Malware Analysis Report

2024-11-30 19:22

Sample ID 240303-2vkejaaf7x
Target Slick_Cheats_free_triggerbot.rar
SHA256 c8bffa8647697191e5c0554d09f92fc6ad21601387690996d2c5c5d2f6716178
Tags
agenttesla agilenet keylogger spyware stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

c8bffa8647697191e5c0554d09f92fc6ad21601387690996d2c5c5d2f6716178

Threat Level: Known bad

The file Slick_Cheats_free_triggerbot.rar was found to be: Known bad.

Malicious Activity Summary

agenttesla agilenet keylogger spyware stealer trojan

AgentTesla

AgentTesla payload

Checks computer location settings

Loads dropped DLL

Obfuscated with Agile.Net obfuscator

Executes dropped EXE

Looks up external IP address via web service

Suspicious use of NtSetInformationThreadHideFromDebugger

Enumerates physical storage devices

Suspicious use of SetWindowsHookEx

Suspicious behavior: EnumeratesProcesses

Enumerates system info in registry

Suspicious use of FindShellTrayWindow

Suspicious use of AdjustPrivilegeToken

Modifies Internet Explorer settings

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Modifies system certificate store

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of WriteProcessMemory

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-03-03 22:54

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-03-03 22:54

Reported

2024-03-03 22:56

Platform

win7-20240221-en

Max time kernel

150s

Max time network

145s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\Slick_Cheats_free_triggerbot.rar

Signatures

AgentTesla

keylogger trojan stealer spyware agenttesla

AgentTesla payload

Description Indicator Process Target
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO4D9290C7\ValoBot.exe N/A

Obfuscated with Agile.Net obfuscator

agilenet
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A api.ipify.org N/A N/A
N/A api.ipify.org N/A N/A
N/A api.ipify.org N/A N/A

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO4D9290C7\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO4D9290C7\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO4D9290C7\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO4D9290C7\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO4D9290C7\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO4D9290C7\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO4D9290C7\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO4D9290C7\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO4D9290C7\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO4D9290C7\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO4D9290C7\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO4D9290C7\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO4D9290C7\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO4D9290C7\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO4D9290C7\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO4D9290C7\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO4D9290C7\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO4D9290C7\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO4D9290C7\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO4D9290C7\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO4D9290C7\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO4D9290C7\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO4D9290C7\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO4D9290C7\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO4D9290C7\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO4D9290C7\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO4D9290C7\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO4D9290C7\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO4D9290C7\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO4D9290C7\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO4D9290C7\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO4D9290C7\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO4D9290C7\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO4D9290C7\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO4D9290C7\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO4D9290C7\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO4D9290C7\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO4D9290C7\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO4D9290C7\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO4D9290C7\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO4D9290C7\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO4D9290C7\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO4D9290C7\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO4D9290C7\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO4D9290C7\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO4D9290C7\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO4D9290C7\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO4D9290C7\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO4D9290C7\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO4D9290C7\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO4D9290C7\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO4D9290C7\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO4D9290C7\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO4D9290C7\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO4D9290C7\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO4D9290C7\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO4D9290C7\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO4D9290C7\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO4D9290C7\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO4D9290C7\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO4D9290C7\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO4D9290C7\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO4D9290C7\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO4D9290C7\ValoBot.exe N/A

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\AppData\Local\Temp\7zO4D9290C7\ValoBot.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Users\Admin\AppData\Local\Temp\7zO4D9290C7\ValoBot.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion C:\Users\Admin\AppData\Local\Temp\7zO4D9290C7\ValoBot.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{3B7FC4A1-D9B1-11EE-9A09-E25BC60B6402} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000112dd71d930ff24b8b2b71a2c228122b000000000200000000001066000000010000200000006f1a26387994a0caca6569fdf933a92a3b299bf056dc55fbbb0214f4e03827ca000000000e8000000002000020000000bb7d330821537a52bc3512650c873bd873bbceeac7081d657b0122639f5b8c6320000000f8122b96c76de2390a3eba485daf247259941d9acb0e75e1953476c4bd7a9d0a400000003fdb334f670f7c87a5cbb03f5587a2ea3e465b3154fb269f30fa8a0ddbb8b4058352e105b014791498afdfa5ed7d20e6f1b2f83a1d2d71f1cacae14ca56e7602 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000112dd71d930ff24b8b2b71a2c228122b00000000020000000000106600000001000020000000bde714bf984d48c464ae4c1166403206f1dcd1843dd55a90f5516fde6c475bad000000000e8000000002000020000000cc55025268bfd8ff9791f76837fe4f02a74f0d6966c73037ac1fc53309b47f1c900000002a8c05a5b2228ed5895e82b7246522ffd039ded8e43954f77df8bccde6afeef8671999a5a328a927dcdee6b60a63a2e8b254d84ed1d5b227325d2dfad09ac8853366d1d430a51e1d8ce9406f1750a647c9ac6cb7515b3a35de90c28a8a7d0db4a261d14cffdf3ebe18110f062f8cbae095ded713a039b03964bfcb8b277c6cbacbd77ead1ce6dd75335638b6a2cdd05740000000928b927c63a5493b70b56b2b3660725e13ff22a5a28bc4f30b292796c41871050f7d9554665f98d55d31517b2eb631af7f94a1a1f6345b7369acbaa9fdba2d4f C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\ITBar7Height = "21" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\SearchScopes C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 90f43a15be6dda01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 040000000100000010000000410352dc0ff7501b16f0028eba6f45c50f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131900000001000000100000006cf252fec3e8f20996de5d4dd9aef42420000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 C:\Users\Admin\AppData\Local\Temp\7zO4D9290C7\ValoBot.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 C:\Users\Admin\AppData\Local\Temp\7zO4D9290C7\ValoBot.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827 C:\Users\Admin\AppData\Local\Temp\7zO4D9290C7\ValoBot.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13 C:\Users\Admin\AppData\Local\Temp\7zO4D9290C7\ValoBot.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 0f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1320000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 C:\Users\Admin\AppData\Local\Temp\7zO4D9290C7\ValoBot.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 1900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc41560858910090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000000f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d20000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510 C:\Users\Admin\AppData\Local\Temp\7zO4D9290C7\ValoBot.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zO4D9290C7\ValoBot.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2656 wrote to memory of 2516 N/A C:\Windows\system32\cmd.exe C:\Program Files\7-Zip\7zFM.exe
PID 2656 wrote to memory of 2516 N/A C:\Windows\system32\cmd.exe C:\Program Files\7-Zip\7zFM.exe
PID 2656 wrote to memory of 2516 N/A C:\Windows\system32\cmd.exe C:\Program Files\7-Zip\7zFM.exe
PID 2516 wrote to memory of 2864 N/A C:\Program Files\7-Zip\7zFM.exe C:\Users\Admin\AppData\Local\Temp\7zO4D9290C7\ValoBot.exe
PID 2516 wrote to memory of 2864 N/A C:\Program Files\7-Zip\7zFM.exe C:\Users\Admin\AppData\Local\Temp\7zO4D9290C7\ValoBot.exe
PID 2516 wrote to memory of 2864 N/A C:\Program Files\7-Zip\7zFM.exe C:\Users\Admin\AppData\Local\Temp\7zO4D9290C7\ValoBot.exe
PID 2516 wrote to memory of 2864 N/A C:\Program Files\7-Zip\7zFM.exe C:\Users\Admin\AppData\Local\Temp\7zO4D9290C7\ValoBot.exe
PID 2864 wrote to memory of 3012 N/A C:\Users\Admin\AppData\Local\Temp\7zO4D9290C7\ValoBot.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2864 wrote to memory of 3012 N/A C:\Users\Admin\AppData\Local\Temp\7zO4D9290C7\ValoBot.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2864 wrote to memory of 3012 N/A C:\Users\Admin\AppData\Local\Temp\7zO4D9290C7\ValoBot.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 2864 wrote to memory of 3012 N/A C:\Users\Admin\AppData\Local\Temp\7zO4D9290C7\ValoBot.exe C:\Program Files\Internet Explorer\iexplore.exe
PID 3012 wrote to memory of 1812 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 3012 wrote to memory of 1812 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 3012 wrote to memory of 1812 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 3012 wrote to memory of 1812 N/A C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\Slick_Cheats_free_triggerbot.rar

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Slick_Cheats_free_triggerbot.rar"

C:\Users\Admin\AppData\Local\Temp\7zO4D9290C7\ValoBot.exe

"C:\Users\Admin\AppData\Local\Temp\7zO4D9290C7\ValoBot.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://link-hub.net/1129937/free-triggerbot

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3012 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 keyauth.win udp
US 172.67.72.57:443 keyauth.win tcp
US 8.8.8.8:53 apps.identrust.com udp
GB 96.17.179.205:80 apps.identrust.com tcp
US 8.8.8.8:53 link-hub.net udp
US 172.67.135.50:443 link-hub.net tcp
US 172.67.135.50:443 link-hub.net tcp
US 8.8.8.8:53 linkvertise.com udp
US 104.26.15.247:443 linkvertise.com tcp
US 104.26.15.247:443 linkvertise.com tcp
US 8.8.8.8:53 x2.c.lencr.org udp
US 8.8.8.8:53 x2.c.lencr.org udp
GB 2.19.169.32:80 x2.c.lencr.org tcp
GB 2.19.169.32:80 x2.c.lencr.org tcp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 8.8.8.8:53 maxst.icons8.com udp
US 8.8.8.8:53 stackpath.bootstrapcdn.com udp
US 8.8.8.8:53 js.chargebee.com udp
US 8.8.8.8:53 contextual.media.net udp
US 104.26.15.247:443 linkvertise.com tcp
US 104.26.15.247:443 linkvertise.com tcp
US 104.26.15.247:443 linkvertise.com tcp
US 104.26.15.247:443 linkvertise.com tcp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
US 104.18.10.207:443 stackpath.bootstrapcdn.com tcp
US 104.18.10.207:443 stackpath.bootstrapcdn.com tcp
GB 2.17.4.21:443 contextual.media.net tcp
GB 2.17.4.21:443 contextual.media.net tcp
GB 89.187.167.9:443 maxst.icons8.com tcp
GB 89.187.167.9:443 maxst.icons8.com tcp
IE 18.66.171.112:443 js.chargebee.com tcp
IE 18.66.171.112:443 js.chargebee.com tcp
US 8.8.8.8:53 p.typekit.net udp
GB 88.221.135.104:443 p.typekit.net tcp
GB 88.221.135.104:443 p.typekit.net tcp
GB 88.221.135.104:443 p.typekit.net tcp
US 8.8.8.8:53 api.ipify.org udp
US 8.8.8.8:53 www.clarity.ms udp
US 172.67.74.152:443 api.ipify.org tcp
US 172.67.74.152:443 api.ipify.org tcp
US 13.107.246.64:443 www.clarity.ms tcp
US 13.107.246.64:443 www.clarity.ms tcp
US 8.8.8.8:53 c.clarity.ms udp
IE 68.219.88.97:443 c.clarity.ms tcp
IE 68.219.88.97:443 c.clarity.ms tcp
US 8.8.8.8:53 r.clarity.ms udp
US 20.119.174.243:443 r.clarity.ms tcp
US 20.119.174.243:443 r.clarity.ms tcp
IE 68.219.88.97:443 c.clarity.ms tcp
US 20.119.174.243:443 r.clarity.ms tcp
US 20.119.174.243:443 r.clarity.ms tcp

Files

C:\Users\Admin\AppData\Local\Temp\7zO4D9290C7\ValoBot.exe

MD5 47bf59e49c956f1b2b040fe62568eada
SHA1 317535391540cfb80262e5d69363a50ffaba425d
SHA256 c330e32c4083992d0a6c18acb7fa89df37fd86f9e4f76ff4b7f743e583a904be
SHA512 f636fbb7baa17ea36c6d462ee8b1e63016f9a7335797a9a3b5593e8f2e813a4348c7aa35b9e4b94ad73a4ada9ed881be098d4d6a187f395e94b848f929e4a797

C:\Users\Admin\AppData\Local\Temp\7zO4D9290C7\ValoBot.exe

MD5 f2b08c432b1c5da386447e0d034edfb1
SHA1 7d4da02ce1d2f9dbba9485b2a2bae5d305d277d4
SHA256 6620d4176931eb55f2a6d6404ea1ddc793a19b0162ec9a426714228f21716621
SHA512 e494a5de29bd76c6aed120f6d10ae47aa257c0f81d583ef6745a8b160e7edf2ea0b71fdfcfc2e0367826ddde9abcf4d0f191a6c1130cfe132095161a6d5fa5c9

C:\Users\Admin\AppData\Local\Temp\7zO4D9290C7\ValoBot.exe

MD5 2c4a4b7302f5714a3abeb1bde88a30b3
SHA1 0b0e11a3fd838499cb4f1ee03015ecd96a058d62
SHA256 38b679329697a7d55a467ce0abcdfb0bb1d7d2f07db73fc802102740c39a41b6
SHA512 8e8529ff3aa50c1e8e5e1405df9916b9636ad946faa600189a898704cef640580e6e2d06ce25aaa754e2fdeda15c6bc2e2c90e34b8f2b5d817e09532936f0b23

memory/2864-38-0x00000000744C0000-0x0000000074BAE000-memory.dmp

memory/2864-37-0x0000000000320000-0x0000000000638000-memory.dmp

memory/2864-39-0x0000000004D50000-0x0000000004D90000-memory.dmp

\Users\Admin\AppData\Local\Temp\7zO4D9290C7\453A6857.dll

MD5 67844fa1c427751b94f8206890a82d69
SHA1 bd76085724607c7f8b689fcc0b6d13e7a2c47d2a
SHA256 7d6669c44ae3625015d94f7ab516c3a203fc341a4bc6dfe06e1d3677547823bb
SHA512 e2b8a4ae2ec8871813e46d77c6821e2e8f63b560c0e443f5363d97241d568fa6321275a0acf800ffce4f8d7ae45b23b5283c9339273ad9a7423d2a02f17c9235

memory/2864-45-0x0000000005070000-0x00000000051EE000-memory.dmp

memory/2864-47-0x00000000006F0000-0x0000000000700000-memory.dmp

memory/2864-48-0x00000000006F0000-0x0000000000700000-memory.dmp

memory/2864-49-0x00000000006F0000-0x00000000006F6000-memory.dmp

memory/2864-51-0x0000000007AA0000-0x0000000007D04000-memory.dmp

memory/2864-52-0x0000000000880000-0x000000000089A000-memory.dmp

memory/2864-53-0x0000000008330000-0x000000000847E000-memory.dmp

memory/2864-54-0x0000000002160000-0x0000000002174000-memory.dmp

memory/2864-55-0x0000000008700000-0x0000000008914000-memory.dmp

memory/2864-56-0x0000000004D50000-0x0000000004D90000-memory.dmp

memory/2864-57-0x0000000004D50000-0x0000000004D90000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Cab1190.tmp

MD5 ac05d27423a85adc1622c714f2cb6184
SHA1 b0fe2b1abddb97837ea0195be70ab2ff14d43198
SHA256 c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d
SHA512 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 753df6889fd7410a2e9fe333da83a429
SHA1 3c425f16e8267186061dd48ac1c77c122962456e
SHA256 b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78
SHA512 9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

C:\Users\Admin\AppData\Local\Temp\Tar12BF.tmp

MD5 dd73cead4b93366cf3465c8cd32e2796
SHA1 74546226dfe9ceb8184651e920d1dbfb432b314e
SHA256 a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22
SHA512 ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 54fc86e78f9d0358c06b010c0942feba
SHA1 8d4f8c3fad7c19da6f3f4286602a49c19fdc90a5
SHA256 33edfcaca1649b9c6a1b69cdeea726e908782bd9e53ff2a147b0fe73b1378d41
SHA512 e114a2a3ace3c4c4c8dbb7c514fe734000bb20cfb2022ff52435d8b08841823bbd82b927235b8a600298a385798ef0bbd26f9450062e858f0fd0d33bbc172731

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 81966389d8d21d3d8506affd2f2f8b72
SHA1 63413e1aa76a24c4764a00d3803af5eb56699a85
SHA256 e848fdebd8ff2c6bfdb383ecfbcad94c4f2d71c721c6c8904c617f66edfde9df
SHA512 529473569831a0192c6fa9bb5ef6369cfbaa609e6ef82e6c60222689bd6fac2776b96ecaf47d31be9e1b9c6ac110d63d1b18dedadb3ada7f9bd44cd646771313

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 c03968f0ed0e09f17912d3d639bff0a8
SHA1 bf47971a758de1ca5b38d004e40bd30b497163d6
SHA256 5f42cac2ff845b4403071c44208a8fa5dc9f17f75e532d4f4c5356e1e4fd333a
SHA512 7fd416d1d519a721e143fea4051544348559add13cd81aa987bcb2a06ca45120bebe10292a0f4682e158c337f39117b641b23fecb0c43610aa2bb4879b9ba9c1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0b42e1637ae28de76cfcfb6781acba9a
SHA1 be967f1e01dd983a1d5adb5c23634823c9ec89cd
SHA256 decc9815d1449ec9e2730affe6a4918b2ad177f04536d4c2db5e5078fa05ba71
SHA512 6682ea2991ce298e6d694da22fa70ce18f8c6fe15564a66971d72ffc25e960769210f176589a88f7fd298dcac9ebe6221ba68e6463e4e0daff14d2d40734ca2d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 db86b3d9de7b1f6d138f09739c620ad6
SHA1 1a28500cb0868c1584888df75a19dc3282ad8328
SHA256 c790975d6f2325575ae4f45c41d3725477fec64763109c083463c231ea9e15a1
SHA512 2423c3db730899c8bbde9c240a4bfad65baa7cd01e16b76dbcfd9515e21f98ed449d93f7809141fec5c2a6b6e4f22cb2018d2594743b79efdfdcc0c467f7d2f4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 19bd327e9ad260be34d888adfb1f0b80
SHA1 5f0eee445e0ddd3bbbbed258b409e15e661f710b
SHA256 ad1793ceb900f7d0a6ac41ac874626c153504ea1a0a2f126dbce98ba082724ec
SHA512 de3de9dbed9c499c0902cfb5e485f9dbf6c4f0422313fc8ace8a753d7478897d03995d2ac24bcf4098f0697a2ed0b0f5e54a257e500555f67c8d4c6136d1789b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ce58426ff0798578f50fda30f394202a
SHA1 82e41f5063e779380baf1cc566ca4c74688e1836
SHA256 ca4040286f613b5399b07421d027f1283deb53f4fa3141a5175c991d57d33150
SHA512 a0691ddef9363aef0b3c294e7a3146501d516e8f48d8900fc667a3e3596a5d1b9d20bc0ebb8b7c86986f27be237ba6cfcb84ff7e380e3ef47f9b405e7048b75f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

MD5 55540a230bdab55187a841cfe1aa1545
SHA1 363e4734f757bdeb89868efe94907774a327695e
SHA256 d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
SHA512 c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 223a6b6a1755069380e794ffb78017f1
SHA1 c8110030dad76b3f173db1e0ecea6889bf8fd059
SHA256 fb0bb39ae1cb367bad6d964f7c0a0daa38fb61c761f6df5f1c1bc23758b7b6ad
SHA512 d126235e384bafb310da943422eb2d0b21e1eb9b171126dddc04ce2e032a2bfd0de919787edff8671b7483c4e565bf7a43ca36f9429f6a8eb2dde17c6df8ebc0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

MD5 19bec07a35db761a843269a950a4c62a
SHA1 16520007dc4cf2c5e04756a34a6449a7443c24a5
SHA256 a84d33cd8ed7feae0895bc5dde4ed13f3f262a57ed59962da8a7c66e4bd07de9
SHA512 2f2b31e6c1127cf1ad5988b6251ab84dbd4fa3050f5a7a16eed4a2dad1ade2a5c0e1e2360db9852e7619bb64d15b1fc8e23247167fcbbf4ad356a4cf5b40fca2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a043fe37ded101286e05ab579147753a
SHA1 b9741fd0d9df83522c18fa75a41c38abe852ff98
SHA256 13286a2716358643506ad3eb7cd507bb215cb3b6dd004cfef2a441ed6817c1e4
SHA512 41aeeb2e900202d7219e9e7b7a80e8e64cd143e48439fe979787f40991557caa8a02f4bc4ee42639202583f85d24502345d984483f0ebc3e4e8f49eef6abc8aa

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4563e1d539d7f7027a3860739b6bb19c
SHA1 ea0769097e6faf881e93235ca786c1953e08f0ca
SHA256 75e68939f1b887e3f1f4fe282c4079b10e22ced454c8d67fc5eaee5fc980e11a
SHA512 6bc929053ea9951c29a32c54e2c97137642c3c51cf268bfa2e32ec22dc968333a258245a2a8c1f10aefbe79b6d30222ce3bcb08d4a9da3f003b15f6f8bf01359

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 97d2714d7ca3b959184e7b0a7754ae2d
SHA1 8c007bdbb9b75e80098f840d298fa1f7f0be447d
SHA256 a4cd0cf6c4f783ce81e3f95116c445c4124896e609699bc5aab1e5f57aa78b8c
SHA512 0b713be98d7e296a33aa79f7fb7cf80bbeba3002e351c6d0c7a66d5230949e07c62af2bdc33244c4f676d77ed93645af74ef7cb966f979b3569ffee48eea1bcb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b267d7f8655c58f984452cb589bbcdae
SHA1 f3f20b523da621027096b6e60a0398cdc88a5dfc
SHA256 d5001503215fa5d08099e02bb77af317b6c12a53809841d3212309f08c8d7de8
SHA512 cdde8d47d5d98ea224bb0d2834ca0d353d6f109f1fa2e955dd7b0b845b6866bcf2393d299eabc19efbcd3223c96a2cba24e6092c22e20b57572cfae2411bc9c9

memory/2864-723-0x00000000744C0000-0x0000000074BAE000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5c85d627fac39168ae3e06f3c851e8a5
SHA1 412a61d43a10f4b419ec317607afea21f2f20554
SHA256 b92e2e58bf2923addf3ca9c8eacc987f9e0b3f1d39f77a9b7fd55a64fd4c2d4e
SHA512 c6868ae2d5874bc72a7603a9264038ac8c30a025c0d27eda6b438c9bb1669de49a24b4bb83de2ed7fcd3159552279b124dc3a75fe757c60413592d444a821cf1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e80304fe8bbb938de68a18c83c20f387
SHA1 e1a50b3eaf7a1e2dc3ffdf0792664b8b630cfc9a
SHA256 5af819c47eaba7e630c8e03d2c8c381162f109ed8d910857a1b53ec4fd7093b5
SHA512 ae2bd45310bedf7ec46267f6c1d7f852c9a6673a951e82a1c095541e5bacf251df545676ee8fbc6dc8bede4149c75e22535f103e97aafe672c01f75ce268c85b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8b7c5a70463ebc103d3bcce38c590758
SHA1 458487b227bb19c6a8c4ceaa08514f56bc7c8b9a
SHA256 b8b9ce4d4c86ee740f4a17e115b1eed4046f974c1a15bf6ede486b7de4df3d2b
SHA512 3af03e89d60be134337510596f6c5d72e0808ace57f6e2129ce4e3414badde109bf7aeabf33566be8a55a2f1b77ac58c84d4aa540661e58821a0879d17d9a941

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a4ac48bfcf7d4f780dc8c67b52eaf5b1
SHA1 c3cf0a0ad33a5acf4f667832b47538882010e125
SHA256 1fa60fe7aa68000fff8bd74f0f203e8b886284c4b54757f2277de238752a23d3
SHA512 5a3a1b7f360f10b763b9b0cddc5118d3b83863e85467d231f81395ddaaba35e5a43b47fd233b34f6f1fd331cea437b51c37046adf7286e17c21e0aa39c1808ec

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 62877d4ac54b74f0e2e7bd5f0f7efab2
SHA1 d56d552414a75b2e79081a0ffe7e029a0eb93f59
SHA256 4039013329c9b59628856293f9a49a4cb29dfc938854695f9fd3a88bf829629b
SHA512 12e1d7f1ccd65e7c0a6de248ab2123b7be19e2cc28ac0d5a7cbb47a0d0301a3b9ac986e8eaf809cf55016ffe7b817505f6341967e1fe50c84096821b7e938deb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a197cb35359ae2b8de6593bf3f43e8d6
SHA1 b751d79e1031e7e12c6e913a07f30b7295318145
SHA256 6fad76b41432889b70506e61d0f8c2a7984608e7c1ad95785533e33b1ee01698
SHA512 5c77719e9bfa0bfcbc1790fb91d209d180e68f36f391f62fea41d581296e42c14f4034a8395b13ec5349e4b7b8c4d4fc5783280be6db524d7b6cd832ebb11953

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 164226d7ef1dab17c1f748739da607a4
SHA1 87034995f5483ed421d0f6bc1cc62d1a82dff27d
SHA256 33e01953240c8f0a279b6cc634733cc9997ebe4c19b2f49dd8871f8ccf4df8d4
SHA512 485072da006fef1d1767a9063411a9bd1f1f0675e79dced70ee48fa024ab1d423bc5ce12f91294e0525b4f0e675ec9ac119c0f2fb612105db49d3b99dfb377c9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0f72c563b40296e67ed9f303df046d15
SHA1 d9566aa8f17d1336f9e4473e81ee10488f029a6a
SHA256 c8eeb8f040d6e5c3bf94c68d09a01812b4b08bfb41137c449048c43e90e00fba
SHA512 7f661b51612e0025be47562b76cd53e4c60a735b2f7169f384b68ab364baee89f2d7f0ee5f5b473f8a6c5deeca67246ae1fbc150d309662f2b37b357f41dec00

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 63072af720a4da6e11a1741dbba490d9
SHA1 27a87b2da6190407f9d1b7c3b53f6139728c9756
SHA256 3b5f7a1401928610b205fd4b87000a2f46478065dab095dd9d1d80b5b1dab980
SHA512 0f7f6b6673db5fdfb748c33df2a35067c079588ec37e14460c069f34f3e99bbeb46c4c8270b25479ce803ed7fa8ba64c2f46ea457e9c059b0cc014d384e4ff1c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8dbad3e65df8a7343ea14ecf08ad7cd1
SHA1 3a735522d307349386679c701736c3ff1c97775c
SHA256 b56fb01d96eaa281efb585082d0a1d92095c116fb39a9cd0cf5e935568f998ef
SHA512 f040c548e7954bebf049cf7db3d5163c673f31153f88c5ef1e84fff5c4dee1097236eb99f54a6887fd7d110e79a3c9c9b7ff727492fa10eb46568d5b395c4386

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9d6752a397ea0b668027190d9f4a0838
SHA1 ae545628751f719ffc1f35597537e4d5c8ff8154
SHA256 fe5fb1eeefa8ef8ebe1c57eb18945c8c9d378c7c598b51f6028fc93614704935
SHA512 d420dc386afaba0983ca46231da8fa1391e6099c9b850dd71ee3696781938aebc37fd0c52078c3454696484cdc05d4e4bc49943262aca3a9122259b5ce3750a2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fbdce244efa305068e73d87177e74ded
SHA1 70961a53f6b4e711cf3f8190bba96e050059ce04
SHA256 071095d3d034daf0356dc85477ec1f7ff96cd61c4ef59c475eff74983fb2785d
SHA512 cdb3853c476e45114b0e3cefc5b3308c3923f73a5a889cb414a2edf13f53f155715d06c344f1bf59bbf57530af96dd48b379fa9df1b2d03139d7c1da52d200a1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5ad4940e5cb7170cc8e8f287ae90250f
SHA1 780af8c9ec72a6d9c7e6bd8e51fd5db5c3148e2d
SHA256 d6d2b60145f4cec8162d813fa554cbde9bdeb90cb1866af00a8cab4b50a39652
SHA512 c361c5a700aabb31b3040790a1318ea70240ffd8bf29701ad45c180779a05b49df1ab24092e01eabc081e5f152429e695dcdfbeed5aa99a7bcf4614c0feb32a0

memory/2864-1333-0x0000000004D50000-0x0000000004D90000-memory.dmp

memory/2864-1467-0x00000000006F0000-0x0000000000700000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L9PN2QMY\favicon[1].htm

MD5 48cfcd37629ccf6b23babd06eefba957
SHA1 c9e398d35770e759dac3313648e61a68e80b24c0
SHA256 32801ac49737cecdd1367e21ebe0bdbb260a3e6b813448d3fffacbee3a12020b
SHA512 194be386858966d3e10151cecc6275de890bce9c1ed5d890855e084a517ad895447603f522ea14773c3cf149b9fd5bb94fab9b00318b78ecbc68e5ef356e8f3f

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L9PN2QMY\android-icon-192x192[1].png

MD5 ed46a7ccdddb0893ada7535c3924c3f4
SHA1 562c8354b302540427a85381bdb663c66aba3cbd
SHA256 a6717eaed7cb05dddfdc4803fd85ef5cf6a96e0cde11800961b6f713f460d302
SHA512 1c09226f03618f6d2da6ce430564d136c1620f53e8dd7779eecc55ce0e0b7fa8f8338b3f51ec51c4f59b65e7b01139ae9d545d5a3f1f15d43f0c4e90e417ab08

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\q905y6j\imagestore.dat

MD5 fdfdb4c845c2216b6222271aea8709fe
SHA1 9286f6b35f1b0fcd592ff604d291116259311d87
SHA256 2e2d78ca5afc28cd5a41ebbe00540fab4b7a0346a6da783eeb20ef582de12e30
SHA512 ff88b73eb34ef92366fab0d8c7babf7e48b5b5bdde97e64dedfd597805a5344cc73ecf42b6376eb14f9224eede0b855c021188829eaef9ca2ce9372d34ae7026

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4eb5142b48daaa5386b17f1c568a104c
SHA1 66758ae955441bfd67b0c592f7d12e1cc877f851
SHA256 ef80af7903b1c81d43de40d9a3ba5bb5776c9956723b41afe52a6ed8c4b02dee
SHA512 2b53666e7e24e47804f6908291ee46791cf44ffbea30a04bba366914b56511ddf5b14380b5d898cacd4e87db3ca694acf7eff7a83e03e246a26f1b9de92ce599

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a84276c430bffc2870b708c9aa9a6576
SHA1 6ab50c76338312cbe2f412ea8da6d1962698ac1c
SHA256 c3192c425297e54f29ac006df46aa7c846a351097a4718e0e134ba4a63e0f48d
SHA512 146b27d61b9f12765a9c2155637ef4657b39290f8389dbc2a788cff77e21a5c8cc4e99daeb0e0fcb7e2c8c7c54b137a5ab28c970c89ebce22d0529c1d9e9aeb2

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ceb003551ca5bfedd96ed9396e3384b3
SHA1 ae18201f9189875398b370d8caa8c3c55c727146
SHA256 20bcd27e3dba521fa806896bbedb464e6edb2b3768d12cb1912188ef4a659cc7
SHA512 a13993c3ad8515a83afbc0161ddd2f922fe056590d307f274ff0c4608e0d73171ddfd7f35b7145614203532c00b3592f0e4b59203d40fb7d30f40e372d756442

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 64a5beac7a8b12f0decc821ed591bde2
SHA1 8c38c40881ece00db6c69e79f68584ef600554a6
SHA256 497b218162b23e1d0d47ede0672012c410dcf032a73bb31aff0e6bc9ba5fc487
SHA512 f02a0a01ca4451bfc9fb53494f981446be24dc9687c9e844058847b29b90b885813783130f4a2af224da8c0e2f7feb2cea03c161fbb865a3f83f0c0011cf185a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 371b0b674ae76e01ff571d18ab5664f0
SHA1 32f279079141d5da184f58c0710e545bd86a7e9b
SHA256 af8ca6096b2bab5cc381a802893eab491efc343da4c7bd97ce1547d992f04fef
SHA512 b9e3d061fbb6d62dca559bf12c384ebd5e7bd6e28b0e00f525fd72df41b2afebf1e62634dde760803ed363aa894234e875d8d42c72f35e1a8f762a4b24e57c7f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fa6412082d128a885f9a49774a7cb2fb
SHA1 922905cb78d9ee843064552c2011bddae1bdd6c3
SHA256 0ab3927776128852882b2a5c5048ada2172874fa7bf79b5750992190a20afe4e
SHA512 115f02581729962183f6e56f21d6a638d86506469fd3be40987d544037fe7af2f3dd990f730c5ec84a3196b2dfaf2beb640b0c418364529fe6fba92fabd7d13e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 db3ea605f5eab4459b1a3a9c0d4cf287
SHA1 fe911a53402ae0732548fbdae466b197466d1a9a
SHA256 c18e563acc67d697ae583d85305330dc22882cec135fc50ccbaaa4ee440e9a4e
SHA512 4132c680e0c03aa1efb697b64f0d1a145c495928a7b0dd8ed3b0cd1fd2d56bc117f4e9363de05dde5592df12c543f47f244d618bb348904b23abeca25ce7b28f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 30e9b054f0686980aa48140db4d9e267
SHA1 df80db16eb774ccaec32b11c47446e08f1a2fc19
SHA256 fb287422ccced178053f671609042586e4997369080102c205406e8ec3bf4b16
SHA512 faf553ad85afde713c0265436c40fc7f6051a773693f3d9064575559de08a23460b03995cb027586f5656e37d313f9d9a1e0dd5c93d76cc1db59d2b953abc81b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 ca3ab5b2b299cec45da3bbf845ccc4b9
SHA1 ba43cb162fd085888288bd3f95103b97547eddc3
SHA256 567b722c50dea15c88a5cf346ce74ac726bed92f91a8995b1d905edad9f77718
SHA512 c24f77dfcef73b0733a59aef5bf58318f965a900b16a6738ab58889f8b7c712fc584c0765aa6b1922f2a6b002351550b72453748129e2e2a167ce54784053fd3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d191e4ea41911f0bcd81cbf91b2d9fb2
SHA1 49ec63d410dd34b6c487aac91e3a61c67f35c1bc
SHA256 782f5711fd3e042c007452c2e912e58e366414953f6cbd3dfe4e09cc1e51d841
SHA512 4c770d02125e18c41a26ce6a4cfe72ed98970bda8b2f2ec1a8376dcd9a5c85695c6fbc7381a9c82ff2c211e019e71436340e6ecca246fde909e3e38789053d24

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d9a71afcbc143c03a848ad69a89fbd58
SHA1 9e22bf41f5dacd20a41ea2724c061ec91f509d66
SHA256 e078086c7817b92c8d1e5afaa3e7b2eba18fc98e14ba5675598ccc0987fd85e8
SHA512 3fdc5e5ce48bc45bd2cb28e4b9930a7b0286179fd66a39c8c1ee169a3e1d78a1d9a6ecbc482a181e1726c0948e591a1a5e13ae98341b6903619931921c716597

memory/2864-1926-0x00000000006F0000-0x0000000000700000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9add228943fca0496c8b579bc090fe54
SHA1 662f6f7c7473437b7e620bbd93e228d94402ac1b
SHA256 32554847e309f8e4626c0a5878fac1b521551b7484a3a3f4ff3803f5a978f494
SHA512 5065ff5c1eca3173936cbaf9fa262f042eac83f2d38c1e10209dd3837df608302f0f69f711d2ccfcd6ad4790b8ed77975f61575a86393d8d41efa2c3b8938c18

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 39b60bfb57a29ef58531d7c984e94fb4
SHA1 46c36c29aa48a07cc7ace0fb7c009339c6483010
SHA256 5786e7b9d4248bef645535c72a673724e6def90cbd1b490bf285b43bfc57266d
SHA512 81049b0c58554631e30efe5f2745d7b68a6c4846734f28e55a7e17092079ffc787a8a2bf31ed397737187f2535b72dadff7df540fae0fa780099eff288b0d343

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 fc29193d281fce4fd40742743c77fbf8
SHA1 327abc1a9e2463b9d5ea4da77bb7618b34e0cd52
SHA256 598617695805920dbdeb583f995d37d5d6d7151c7bc1deaf885312d431c5c293
SHA512 efaf3cf40b2e855ff54126840e8de385ef023568290e03150807228c813c71a9cdada0d18c5e26d1d810c8a52bad6f631fd004f6807f9166b683320a3981207d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 d9a1f386f19aac037cff4e87a2a56d4e
SHA1 9a58c6d1916781f4a206d999e1efc8a26e63433d
SHA256 ec3102a6d2e1b37a17ff3e109c09e8632e4a95eeaad21bc0d07e096f9baa59df
SHA512 8c15c5d367228e0eb52c9853c847782d7f8e6efb9a01333708f62e55ef6a8a55a7850642cd0b2af69bffc25ba316c83d03dd459c819877fddf4432441c7f935e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b1451648e2f52732531bb78d5f8f918c
SHA1 209f281f7dc52038521b9b3f2fc230a719ebd0da
SHA256 41691a03cf76c74f357471436e56472f450b202a4f259b5fbe9dc8ca7866523a
SHA512 561412dba81fdf9b0fede80119ba7c4bf33d2803b94ff9eebc5424d358b526ff1d8b483fa3784ee1f43d8a0f3130a0ceac7f18d1f70db14df6c0e089fcd63097

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9dd117ca03a606cd2b995a3ace173f07
SHA1 1a9c47bec8c94792e919997c0798363d43e1b8ce
SHA256 3d141f7ca5660b8d53277fc8489fbeff963ca7a9ec570416766d0f76bb66b47a
SHA512 9123e6d01d77285cbd9474378c14ec2f6477c46a381c0143e49c00c7bf66a1fb122f1413257bd53249ae8803640053974a042ba0d0889ff5e1d5057ecb9a888e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1d804d719c6d3835a19eb4340cb82e75
SHA1 aa658309936276c6bbcc7713912efa9508c74420
SHA256 1448b300a000de3d8f7852cf93e5c488ac71d752167e15fbb5be82b82cf19b01
SHA512 adf3a1a0a08d6155b9918886f089b3336ac7ae51fb55a708177a68b5a3d7b2b44a187ec47c0b6f3eb39688a1f088a2326ec157aa7ad48e8f8a9b5ba7cb36c4e0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 81568b54e1f6372b5ff8503365d49426
SHA1 7b39978c369ca80a7228b730020c869f13f911a5
SHA256 9a1c6bcdafb1d3b36f885ad63a70cd252016fd9816bcf9ac10c1028127156ec4
SHA512 7b7adaaaca6c861506695310508c9a4912152a6630295a892ab5875e623e3935a70cbfa874260ca47b44a45c6e5634818130234dbe05e2caa8a2fa62ee1edb52

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 001bfee559727786cf93d6bcf4c062cd
SHA1 e9434a8264135aee90e59ee1e2484ede9d7699c9
SHA256 810f55aa2f0a343626f153627b0dde6b73f99e429c5258229e1dbae764753482
SHA512 a8e0ee1cbe25562e6883c4fc1489e957a60ccf118b1d640f95f18dd2857e001f8a46a8724fccccc00183fff7d20524f34d845297f0091334bf884cc164fc69d7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7282c51017b12edabb42b598be944d27
SHA1 d90e8f2082a6a54089d95cc84bf6c1bf40513ba9
SHA256 317a0965238a25f6e72db3a7914ece1a2c45e073a1035d860254ec2db3804b0f
SHA512 46d8e09c9bf4d29a09cceddd84cd43a92fb1b2f38e401558a6e76878d7cca0d76d1a4ab74e2066c005a4a7b1183bb90fa1f7a5ae4838a5969e70981ce478aa00

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 56c70d3190cc8ffb82b0f28cd1b7dbb8
SHA1 a10f48cc9c0eabe0bf21e8bb37bae7c97275afd5
SHA256 e8412fc8f307a4df5774cde4185d1bfe32e5dec682950fe6343f407b6c0feb19
SHA512 dc51220599ef8b796a245774f3164adc3872e14f15afae51733a4eea611cbb79bd5b8f578790bf6f413ca5df46f94ecf4e318343ec86543b70c26be4bc190c1d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1ff30f723225a5cdca9e53405b5d463d
SHA1 4be0b104362c00e6595dae86bcf3571581cc12d2
SHA256 fe3944d31c33f521b117769c6690cd6d7fb157a32ca26c446f33e52370a8f625
SHA512 7900cb6c44a6e9ddc624f7912a39389388ea8ad2ee11d464f237ff4574fd5c0d3e4b38c9acb52d2c8ec0a65ed95d6340e3cd3a672d72d3fcabba1a69ea065f3d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 bebd0b70eaa670adb98f879c93a9e2ad
SHA1 aaf52f1bdace6a50a065d99f245bac1087dee37e
SHA256 087d271dfd4f380ace9c223f9d8c636ac35d6bdcf8b6669271267e7fc5126eb8
SHA512 6946d2eb7631fe8c2005d98805af9b76d14b06d525e14dc341ec1a18284b34471e00bb61b8b130fead1b1bf421dcb0573c3b24be8a2a1eb3b674451942c3930c

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 0b3878a94b7f9de40569daba49c88ca3
SHA1 0470fd59e6a73835f028f713d18fa83484bd9caa
SHA256 b3aad52c2890c5eef8f993f9261199aab2c133a1a097f727e5a038b95f2a74a0
SHA512 d04a76a0a401a37d38fc3396914f01ef2f547224072aa0ce9e5edb26c55447318cdc3cbc47747a9048882f821c3dc4a2ecae516d15d369b980c02c2314db3e5f

memory/2864-2400-0x0000000004D50000-0x0000000004D90000-memory.dmp

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3eac6571c8d1859aa2b1edee4bdea63d
SHA1 4a23c6e1e696559cb2f6f267a6540a9a2a2a8d1c
SHA256 2062b781bdb6eaaabe321de94c040f8e7b127fbd0251da4b0a35f0e74c622cee
SHA512 1f4c394924d4deba9b653b91996d29169e4f35dfdcb954b17e617cb529c5602f85de6a8f4a393b06a587fcd69a1dd1f7f8c5ba41ccaf6d70e50e6d820a466b6e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 09fcf92e37e204f156ae5fa5474a5c24
SHA1 bec9e880551c9cb47dc8b89c6d8eb7da5c85514b
SHA256 7852c3e9b0b1e07ef26c1ce6bf373bff0a02a98ab0f59ec51e429ab912af8bad
SHA512 ecf77a84e3299e46f9ef43176c58ccee5e8025e986b76709488ea75529e4bebf69d082f06af5df58e5a5241fe35fd6ea918d445c944898fa39c3063f2843fcd6

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 82fc35f9dc8a4994ff7a5381582e5a04
SHA1 e806c076b0a52956547f5f7718a597ff7887ac5b
SHA256 6332fef51bff0bb3212ed0a170823127b1286ed40d3427fbe29997b916be8925
SHA512 e13d4834026fc61f94dadd5395abfa7fb5fd9597de87077599d192aac2b11b12424a85f59eb759c486acf8d4e3e0de2477c3665bd6aa4131c6524dcf64fec798

memory/2864-2591-0x0000000004D50000-0x0000000004D90000-memory.dmp

memory/2864-2602-0x00000000079A0000-0x0000000007AA0000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-03-03 22:54

Reported

2024-03-03 22:59

Platform

win10v2004-20240226-en

Max time kernel

316s

Max time network

312s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\Slick_Cheats_free_triggerbot.rar

Signatures

AgentTesla

keylogger trojan stealer spyware agenttesla

AgentTesla payload

Description Indicator Process Target
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\Control Panel\International\Geo\Nation C:\Windows\system32\cmd.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO0058B637\ValoBot.exe N/A

Obfuscated with Agile.Net obfuscator

agilenet
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A api.ipify.org N/A N/A
N/A api.ipify.org N/A N/A
N/A api.ipify.org N/A N/A
N/A api.ipify.org N/A N/A

Suspicious use of NtSetInformationThreadHideFromDebugger

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO0058B637\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO0058B637\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO0058B637\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO0058B637\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO0058B637\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO0058B637\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO0058B637\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO0058B637\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO0058B637\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO0058B637\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO0058B637\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO0058B637\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO0058B637\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO0058B637\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO0058B637\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO0058B637\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO0058B637\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO0058B637\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO0058B637\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO0058B637\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO0058B637\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO0058B637\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO0058B637\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO0058B637\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO0058B637\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO0058B637\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO0058B637\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO0058B637\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO0058B637\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO0058B637\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO0058B637\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO0058B637\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO0058B637\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO0058B637\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO0058B637\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO0058B637\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO0058B637\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO0058B637\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO0058B637\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO0058B637\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO0058B637\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO0058B637\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO0058B637\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO0058B637\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO0058B637\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO0058B637\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO0058B637\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO0058B637\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO0058B637\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO0058B637\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO0058B637\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO0058B637\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO0058B637\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO0058B637\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO0058B637\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO0058B637\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO0058B637\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO0058B637\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO0058B637\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO0058B637\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO0058B637\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO0058B637\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO0058B637\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO0058B637\ValoBot.exe N/A

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Users\Admin\AppData\Local\Temp\7zO0058B637\ValoBot.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\AppData\Local\Temp\7zO0058B637\ValoBot.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion C:\Users\Admin\AppData\Local\Temp\7zO0058B637\ValoBot.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-983155329-280873152-1838004294-1000\{3CC70916-B3D6-4663-A409-4A6622E80001} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-983155329-280873152-1838004294-1000\{061447DF-9891-4669-ACEB-E020F7E07889} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO0058B637\ValoBot.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO0058B637\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO0058B637\ValoBot.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO0058B637\ValoBot.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO0058B637\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO0058B637\ValoBot.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO0058B637\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO0058B637\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO0058B637\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO0058B637\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO0058B637\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO0058B637\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO0058B637\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO0058B637\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO0058B637\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO0058B637\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO0058B637\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO0058B637\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO0058B637\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO0058B637\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO0058B637\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO0058B637\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO0058B637\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO0058B637\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO0058B637\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO0058B637\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO0058B637\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO0058B637\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO0058B637\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO0058B637\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO0058B637\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO0058B637\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO0058B637\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO0058B637\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO0058B637\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO0058B637\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO0058B637\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO0058B637\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO0058B637\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO0058B637\ValoBot.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO0058B637\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO0058B637\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO0058B637\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO0058B637\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO0058B637\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO0058B637\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO0058B637\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO0058B637\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO0058B637\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO0058B637\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO0058B637\ValoBot.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO0058B637\ValoBot.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\7zO0058B637\ValoBot.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\7zO0058B637\ValoBot.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4384 wrote to memory of 1280 N/A C:\Windows\system32\cmd.exe C:\Program Files\7-Zip\7zFM.exe
PID 4384 wrote to memory of 1280 N/A C:\Windows\system32\cmd.exe C:\Program Files\7-Zip\7zFM.exe
PID 1280 wrote to memory of 1044 N/A C:\Program Files\7-Zip\7zFM.exe C:\Users\Admin\AppData\Local\Temp\7zO0058B637\ValoBot.exe
PID 1280 wrote to memory of 1044 N/A C:\Program Files\7-Zip\7zFM.exe C:\Users\Admin\AppData\Local\Temp\7zO0058B637\ValoBot.exe
PID 1280 wrote to memory of 1044 N/A C:\Program Files\7-Zip\7zFM.exe C:\Users\Admin\AppData\Local\Temp\7zO0058B637\ValoBot.exe
PID 1044 wrote to memory of 3128 N/A C:\Users\Admin\AppData\Local\Temp\7zO0058B637\ValoBot.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1044 wrote to memory of 3128 N/A C:\Users\Admin\AppData\Local\Temp\7zO0058B637\ValoBot.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3128 wrote to memory of 2520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3128 wrote to memory of 2520 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3128 wrote to memory of 2120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3128 wrote to memory of 2120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3128 wrote to memory of 2120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3128 wrote to memory of 2120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3128 wrote to memory of 2120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3128 wrote to memory of 2120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3128 wrote to memory of 2120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3128 wrote to memory of 2120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3128 wrote to memory of 2120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3128 wrote to memory of 2120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3128 wrote to memory of 2120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3128 wrote to memory of 2120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3128 wrote to memory of 2120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3128 wrote to memory of 2120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3128 wrote to memory of 2120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3128 wrote to memory of 2120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3128 wrote to memory of 2120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3128 wrote to memory of 2120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3128 wrote to memory of 2120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3128 wrote to memory of 2120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3128 wrote to memory of 2120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3128 wrote to memory of 2120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3128 wrote to memory of 2120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3128 wrote to memory of 2120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3128 wrote to memory of 2120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3128 wrote to memory of 2120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3128 wrote to memory of 2120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3128 wrote to memory of 2120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3128 wrote to memory of 2120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3128 wrote to memory of 2120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3128 wrote to memory of 2120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3128 wrote to memory of 2120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3128 wrote to memory of 2120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3128 wrote to memory of 2120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3128 wrote to memory of 2120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3128 wrote to memory of 2120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3128 wrote to memory of 2120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3128 wrote to memory of 2120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3128 wrote to memory of 2120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3128 wrote to memory of 2120 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3128 wrote to memory of 3856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3128 wrote to memory of 3856 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3128 wrote to memory of 4468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3128 wrote to memory of 4468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3128 wrote to memory of 4468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3128 wrote to memory of 4468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3128 wrote to memory of 4468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3128 wrote to memory of 4468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3128 wrote to memory of 4468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3128 wrote to memory of 4468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3128 wrote to memory of 4468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3128 wrote to memory of 4468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3128 wrote to memory of 4468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3128 wrote to memory of 4468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3128 wrote to memory of 4468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\Slick_Cheats_free_triggerbot.rar

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Slick_Cheats_free_triggerbot.rar"

C:\Users\Admin\AppData\Local\Temp\7zO0058B637\ValoBot.exe

"C:\Users\Admin\AppData\Local\Temp\7zO0058B637\ValoBot.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://link-hub.net/1129937/free-triggerbot

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff011046f8,0x7fff01104708,0x7fff01104718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,13802339513924974592,6859660655655436673,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,13802339513924974592,6859660655655436673,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2468 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,13802339513924974592,6859660655655436673,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13802339513924974592,6859660655655436673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13802339513924974592,6859660655655436673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13802339513924974592,6859660655655436673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3904 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13802339513924974592,6859660655655436673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2088,13802339513924974592,6859660655655436673,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5660 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2088,13802339513924974592,6859660655655436673,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3708 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13802339513924974592,6859660655655436673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3732 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,13802339513924974592,6859660655655436673,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6168 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,13802339513924974592,6859660655655436673,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6168 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2088,13802339513924974592,6859660655655436673,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5972 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13802339513924974592,6859660655655436673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13802339513924974592,6859660655655436673,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5912 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13802339513924974592,6859660655655436673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6580 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13802339513924974592,6859660655655436673,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6608 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13802339513924974592,6859660655655436673,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5964 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13802339513924974592,6859660655655436673,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6340 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13802339513924974592,6859660655655436673,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6452 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13802339513924974592,6859660655655436673,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7048 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13802339513924974592,6859660655655436673,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13802339513924974592,6859660655655436673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7080 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13802339513924974592,6859660655655436673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13802339513924974592,6859660655655436673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6312 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,13802339513924974592,6859660655655436673,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6392 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2088,13802339513924974592,6859660655655436673,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5196 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2088,13802339513924974592,6859660655655436673,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=1256 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://link-hub.net/1129937/free-triggerbot

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff011046f8,0x7fff01104708,0x7fff01104718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13802339513924974592,6859660655655436673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13802339513924974592,6859660655655436673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4864 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://link-hub.net/1129937/free-triggerbot

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff011046f8,0x7fff01104708,0x7fff01104718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,5648252028409632081,18416462202312143719,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,5648252028409632081,18416462202312143719,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,5648252028409632081,18416462202312143719,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2964 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,5648252028409632081,18416462202312143719,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,5648252028409632081,18416462202312143719,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,5648252028409632081,18416462202312143719,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,5648252028409632081,18416462202312143719,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3732 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2060,5648252028409632081,18416462202312143719,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3216 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2060,5648252028409632081,18416462202312143719,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3472 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,5648252028409632081,18416462202312143719,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,5648252028409632081,18416462202312143719,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5268 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,5648252028409632081,18416462202312143719,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5268 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

Network

Country Destination Domain Proto
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 keyauth.win udp
US 104.26.0.5:443 keyauth.win tcp
US 8.8.8.8:53 5.0.26.104.in-addr.arpa udp
US 8.8.8.8:53 link-hub.net udp
US 104.21.6.192:443 link-hub.net tcp
US 8.8.8.8:53 linkvertise.com udp
US 104.26.14.247:443 linkvertise.com tcp
US 8.8.8.8:53 use.typekit.net udp
US 8.8.8.8:53 cdn.exmarketplace.com udp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 8.8.8.8:53 stackpath.bootstrapcdn.com udp
US 8.8.8.8:53 maxst.icons8.com udp
US 8.8.8.8:53 p.typekit.net udp
US 8.8.8.8:53 js.chargebee.com udp
IT 95.110.206.108:443 cdn.exmarketplace.com tcp
GB 88.221.134.115:443 use.typekit.net tcp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
GB 88.221.134.122:443 p.typekit.net tcp
US 104.18.11.207:443 stackpath.bootstrapcdn.com tcp
US 104.18.11.207:443 stackpath.bootstrapcdn.com tcp
IE 18.66.171.27:443 js.chargebee.com tcp
GB 89.187.167.8:443 maxst.icons8.com tcp
GB 172.217.169.34:443 securepubads.g.doubleclick.net tcp
US 8.8.8.8:53 exmarketplace.com udp
US 8.8.8.8:53 192.6.21.104.in-addr.arpa udp
US 8.8.8.8:53 247.14.26.104.in-addr.arpa udp
US 8.8.8.8:53 227.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 14.24.17.104.in-addr.arpa udp
US 8.8.8.8:53 207.11.18.104.in-addr.arpa udp
US 8.8.8.8:53 108.206.110.95.in-addr.arpa udp
US 8.8.8.8:53 27.171.66.18.in-addr.arpa udp
US 8.8.8.8:53 8.167.187.89.in-addr.arpa udp
US 8.8.8.8:53 34.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 122.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 115.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 contextual.media.net udp
GB 2.17.4.21:443 contextual.media.net tcp
US 8.8.8.8:53 publisher.linkvertise.com udp
US 104.26.14.247:443 publisher.linkvertise.com tcp
US 104.26.14.247:443 publisher.linkvertise.com tcp
US 8.8.8.8:53 euob.bizseasky.com udp
US 8.8.8.8:53 88.140.162.3.in-addr.arpa udp
US 8.8.8.8:53 21.4.17.2.in-addr.arpa udp
US 8.8.8.8:53 232.179.250.142.in-addr.arpa udp
IE 13.224.68.2:443 euob.bizseasky.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 api.bing.com udp
US 8.8.8.8:53 lnk.thinksuggest.org udp
GB 172.217.16.228:443 www.google.com tcp
US 8.8.8.8:53 api.thinksuggest.org udp
US 13.107.5.80:443 api.bing.com tcp
DE 176.9.175.232:443 api.thinksuggest.org tcp
DE 176.9.175.232:443 api.thinksuggest.org tcp
US 8.8.8.8:53 www.clarity.ms udp
US 13.107.246.64:443 www.clarity.ms tcp
US 8.8.8.8:53 linkvertise.chargebeestaticv2.com udp
IE 18.66.171.126:443 linkvertise.chargebeestaticv2.com tcp
US 8.8.8.8:53 2.68.224.13.in-addr.arpa udp
US 8.8.8.8:53 80.5.107.13.in-addr.arpa udp
US 8.8.8.8:53 232.175.9.176.in-addr.arpa udp
US 8.8.8.8:53 64.246.107.13.in-addr.arpa udp
US 8.8.8.8:53 126.171.66.18.in-addr.arpa udp
US 8.8.8.8:53 js.hcaptcha.com udp
US 104.19.219.90:443 js.hcaptcha.com tcp
US 8.8.8.8:53 www.thinksuggest.org udp
US 8.8.8.8:53 api.ipify.org udp
US 8.8.8.8:53 obseu.bizseasky.com udp
US 8.8.8.8:53 region1.google-analytics.com udp
DE 176.9.175.232:443 www.thinksuggest.org tcp
IE 3.248.162.96:443 obseu.bizseasky.com tcp
US 172.67.74.152:443 api.ipify.org tcp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 r.clarity.ms udp
US 20.119.174.243:443 r.clarity.ms tcp
US 8.8.8.8:53 api.taboola.com udp
US 151.101.1.44:443 api.taboola.com tcp
US 8.8.8.8:53 90.219.19.104.in-addr.arpa udp
US 8.8.8.8:53 152.74.67.172.in-addr.arpa udp
US 8.8.8.8:53 96.162.248.3.in-addr.arpa udp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 c.clarity.ms udp
IE 68.219.88.97:443 c.clarity.ms tcp
US 8.8.8.8:53 newassets.hcaptcha.com udp
US 8.8.8.8:53 c.bing.com udp
US 204.79.197.200:443 c.bing.com tcp
US 8.8.8.8:53 api.hcaptcha.com udp
US 8.8.8.8:53 243.174.119.20.in-addr.arpa udp
US 8.8.8.8:53 44.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 97.88.219.68.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 18.134.221.88.in-addr.arpa udp
US 104.26.14.247:443 publisher.linkvertise.com tcp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
US 8.8.8.8:53 p.typekit.net udp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
US 8.8.8.8:53 maxst.icons8.com udp
US 104.18.11.207:443 stackpath.bootstrapcdn.com tcp
US 104.18.11.207:443 stackpath.bootstrapcdn.com tcp
IE 18.66.171.27:443 js.chargebee.com tcp
GB 88.221.134.122:443 p.typekit.net tcp
GB 89.187.167.4:443 maxst.icons8.com tcp
US 8.8.8.8:53 contextual.media.net udp
GB 2.17.4.21:443 contextual.media.net tcp
US 8.8.8.8:53 4.167.187.89.in-addr.arpa udp
US 104.26.14.247:443 publisher.linkvertise.com tcp
US 104.26.14.247:443 publisher.linkvertise.com tcp
IE 13.224.68.2:443 euob.bizseasky.com tcp
IE 18.66.171.126:443 linkvertise.chargebeestaticv2.com tcp
US 8.8.8.8:53 www.clarity.ms udp
US 8.8.8.8:53 obseu.bizseasky.com udp
DE 176.9.175.232:443 www.thinksuggest.org tcp
US 172.67.74.152:443 api.ipify.org tcp
US 13.107.246.64:443 www.clarity.ms tcp
US 216.239.32.36:443 region1.google-analytics.com tcp
IE 54.75.69.192:443 obseu.bizseasky.com tcp
US 151.101.1.44:443 api.taboola.com tcp
US 104.19.219.90:443 api.hcaptcha.com tcp
IE 68.219.88.97:443 c.clarity.ms tcp
US 8.8.8.8:53 r.clarity.ms udp
US 20.119.174.243:443 r.clarity.ms tcp
US 204.79.197.200:443 c.bing.com tcp
US 8.8.8.8:53 192.69.75.54.in-addr.arpa udp
US 20.119.174.243:443 r.clarity.ms tcp
US 216.239.32.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 180.178.17.96.in-addr.arpa udp
US 20.119.174.243:443 r.clarity.ms tcp
US 8.8.8.8:53 blog.linkvertise.com udp
US 172.67.69.167:443 blog.linkvertise.com tcp
US 172.67.69.167:443 blog.linkvertise.com tcp
US 8.8.8.8:53 167.69.67.172.in-addr.arpa udp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 static.hotjar.com udp
IE 18.66.171.59:443 static.hotjar.com tcp
US 8.8.8.8:53 script.hotjar.com udp
US 3.162.140.25:443 script.hotjar.com tcp
US 3.162.140.25:443 script.hotjar.com tcp
US 8.8.8.8:53 59.171.66.18.in-addr.arpa udp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 25.140.162.3.in-addr.arpa udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
BE 173.194.76.155:443 stats.g.doubleclick.net tcp
BE 173.194.76.155:443 stats.g.doubleclick.net tcp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 www.google.co.uk udp
US 216.239.34.36:443 region1.analytics.google.com tcp
GB 216.58.204.67:443 www.google.co.uk tcp
GB 216.58.204.67:443 www.google.co.uk tcp
GB 172.217.16.228:443 www.google.com tcp
US 8.8.8.8:53 155.76.194.173.in-addr.arpa udp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 36.34.239.216.in-addr.arpa udp
US 20.119.174.243:443 r.clarity.ms tcp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 r.clarity.ms udp
US 20.119.174.243:443 r.clarity.ms tcp
US 20.119.174.243:443 r.clarity.ms tcp
US 20.119.174.243:443 r.clarity.ms tcp
US 8.8.8.8:53 169.117.168.52.in-addr.arpa udp
US 8.8.8.8:53 r.clarity.ms udp
US 20.119.174.243:443 r.clarity.ms tcp
US 20.119.174.243:443 r.clarity.ms tcp
GB 92.123.128.164:443 www.bing.com tcp
GB 92.123.128.164:443 www.bing.com tcp
US 8.8.8.8:53 164.128.123.92.in-addr.arpa udp
US 20.119.174.243:443 r.clarity.ms tcp
GB 172.217.169.34:443 securepubads.g.doubleclick.net tcp
IT 95.110.206.108:443 cdn.exmarketplace.com tcp
US 8.8.8.8:53 use.typekit.net udp
GB 88.221.134.115:443 use.typekit.net tcp
US 8.8.8.8:53 js.chargebee.com udp
US 8.8.8.8:53 lnk.thinksuggest.org udp
US 8.8.8.8:53 api.bing.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.clarity.ms udp
DE 176.9.175.232:443 lnk.thinksuggest.org tcp
US 8.8.8.8:53 api.thinksuggest.org udp
US 13.107.5.80:443 api.bing.com tcp
GB 172.217.16.228:443 www.google.com udp
US 13.107.246.64:443 www.clarity.ms tcp
DE 176.9.175.232:443 api.thinksuggest.org tcp
US 20.119.174.243:443 r.clarity.ms tcp
US 216.239.32.36:443 region1.analytics.google.com udp
US 8.8.8.8:53 r.clarity.ms udp
US 20.119.174.243:443 r.clarity.ms tcp
US 216.239.32.36:443 region1.analytics.google.com udp
US 20.119.174.243:443 r.clarity.ms tcp
US 104.21.6.192:443 link-hub.net tcp
US 104.26.14.247:443 blog.linkvertise.com tcp
GB 172.217.169.34:443 securepubads.g.doubleclick.net tcp
IT 95.110.206.108:443 cdn.exmarketplace.com tcp
US 8.8.8.8:53 use.typekit.net udp
US 104.26.14.247:443 blog.linkvertise.com udp
IE 18.66.171.112:443 js.chargebee.com tcp
GB 88.221.134.115:443 use.typekit.net tcp
US 8.8.8.8:53 www.clarity.ms udp
US 172.67.74.152:443 api.ipify.org tcp
US 216.239.32.36:443 region1.analytics.google.com udp
US 13.107.246.64:443 www.clarity.ms tcp
US 8.8.8.8:53 112.171.66.18.in-addr.arpa udp
US 216.239.32.36:443 region1.analytics.google.com tcp
US 104.26.14.247:443 blog.linkvertise.com tcp
US 8.8.8.8:53 lnk.thinksuggest.org udp
US 8.8.8.8:53 www.google.com udp
US 13.107.5.80:443 api.bing.com tcp
US 8.8.8.8:53 api.thinksuggest.org udp
US 104.26.14.247:443 blog.linkvertise.com udp
GB 172.217.16.228:443 www.google.com udp
DE 176.9.175.232:443 api.thinksuggest.org tcp
DE 176.9.175.232:443 api.thinksuggest.org tcp
US 8.8.8.8:53 obseu.bizseasky.com udp
IE 54.75.69.192:443 obseu.bizseasky.com tcp
US 8.8.8.8:53 linkvertise.chargebeestaticv2.com udp
US 8.8.8.8:53 r.clarity.ms udp
IE 18.66.171.5:443 linkvertise.chargebeestaticv2.com tcp
US 20.119.174.243:443 r.clarity.ms tcp
US 8.8.8.8:53 api.taboola.com udp
US 151.101.1.44:443 api.taboola.com tcp
US 104.19.218.90:443 api.hcaptcha.com tcp
US 8.8.8.8:53 5.171.66.18.in-addr.arpa udp
US 8.8.8.8:53 90.218.19.104.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\7zO0058B637\ValoBot.exe

MD5 0783b2ff3539adcdb057ddaa8532f5d6
SHA1 5d66c3163f38d0b87e6346d85f65c734be9bb21a
SHA256 2dcc606888160f9d8d0439778ba25cc015842e9c4166c1bfe58b69cd43665eca
SHA512 f2ba286c03a49889cd2ed6a43f6cf88cb51515e6f6d14e55e3b09c8c7a7272bbe65656dbc791681929fd90f4978ca9d16cee8ceea94fe0f3a4ef223873de4d9a

memory/1044-13-0x0000000074F20000-0x00000000756D0000-memory.dmp

memory/1044-12-0x0000000000590000-0x00000000008A8000-memory.dmp

memory/1044-14-0x00000000053F0000-0x0000000005400000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\7zO0058B637\453A6857.dll

MD5 67844fa1c427751b94f8206890a82d69
SHA1 bd76085724607c7f8b689fcc0b6d13e7a2c47d2a
SHA256 7d6669c44ae3625015d94f7ab516c3a203fc341a4bc6dfe06e1d3677547823bb
SHA512 e2b8a4ae2ec8871813e46d77c6821e2e8f63b560c0e443f5363d97241d568fa6321275a0acf800ffce4f8d7ae45b23b5283c9339273ad9a7423d2a02f17c9235

memory/1044-20-0x0000000005580000-0x00000000056FE000-memory.dmp

memory/1044-22-0x00000000012C0000-0x00000000012C1000-memory.dmp

memory/1044-23-0x00000000012C0000-0x00000000012C1000-memory.dmp

memory/1044-24-0x00000000012C0000-0x00000000012C6000-memory.dmp

memory/1044-26-0x0000000005A50000-0x0000000005CB4000-memory.dmp

memory/1044-27-0x0000000005A00000-0x0000000005A1A000-memory.dmp

memory/1044-28-0x0000000009E10000-0x000000000A3B4000-memory.dmp

memory/1044-29-0x0000000007350000-0x00000000073E2000-memory.dmp

memory/1044-30-0x0000000005E90000-0x0000000005E9A000-memory.dmp

memory/1044-31-0x0000000007030000-0x0000000007042000-memory.dmp

memory/1044-32-0x00000000075E0000-0x000000000772E000-memory.dmp

memory/1044-33-0x0000000007050000-0x0000000007064000-memory.dmp

memory/1044-34-0x0000000006CF0000-0x0000000006F04000-memory.dmp

memory/1044-35-0x00000000053F0000-0x0000000005400000-memory.dmp

memory/1044-37-0x0000000009AE0000-0x0000000009B1C000-memory.dmp

memory/1044-38-0x00000000053F0000-0x0000000005400000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 9f44d6f922f830d04d7463189045a5a3
SHA1 2e9ae7188ab8f88078e83ba7f42a11a2c421cb1c
SHA256 0ae5cf8b49bc34fafe9f86734c8121b631bad52a1424c1dd2caa05781032334a
SHA512 7c1825eaefcc7b97bae31eeff031899300b175222de14000283e296e9b44680c8b3885a4ed5d78fd8dfee93333cd7289347b95a62bf11f751c4ca47772cf987d

\??\pipe\LOCAL\crashpad_3128_AQCGBTQPXQGWKKXC

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 7740a919423ddc469647f8fdd981324d
SHA1 c1bc3f834507e4940a0b7594e34c4b83bbea7cda
SHA256 bdd4adaa418d40558ab033ac0005fd6c2312d5f1f7fdf8b0e186fe1d65d78221
SHA512 7ad98d5d089808d9a707d577e76e809a223d3007778a672734d0a607c2c3ac5f93bc72adb6e6c7f878a577d3a1e69a16d0cd871eb6f58b8d88e2ea25f77d87b7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 443561dfe297db1b468bf04c80730f54
SHA1 6add7d21237e652d3d92f8b3ddaa42456b490bdb
SHA256 09c31e9d82a2d8eb661259cc1c7151acd143bd0e57a2bd8c42f044fcc3ebbc55
SHA512 ca681b2cb5ec088f5a1e98b18b8aee7a7d8b73883266c0182b7959acede5a8fcc14c48e309da35e80fd919c5f658dd9cb8b57f160044d3d867977d365dc7a309

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 bce6b4de5fd753cc3ffbabe75187a156
SHA1 ae3b4812a9197e1d3ac3df8e7851de088f2c554f
SHA256 069d19e96fc46c792d021c7a4ad1dbeb0ced471176684769026ee060b31ef6ee
SHA512 7667708203f15241d0248f95d6105c5efcb5a2862dfd28822ec281b8db42634b108acd66b287d1f4d378f781a13a117aa4c710b085d100d02cb150efaa92e135

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3fe0cf024df8c777c0f76a08c6655e32
SHA1 b3dab4dfc02c5058d7c80733470ab527aa52dbcb
SHA256 0649b2ad1171598902db1234e0f462cbf4b4203dd9b8e749c36ea4304fd58dd7
SHA512 6a6ab5d707ca3f71f9058ff7bc1522d6dde275067adaba94b3e0b290c89684cb1f8fe9a2232216bd7f1195f14506c2c068bc86744739d8e68b9753263c193746

memory/1044-164-0x0000000074F20000-0x00000000756D0000-memory.dmp

memory/1044-167-0x00000000053F0000-0x0000000005400000-memory.dmp

memory/1044-172-0x00000000012C0000-0x00000000012C1000-memory.dmp

memory/1044-173-0x00000000053F0000-0x0000000005400000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a406db5a20a852ab19741c2700081ebf
SHA1 73c381288a8a366ddf40be9aada0721dff9ac287
SHA256 454907041a483f471ef29e7d887be0ee08c3341595a553c1b8d78815fa57e01a
SHA512 cdd59e5531d59d9210c475936e9d0a34a2ff7c21b8948b289fcac1d92d2c8078ba010be0438019604f0645908ad45f8573bb5e4dd066ae355bd33a7cf14b4fca

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 0ad31d9670d4f826f8983db225186d33
SHA1 57e6213b35f3ad3be52c1ce252956760f7741cbf
SHA256 91e8a5a8fa15ac847b3996fa75d3ebb4eb77601f65d53c681ab2c3a477683e4f
SHA512 baac248a03da86d089a3f7cb39b317fd5b623e8a90f033f1e5715587d605ee3da0211b6c5752d073088104afb1bff6c71401c39958112077f2837728b005183b

memory/1044-204-0x00000000053F0000-0x0000000005400000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 226120ea544f6ffba09069b7d52d437f
SHA1 77269184d913ff6a301ff8c21a18949bc982f4a3
SHA256 777d1a9fe2e2bea80f0c5a450f46cc74c0c1ea9efaee20945e0c79da3e516d46
SHA512 321fe24d106b4f49d25d46b24eea87399fba872abd7343b0432c2bca6c06a8b3425bc02dcb0dec9bf623f0334f5bfe29cb827f11b6a1b18a2e0b9ed1fb7dbcfb

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 a6a7e8884b93c83b0e082688f1bee551
SHA1 aefde72209026c3dfe16ab71d62a66c1695613c3
SHA256 e3be5ce6ab6ac6656bb6e51ae090d26062fe6d1dd4909a533cac1eeec8d2d15e
SHA512 b913f70dc302c9b5279adb306b474f712c97bfa710e1a4c3b6fff987e1383ff5bca2bd40712593347f0a2491ada3f39c46d56093be9b53db79cea10c7ef86508

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58b35d.TMP

MD5 9b78e50caf371e2af957a926ca9d1819
SHA1 6bf8863d2c21aa99092b10569856265111add19a
SHA256 6218a4a7155366560461af28685d626a62a2f474b71fcc91442e5f4c2b3ed819
SHA512 1dbdf7cb22386b786d6612fc1da44d7f3e78e9e029fef77dbc5f2f547e2a80c0d9ca4009a0b5fd144e416e98d284c115da7be8be34707943d960c305962ac69e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 0d64d3bc67c65bdf53babc2e9811e3ce
SHA1 6d99cfabb9e93f5fcbc0d8ac59a2d0e4037710e7
SHA256 a34e9144e842d1d75a6cb75b6579b7768a6175f493b3682f8bdf292d5a54255c
SHA512 ae3c01fc6080a640dbf07f7334902017ae252450524629c1b977cd0fbe421dc3888bcdca1ef279fc9ade9551bcb18f0e4956bf42df2e4790bb1b70c173e7427e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f78c00c78b74c60a806d237723750661
SHA1 faf9e9aed8f0e571baace8e97356b864fe70e776
SHA256 86a9f1bc38bd79520dfbe6817035cfe3828b9bf337d7e82192f3ebc9fde33c6d
SHA512 434bb4fd1fbf9323c474b226df39def832b61d1e4d9bbc5b59ab306846cc503e2888f710aa789ba27a4327e0c55a9ad5a8fbd6bd069e6e08c1bc5a596775d1f4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 1588a0c04658a4b0759766de4c8969b4
SHA1 f657750655ca6e26d13826c691245d999b84ef59
SHA256 dabb0cbd264157d3a1f04b2ccc3d0cd6f2000b30b6769335379e21a26a00cc9f
SHA512 f4585d1c671d9918d4de99d601e91bb452c8be003ccb767be50d71e974c145b880fc484b6e906f7205539561c3c4495680f3add52e9a974dc7c8527643bbda74

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 fbf5cf8dcc6507bb877f25f75efa088f
SHA1 1c469724451a3b13a28d022469ffdcf48ec91a65
SHA256 cb74144c66aec28a789b9d3d6c90100f4a9f26272cb9e85a1201dd343769f8ec
SHA512 2e3e976fc2cb41ea3f71e170d2dc50c1689c3d892827eaee98e54f14b51225129ee45d516552d9e7db34539ce8897a4aa38ce678af6a44e43e9eecd65706703f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 d37488e98711753ca66858e410227ea6
SHA1 f5f7d8f41c2b8a0dbb5f7cd07d92008ae518a771
SHA256 c80160de01c9ab14f3c70b217d22a5767d490b2ff4423e520df4da49562d8a68
SHA512 90ca0731f1b51b60ee931fbc21b02b5282ae6c65a9e015918962a7199e75dcae24540eecc04e621ce1a0db0d568f3f8e928927e511f8e95ff527537a4136bffb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

MD5 cd2f3074326840d55a3c3ea1e99e83fe
SHA1 3a2e1d1a93506526ae3ed2b44d584af7771ff8d0
SHA256 9ec9f50ac6a5dfdf7ace0a047ab4e86a7f8ff297030f93f9b8b4e27c57fdaa51
SHA512 0685f7e50451e87f8d7d47f3373d653f7d6163ffa8ccd143a85b179d2c5c51cf494e8b5f7e561436c35bfb8ffb9304f0c49962a8bf7065830f0cc95281f4ae6a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 87bede60e4a8f32bb3640482d4d0cfdc
SHA1 7aa5c79f47006273f78071c1505a2e28575c6c38
SHA256 71eff7c2285992a073773cdbe483c320e7ac01bfa26274900fc545b38b4fbdce
SHA512 20e2952cef54487ffa48f80e5da31150aaa7e1530b3fae3c445fd32c92694e7403a2c61d484b760c9a0db1c01f7c34e1db3285937bc2222b1196f58ccef322c2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 911bd1a8f390ad86263aef885e074663
SHA1 250bff1a998518b97a142db02d3b2489ac396822
SHA256 8d40111cbb97f662907e83298dbece95192385f99ea03834ec6969dc1d6ca2c8
SHA512 9d19299688d6730aa2953a5d0c60b3ee377882e359b851d951e3f399e913b5aff19dcfbc42cb68f369636b7aa4f2bdd88e4e933cc5851fa8eb1030301e246683

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 c2caa38e179c7531fc3db63e965b7161
SHA1 6507b7a61718ffda9a74d68e7154c50ecb6fa6ee
SHA256 9867f6df28743dd8279b372f2aea416136824e1d6ca149090022b71d50298a55
SHA512 83950d00d2da0626d218472e5e56674290715eac45e1f2df259d56c39ef9caf92b0a0f160eaa5f261e7e2a9172667b6c0e723a521d16c71cdcb5883b54b22f13

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 47f571ce4d073905cdc70c9a490f4ae0
SHA1 b482626dac45f28c6996622e46328e162c1f8bfb
SHA256 9c4b3aaaff64a8da3b74352892a56051f9365cb76e7a2e42026f98a6d3aa2614
SHA512 130d30e3ebcac955a8741d252cfdecb4fa7e48581c8d7702111143d591d10884c35af8e6e1d5ad439a620df311ac54c89a9555a2e74affc43300f93dbbf331c3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 18f4eafaf31d444245027fc1ca3374a6
SHA1 f8e14dd155792b236d729871aae8a888334c6ad0
SHA256 71a077742044712737bcf7e2108c1546a7876f9b1cf42e154c0b4666dd0b4398
SHA512 879f5d4afee8393ea58ee3e49543e98c383651a74efb36b9e22c318391135e38472095a3b8b0697a7caa6c4f8aa66d75518d4aeb1815ecc69e3a7e6890ed68cf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 f8973cca9dbfe8a0559918cc8b3537a4
SHA1 c9cda7baaa7bedc0915d96a9138591691553555e
SHA256 9ca74b96448dcfa13b6a78fb1c607ecaefe15245c6945461a2f33accf6f98628
SHA512 344ec0a0a72e131c68568997130b2c07294e391f6cc6bf4c85ab057ea3f943daa4bf1bf009ddfc600e45a86d8845eaf28018de019844bf75713f5e30c619837a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 4a4642516bc6372d8579b9c3705ec3ef
SHA1 4353ec5ea33952ad03b1058dc5d1b39489695058
SHA256 d8e0273e0138799bc98ec2fab75cb21379f1ec7d9426b570fe0d7da120ba18c9
SHA512 528ea3d3d02d6c0b861bb2b8400fbc27af54524dee25e4ca12d713e1ac52722ceac32ebcdb429509d85e66adde29efe4cfbd314629c6c20ab13f778b4d0fae30

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

MD5 838a7b32aefb618130392bc7d006aa2e
SHA1 5159e0f18c9e68f0e75e2239875aa994847b8290
SHA256 ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa
SHA512 9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

MD5 43dfded800cd9b27542132fffa9eed3e
SHA1 d587ad9a2c7cb158aa69e5d09cba7544e34b787a
SHA256 4820aa71d0d4cebde47793b38562c8d89ad4d92da7dfb6dd5179d1c536a8b7c5
SHA512 517b724bffe7df1a5c7a90b728a32c1f32fd61f3164b86179ec8106681eb1911d6bda2568ed7556d51e916c6872f7b6056f7ee18030041e9b6926d669d2cfdf7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13353980090002273

MD5 7ee42363fdc062d8788727cd7589acd7
SHA1 8c2b9317d7d96342a32433efa3c278a772a8002c
SHA256 95ae84c3904a63071c1d20ee97def3c49a614f241a254e45a5d144201fcf3db2
SHA512 fa8aef4db75a439c29fbd33f784855c3e99886e3db7c66af30784f6b3e34144e240cd16f5f2cffe66f1553ec56fb23b0097d162765f279a8bf7a918bbec6e7ce

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

MD5 356ae935c0f8fb028d665b502f6c44c3
SHA1 4f47a5ac4023a482a3c2079dab0ef11450a810c5
SHA256 6663708050d98a0c431e67f4b1f9f2260d5ba605d448097c552141c5f2a90008
SHA512 4dca6fdcd80b879e810fbcd8249cae4c73b141b989a6ea00ee2257dfd45897f5b9c9b180079ece97d4c0877fe52d116864612f496cd9e7650e2bcf68d54a94ff

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

MD5 fa3ae8cdd67cc474e289e174b0145a79
SHA1 5f8f8a8f14014fb366d5f94bddc96d1940e1ec70
SHA256 b276afae983f73e2648b1063ed0426f44e6868599e5a38a62b14b5c19de44ef1
SHA512 879b27721b7226e8278bcd5e8aa14a6e85bbe755c4c919ad22440c894fed0ec152682210d51a825efd6422fdd43045376937338dc6a363d9a7c8fff67d083613

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

MD5 11ab3caa6ed8212449632868caf2cf73
SHA1 2bb829e50ba5b8fbdeb3693e8f8b47892f60dfdd
SHA256 d3dd84c9aeb3de759cb97389a2e8faf2425cacebe4e833db73f210e49b98efad
SHA512 e4d6b136bd306ee9a71bf22b07ccef9eee3c937e6729a38acecdf17e6d23e78f9d359f90abb3e0a9378348dd3a77be8637b87a11a168ba888e4ff986dcd130c2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

MD5 ca07caa51dcd8caf1f172110b1f3e396
SHA1 18b623aa8a1b538bfae02b9ba49bb6edc99264ca
SHA256 e60c2d892915300568bf113a4efa52ae0b215de9cb66c94bb0ae8b099d114cf4
SHA512 3ab241e6a71fe8176ce7ee046882eedda454dd87e4643fad6be6c8f54e711046ddc216c134a131323c204607654eaba3c36619eeb3efa7381e6f5931490189eb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

MD5 52acf6f7651e881d539e04386fa421ec
SHA1 9b1f9aa0ef93dbe728385b386384afd960bfba54
SHA256 bfa1884adddeff9a0102039f88ab0081deac184da3d0be9c2748c6201aeec3e9
SHA512 720adf81c2157a35b5a3a9409424b8c40967671906d93ba0d1dd2d0f3d99a839a1ed13f7b4cda28cd40f52cfc673aa03b89ba3e57d641cfc31d50079c60e396a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

MD5 533e6390916bb52fab5b661cfadd2986
SHA1 e82ccf0d6207ef76d1c7d106ac5a48a90c5b2ba3
SHA256 876c2705bb0f584c6743187244ad9733f676c52c476cfba3a8baa7716ece3ad8
SHA512 ef98e3d9a99eeac0949b335cb9d4cb37f2f7ef6676ef2c61977eb5f34b5107a8a113412560f26dfb921cd48bb50a40952628396679db23ba54e16f9cd042d9c8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

MD5 d9aadfdb6439731d42e0f1cb89a3a527
SHA1 994f21606006970e6e40373da790fe14f7e0680c
SHA256 e9fce93507bcc70b9f0fcec0c20b62701c3231744edce092f72c7c78da22d897
SHA512 d53338ac894c9e61062ca14abc81ea36e926b4c0795eac6821bf4591785073304a966381a1eff86fecca9d002ffdf213284bc36931d594e8b9287a12222f8e7f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

MD5 9f5604f5f0654af7fb37d99aa502ee3d
SHA1 b2911cac6a8b569f6a5ac0a8a0ccfbf7ad8a3952
SHA256 571d42b5c13644236a11115d82c73be88d5bab0f0b2ff5e6d4edddc9c2a91c51
SHA512 13ddc8cc4e644c068fc8fe548cb3ac7c6e4c3a99650dbf068cb4ccb22a4f8af48f9a6bccefce814de97490e586efbda2af5939a9a455133fbd12eaecd3dd9966

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

MD5 636e3011b4c05cf3406afb405ab1b20c
SHA1 f2245c4e823debc6db6b58f96c69b6dea35b9cdb
SHA256 7336c1d65775f4f444f0ae44177670e83fa47f719a9b9a4a103261b2eace470c
SHA512 51b5cc3ce34ba879dc9dfbb0b3b8ef01fcdb71e98c955d1685871cd04bcdd6228a81eff724c783652b753e8ff767b08788d5e7b068ec2f238f497503f7b19189

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

MD5 843b791b306dfdb4f812fc65dcc2ff1f
SHA1 b1f0c1515097b1171748cbdc4b21ea0183d85505
SHA256 3dd8031bf190daa65c8dd44be5c2c16161e21561bea5c097b6162f27f76e8431
SHA512 dd8336c159a74713f3f70796fd5419a9ee033e463c366baa1f4574bf945e2c70f24adc661e0b6d56508f3cdabc38b8b27b4b0d964ecd46bea8160780ead03a63

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 296ca2fc16f1322c385592699f153ac7
SHA1 523b919cc32bf4e081cf2a6e9dda64d22b4a8efe
SHA256 2041e8d6c1da8aec31875b5349f8a310e0b95aa5d9cc2479a2b680e528ab7f8c
SHA512 b3bcc4fcb8108ff265c4e25ba3743e76cf729f027f016c04c5f9603a0bbd792887bcc0c4aedef4e634a1544822796edfc94df69d0afe774437774aa1e215bf7c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

MD5 2b9a7025b93fb62e605fd6e1ca253fe7
SHA1 8cb4f25166db52a712afdac9d1cc7492f021cd8d
SHA256 4cbd91b1fb9a173ae0594dd6d4b7339ad2a9be76654059a4319a12c1e188bab6
SHA512 3db415de26d2e0eed19955b35cea0356734be026e4459af2043bf464fab13a426b640d4b56cb5cc6b76766e5e27a9185ca7bd8044590c069c576bf9a872d0f28

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

MD5 f638c3bff0817533f0f8180d9912b015
SHA1 abe1292fca13ff012fca093b1c2c9917da724f56
SHA256 5bad8caebe26171fa5e3abab39b9e1abfd4fb24fe531108e97767732573d2e05
SHA512 880ebb168bb15bcb6d0b3acb4a33a5c14e1593eceea9e0cdb27414c1cd3d5de323c87bbb3187ffeb85e9cf564f27926fbbeba83ae68491986eb2786018ce69ef

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

MD5 167fb15a78e4617049c1aa16b638ecc8
SHA1 e9e4a8fee81192c7fdbfeaf6481c5d5f38fe1b30
SHA256 a2852141a5a858f29c8514f17795945b3fc6296488d0559f6ea86f6544e1d0a6
SHA512 bd5d17b169188e5e32900baae6346a0cc4d8c093ad089a47e76291ddb1527c282f1ccd343669ac808d1e8fe5dd2ccd41d75c96be5d4ca3f8870bedf3bd7a1033

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

MD5 ed8ed2a28c3ad1e9a2efabbfbd39d59c
SHA1 2570538a25f7c503ce0b96cf3de0026a6e4f11a5
SHA256 3a317fb73eb8f4be07d78962a7b7ad8758847c53c1626b4526cb07abb32e38f7
SHA512 084225f8d79844fb6a517a86083937ca249236c862d3bcfe641f6a9c6c24ea350616e5cfe5fea1c3f30d693c0ceb06b27ad076502806f73bcbdcf914a9ae356c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

MD5 1b3bf56b260d93ac4393ca1426f3484f
SHA1 c26b43ce0332b65fc64e309719fedd5d45972a2d
SHA256 10ac5a523a78043de5318a7a4b10dc8cb0fcd2c389ef92f462b10f40696d38b1
SHA512 3891c4f6248fadd9bb50f74d592c5f1afb5c0ac83d80f1b87e3e37103a04447d0400bea792a33cc81ed1dd13e16a2fce6581ee6acd9133b62402768e02ee2311

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

MD5 3102c5045f4e7bfd1c2e4364fcbaa29d
SHA1 ebd0d3e98910bd38f87bb26da6525953f8e5dfe2
SHA256 a701a809806c2d184d374bdb8f8ee900a5fdd215f5c8bdd10501282302136a6f
SHA512 f11cc006395ac5c24b19b43c72e4b2e44d74eeffd2c94d1635ca2969ff45097f9fc38e3b9e0dd5fdcebaa56f15ff67ce2d517a4cb4e9e0b7e5628afd50115c9c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

MD5 7603f860f8a34599bc2e6ea6fcb8a2c6
SHA1 0f40c87bf6f9c43b802c75cb03875fc0df16798d
SHA256 b0d7e911f9ec3a8448aae273d2dfe4100a345de935aa24b56720a90c3b8ef426
SHA512 290098ea958e1e072fb448e9bc25c5160a00a48eadb91794fd05855988077b3e5292113ae32869ddfe7bc4ba28672e10be2155b958db0415519e9ac1b82043e0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

MD5 3a85229f1c8b833b22d82cda49745d6d
SHA1 4c980424a03efed0b6cb9ecf9b7746af8cc5effd
SHA256 8a0da0aff9ed80ba0b0a099adaa58b50ec3c2d43493f782a7998472755d116a2
SHA512 0f3008fc4e34cf4c98d4f95d48400136f824f86d33e85b935a61023ce8e7f9cf9f727fc4927cc21ce56ff86e0b9d87c07e474a5716f022f89a24800e65e2160d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d0e7b5ad2cb8cf58113b34e201742ea1
SHA1 3948d2efa2c26fd20a5c092da5a6ece2488b59fe
SHA256 9ff7c969ac10d2ab137fd6fb0034ffe821340da1cfc7ac27f88748fc57b1aa6e
SHA512 a4c2d111c2664df87b52f384b0e0ce2f796b41d7d934418855e50870fcef21822a0f39bc7dc0b6099cae089ddc00a8051d07afe3b1899c2b390423cc6dec07dd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 aefd77f47fb84fae5ea194496b44c67a
SHA1 dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA256 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512 b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 5e65cb9a040ffd9a7aa85d02ab0907a3
SHA1 a10c85329f509c228626c2374b2b869b694c9f64
SHA256 3e839204c360558f89d08e6592598b6a838a97015e281c13602ef55b80dd3667
SHA512 d822eba46eabc894af2edcde843be59839ea3eef52a9b7af7ac1b87172dbc051fb72cc66724dfb4375fb92af3c46b02a3b2ca1d48269f3fc3f39b9491fc39e41

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 fb37744e856920a69da6d109c2d9dde8
SHA1 fdc26e2d67e8290c420fcc60b9543e9558aa8002
SHA256 ab35ff9866034dbf946d607ef2fdaa5c8b45988ff36de61bcdb5c451c443d771
SHA512 42e274e3df3874bd7ad43a7cb3575d121773030cf5b836c5cd1d0df1c5258dd62e22b3eea2f7b4b002a61e37743749e641263385e0fa25c90ca7230613365838

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 af261d1f6516299a3701b73bbb05d50f
SHA1 6a21704ce9aa8d46c47072956409fbd793c5558b
SHA256 9121c2d1014ace24434eb055757b7f99a1b3d49435486aec318110bf38db385d
SHA512 2e1a0dc9f8de0c7bd3dd05485f8276579f0dd43b2c511d23a8c8aecf4800ca05667b5f8baae2ef36d79cef24844ce6b3c6af11b4f6152a3b7195a7fb424f5e5c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 74f4817970ac190ab5a66ad1a14d7260
SHA1 8c7e11650c9009c2a28ad61c081f0be572ff85e7
SHA256 f9bb42c1a28b60d6303356c6c63003b64a3b54649a8cffa691b25110dd2630ae
SHA512 51d82276ae6d22ac05e8cd9f2f3e627e1f163e5590cfb9b78b4aa788111cc055df7c1f73e8e08c9fa8f2e5c61ce912f943f1995d6ce36fb704612afa27941523

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

MD5 3794b819f4e77326c5cd91463128d6e2
SHA1 bc37f11d8ca9ddb2d18df8e0e14891d7f8f8fee1
SHA256 0a24ad9fcebed784fc8f3e0bfd47abcce4d7116acceb5e40208ce47eaa4feee6
SHA512 124c5341a3e58a09dd870ddb4c26bd812ba52a2a68cea90a05241022edff50d3ac1107db83025b466e9a5637216fe1d56a37deb22465cfef9370accfe3e67402