7a11b916d0e9b99f9083f58b1a2fa7a9aad283b064f01c11781160e7
SHA512 881e112fedccc8643d872396baf726ceb7a49c5cce09489ddcb88400b5a4578dd5ee62a4082d81a6c721c74edb00d84d225e08ab892cc094976149a1a2c486d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 034271ddeb93a60335a46d11ddc784e1
SHA1 a765537f7de66d368238d96c4cbed1cd73911276
SHA256 f32e20ad7e324985e3cbbbf4c1540092c0ed74c40dafe3f62aa3b845181c3ab1
SHA512 d0b6ef07a7ff0b97d2fdceb37ed27c16c7f7aaf864e2e2ff5a4eaed855e9f783ffc45027464b494d74c594a552cfa439b1d8888b8fca3548ff7cad38893f3370

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 3683eb6db701da29f3a96dc900455894
SHA1 b611c577b4617b31f1d89b2ae64e10a4eb10c3fa
SHA256 46548db6171533d4de2522bb7766505cd90f4fdf99994f14a64d79700c443300
SHA512 cdb6953a75a084e15a40997d3b85563ee62863bf4053e0a1bd05575faefb39528e188e4987bbb0463d1044f06f94d790724f3a3c56ed6f5557866b88e6f8fff5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 87a15f53211817ce0a1a2ed1be431199
SHA1 864c00a66b94be7ab6416a41089c7c33243a4c23
SHA256 fcc855e599089d9136f4a7e9fa8c65c06f8f4550ef91fe9374d97c44198db830
SHA512 239b4aaa1c90b0f62de119d9dc342dfd14d5804a5d4f11b9bcfbfaa26faa3bde07fbe1db457a09e07c5be6972cfa2c08f9f0bfad4f8b54b5b5e95712705f77c2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 99aadb7c6ece86cb561e96a301715323
SHA1 e5ca63d5cc8285cb9cdd461a99dba892d441b5ca
SHA256 94a92f59149652047fcf63be74435bee28dea3ffffccf52316d5540583ce8d95
SHA512 c0018a66eb20192aa153e539d7ad609f09b0be2fdae291b36a703d203160fa0346f89f90c4fe423927d92c38f57aacd48cd4aed7bff8b7ccdcd47c8e74495246

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 7c9b8e3bf9347eb60e96ece86311ae60
SHA1 60704317e091b39bedd0cbf4926aa3cdf441b686
SHA256 b294ef4561e1e8a40eda6cb36cc835a742a6e4bb1e4624aa9ca5fdaf5c0f2d61
SHA512 f1cc78600e633f3de6e2f81fb2688a0cea6c5aae89993846f7eb6296ab7c2c2df92f373cf69e405bf7c8b7ac13c4986bb2c22acb4929d8c7eabd478e97824d0e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

MD5 80c5492271a03916660d1b526ccb2031
SHA1 03cbb6ceb84df6f3b518ce00ce439035a3f88635
SHA256 d92dd3496f5558d22ac4d291cdc7dde9270d84b8c7da9239c2360fe819c18cb7
SHA512 55a118376dde21fe3fb93c60fe612828c1fd892c3902de046eb21222749a5163d5ac85bdcd6615f579547ac08fd7fda14db5eb41aa3c5c30accde437ef324a19

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 050e5e43397c8c9b85e9c863229d37cb
SHA1 0003f5862a9e0187442404f92bc7d6e0fbd83ec2
SHA256 77e3b1fa5dad25ec5d9f0f91bb51fde3c683484f647288c190720a971ddae5fa
SHA512 2a160d2715a1d47e657b0c0853787a24c48e720e69330c86bcc5a782f9f2fcab042f100d48866c5e79a92e93d448a161799adaea6a159316edcaa4e01fa4b258

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 4c51d0df112b07b05ed823a0d3e259b9
SHA1 a4bfcdbd103eba333540f8b039707c1a858b1a3c
SHA256 eb76a5739bab72e894e96c1cea6be3d2d05d3edf3dcdbe5f19412d8c3299f885
SHA512 4edce1f3a5a598fe6337b2c575ddbb36b2d73d2b572342889d085d3739fd486c9852329b03a47e3e153ecfa390595945562cb4d1386a32e1465fb4d9e6ef3cd3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9a9266b37972837e8f4000e667b40739
SHA1 e1d50fe63c8fefa937bd2b7e176debbcecea621d
SHA256 275e06a257d3598c0be7f124f2dc44d9c63c976397b984dce99f47a20494016b
SHA512 473e0096057956af4fe30c83186b6ed8aae76f7e1bfb19f637c45d789eb39bd6894aa5b817cacebffaefcc30b8861eb1f8b0f0065f2e4bf32744941a2d15fc3d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 aefd77f47fb84fae5ea194496b44c67a
SHA1 dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA256 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512 b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 add53aa9e71010a27181ee94151d7b38
SHA1 79da198cc38db443fd43254803087d16d4fad832
SHA256 db9fae4f3f0c4e443064dc8fb8dc48294748682f599b50eb073fbe1251fb86b3
SHA512 928f79dd40d0a2c4003ad3ebc50adfcb98c2ba863be1e36883e0318fb341689932f68329c29dbadd58ee712ce59450a00bd4ca305a7daff928ae86900b3502a2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f5ccf222d75b759547b097bfeb6ad677
SHA1 d521b1516cf44e57e7ea789f81a87ef77d50a83a
SHA256 4d4b332df1bd5254ba2e0634ea3d6209bdc096fa3ac84e399451169f8572b92b
SHA512 297765bc625c7eb9aa2876e64aa9d4995e1c150fd387226215db6fa05b4de0bb1a51083234557f61dbce05f11c496852467739170b9054d270b3bb7c3a7f9022

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 0da9d46edf9cb7181ffcca6d725085fa
SHA1 9b5a1cab9a0291f7c5b1f004f512d4c09a508a43
SHA256 489ed9cbf266614f23c1cb126750639dce570cfa2ef7525c8bf6881c5befab50
SHA512 888c1d93e43b9b0984fd99eb2aadc7e2f3e81a84199ee7a305f17641364fdc555ae873433ec8b4f6306286ff9156c467725869538732ad761304af77ad97a7b6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 609f8c7b42cedea4d0c54c9c95460269
SHA1 52eedcb3b85fd012f29622dfed97fe8c195e0be7
SHA256 3728524b150da0ebed01f9817e68d06b65f65d9ed2d8e3b43e23d4b5f2d05ca5
SHA512 3d96485c6668ab42b073f8df10e6044683c26a3805f83ac68e9cd5c19dda204a0e88c09865eec90540666861b23e0a631ddba719d61c91c52c86e77b0ef445f9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 93e01e22769390721519687580d14e35
SHA1 52c757c1ae62f2aee5528b2ee5f0af9a23c35aa6
SHA256 8868a549021bec49be7270784d3398ce476eb84c5321319fbdd8089cdfb2d260
SHA512 5a606229d6ec6423b8556229ff5da67202a39c2febd93f2a336152107e9d16c2d16215154ade9f0751548008d41de3aedd77e64869215276650030e14901f414

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 3c30f54848f146aa3b8d091018d66ca6
SHA1 526f53c39d90eef0c00ff6eb80d04c35de02a917
SHA256 91153b2592f6b34f327b08d36d732ff66847257a0ae929e8af5b9ce03bd4b3ae
SHA512 78d4884fb95ee9002560d2929e07051f122c486e294fa34f9d7b9c937c195d4dd95f318fb3ceaa4afb4a19b4f90bb7cf2b7f9b98219e7dcc2e2a641962d4dfda

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 69187f1ee54afa0bd343374e14fa910b
SHA1 cfbf2b119e13f8454fd66dfd6cc177bd2f2f259a
SHA256 1b2b7226265d54e663dd225dc634816e9656a8e6bca0a143d329605b8cc30088
SHA512 8cb272bdb54089e90ea75c649f07fc6711af141ce4c3074dc54852477baaa709f3e35204efa417e03aa4843ccf085c3fc444726cd61567be08be1bf8b70a94d0

memory/4760-4437-0x00007FFD61770000-0x00007FFD62231000-memory.dmp