Malware Analysis Report

2024-11-30 13:14

Sample ID 240620-nmd1wsvemg
Target 14k gaming @sublimecloud.txt
SHA256 4bc49329928f31df6b8ca569390c6778fb0b664bc4862615cb65ee197a9a05fe
Tags
pyinstaller
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

SHA256

4bc49329928f31df6b8ca569390c6778fb0b664bc4862615cb65ee197a9a05fe

Threat Level: Likely malicious

The file 14k gaming @sublimecloud.txt was found to be: Likely malicious.

Malicious Activity Summary

pyinstaller

Downloads MZ/PE file

Loads dropped DLL

Executes dropped EXE

Enumerates physical storage devices

Detects Pyinstaller

NTFS ADS

Suspicious use of AdjustPrivilegeToken

Suspicious use of SendNotifyMessage

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

Opens file in notepad (likely ransom note)

Modifies registry class

Suspicious use of WriteProcessMemory

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-20 11:30

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-20 11:30

Reported

2024-06-20 11:33

Platform

win7-20240221-en

Max time kernel

120s

Max time network

120s

Command Line

C:\Windows\system32\NOTEPAD.EXE "C:\Users\Admin\AppData\Local\Temp\14k gaming @sublimecloud.txt"

Signatures

N/A

Processes

C:\Windows\system32\NOTEPAD.EXE

C:\Windows\system32\NOTEPAD.EXE "C:\Users\Admin\AppData\Local\Temp\14k gaming @sublimecloud.txt"

Network

N/A

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-20 11:30

Reported

2024-06-20 11:34

Platform

win10v2004-20240508-en

Max time kernel

220s

Max time network

222s

Command Line

C:\Windows\system32\NOTEPAD.EXE "C:\Users\Admin\AppData\Local\Temp\14k gaming @sublimecloud.txt"

Signatures

Downloads MZ/PE file

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\ComboX.exe N/A
N/A N/A C:\Users\Admin\Downloads\ComboX.exe N/A

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2804150937-2146708401-419095071-1000\{7A094B3A-D6F1-4BAD-83F6-7115FDDA8C90} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2804150937-2146708401-419095071-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 42771.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Opens file in notepad (likely ransom note)

ransomware
Description Indicator Process Target
N/A N/A C:\Windows\system32\NOTEPAD.EXE N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 35 N/A C:\Users\Admin\Downloads\ComboX.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2024 wrote to memory of 2736 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 2736 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 2620 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 2620 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 2620 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 2620 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 2620 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 2620 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 2620 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 2620 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 2620 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 2620 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 2620 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 2620 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 2620 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 2620 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 2620 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 2620 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 2620 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 2620 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 2620 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 2620 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 2620 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 2620 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 2620 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 2620 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 2620 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 2620 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 2620 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 2620 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 2620 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 2620 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 2620 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 2620 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 2620 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 2620 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 2620 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 2620 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 2620 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 2620 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 2620 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 2620 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 3608 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 3608 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 2508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 2508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 2508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 2508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 2508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 2508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 2508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 2508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 2508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 2508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 2508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 2508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 2508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 2508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 2508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 2508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 2508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 2508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 2508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2024 wrote to memory of 2508 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Windows\system32\NOTEPAD.EXE

C:\Windows\system32\NOTEPAD.EXE "C:\Users\Admin\AppData\Local\Temp\14k gaming @sublimecloud.txt"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa735046f8,0x7ffa73504708,0x7ffa73504718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,13057704290695362437,8780441311867840171,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2056 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2028,13057704290695362437,8780441311867840171,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2332 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2028,13057704290695362437,8780441311867840171,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2712 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,13057704290695362437,8780441311867840171,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,13057704290695362437,8780441311867840171,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,13057704290695362437,8780441311867840171,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4212 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,13057704290695362437,8780441311867840171,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3896 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,13057704290695362437,8780441311867840171,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3700 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,13057704290695362437,8780441311867840171,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3700 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,13057704290695362437,8780441311867840171,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3928 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,13057704290695362437,8780441311867840171,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3536 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,13057704290695362437,8780441311867840171,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3516 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,13057704290695362437,8780441311867840171,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,13057704290695362437,8780441311867840171,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2028,13057704290695362437,8780441311867840171,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5804 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2028,13057704290695362437,8780441311867840171,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5820 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,13057704290695362437,8780441311867840171,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5908 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,13057704290695362437,8780441311867840171,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1300 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,13057704290695362437,8780441311867840171,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,13057704290695362437,8780441311867840171,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3120 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,13057704290695362437,8780441311867840171,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3500 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,13057704290695362437,8780441311867840171,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5996 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,13057704290695362437,8780441311867840171,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2028,13057704290695362437,8780441311867840171,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6024 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2028,13057704290695362437,8780441311867840171,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6684 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2028,13057704290695362437,8780441311867840171,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6204 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2028,13057704290695362437,8780441311867840171,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6700 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\Downloads\ComboX.exe

"C:\Users\Admin\Downloads\ComboX.exe"

C:\Users\Admin\Downloads\ComboX.exe

"C:\Users\Admin\Downloads\ComboX.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cracked.io/spec09

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffa735046f8,0x7ffa73504708,0x7ffa73504718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,13057704290695362437,8780441311867840171,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3156 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,13057704290695362437,8780441311867840171,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6780 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=2028,13057704290695362437,8780441311867840171,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=6524 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.CdmService --field-trial-handle=2028,13057704290695362437,8780441311867840171,131072 --lang=en-US --service-sandbox-type=cdm --mojo-platform-channel-handle=6800 /prefetch:8

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,13057704290695362437,8780441311867840171,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5660 /prefetch:2

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\combolist.txt

Network

Country Destination Domain Proto
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 203.197.79.204.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 107.12.20.2.in-addr.arpa udp
NL 23.62.61.89:443 www.bing.com tcp
NL 23.62.61.89:443 www.bing.com tcp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 r.bing.com udp
NL 23.62.61.171:443 r.bing.com tcp
NL 23.62.61.72:443 r.bing.com tcp
NL 23.62.61.72:443 r.bing.com tcp
NL 23.62.61.171:443 r.bing.com tcp
US 8.8.8.8:53 89.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 171.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 72.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 login.microsoftonline.com udp
US 8.8.8.8:53 services.bingapis.com udp
US 13.107.5.80:443 services.bingapis.com tcp
US 13.107.5.80:443 services.bingapis.com tcp
US 8.8.8.8:53 80.5.107.13.in-addr.arpa udp
US 8.8.8.8:53 17.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 89.33.18.104.in-addr.arpa udp
US 8.8.8.8:53 gofile.io udp
FR 51.178.66.33:80 gofile.io tcp
FR 51.178.66.33:80 gofile.io tcp
FR 51.178.66.33:443 gofile.io tcp
US 8.8.8.8:53 33.66.178.51.in-addr.arpa udp
US 8.8.8.8:53 api.gofile.io udp
FR 151.80.29.83:443 api.gofile.io tcp
US 8.8.8.8:53 s.gofile.io udp
FR 51.75.242.210:443 s.gofile.io tcp
FR 51.75.242.210:443 s.gofile.io tcp
US 8.8.8.8:53 83.29.80.151.in-addr.arpa udp
US 8.8.8.8:53 210.242.75.51.in-addr.arpa udp
US 8.8.8.8:53 ad.a-ads.com udp
DE 188.40.69.138:443 ad.a-ads.com tcp
US 8.8.8.8:53 static.a-ads.com udp
DE 213.239.209.209:443 static.a-ads.com tcp
DE 213.239.209.209:443 static.a-ads.com tcp
US 8.8.8.8:53 138.69.40.188.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 202.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 209.209.239.213.in-addr.arpa udp
US 8.8.8.8:53 cold3.gofile.io udp
FR 31.14.70.242:443 cold3.gofile.io tcp
FR 31.14.70.242:443 cold3.gofile.io tcp
US 8.8.8.8:53 store9.gofile.io udp
US 8.8.8.8:53 242.70.14.31.in-addr.arpa udp
US 206.168.190.239:443 store9.gofile.io tcp
US 206.168.190.239:443 store9.gofile.io tcp
US 8.8.8.8:53 239.190.168.206.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 cracked.io udp
US 104.18.1.137:443 cracked.io tcp
US 104.18.1.137:443 cracked.io tcp
US 8.8.8.8:53 137.1.18.104.in-addr.arpa udp
US 8.8.8.8:53 static.cracked.io udp
US 8.8.8.8:53 open.spotify.com udp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 8.8.8.8:53 i.ibb.co udp
US 151.101.67.42:443 open.spotify.com tcp
FR 162.19.58.161:443 i.ibb.co tcp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
US 8.8.8.8:53 certificates.starfieldtech.com udp
US 192.124.249.41:80 certificates.starfieldtech.com tcp
US 8.8.8.8:53 i.scdn.co udp
US 8.8.8.8:53 embed-cdn.spotifycdn.com udp
US 199.232.214.250:443 embed-cdn.spotifycdn.com tcp
US 199.232.214.250:443 embed-cdn.spotifycdn.com tcp
US 199.232.214.250:443 embed-cdn.spotifycdn.com tcp
US 199.232.214.250:443 embed-cdn.spotifycdn.com tcp
US 199.232.214.250:443 embed-cdn.spotifycdn.com tcp
US 199.232.214.250:443 embed-cdn.spotifycdn.com tcp
BE 23.14.90.107:443 i.scdn.co tcp
US 8.8.8.8:53 42.67.101.151.in-addr.arpa udp
US 8.8.8.8:53 161.58.19.162.in-addr.arpa udp
US 8.8.8.8:53 14.24.17.104.in-addr.arpa udp
US 8.8.8.8:53 41.249.124.192.in-addr.arpa udp
US 8.8.8.8:53 apps.identrust.com udp
NL 23.63.101.153:80 apps.identrust.com tcp
US 8.8.8.8:53 107.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 153.101.63.23.in-addr.arpa udp
US 8.8.8.8:53 250.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 133.130.101.151.in-addr.arpa udp
US 8.8.8.8:53 o22381.ingest.sentry.io udp
US 34.120.195.249:443 o22381.ingest.sentry.io tcp
US 8.8.8.8:53 apresolve.spotify.com udp
US 35.186.224.24:443 apresolve.spotify.com tcp
US 35.186.224.24:443 apresolve.spotify.com tcp
US 8.8.8.8:53 static.cracked.to udp
US 172.67.73.245:443 static.cracked.to tcp
US 172.67.73.245:443 static.cracked.to tcp
US 172.67.73.245:443 static.cracked.to tcp
US 8.8.8.8:53 249.195.120.34.in-addr.arpa udp
US 8.8.8.8:53 24.224.186.35.in-addr.arpa udp
US 8.8.8.8:53 245.73.67.172.in-addr.arpa udp
US 8.8.8.8:53 encore.scdn.co udp
BE 23.14.90.98:443 encore.scdn.co tcp
BE 23.14.90.98:443 encore.scdn.co tcp
US 35.186.224.24:443 apresolve.spotify.com udp
US 8.8.8.8:53 gew1-spclient.spotify.com udp
US 35.186.224.26:443 gew1-spclient.spotify.com tcp
US 35.186.224.26:443 gew1-spclient.spotify.com tcp
US 8.8.8.8:53 spclient.wg.spotify.com udp
US 35.186.224.24:443 spclient.wg.spotify.com tcp
US 35.186.224.26:443 gew1-spclient.spotify.com udp
US 8.8.8.8:53 98.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 web-sdk-assets.spotifycdn.com udp
US 199.232.210.250:443 web-sdk-assets.spotifycdn.com tcp
US 8.8.8.8:53 26.224.186.35.in-addr.arpa udp
US 8.8.8.8:53 250.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 combolist.co udp
US 63.250.43.11:443 combolist.co tcp
US 8.8.8.8:53 11.43.250.63.in-addr.arpa udp
US 63.250.43.11:443 combolist.co tcp
US 8.8.8.8:53 www.upload.ee udp
FR 51.91.30.159:443 www.upload.ee tcp
US 63.250.43.11:443 combolist.co tcp
US 8.8.8.8:53 159.30.91.51.in-addr.arpa udp
US 63.250.43.11:443 combolist.co tcp
US 63.250.43.11:443 combolist.co tcp
US 63.250.43.11:443 combolist.co tcp
FR 51.91.30.159:443 www.upload.ee tcp
US 63.250.43.11:443 combolist.co tcp
US 63.250.43.11:443 combolist.co tcp
FR 51.91.30.159:443 www.upload.ee tcp
FR 51.91.30.159:443 www.upload.ee tcp
FR 51.91.30.159:443 www.upload.ee tcp
FR 51.91.30.159:443 www.upload.ee tcp
US 34.120.195.249:443 o22381.ingest.sentry.io udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 eaa3db555ab5bc0cb364826204aad3f0
SHA1 a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca
SHA256 ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b
SHA512 e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4

\??\pipe\LOCAL\crashpad_2024_EUCQKMZVATIQBNQC

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 4b4f91fa1b362ba5341ecb2836438dea
SHA1 9561f5aabed742404d455da735259a2c6781fa07
SHA256 d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c
SHA512 fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f96112b292d7cda4d85fc430b390f1d7
SHA1 60c9264b43d21a155c06a3ae3838094ad7eccf2f
SHA256 4a948363ad416baa052515693be37813af3f477d7c59ae69d7c372648c7f81be
SHA512 0b27f134abfac74f63e38504efee5d1bae523316c1cb3d838deb63d4369104fc209f28a421b12409aacc4a9cb647c3684cec2e25847ccc2ec020afbdc0d877f6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 5bc222fb1c414a2aac994576d43467ec
SHA1 d255a627f25ee0795388f383709fca0d2d094238
SHA256 0647ce72db88d58cff7c6348e84fb6119c535436a69c4707928e42be1b745215
SHA512 65f8caf2dceaf3702399ad97d9ac80b6fb2f1599f3120efa3143b4d12e1f6a17693981819d56961becbe2707aa5a4ff0182b3f82c018383a54d7ddead0489378

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6c122a29f63b52d4dc933967d6026f77
SHA1 22f6d2df5428408171e72090981ac767218cb343
SHA256 87c13b2b7461f5e78ed0287df0a08f597a9ad03c2873587585c6536d74927dff
SHA512 3cd9425d6858b946bd1795887632a13f4ac9807894fa8f0efd26e6fb445e4e534806d437bf4b98a478457704352de11c400e90329e0aa667b269c7c9a5c41d0e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5e8610c8934a70aab23ac355cb6bddef
SHA1 afa338fb8a8f21005738da4d3117ce83a84c77f7
SHA256 c2625160357a033b566d5b6b6ba5b73250fc4e7dacd19872c5fb609c61f4dc27
SHA512 3bb05a5bbac5668f662cdd83de6507b809c522b3ffbd1c3a118f84ebdff6ed6c0ed698fb639a5609d8a984aed5a73303c2153a9ad480ddc27ffbfd00652b29c0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 6e470cee12046b103066bf7f43df185a
SHA1 fec4d4f9dd0f0b13ca798811a4710806b3914177
SHA256 7fb68f9ddfcfedf1130a4d113f1dd27736dc2d9811192267ee28acc76dbc2e8e
SHA512 e1cabf3f6d09f336ede38b66e134702364dd6c19bae6d7433d7b4e89db1785b6e7f4d40990aa22a14ce6122c4e596214c9aa238935e2f10c3838a67d1d2ac786

C:\Users\Admin\Downloads\Unconfirmed 42771.crdownload

MD5 7bfbb042fdcc60d09cad8768226417ff
SHA1 284a1e920634f2f3e82ae8f82c8593daa0f57bb8
SHA256 ba59d338da81b1ef3fb644c139fcde23bd2699157cd0e697ec6d5407cdc65f4a
SHA512 3cf487c5263323cc144392c9b00f194cc0382ffdc94e0a650a0d1957ce721328fa618d8981224c6a1d54bd18cc659240b85a0f4f16f5dbccd272f5ee323ee07a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 579ba5f1270243ef99b8cd6d65af9f6b
SHA1 ecc51fe1a0be6957d4fad7b0aeb888e2bda873cb
SHA256 b2d2793bf9d9ef572bc5b15e33b4dceeb365b2ed481e893cfbd13f77498b43d1
SHA512 fe4e89220c7c2943f18ae663294fb30dfa878976e3b31ca2cd1a90e1f59c5e7e85195bc7a83b95a5c6c8a5e7c2a3f30b9de45727d8d776168e5b6f676c8e705b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ff60ded29b3c8eeaa0992df4bd11c601
SHA1 9457981c2b876b9e419be2a44cac53a498cfda19
SHA256 0cf81ddeb4c562cfc94f720866b5eb623ba8c2a3540bdf54b1444fcfa0b4faf5
SHA512 676d298f0618752cc91fa44e876997bbe62f77dad1d9cd874aee9e465810438b476c91fe6c9becb358ce0397b394ac259d228a861493ccc4b3777c6cf270024b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5869b2.TMP

MD5 dd05dda10d46aa8b4ffdaad1c15958bc
SHA1 4d4b2163d1343f5f8d157e12f1424b9630e67bee
SHA256 9ec8770709bbe19419098f69849a39653a619050d747d72755ecc86bfdd88b51
SHA512 c8820550066192ce23fb2ad0905f82bc3c7a30f3ec83ce4308197008dc95812163d86081d324aa6dba16e3a855c2c3221abc8e722c6125c88c44efded570a6df

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

MD5 d7ea672b19a78115f6264fe81b1e20e7
SHA1 a93b011006c2f962bb516f11503d4fb0038011aa
SHA256 0be34e38cbb8d15b00bc9cd4d67ba750572632a485f2ab2c0727039b194ab87d
SHA512 34ae71488b63d30e58555f41477fdf9db68022daf0075179cbbfe7087d20ef34013d17186b0fe0ed3ee41599637de4da2e004a62c48bda3617c13649e295b547

C:\Users\Admin\AppData\Local\Temp\_MEI53402\python37.dll

MD5 86af9b888a72bdceb8fd8ed54975edd5
SHA1 c9d67c9243f818c0a8cc279267cca44d9995f0cf
SHA256 e11aa3893597d7c408349ebb11f47a24e388fd702c4d38b5d6f363f7ad6e8e5f
SHA512 5d8fd9040f466e23af7f17772e3769ad83c5f55f8c70dcc3cfb1f827e105f0f4e6133f0e183fabc67dd44799495c47f931bf92546342b30b9c4a5c2b4aeee7c7

C:\Users\Admin\AppData\Local\Temp\_MEI53402\base_library.zip

MD5 17a1451713ec45cd849d9ae65fe29652
SHA1 224682872b1d90dc985fc3dbcf19d10fb2ecd5e2
SHA256 2194074baf96c3b411091a6505862833ca8f24db0e6d7ae5ea2a6391505c71d4
SHA512 64a341a936dce66133583a6729314de27a69264ef5e92c7c2f13cd9c31edefd828c9714225b6643728b31765cd675c42f07085cc91932f7b7036f8a2a338f6fe

C:\Users\Admin\AppData\Local\Temp\_MEI53402\VCRUNTIME140.dll

MD5 0e675d4a7a5b7ccd69013386793f68eb
SHA1 6e5821ddd8fea6681bda4448816f39984a33596b
SHA256 bf5ff4603557c9959acec995653d052d9054ad4826df967974efd2f377c723d1
SHA512 cae69a90f92936febde67dacd6ce77647cb3b3ed82bb66463cd9047e90723f633aa2fc365489de09fecdc510be15808c183b12e6236b0893af19633f6a670e66

C:\Users\Admin\AppData\Local\Temp\_MEI53402\_ctypes.pyd

MD5 9a69561e94859bc3411c6499bc46c4bd
SHA1 3fa5bc2d4ffc23c4c383252c51098d6211949b99
SHA256 6bbde732c5bcb89455f43f370a444bb6bca321825de56f9a1f2e947b0a006f1c
SHA512 31d9e3844f1b8e72ec80acd1e224a94d11039c130e69c498a668e07e0d8bba8d1ed1ebe0b7a16376ca597d0e2b74a0d5e3bf53d1cbadf5bf099d3bf78db659a4

C:\Users\Admin\AppData\Local\Temp\_MEI53402\_socket.pyd

MD5 0ea1df6137ee3369546a806a175aecf4
SHA1 95fd1ad45892cb9e655bfa62ca1be80a0b9b2d43
SHA256 6fcc31573ae6b380db1d4e23731755465fd2cee0856e7a6c0e396759bcbf73b5
SHA512 6497fdb86ac69f6551a7794c090ca695bf22eb647b7a503fa23d7944ad375f061429f17e2ea043c809460e7cb9fc3df77c7bfe0b64f00ddd65de1aa744d3adcb

C:\Users\Admin\AppData\Local\Temp\_MEI53402\select.pyd

MD5 e1d0d18a0dd8e82f9b677a86d32e3124
SHA1 96a00541d86d03529b55c1ac5ff1c6cfb5e91d1e
SHA256 4595675949851bd0ff65521e936647fcc5c8d2f32f0ac2641a262fb6323896dd
SHA512 38e3b6b23ebcbdc60eeeed0bf3dddc69004a1ccd4a2486f3a9f8c0d4624b690e2e5704e3fe05bf1bf2c900bf4f5bc9439f45f3c02fd4c67783056b3da15e0f56

C:\Users\Admin\AppData\Local\Temp\_MEI53402\_lzma.pyd

MD5 16fb5a2363ce8dd12a65a9823a517b59
SHA1 59979d9195259f48c678cdaa36b5efee13472ff5
SHA256 bb78ca0dd1478027e2e9f06f56fc7c3cc6f157b4151562d58a7f6646e463fcc2
SHA512 d9801cdd8cc9809781b79882a226ee7a56d93eac0181295c80cb1f088f0fbf46e3eb35c7d8ff208dbd5a3e93a190a04c48fd254c9971a3740b020547973683e1

C:\Users\Admin\AppData\Local\Temp\_MEI53402\_bz2.pyd

MD5 8b40a68ae537c0aab25a8b30b10ab098
SHA1 1c8ac1f7f5c3697c457dd98f05296c2354ff7f55
SHA256 0b86ef4810d53e79f1d934b427fdbacf3792eebb37ed241bc89148238af763fa
SHA512 620ad61ff05c73adee4ac8f4b88a3880c11893eaac77ccca4e88edb29b492366a5bcf813d18628f005730f7e45ce373af9275776ea768b67b8d0e3bc62949229

C:\Users\Admin\AppData\Local\Temp\_MEI53402\_hashlib.pyd

MD5 1f77f7a5f36c48e7c596e7031c80e4ff
SHA1 79f86e31203b60b3388047e39a2a26275da411f5
SHA256 30dfbd97883b1545513ca5bb857a9aad6e9bf4b8b4272569818346eaf25033f7
SHA512 b647e820ae4854921839a6cc92610fd63ef79623d442fd17503a39ca145dfd6cde3719c50473c0c74fe487f980b12e90bd3d3beb5729fa5498a357d44f81809c

C:\Users\Admin\AppData\Local\Temp\_MEI53402\libcrypto-1_1.dll

MD5 bf83f8ad60cb9db462ce62c73208a30d
SHA1 f1bc7dbc1e5b00426a51878719196d78981674c4
SHA256 012866b68f458ec204b9bce067af8f4a488860774e7e17973c49e583b52b828d
SHA512 ae1bdda1c174ddf4205ab19a25737fe523dca6a9a339030cd8a95674c243d0011121067c007be56def4eaeffc40cbdadfdcbd1e61df3404d6a3921d196dcd81e

C:\Users\Admin\AppData\Local\Temp\_MEI53402\_ssl.pyd

MD5 0e970f3353e65094165edcdfcaf1c299
SHA1 e86d2c4723ae09890f69ab1a6f4a1a935dc0a0e7
SHA256 4fed9f05da139d66e0582b47c20ee91c91be44d379c225f89b22462bedc989d3
SHA512 4621d1add268f9aadf0119055d6cce23739eec969ab031fc0a510c40cf4cce60230a89735fd85c38f28c22ed9dc829ff294ef48590fc56191464e1fec1fa4595

C:\Users\Admin\AppData\Local\Temp\_MEI53402\libssl-1_1.dll

MD5 fe1f3632af98e7b7a2799e3973ba03cf
SHA1 353c7382e2de3ccdd2a4911e9e158e7c78648496
SHA256 1ce7ba99e817c1c2d71bc88a1bdd6fcad82aa5c3e519b91ebd56c96f22e3543b
SHA512 a0123dfe324d3ebf68a44afafca7c6f33d918716f29b063c72c4a8bd2006b81faea6848f4f2423778d57296d7bf4f99a3638fc87b37520f0dcbeefa3a2343de0

C:\Users\Admin\AppData\Local\Temp\_MEI53402\_overlapped.pyd

MD5 96ff7af214a644d115ca2f64e188e748
SHA1 91948bd362f9f520263bda0e4783d10ae1976db2
SHA256 73a04a9c8baa1ae95b1647746e7d0471a5ecbd323758577dc686ccbb9d912163
SHA512 a2d9f1f7d7a96e7c252ad12afdb5637a86bc720da3a31879cc59117048504f96095102a4b442fbf70352731e0fc0fb10a719a2ff988232d4f3ee30ae7f6efba6

C:\Users\Admin\AppData\Local\Temp\_MEI53402\_asyncio.pyd

MD5 0529d2ad178c382e209e3d1f049a31b0
SHA1 0cecb050c51314a2830e9cbcb210aaa2fa754426
SHA256 eaa6a970aae89f0d7cab5d91997ac257e933ad1bb38886aa1672251169a4828e
SHA512 32b81272c5221e8d36be76add79fad4d3c3e38ac02787a35960b8ee35c8e0be367df664956a5b1ae9d452eb6ca7ad73c5148fd57e64cf7e26a978973f82335d1

C:\Users\Admin\AppData\Local\Temp\_MEI53402\_queue.pyd

MD5 94b57996008875822a0b13fa089ae513
SHA1 340ab82c3653c7e664f28d2dffb6863f1df20709
SHA256 28136612834be0dd236f085f46c1d9b8a1830b9c073557464e22bc006d81e494
SHA512 aa9db065609dbae700a5c04266afa99ef838a9f5dc58acdca1c9b95c5d845195cfce895b81d718e761e69b5cfaeb71e9e8450fb76c590f991850e67f65b32abe

C:\Users\Admin\AppData\Local\Temp\_MEI53402\unicodedata.pyd

MD5 23bba751c8a182262856eeba20db3341
SHA1 0120468629aa035d92ebdf97f9f32a02085fbccf
SHA256 96eafcb208518f6df0674ef6f1a48f4687eb73f785c87b11cb4a52dcf1ce5c66
SHA512 482fdb6f542be27d6bf3b41bc7aa7d7fda3077cd763f32bb25e0c50cf8ae11ebd8173d18cb0a52126b2150fc737109d384971298e8e2cf8a199ad1f1956d9326

C:\Users\Admin\AppData\Local\Temp\_MEI53402\_elementtree.pyd

MD5 80788d9c36aa4f950d1a71518abfa5fc
SHA1 3bcf2f8df698160d01c74f934ab4c06555ae1f8c
SHA256 75b93ebab7de27022d1d9f468c5051be5ac64b436b6a10928d75b3de19dbcb6b
SHA512 f26187e364c80c5ff423699fbcf62a8035969592a6da339c80fa862185f1f2e674c44325321c6643cb6cb7e2034623e04603a9491d1e8f06a4063efbf85ef48e

C:\Users\Admin\AppData\Local\Temp\_MEI53402\pyexpat.pyd

MD5 ebf42794afd81d3a158f1d4eb4096483
SHA1 9c49d840a600d126b1d0b3a294218f82c2292c8d
SHA256 0cb9ae2dfd64c291de65aee89a524a0bbfe7755c34c8215e8b47a4f409ef3743
SHA512 28db296525d48e970c40bf267523dfdcd823fbd471e606b97cd61af373af9d42bb72765f846df4bf33457124fd1a039e7e06b5e6e863503a26a3efc9b15078f0

C:\Users\Admin\AppData\Local\Temp\_MEI53402\lxml\etree.cp37-win_amd64.pyd

MD5 bc5a2b80b07036b073eaa63b199dfb78
SHA1 dc4c4d4407c437276660bd8342aed9d61fd09d77
SHA256 3294e45e6ec9037d390d6ceecef9965c59c8b36a2e4b99d51c24e4a1f73e6759
SHA512 fc7dc64047c168151fe9f93030adfc8041cc7bf140f99df5c4511527cdc18b6ece6fb3a8d615771908a292b78d2360c97f10f462f091f9cdbe38df7fbb31d7d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b24d02c3efd3366111b60c04dc7d20ae
SHA1 4aadfc4018147ee3444f74aae2794f0592ec620a
SHA256 8f7c85d8739ad0fb201892c596058ce1b0954c2934495684a03373f1da4bea6b
SHA512 06b47a4bb35ed4c24cb11833ecd42bdb516a258c2c3eabe9546428bc6c74d54a0ff6bf21e74c9c39c10618c53f5f762d4e7317065f34134737bb2eb54441cf11

memory/5620-426-0x0000021037440000-0x000002103750C000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 b9e132a0c9362bec206678d5b86d3984
SHA1 70d3e22dd45fdfd4d4512f7b760d43a628ba6989
SHA256 af21f66736dd29ad60b864c5c443faef9c6bc05b832cb7e94907b50a4d834bfe
SHA512 92106532a6463a2d798db718a11f5a9a91f7db5b9024544f63f6b0458813e11fbed835dbb852d3ab38fd9d11924baa7c1db5c8f176edaef82e25c97f81345fc7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ab7e06f4024b509efd31acd03f5e7782
SHA1 ef272bfc6784ebf239c5fecfe00988dc6ca8ef33
SHA256 c05803a29edf7290b8bef380aa53a4aeccc257ca46f96f4e6a010aa3d54a86fc
SHA512 c37862c0fa31350adf4da6b545b48bc4e1fb7d14665bf769acf56f06dc4e7ce9e326830aaec6f8b90c1514058d6cbd429fc70a176191dd8920fc168c4cda1016

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 71f0bd052776c9bcd5e2ce1bcc928d8a
SHA1 cb9c87a9a81f9f5a7d1b720ddbdc0e1410d79147
SHA256 9d4bec63699937eca2ede4140d43322b5ec377ad82f162699d7ab75d63dfe794
SHA512 5e92ee49bd314fa5cb9eb1b681616977a9d80edfd73d07b3def4a1c8eac1cb31f056e2e5439b662198cae281852ef5c55411f08a7d45f7fee0850c271ff7feac

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 9da223a5604767b3f0c39191ad5cb213
SHA1 52a8b522d88f3ff9fbc3a7452560153eab144390
SHA256 8e8ed582904da6cbc1f34b0de41b992387d4a47b1604f90533ed14529ab4191b
SHA512 d5c6a94996b46668e952054169187400ab36a25417bf1e1e7d890a67006db015700f33151f5a4bbbd28296b4ec3f175722dc56e9d1a9dcafd79be1c83efce37f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 bb20b382b5c0108d7bb28b03a03d08e3
SHA1 f75a0cc7b76eeac1cde5ab32a8eafd90a9107661
SHA256 7977397799c043d152f177d2ff8d06048766bd0f0c6ac5993f3426da8abfd9b3
SHA512 71531d657a54ec95920f37b67605a2bde2421751e776243b1bd3b0d02c16bbf3ace54be83d6e8ecffd990e3f2ed8eb977851dc3774a1ee28c46c0b438b8b1754

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 3fb39b5f8ec970f9fb2e360b5d8243d1
SHA1 56065a687fa0e9714d3c56c58946370ed0323106
SHA256 f1d0b7763b80afef30505d84efa543cdab0f659b45f5b2ef74e7070d93de5a45
SHA512 c27c0e9819b6d05c7c00150fa92cfc08799aa7afca9ed3ba599d948f630dc7931330ab1462dacac3995f7246e3607b121a034daf2616de8dd1fd66df07bee998