Malware Analysis Report

2024-09-23 02:38

Sample ID 240629-af6knsygmm
Target Wave.JohnPrlx.cracked.rar
SHA256 6d5ff2230c713e9372d23989c3ea247d814ffc6f19380be86f7bccf3c0b6ff91
Tags
stormkitty xworm discovery execution persistence privilege_escalation rat spyware stealer trojan phishing ransomware
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral11

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

6d5ff2230c713e9372d23989c3ea247d814ffc6f19380be86f7bccf3c0b6ff91

Threat Level: Known bad

The file Wave.JohnPrlx.cracked.rar was found to be: Known bad.

Malicious Activity Summary

stormkitty xworm discovery execution persistence privilege_escalation rat spyware stealer trojan phishing ransomware

StormKitty payload

Xworm

StormKitty

Detect Xworm Payload

Downloads MZ/PE file

Command and Scripting Interpreter: PowerShell

Executes dropped EXE

Event Triggered Execution: Component Object Model Hijacking

Reads user/profile data of web browsers

Drops startup file

Loads dropped DLL

Checks installed software on the system

Adds Run key to start application

Looks up external IP address via web service

Enumerates connected drives

Sets desktop wallpaper using registry

Detected phishing page

Drops file in Program Files directory

Program crash

Unsigned PE

Enumerates physical storage devices

Suspicious behavior: EnumeratesProcesses

Uses Task Scheduler COM API

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Suspicious behavior: GetForegroundWindowSpam

Suspicious behavior: AddClipboardFormatListener

Modifies registry class

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

NTFS ADS

Checks processor information in registry

Scheduled Task/Job: Scheduled Task

Enumerates system info in registry

Suspicious use of SendNotifyMessage

Suspicious use of FindShellTrayWindow

Modifies Internet Explorer settings

MITRE ATT&CK Matrix V13

Analysis: static1

Detonation Overview

Reported

2024-06-29 00:10

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-29 00:10

Reported

2024-06-29 00:41

Platform

win11-20240508-en

Max time kernel

449s

Max time network

1169s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\CefSharp.Core.Runtime.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\CefSharp.Core.Runtime.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2024-06-29 00:10

Reported

2024-06-29 00:41

Platform

win11-20240611-en

Max time kernel

1486s

Max time network

1500s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\bin\lz4.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\bin\lz4.dll,#1

Network

Country Destination Domain Proto
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp

Files

N/A

Analysis: behavioral6

Detonation Overview

Submitted

2024-06-29 00:10

Reported

2024-06-29 00:41

Platform

win11-20240611-en

Max time kernel

1478s

Max time network

1492s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\bin\wolfssl.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\bin\wolfssl.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp

Files

N/A

Analysis: behavioral9

Detonation Overview

Submitted

2024-06-29 00:10

Reported

2024-06-29 00:41

Platform

win11-20240508-en

Max time kernel

1796s

Max time network

1800s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\bin\zstd.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\bin\zstd.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

N/A

Analysis: behavioral10

Detonation Overview

Submitted

2024-06-29 00:10

Reported

2024-06-29 00:41

Platform

win11-20240611-en

Max time kernel

1483s

Max time network

1497s

Command Line

cmd /c "C:\Users\Admin\AppData\Local\Temp\cracked by JohnPrlx.txt"

Signatures

Enumerates physical storage devices

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1276817940-128734381-631578427-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4388 wrote to memory of 3768 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\NOTEPAD.EXE
PID 4388 wrote to memory of 3768 N/A C:\Windows\system32\cmd.exe C:\Windows\system32\NOTEPAD.EXE

Processes

C:\Windows\system32\cmd.exe

cmd /c "C:\Users\Admin\AppData\Local\Temp\cracked by JohnPrlx.txt"

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\cracked by JohnPrlx.txt

Network

Country Destination Domain Proto
US 52.111.227.11:443 tcp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-29 00:10

Reported

2024-06-29 00:41

Platform

win11-20240508-en

Max time kernel

1800s

Max time network

1801s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\Wave.JohnPrlx.cracked.rar

Signatures

Detect Xworm Payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

StormKitty

stealer stormkitty

StormKitty payload

Description Indicator Process Target
N/A N/A N/A N/A

Xworm

trojan rat xworm

Downloads MZ/PE file

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DriverUpdt.lnk C:\Users\Admin\AppData\Roaming\DriverUpdt.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DriverUpdt.lnk C:\Users\Admin\AppData\Roaming\DriverUpdt.exe N/A

Event Triggered Execution: Component Object Model Hijacking

persistence privilege_escalation

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\winrar-x64-701.exe N/A
N/A N/A C:\Users\Admin\Downloads\7z2407-x64.exe N/A
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A
N/A N/A C:\Users\Admin\Desktop\WaveWindowsCracked.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\WaveWindows.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DriverUpdt.exe N/A
N/A N/A C:\Users\Admin\Desktop\WaveWindowsCracked.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\WaveWindows.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DriverUpdt.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DriverUpdt N/A
N/A N/A C:\Users\Admin\Desktop\WaveWindowsCracked.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\WaveWindows.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DriverUpdt.exe N/A
N/A N/A C:\Users\Admin\Desktop\WaveWindowsCracked.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\WaveWindows.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DriverUpdt.exe N/A
N/A N/A C:\Users\Admin\Desktop\WaveUnCracked\WaveWindowsCracked.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DriverUpdt N/A
N/A N/A C:\Users\Admin\AppData\Roaming\WaveWindows.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DriverUpdt.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DriverUpdt N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DriverUpdt N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DriverUpdt N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DriverUpdt N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DriverUpdt N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DriverUpdt N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DriverUpdt N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DriverUpdt N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DriverUpdt N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DriverUpdt N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DriverUpdt N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DriverUpdt N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DriverUpdt N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DriverUpdt N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DriverUpdt N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DriverUpdt N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DriverUpdt N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DriverUpdt N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DriverUpdt N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DriverUpdt N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000\Software\Microsoft\Windows\CurrentVersion\Run\DriverUpdt = "C:\\Users\\Admin\\AppData\\Roaming\\DriverUpdt" C:\Users\Admin\AppData\Roaming\DriverUpdt.exe N/A

Checks installed software on the system

discovery

Looks up external IP address via web service

Description Indicator Process Target
N/A ip-api.com N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\7-Zip\Lang\eo.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ext.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\he.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\va.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\vi.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\7-zip.dll C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\7zCon.sfx C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\de.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\nn.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\pt-br.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\th.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\7-zip.chm C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\zh-cn.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ba.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\7z.dll C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ps.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\pt.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ru.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\descript.ion C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\bn.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\et.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\hr.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\mn.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\zh-tw.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\af.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ar.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ca.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ja.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\kaa.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ne.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ug.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\yo.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ka.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\mk.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\7zFM.exe C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\fa.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\io.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ku.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ky.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\nl.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\pa-in.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\uz.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\sl.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\sw.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\fr.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\lt.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\pl.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\uz-cyrl.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\7zG.exe C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\az.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\kk.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\tk.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\tt.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\co.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\mng2.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\sv.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\bg.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\fi.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\fy.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\lij.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\7z.exe C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ga.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\History.txt C:\Users\Admin\Downloads\7z2407-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\en.ttt C:\Users\Admin\Downloads\7z2407-x64.exe N/A

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 C:\Users\Admin\Downloads\7z2407-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip.dll" C:\Users\Admin\Downloads\7z2407-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment" C:\Users\Admin\Downloads\7z2407-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip C:\Users\Admin\Downloads\7z2407-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip C:\Users\Admin\Downloads\7z2407-x64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings C:\Windows\system32\cmd.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3433428765-2473475212-4279855560-1000\{CB074A14-8E49-4370-BD43-9F1BAFC4285C} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension" C:\Users\Admin\Downloads\7z2407-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Users\Admin\Downloads\7z2407-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000} C:\Users\Admin\Downloads\7z2407-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension" C:\Users\Admin\Downloads\7z2407-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment" C:\Users\Admin\Downloads\7z2407-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 C:\Users\Admin\Downloads\7z2407-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip C:\Users\Admin\Downloads\7z2407-x64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip32.dll" C:\Users\Admin\Downloads\7z2407-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000} C:\Users\Admin\Downloads\7z2407-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Users\Admin\Downloads\7z2407-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Users\Admin\Downloads\7z2407-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip C:\Users\Admin\Downloads\7z2407-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Users\Admin\Downloads\7z2407-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip C:\Users\Admin\Downloads\7z2407-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Users\Admin\Downloads\7z2407-x64.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 215771.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\winrar-x64-701.exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 557287.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\7z2407-x64.exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Wave.JohnPrlx.cracked.rar:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Scheduled Task/Job: Scheduled Task

persistence execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\schtasks.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\WaveWindows.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DriverUpdt.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DriverUpdt.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\WaveWindows.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\WaveWindows.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\WaveWindows.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\WaveWindows.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\WaveWindows.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\WaveWindows.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DriverUpdt.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DriverUpdt.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DriverUpdt.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DriverUpdt.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DriverUpdt.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DriverUpdt.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DriverUpdt.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DriverUpdt.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DriverUpdt.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DriverUpdt.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DriverUpdt.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DriverUpdt.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DriverUpdt.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DriverUpdt.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DriverUpdt.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DriverUpdt.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DriverUpdt.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DriverUpdt.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DriverUpdt.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DriverUpdt.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DriverUpdt.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DriverUpdt.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DriverUpdt.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\DriverUpdt.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\DriverUpdt.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\WaveWindows.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\DriverUpdt.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\DriverUpdt.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\WaveWindows.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\DriverUpdt N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\DriverUpdt.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\WaveWindows.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\DriverUpdt.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\WaveWindows.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\DriverUpdt N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\DriverUpdt.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\WaveWindows.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\DriverUpdt N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\DriverUpdt N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\DriverUpdt N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\DriverUpdt N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\DriverUpdt N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\DriverUpdt N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\DriverUpdt N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\DriverUpdt N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\DriverUpdt N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\DriverUpdt N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\DriverUpdt N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\DriverUpdt N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\DriverUpdt N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\DriverUpdt N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\DriverUpdt N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\DriverUpdt N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\DriverUpdt N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\DriverUpdt N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\DriverUpdt N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\DriverUpdt N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4212 wrote to memory of 4524 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4212 wrote to memory of 4524 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4212 wrote to memory of 484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4212 wrote to memory of 484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4212 wrote to memory of 484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4212 wrote to memory of 484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4212 wrote to memory of 484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4212 wrote to memory of 484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4212 wrote to memory of 484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4212 wrote to memory of 484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4212 wrote to memory of 484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4212 wrote to memory of 484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4212 wrote to memory of 484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4212 wrote to memory of 484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4212 wrote to memory of 484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4212 wrote to memory of 484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4212 wrote to memory of 484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4212 wrote to memory of 484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4212 wrote to memory of 484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4212 wrote to memory of 484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4212 wrote to memory of 484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4212 wrote to memory of 484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4212 wrote to memory of 484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4212 wrote to memory of 484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4212 wrote to memory of 484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4212 wrote to memory of 484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4212 wrote to memory of 484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4212 wrote to memory of 484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4212 wrote to memory of 484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4212 wrote to memory of 484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4212 wrote to memory of 484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4212 wrote to memory of 484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4212 wrote to memory of 484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4212 wrote to memory of 484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4212 wrote to memory of 484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4212 wrote to memory of 484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4212 wrote to memory of 484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4212 wrote to memory of 484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4212 wrote to memory of 484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4212 wrote to memory of 484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4212 wrote to memory of 484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4212 wrote to memory of 484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4212 wrote to memory of 5036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4212 wrote to memory of 5036 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4212 wrote to memory of 3492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4212 wrote to memory of 3492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4212 wrote to memory of 3492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4212 wrote to memory of 3492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4212 wrote to memory of 3492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4212 wrote to memory of 3492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4212 wrote to memory of 3492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4212 wrote to memory of 3492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4212 wrote to memory of 3492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4212 wrote to memory of 3492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4212 wrote to memory of 3492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4212 wrote to memory of 3492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4212 wrote to memory of 3492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4212 wrote to memory of 3492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4212 wrote to memory of 3492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4212 wrote to memory of 3492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4212 wrote to memory of 3492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4212 wrote to memory of 3492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4212 wrote to memory of 3492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4212 wrote to memory of 3492 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\Wave.JohnPrlx.cracked.rar

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff875f43cb8,0x7ff875f43cc8,0x7ff875f43cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1756,2321984983826144038,13321812008268544805,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1832 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1756,2321984983826144038,13321812008268544805,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1756,2321984983826144038,13321812008268544805,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2532 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,2321984983826144038,13321812008268544805,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3180 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,2321984983826144038,13321812008268544805,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,2321984983826144038,13321812008268544805,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4868 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,2321984983826144038,13321812008268544805,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4888 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1756,2321984983826144038,13321812008268544805,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4620 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,2321984983826144038,13321812008268544805,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4588 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1756,2321984983826144038,13321812008268544805,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5252 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,2321984983826144038,13321812008268544805,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1756,2321984983826144038,13321812008268544805,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4524 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1756,2321984983826144038,13321812008268544805,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3456 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,2321984983826144038,13321812008268544805,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4584 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,2321984983826144038,13321812008268544805,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,2321984983826144038,13321812008268544805,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,2321984983826144038,13321812008268544805,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,2321984983826144038,13321812008268544805,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,2321984983826144038,13321812008268544805,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,2321984983826144038,13321812008268544805,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,2321984983826144038,13321812008268544805,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4664 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1756,2321984983826144038,13321812008268544805,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6148 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1756,2321984983826144038,13321812008268544805,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6236 /prefetch:8

C:\Users\Admin\Downloads\winrar-x64-701.exe

"C:\Users\Admin\Downloads\winrar-x64-701.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1756,2321984983826144038,13321812008268544805,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4684 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,2321984983826144038,13321812008268544805,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4844 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,2321984983826144038,13321812008268544805,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,2321984983826144038,13321812008268544805,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6752 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,2321984983826144038,13321812008268544805,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6944 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,2321984983826144038,13321812008268544805,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6904 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,2321984983826144038,13321812008268544805,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,2321984983826144038,13321812008268544805,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6776 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,2321984983826144038,13321812008268544805,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6896 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1756,2321984983826144038,13321812008268544805,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7156 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1756,2321984983826144038,13321812008268544805,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7212 /prefetch:8

C:\Users\Admin\Downloads\7z2407-x64.exe

"C:\Users\Admin\Downloads\7z2407-x64.exe"

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,2321984983826144038,13321812008268544805,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:1

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x00000000000004D4 0x00000000000004D8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1756,2321984983826144038,13321812008268544805,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7772 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1756,2321984983826144038,13321812008268544805,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7408 /prefetch:8

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\" -an -ai#7zMap24646:100:7zEvent28821

C:\Users\Admin\Desktop\WaveWindowsCracked.exe

"C:\Users\Admin\Desktop\WaveWindowsCracked.exe"

C:\Users\Admin\AppData\Roaming\WaveWindows.exe

"C:\Users\Admin\AppData\Roaming\WaveWindows.exe"

C:\Users\Admin\AppData\Roaming\DriverUpdt.exe

"C:\Users\Admin\AppData\Roaming\DriverUpdt.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 3568 -ip 3568

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3568 -s 1120

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming\DriverUpdt.exe'

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'DriverUpdt.exe'

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming\DriverUpdt'

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'DriverUpdt'

C:\Windows\System32\schtasks.exe

"C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "DriverUpdt" /tr "C:\Users\Admin\AppData\Roaming\DriverUpdt"

C:\Users\Admin\Desktop\WaveWindowsCracked.exe

"C:\Users\Admin\Desktop\WaveWindowsCracked.exe"

C:\Users\Admin\AppData\Roaming\WaveWindows.exe

"C:\Users\Admin\AppData\Roaming\WaveWindows.exe"

C:\Users\Admin\AppData\Roaming\DriverUpdt.exe

"C:\Users\Admin\AppData\Roaming\DriverUpdt.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 3876 -ip 3876

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3876 -s 1060

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\cracked by JohnPrlx.txt

C:\Users\Admin\AppData\Roaming\DriverUpdt

C:\Users\Admin\AppData\Roaming\DriverUpdt

C:\Users\Admin\Desktop\WaveWindowsCracked.exe

"C:\Users\Admin\Desktop\WaveWindowsCracked.exe"

C:\Users\Admin\AppData\Roaming\WaveWindows.exe

"C:\Users\Admin\AppData\Roaming\WaveWindows.exe"

C:\Users\Admin\AppData\Roaming\DriverUpdt.exe

"C:\Users\Admin\AppData\Roaming\DriverUpdt.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 2308 -ip 2308

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2308 -s 1092

C:\Users\Admin\Desktop\WaveWindowsCracked.exe

"C:\Users\Admin\Desktop\WaveWindowsCracked.exe"

C:\Users\Admin\AppData\Roaming\WaveWindows.exe

"C:\Users\Admin\AppData\Roaming\WaveWindows.exe"

C:\Users\Admin\AppData\Roaming\DriverUpdt.exe

"C:\Users\Admin\AppData\Roaming\DriverUpdt.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 496 -p 112 -ip 112

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 112 -s 1088

C:\Users\Admin\Desktop\WaveUnCracked\WaveWindowsCracked.exe

"C:\Users\Admin\Desktop\WaveUnCracked\WaveWindowsCracked.exe"

C:\Users\Admin\AppData\Roaming\DriverUpdt

C:\Users\Admin\AppData\Roaming\DriverUpdt

C:\Users\Admin\AppData\Roaming\WaveWindows.exe

"C:\Users\Admin\AppData\Roaming\WaveWindows.exe"

C:\Users\Admin\AppData\Roaming\DriverUpdt.exe

"C:\Users\Admin\AppData\Roaming\DriverUpdt.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4996 -ip 4996

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4996 -s 1116

C:\Users\Admin\AppData\Roaming\DriverUpdt

C:\Users\Admin\AppData\Roaming\DriverUpdt

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc

C:\Users\Admin\AppData\Roaming\DriverUpdt

C:\Users\Admin\AppData\Roaming\DriverUpdt

C:\Users\Admin\AppData\Roaming\DriverUpdt

C:\Users\Admin\AppData\Roaming\DriverUpdt

C:\Users\Admin\AppData\Roaming\DriverUpdt

C:\Users\Admin\AppData\Roaming\DriverUpdt

C:\Users\Admin\AppData\Roaming\DriverUpdt

C:\Users\Admin\AppData\Roaming\DriverUpdt

C:\Users\Admin\AppData\Roaming\DriverUpdt

C:\Users\Admin\AppData\Roaming\DriverUpdt

C:\Users\Admin\AppData\Roaming\DriverUpdt

C:\Users\Admin\AppData\Roaming\DriverUpdt

C:\Users\Admin\AppData\Roaming\DriverUpdt

C:\Users\Admin\AppData\Roaming\DriverUpdt

C:\Users\Admin\AppData\Roaming\DriverUpdt

C:\Users\Admin\AppData\Roaming\DriverUpdt

C:\Users\Admin\AppData\Roaming\DriverUpdt

C:\Users\Admin\AppData\Roaming\DriverUpdt

C:\Users\Admin\AppData\Roaming\DriverUpdt

C:\Users\Admin\AppData\Roaming\DriverUpdt

C:\Users\Admin\AppData\Roaming\DriverUpdt

C:\Users\Admin\AppData\Roaming\DriverUpdt

C:\Users\Admin\AppData\Roaming\DriverUpdt

C:\Users\Admin\AppData\Roaming\DriverUpdt

C:\Users\Admin\AppData\Roaming\DriverUpdt

C:\Users\Admin\AppData\Roaming\DriverUpdt

C:\Users\Admin\AppData\Roaming\DriverUpdt

C:\Users\Admin\AppData\Roaming\DriverUpdt

C:\Users\Admin\AppData\Roaming\DriverUpdt

C:\Users\Admin\AppData\Roaming\DriverUpdt

C:\Users\Admin\AppData\Roaming\DriverUpdt

C:\Users\Admin\AppData\Roaming\DriverUpdt

C:\Users\Admin\AppData\Roaming\DriverUpdt

C:\Users\Admin\AppData\Roaming\DriverUpdt

C:\Users\Admin\AppData\Roaming\DriverUpdt

C:\Users\Admin\AppData\Roaming\DriverUpdt

C:\Users\Admin\AppData\Roaming\DriverUpdt

C:\Users\Admin\AppData\Roaming\DriverUpdt

Network

Country Destination Domain Proto
US 8.8.8.8:53 131.83.221.88.in-addr.arpa udp
NL 23.62.61.194:443 r.bing.com tcp
N/A 224.0.0.251:5353 udp
NL 23.62.61.194:443 r.bing.com tcp
NL 23.62.61.194:443 r.bing.com tcp
NL 23.62.61.194:443 r.bing.com tcp
NL 23.62.61.194:443 r.bing.com tcp
NL 40.126.32.133:443 login.microsoftonline.com tcp
US 13.107.5.80:443 services.bingapis.com tcp
US 172.64.154.167:443 www2.bing.com tcp
US 172.64.154.167:443 www2.bing.com tcp
DE 51.195.68.162:443 www.rarlab.com tcp
DE 51.195.68.162:443 www.rarlab.com tcp
DE 51.195.68.162:443 www.rarlab.com tcp
NL 23.62.61.97:443 r.bing.com tcp
NL 23.62.61.194:443 r.bing.com tcp
NL 23.62.61.194:443 r.bing.com tcp
NL 23.62.61.194:443 r.bing.com tcp
NL 23.62.61.194:443 r.bing.com tcp
DE 49.12.202.237:443 www.7-zip.org tcp
DE 49.12.202.237:443 www.7-zip.org tcp
US 104.18.33.89:443 www2.bing.com tcp
US 104.18.33.89:443 www2.bing.com tcp
GB 20.26.156.215:443 github.com tcp
US 185.199.108.133:443 objects.githubusercontent.com tcp
LU 31.216.145.5:443 mega.nz tcp
LU 31.216.145.5:443 mega.nz tcp
LU 31.216.145.5:443 mega.nz tcp
LU 66.203.124.37:443 eu.static.mega.co.nz tcp
LU 66.203.124.37:443 eu.static.mega.co.nz tcp
LU 66.203.125.11:443 g.api.mega.co.nz tcp
LU 66.203.125.11:443 g.api.mega.co.nz tcp
LU 66.203.124.37:443 eu.static.mega.co.nz tcp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:6341 tcp
SE 69.30.89.18:443 gfs240n108.userstorage.mega.co.nz tcp
SE 69.30.89.18:443 gfs240n108.userstorage.mega.co.nz tcp
SE 69.30.89.18:443 gfs240n108.userstorage.mega.co.nz tcp
SE 69.30.89.18:443 gfs240n108.userstorage.mega.co.nz tcp
SE 69.30.89.18:443 gfs240n108.userstorage.mega.co.nz tcp
SE 69.30.89.18:443 gfs240n108.userstorage.mega.co.nz tcp
US 208.95.112.1:80 ip-api.com tcp
DE 193.161.193.99:37537 stewiegriffin-37537.portmap.host tcp
US 8.8.8.8:53 cxcs.microsoft.net udp
BE 104.68.66.114:443 cxcs.microsoft.net tcp
NL 23.62.61.97:443 www.bing.com tcp
DE 193.161.193.99:37537 stewiegriffin-37537.portmap.host tcp
DE 193.161.193.99:37537 stewiegriffin-37537.portmap.host tcp
DE 193.161.193.99:37537 stewiegriffin-37537.portmap.host tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 23da8c216a7633c78c347cc80603cd99
SHA1 a378873c9d3484e0c57c1cb6c6895f34fee0ea61
SHA256 03dbdb03799f9e37c38f6d9d498ad09f7f0f9901430ff69d95aa26cae87504d3
SHA512 d34ae684e8462e3f2aba2260f2649dee01b4e2138b50283513c8c19c47faf039701854e1a9cbf21d7a20c28a6306f953b58ffb9144ead067f5f73650a759ff17

\??\pipe\LOCAL\crashpad_4212_GDDIUZVFXHPEQJHZ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a8e4bf11ed97b6b312e938ca216cf30e
SHA1 ff6b0b475e552dc08a2c81c9eb9230821d3c8290
SHA256 296db8c9361efb62e23be1935fd172cfe9fbcd89a424f34f347ec3cc5ca5afad
SHA512 ce1a05df2619af419ed3058dcbd7254c7159d333356d9f1d5e2591c19e17ab0ac9b6d3e625e36246ad187256bee75b7011370220ef127c4f1171879014d0dd76

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c54dac767082712f7ca7dce32077c943
SHA1 ad31d59acd83213e86eb8a049cd374cca5bc0038
SHA256 76a44132b7613c6d35c13946ba9e96d81f2117434816fd4c337a88931d712c46
SHA512 9437570baa88a83b768a33892ad41c2be23358c51ca9d5d69ee5be1d4031afc08603676a05a70fe8710681879935a11491b7ab199e2ce70230fa1ce49f157ee8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 3bc1a5d94a09a23942497cea2d841f14
SHA1 3cfcbcfedf67c74b62891d54d629ddbcce3032b6
SHA256 09c8f326302dd3e32c8d1b23a0b6eee633b7183e3bace5abff8c844ad50ae205
SHA512 525041a2b6c65e8a46051dfdfdc1ea038d22b5ac75feb2c36d5c20100f6de7ccc519fe8243ff3edead6e35a8491a678da86c52793aa4d8d30130fb06eef73979

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\b084da77-8824-4fc1-af4a-1de669982cda.tmp

MD5 c9abb50fa4552ab45153b9184eeb5725
SHA1 5c6b77f65c380d795e629877fb99346955cd85f6
SHA256 5fdd3eba2293edd32feaaf45dba1e90da5912605e75f4474ce869ac40fa323c8
SHA512 5d01297eee3f49ae6485138813b0dc543cc4bc629dd90ef78d12d9ab74436591bf86bf141d396124acc7a42146a391941049d30bc3954f02182ce9f75e71ca03

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 3dd75c12b6b3a5085bbb879edc7c0fbf
SHA1 01476913c98465c21d5b6366da3518edd3997cea
SHA256 02db9291f6c58eb0ec22bbf06610560eaa4efafbfae14f1c7957722e2d067ace
SHA512 0eb011d1b1b84efded4eb150704ca6b8b52fa439130d44cd0833b289eeb32606dd236485bfc22d478ed9241b89a81d91d59e5dc14331c27bd6f2a46e659b4b28

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5806f0.TMP

MD5 e45e669c796047fae42c09c92ebc3e83
SHA1 c476929fe0235c311e67891af2b54dada89921cd
SHA256 f7bfc3bd94868941a8cd20532aaf7d2bab150b74af5fbb5f797014b395a2d4be
SHA512 88362dcd7dbfc5c4c61b6f4536d0786762dee9ad5c7e7a9ff10fdbad93aa095ccf202cac045a0a55e2eac492745c35e6672b8bff09e1ac88e0e1df992d1f69ee

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 643c99adbc935c1b14bb9a84b509a9cc
SHA1 8f47032649d0f5e080207b3338467759c5a58865
SHA256 3b6f86a801720a992619c1dcce4854866d2763c9b8dd6c702b1c607c9e4ff84d
SHA512 c93c0e875109cb328d32413a16292a42c3407ee5cc96f3afa29038d530aa798d5ede3637ac2f898982ea48233665ac1e2ff1fb42f1a42e6980e43e3fc40ab032

C:\Users\Admin\Downloads\winrar-x64-701.exe

MD5 3a2f16a044d8f6d2f9443dff6bd1c7d4
SHA1 48c6c0450af803b72a0caa7d5e3863c3f0240ef1
SHA256 31f7ba37180f820313b2d32e76252344598409cb932109dd84a071cd58b64aa6
SHA512 61daee2ce82c3b8e79f7598a79d72e337220ced7607e3ed878a3059ac03257542147dbd377e902cc95f04324e2fb7c5e07d1410f0a1815d5a05c5320e5715ef6

C:\Users\Admin\Downloads\winrar-x64-701.exe:Zone.Identifier

MD5 2920729da1ffdf0a8af2d7170153f6d2
SHA1 2b5269271b4494e24abf9217204b13be59be4660
SHA256 cd2b4f422661fa94aa10a6cc8ec747573f554ce7c5f94a0767ab9985288d1fe6
SHA512 158c3aeb7f35b338eb61864c74d91d0acee3598f5c579606155a33ac320e784f7b54346e4ae5b594477b4eced967410a969af5d07fb32fbb0e5abbc393381d9c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 30c62bc200be77aba65cfb9984cd48de
SHA1 d491095c90b65d47e1588d2daa37528ac694e915
SHA256 23e3add83bb202f2cba8554cb42dc9d5649b4c92658b6e8383286305ecb8ee35
SHA512 0b311ca645c23a0b22258da279ae6d1a03805ffa1780d83dd2c9dc3e1e336e22d91acafc9062fb394615c0975e46b56a0e1fdd029b83b730a0d441ac9cddbb86

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 143c75db7c2968f5b0be36ae1a6c42ed
SHA1 424d6dcb390691050b8437ed49ba88971edbdcfd
SHA256 05407b3691bcb61642761f984a982b96a9458c40250829d06d3ae6be5594e60a
SHA512 d687627351b49a45ca1d99d7ad1e20802877c7cfc2b80d861538e99fb8655b83d36901fe852c7242b91d538c1ac61c84b30e18bf52f8a97512e79a958e722a58

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f18121fe3ecc55338ea5256e0518f86f
SHA1 2b763a9f19372d45af5b86f1b6a662a6cbcf5110
SHA256 4ba547e083319f7003373c6b2a4446414f6000dd952ba46df887b43619ce853b
SHA512 b0d3e6cf632a9441e80614e250ac2d67cd3dac696ad282154a17a2df3e6212bbede678060a9ce73249ad36aca6f7b7994f988fa3ca5089b174157fca29360ebd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 6ee5e7b53a1a2eba0eda2e766c6623b4
SHA1 dfc00a1594b2a15ca03adac9e3592cf5d0bbf39b
SHA256 6140fad2d6a551d5f5059a184c2e5184597819ac10bda54267bcf4c59ab4dc04
SHA512 fb0c03905d2daab287d1bfb188637ccf8ea0da79f0c816a6868a17ad6d34b29ac2c79bb95b7e3b3743e97c161240ba1ef3ca2cc9382e646c762169921cdd562c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

MD5 c3c0eb5e044497577bec91b5970f6d30
SHA1 d833f81cf21f68d43ba64a6c28892945adc317a6
SHA256 eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb
SHA512 83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

MD5 b15016a51bd29539b8dcbb0ce3c70a1b
SHA1 4eab6d31dea4a783aae6cabe29babe070bd6f6f0
SHA256 e72c68736ce86ec9e3785a89f0d547b4993d5a2522a33104eeb7954eff7f488a
SHA512 1c74e4d2895651b9ab86158396bcce27a04acfb5655a32a28c37ee0ebd66cd044c3c895db7e14acc41a93db55463310425c188a7c503f0308ce894cf93df219f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

MD5 76a3f1e9a452564e0f8dce6c0ee111e8
SHA1 11c3d925cbc1a52d53584fd8606f8f713aa59114
SHA256 381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c
SHA512 a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

MD5 56d57bc655526551f217536f19195495
SHA1 28b430886d1220855a805d78dc5d6414aeee6995
SHA256 f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4
SHA512 7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

MD5 9e3f75f0eac6a6d237054f7b98301754
SHA1 80a6cb454163c3c11449e3988ad04d6ad6d2b432
SHA256 33a84dec02c65acb6918a1ae82afa05664ee27ad2f07760e8b008636510fd5bf
SHA512 5cea53f27a4fdbd32355235c90ce3d9b39f550a1b070574cbc4ea892e9901ab0acace0f8eeb5814515ca6ff2970bc3cc0559a0c87075ac4bb3251bc8eaee6236

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

MD5 b38fbbd0b5c8e8b4452b33d6f85df7dc
SHA1 386ba241790252df01a6a028b3238de2f995a559
SHA256 b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd
SHA512 546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

MD5 620dd00003f691e6bda9ff44e1fc313f
SHA1 aaf106bb2767308c1056dee17ab2e92b9374fb00
SHA256 eea7813cba41e7062794087d5d4c820d7b30b699af3ec37cb545665940725586
SHA512 3e245851bfa901632ea796ddd5c64b86eda217ec5cd0587406f5c28328b5cb98c5d8089d868e409e40560c279332ba85dd8ce1159ae98e8588e35ed61da2f006

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 92c4839cca316f756a048fe1e4fc2cbe
SHA1 7b2c0cea8ba2f6c4b1b3c297bae16181fc77a3c2
SHA256 ba1bb2ced1a9e3fa0b5464b0ab41bffbac908c1b5e1e79dbff3cbb3760d3a8ee
SHA512 a367ad5b3b509d15f03e0ab3172568bdf002376464ce465568a4a079bad5724d89f6036efe3f489107017ea7c57905c1857665e8775161e1f86d54df7cf7a1e9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 7b94a5ad00e82e7f6e230d631e914e2c
SHA1 938c286c199d929a6e8ce039ec40f0c6ba63e2fc
SHA256 79abc84276194cec02caa829a6906e9d32fe593b6c42a50a09b0f7965f710654
SHA512 3dadf31065ee761049056439256007cdb660c867e755dc7545dab255b941bdc06bf7b513796968628797b48fe9eee7003e50b280d643f85d15649a4521d7af16

C:\Users\Admin\Downloads\Unconfirmed 557287.crdownload

MD5 f1320bd826092e99fcec85cc96a29791
SHA1 c0fa3b83cf9f9ec5e584fbca4a0afa9a9faa13ed
SHA256 ad12cec3a3957ff73a689e0d65a05b6328c80fd76336a1b1a6285335f8dab1ba
SHA512 c6ba7770de0302dd90b04393a47dd7d80a0de26fab0bc11e147bf356e3e54ec69ba78e3df05f4f8718ba08ccaefbd6ea0409857973af3b6b57d271762685823a

C:\Users\Admin\Downloads\7z2407-x64.exe:Zone.Identifier

MD5 c890bea6e954f09438132954810d7427
SHA1 f615d11deb02acb360649614730f82a909232618
SHA256 44a8204cd11c7f1d91c8dda2fe2bbd935a55c8a62e073a220534ec8587f121d5
SHA512 4b42cfbda92affdea4b3fb64efc28dedbe598800e6abe17733d0645a8c60d9586b8a28c8bd1ccae3cd6e305f6ff8050bd221d4bd40ba41b79d69609aeaf3a53c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\10d33fdd-f8ce-4726-bc42-217e5faa5034.tmp

MD5 589be2759711e76901b779ddc8fc4535
SHA1 d6d63b4995fd7fa6fcfe03e918fb0744c650c185
SHA256 b0b619cde6c21d096045f34e879d23423782f53c9796c3722d8b0d3c9f2acf2f
SHA512 5fca57092b879aee4efe97366e32045f183f48ad72da19feb9898a08c62368a664ee9b8340d936096f2097d9ed81f3d5cc514e7c40950540435ee66e856e427c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 0a8a00b7dd3d03e0346cdf14772c397a
SHA1 b2a75a048c87538101baba99810e5ab76be1417b
SHA256 ce1892ba14d00c8bee4eb1bd9cf4d717c45401f7b44cff7e879d018b33eb4c49
SHA512 da718407d9300cd829ec9d6aeb122ad7a5a06e343f053dd4324cb2e2500f7b512f76ed1db48ca39602392a6875836fa8fb1b27f51377a46f84fa9595fe486ba7

C:\Program Files\7-Zip\7-zip.dll

MD5 8af282b10fd825dc83d827c1d8d23b53
SHA1 17c08d9ad0fb1537c7e6cb125ec0acbc72f2b355
SHA256 1c0012c9785c3283556ac33a70f77a1bc6914d79218a5c4903b1c174aaa558ca
SHA512 cb6811df9597796302d33c5c138b576651a1e1f660717dd79602db669692c18844b87c68f2126d5f56ff584eee3c8710206265465583de9ec9da42a6ed2477f8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 3584f324a62edb578a9c4ae4ba36f589
SHA1 3f5a09561b661bb76e19972819e2d3ed8337da6c
SHA256 2536380e6f1ee6298e86da399dcbc6d125919e5d960ba176d542a92307c93abc
SHA512 8aafe314b216c6ba88d3c34d9f6525b976fe371b05078d47a1ee22eb7976032101cd4f28fc7e09b1eb4979d616998f799c0a86528435158405b53b4cf13845c0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 28427b3dac1c15a71fcd4597746faf26
SHA1 94ff382036173fea8a18cd1864632cc0b2171e29
SHA256 fd013731a2ed41ec881df9b7e4207a1b8c6e27b1245078156b7b40f9739872cb
SHA512 5add82f67e17e1531da47cfaec7c0802ff4f3ea0a6b30984e970c0ab54d5c2f8161a45ccc410d5588609e9e1fed93f2166734dba5b348f42fa59f342def48dc3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5102955d3ccae38210b5bd7f6a010d38
SHA1 1cfc0ae61e227d74f1f54ad2503c30fd7713900e
SHA256 2113f75f8684695652cbaf8b27880d98117409fce0a91baadb7c10a7f0f15402
SHA512 9a10e50e292cb042ab7dbc125fd374e2fafc7be477371a82170b4e92ee3faa7b80231f102ef86cc184c4179f4c322abb6fd0bb165585c37c043cd9ae323436d7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 29ed78b30337df3500210c8945403349
SHA1 28d9f09a1653e2fb71ebb1c0dcd979da01d1bbde
SHA256 330d182cf5a694860ef4e5d46b534d452b9c3df00104330951e07ecdb72f9c65
SHA512 39e4db48ccc0afb0bb5168462848e3fa38c7accb663c4a0c4672536f5f3d5c355532806c1a5aa4f6db48f6c3c8580ed2b0d5cf751fc56208ee7c242dee9ad03d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 e05f451ec1677e17ee4761b8568b0afa
SHA1 894fa5c2affd3d33fa0a692cfa2607a7c53327e7
SHA256 5d63e759fdac4edac23515f48883825bfc1985f116e56841a3ac9a8067da56a2
SHA512 55df5761eb68777368058c60938c787515359555f7c72385f572bc6bfd6bcdf0ad56bbc691ace3009d68ab2b2b91c0624a6111ebd17399b2db6ad54df68ee1fb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 bae4182b1a2521ff05af58bba687fa32
SHA1 f4c4944c2c18a5637c0f4873b3190cbf81ad161d
SHA256 747081ab9b1e087537bed9085229cde1ff9e596f49a0b0cff6ccd288f400f73f
SHA512 705f05585637713a919c26bedd7812c0586b643bb67c5a3d051cf347c40dc34cc5c52da3f54c59d0ba0cea08dab21be8378b4ea7e6a20b379e8163cfd1192f89

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 6d9f6a8aca77e233e2d6f7574e0326e4
SHA1 8d169054adc4190422368209919b6d7ed3a5925f
SHA256 37898c5bef770170ae04c6832474ef0aac65cb863a5fe3234adf055f7933ee1f
SHA512 e602de5cb63bdb116af97bcd1b2a90057709425e57178a1a8bdd837da61de0c3a94b12189063bd84f5594b4ff846a37891c8a8c2b6c8c1af7e975921ef22ee3b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5d13d9.TMP

MD5 71a6fc11ac4a81daa607cce2b823f640
SHA1 366cade533f6db4b5a38cb63e6877139603c1fb8
SHA256 753a3ba566f582060ee270bd06e80655c3822c7b6ab4136957e423c08cda2452
SHA512 74709dfe6efd9ff0d7b55638c41b1ad2ad78239956fcdaf8ffacee5503cce78c07c65d02c74cc60c9ba0eb74d72d6c0f6c48bf8f07986adb8cb881fe9810f759

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 e27e94ca72e1e03a68eada975e97ed12
SHA1 42ebb696f8d05440ef9e67ee562f7800c1336a63
SHA256 f94f56c309bf189ddee141c4e333eb73889a0687a6e6c4167dca8da4f9c7a743
SHA512 2f360573f956545af888a1ab6bf9d1ffdb989764070c234848a79403a83415330faf631d97b7bc2e91368adb031281e6f399f073985e9b1b1d61238a84a63358

C:\Users\Admin\Downloads\Wave.JohnPrlx.cracked.rar:Zone.Identifier

MD5 fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1 d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256 eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512 aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0f4f6b3bbc54189c0c149905c2756d95
SHA1 df0ed61da91ae755bd8774c472d08fb84e515dda
SHA256 ce5e36264584ca173b7b69eb851c20086d0603895b186873df91528cc10ac243
SHA512 d3e4f99ebff4dd95e530825c4351c1215acae11e7a7f399872a0df52d7cc893f2b5d228fe7a6fa0bd770f07ce9d0793430a84ed6481640ade849b17419009eac

C:\Program Files\7-Zip\7zG.exe

MD5 ef0279a7884b9dd13a8a2b6e6f105419
SHA1 755af3328261b37426bc495c6c64bba0c18870b2
SHA256 0cee5cb3da5dc517d2283d0d5dae69e9be68f1d8d64eca65c81daef9b0b8c69b
SHA512 9376a91b8fb3f03d5a777461b1644049eccac4d77b44334d3fe292debed16b4d40601ebe9accb29b386f37eb3ccc2415b92e5cc1735bcce600618734112d6d0e

C:\Program Files\7-Zip\7z.dll

MD5 0009bd5e13766d11a23289734b383cbe
SHA1 913784502be52ce33078d75b97a1c1396414cf44
SHA256 3691adcefc6da67eedd02a1b1fc7a21894afd83ecf1b6216d303ed55a5f8d129
SHA512 d92cd55fcef5b15975c741f645f9c3cc53ae7cd5dffd5d5745adecf098b9957e8ed379e50f3d0855d54598e950b2dbf79094da70d94dfd7fc40bda7163a09b2b

C:\Users\Admin\Desktop\Wave.JohnPrlx.cracked.rar

MD5 a502e43649c31bd6007912d68b37cad1
SHA1 9076425d466c78f4cf458ab9913fb0880fecf7d0
SHA256 6d5ff2230c713e9372d23989c3ea247d814ffc6f19380be86f7bccf3c0b6ff91
SHA512 cebdaf98e4406fcb95c3086c976c16313230c2630c610d542c61e1c8a655c28a4a6555d9c40a8faed760827d24613acc624547390d66e59f1a77ef7e45ff7ca0

C:\Users\Admin\Desktop\WaveWindowsCracked.exe

MD5 1aec1baab610e71d2dd83ddb08d9c49a
SHA1 47789c92be6ce830faa926acb1969086d410e4d4
SHA256 e2bfe1a9a590aab1f7572309b45c0cf88558f9c3463acb550d30e24f47132d1c
SHA512 2435a57bd91dae06c62ca1d209091f3ce4f3de9012eb80b901e89a62e60b28d45e5c94d018c5af5a831b3ff8d28e4bfc6e0c487125be14926a62b970e459690a

memory/3476-1151-0x00000000004D0000-0x0000000000C76000-memory.dmp

C:\Users\Admin\AppData\Roaming\WaveWindows.exe

MD5 cd34bf9c69f229818a4c9301e51435eb
SHA1 bfb95a5dc5d777e2b5940f354da271fed397adb2
SHA256 3b217daf815ced5cf1087d1f408fc3833c9d80a1e3e25b3f9041698b9e34216f
SHA512 2c68b211a4c8c144713cbe99214e8dc33d3ef6c1f244af4a313ff5ab93d946a4281d404b02c5f66ef5652071279649082877eaa728912a0e769c2c848e0a8e6b

C:\Users\Admin\AppData\Roaming\DriverUpdt.exe

MD5 65485b0475b6c8a3b4f35bba541938a6
SHA1 28e6e6cd2ebf8a9fdffeb4aeba13b70ea7ea03a3
SHA256 c6740ee5c8afdc2c7be42fb03ab5a346925efc6ac785fe7d68dec2d5f05d276b
SHA512 034303ee48132b80da79e54a6077676cfd436ef869493a11a27c29dc7cb730fd2ce902320d554a0cde81fc0a06f6c56efa5c170a1360906ec9fa7fd101c3706d

memory/3568-1175-0x00000000009E0000-0x000000000116C000-memory.dmp

memory/244-1176-0x0000000000680000-0x000000000069C000-memory.dmp

memory/3568-1177-0x0000000005E30000-0x0000000005E7A000-memory.dmp

memory/3568-1178-0x0000000005CC0000-0x0000000005CE4000-memory.dmp

memory/3568-1179-0x0000000006340000-0x0000000006426000-memory.dmp

memory/3568-1180-0x0000000006250000-0x00000000062C6000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_fbsalbnm.b3v.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/2828-1189-0x000001C2E1750000-0x000001C2E1772000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

MD5 627073ee3ca9676911bee35548eff2b8
SHA1 4c4b68c65e2cab9864b51167d710aa29ebdcff2e
SHA256 85b280a39fc31ba1e15fb06102a05b8405ff3b82feb181d4170f04e466dd647c
SHA512 3c5f6c03e253b83c57e8d6f0334187dbdcdf4fa549eecd36cbc1322dca6d3ca891dc6a019c49ec2eafb88f82d0434299c31e4dfaab123acb42e0546218f311fb

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 d0a4a3b9a52b8fe3b019f6cd0ef3dad6
SHA1 fed70ce7834c3b97edbd078eccda1e5effa527cd
SHA256 21942e513f223fdad778348fbb20617dd29f986bccd87824c0ae7f15649f3f31
SHA512 1a66f837b4e7fb6346d0500aeacb44902fb8a239bce23416271263eba46fddae58a17075e188ae43eb516c841e02c87e32ebd73256c7cc2c0713d00c35f1761b

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 050567a067ffea4eb40fe2eefebdc1ee
SHA1 6e1fb2c7a7976e0724c532449e97722787a00fec
SHA256 3952d5b543e5cb0cb84014f4ad9f5f1b7166f592d28640cbc3d914d0e6f41d2e
SHA512 341ad71ef7e850b10e229666312e4bca87a0ed9fe25ba4b0ab65661d5a0efa855db0592153106da07134d8fc2c6c0e44709bf38183c9a574a1fa543189971259

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 4914eb0b2ff51bfa48484b5cc8454218
SHA1 6a7c3e36ce53b42497884d4c4a3bda438dd4374b
SHA256 7e510fc9344ef239ab1ab650dc95bb25fd44e2efba8b8246a3ac17880ee8b69e
SHA512 83ab35f622f4a5040ca5cb615a30f83bb0741449225f1fd1815b6923e225c28241d0c02d34f83f743349a5e57f84ca1c6f44016797a93d5985be41d11be79500

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\WaveWindowsCracked.exe.log

MD5 2cbbb74b7da1f720b48ed31085cbd5b8
SHA1 79caa9a3ea8abe1b9c4326c3633da64a5f724964
SHA256 e31b18f21621d9983bfdf1ea3e53884a9d58b8ffd79e0e5790da6f3a81a8b9d3
SHA512 ecf02d5240e0c1c005d3ab393aa7eff62bd498c2db5905157e2bf6d29e1b663228a9583950842629d1a4caef404c8941a0c7799b1a3bd1eb890a09fdb7efcff9

memory/3876-1240-0x0000000005FF0000-0x0000000006014000-memory.dmp

memory/2308-1253-0x0000000005600000-0x0000000005624000-memory.dmp

memory/244-1296-0x0000000000EB0000-0x0000000000EBC000-memory.dmp

memory/244-1303-0x000000001C8B0000-0x000000001C9CE000-memory.dmp

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-29 00:10

Reported

2024-06-29 00:41

Platform

win11-20240611-en

Max time kernel

1799s

Max time network

1802s

Command Line

"C:\Users\Admin\AppData\Local\Temp\WaveWindowsCracked.exe"

Signatures

Detect Xworm Payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

StormKitty

stealer stormkitty

StormKitty payload

Description Indicator Process Target
N/A N/A N/A N/A

Xworm

trojan rat xworm

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DriverUpdt.lnk C:\Users\Admin\AppData\Roaming\DriverUpdt.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DriverUpdt.lnk C:\Users\Admin\AppData\Roaming\DriverUpdt.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\WaveWindows.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DriverUpdt.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DriverUpdt N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DriverUpdt N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DriverUpdt N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DriverUpdt N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DriverUpdt N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DriverUpdt N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DriverUpdt N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DriverUpdt N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DriverUpdt N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DriverUpdt N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DriverUpdt N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DriverUpdt N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DriverUpdt N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DriverUpdt N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DriverUpdt N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DriverUpdt N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DriverUpdt N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DriverUpdt N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DriverUpdt N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DriverUpdt N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DriverUpdt N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DriverUpdt N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DriverUpdt N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DriverUpdt N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DriverUpdt N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DriverUpdt N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DriverUpdt N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DriverUpdt N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DriverUpdt N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DriverUpdt N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000\Software\Microsoft\Windows\CurrentVersion\Run\DriverUpdt = "C:\\Users\\Admin\\AppData\\Roaming\\DriverUpdt" C:\Users\Admin\AppData\Roaming\DriverUpdt.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Roaming\DriverUpdt.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Roaming\DriverUpdt.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Roaming\DriverUpdt.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Roaming\DriverUpdt.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Roaming\DriverUpdt.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Roaming\DriverUpdt.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Roaming\DriverUpdt.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Roaming\DriverUpdt.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Roaming\DriverUpdt.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Roaming\DriverUpdt.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Roaming\DriverUpdt.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Roaming\DriverUpdt.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Roaming\DriverUpdt.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Roaming\DriverUpdt.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Roaming\DriverUpdt.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Roaming\DriverUpdt.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Roaming\DriverUpdt.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Roaming\DriverUpdt.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Roaming\DriverUpdt.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Roaming\DriverUpdt.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Roaming\DriverUpdt.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Roaming\DriverUpdt.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Roaming\DriverUpdt.exe N/A

Looks up external IP address via web service

Description Indicator Process Target
N/A ip-api.com N/A N/A

Sets desktop wallpaper using registry

ransomware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000\Control Panel\Desktop\Wallpaper = "C:\\ProgramData\\Microsoft OneDrive\\@rsg666hfguhser0__dgsfghd-rsg666hfguhser0__dgsfghd-profile.jpeg" C:\Users\Admin\AppData\Roaming\DriverUpdt.exe N/A

Detected phishing page

phishing

Enumerates physical storage devices

Program crash

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\WerFault.exe C:\Users\Admin\AppData\Roaming\WaveWindows.exe

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Users\Admin\AppData\Roaming\DriverUpdt.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier C:\Users\Admin\AppData\Roaming\DriverUpdt.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Users\Admin\AppData\Roaming\DriverUpdt.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BIOSReleaseDate C:\Users\Admin\AppData\Roaming\DriverUpdt.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Users\Admin\AppData\Roaming\DriverUpdt.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BIOSVersion C:\Users\Admin\AppData\Roaming\DriverUpdt.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000\Software\Microsoft\Internet Explorer\GPU C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\bing.com\Total = "1064" C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\bing.com\Total = "14393" C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "6989" C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\bing.com\Total = "13008" C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DomStorageState C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\www.bing.com\ = "1064" C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "9289" C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "15450" C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\www.bing.com\ = "14513" C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\bing.com\Total = "15450" C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "7141" C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "4025" C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "11293" C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-952492217-3293592999-1071733403-1000\{1F702A9E-708B-4E5F-A9E6-CD7B6975097A} C:\Users\Admin\AppData\Roaming\DriverUpdt.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\www.bing.com\ = "1097" C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\bing.com\Total = "1097" C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\www.bing.com\ = "14393" C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\bing.com\Total = "4874" C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "1064" C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\www.bing.com\ = "9289" C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\www.bing.com\ = "11293" C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\bing.com\Total = "4172" C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-952492217-3293592999-1071733403-1000\{0643546E-7FAE-439E-A1EF-266A3A8759ED} C:\Users\Admin\AppData\Roaming\DriverUpdt.exe N/A
Key created \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000_Classes\Local Settings\MuiCache C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\EdpDomStorage C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\bing.com C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\bing.com\Total = "14513" C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\bing.com\Total = "4025" C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\www.bing.com\ = "13008" C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\Total C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\www.bing.com\ = "6989" C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\www.bing.com C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\bing.com\Total = "11293" C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "4172" C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\www.bing.com\ = "4172" C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\bing.com C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\bing.com\Total = "9289" C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "14393" C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\www.bing.com\ = "4874" C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "1097" C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\bing.com\Total = "6989" C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\www.bing.com\ = "7141" C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\www.bing.com\ = "4025" C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "13008" C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "4874" C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000_Classes\Local Settings C:\Users\Admin\AppData\Roaming\DriverUpdt.exe N/A
Key created \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\Total\ = "14513" C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\www.bing.com\ = "15450" C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\www.bing.com C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-952492217-3293592999-1071733403-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\bing.com\Total = "7141" C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A

Scheduled Task/Job: Scheduled Task

persistence execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\schtasks.exe N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\WaveWindows.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DriverUpdt.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DriverUpdt.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DriverUpdt.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DriverUpdt.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DriverUpdt.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DriverUpdt.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DriverUpdt.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DriverUpdt.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DriverUpdt.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DriverUpdt.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DriverUpdt.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DriverUpdt.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DriverUpdt.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DriverUpdt.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DriverUpdt.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DriverUpdt.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DriverUpdt.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DriverUpdt.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DriverUpdt.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DriverUpdt.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DriverUpdt.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DriverUpdt.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DriverUpdt.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DriverUpdt.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DriverUpdt.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DriverUpdt.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DriverUpdt.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DriverUpdt.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DriverUpdt.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DriverUpdt.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DriverUpdt.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DriverUpdt.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DriverUpdt.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DriverUpdt.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DriverUpdt.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DriverUpdt.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DriverUpdt.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DriverUpdt.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DriverUpdt.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DriverUpdt.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DriverUpdt.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DriverUpdt.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DriverUpdt.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DriverUpdt.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DriverUpdt.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DriverUpdt.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DriverUpdt.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\DriverUpdt.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\DriverUpdt.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\WaveWindows.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\DriverUpdt.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\DriverUpdt N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\DriverUpdt N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\DriverUpdt N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\DriverUpdt N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\DriverUpdt N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\DriverUpdt N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\DriverUpdt N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\DriverUpdt N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\DriverUpdt N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\DriverUpdt N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\DriverUpdt N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\DriverUpdt N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\DriverUpdt N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\DriverUpdt N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\DriverUpdt N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\DriverUpdt N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\DriverUpdt N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\DriverUpdt N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: 33 N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\DriverUpdt N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Roaming\DriverUpdt.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Roaming\DriverUpdt.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Roaming\DriverUpdt.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Roaming\DriverUpdt.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Roaming\DriverUpdt.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Roaming\DriverUpdt.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\DriverUpdt N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\DriverUpdt N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\DriverUpdt N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\DriverUpdt N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\DriverUpdt N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\DriverUpdt N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\DriverUpdt N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\DriverUpdt N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\DriverUpdt N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\DriverUpdt N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\DriverUpdt N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Roaming\DriverUpdt.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Roaming\DriverUpdt.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Roaming\DriverUpdt.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Roaming\DriverUpdt.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Roaming\DriverUpdt.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe N/A
N/A N/A C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 328 wrote to memory of 5108 N/A C:\Users\Admin\AppData\Local\Temp\WaveWindowsCracked.exe C:\Users\Admin\AppData\Roaming\WaveWindows.exe
PID 328 wrote to memory of 5108 N/A C:\Users\Admin\AppData\Local\Temp\WaveWindowsCracked.exe C:\Users\Admin\AppData\Roaming\WaveWindows.exe
PID 328 wrote to memory of 5108 N/A C:\Users\Admin\AppData\Local\Temp\WaveWindowsCracked.exe C:\Users\Admin\AppData\Roaming\WaveWindows.exe
PID 328 wrote to memory of 3928 N/A C:\Users\Admin\AppData\Local\Temp\WaveWindowsCracked.exe C:\Users\Admin\AppData\Roaming\DriverUpdt.exe
PID 328 wrote to memory of 3928 N/A C:\Users\Admin\AppData\Local\Temp\WaveWindowsCracked.exe C:\Users\Admin\AppData\Roaming\DriverUpdt.exe
PID 3928 wrote to memory of 5040 N/A C:\Users\Admin\AppData\Roaming\DriverUpdt.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 3928 wrote to memory of 5040 N/A C:\Users\Admin\AppData\Roaming\DriverUpdt.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 3928 wrote to memory of 2052 N/A C:\Users\Admin\AppData\Roaming\DriverUpdt.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 3928 wrote to memory of 2052 N/A C:\Users\Admin\AppData\Roaming\DriverUpdt.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 3928 wrote to memory of 2996 N/A C:\Users\Admin\AppData\Roaming\DriverUpdt.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 3928 wrote to memory of 2996 N/A C:\Users\Admin\AppData\Roaming\DriverUpdt.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 3928 wrote to memory of 3136 N/A C:\Users\Admin\AppData\Roaming\DriverUpdt.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 3928 wrote to memory of 3136 N/A C:\Users\Admin\AppData\Roaming\DriverUpdt.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
PID 3928 wrote to memory of 4692 N/A C:\Users\Admin\AppData\Roaming\DriverUpdt.exe C:\Windows\System32\schtasks.exe
PID 3928 wrote to memory of 4692 N/A C:\Users\Admin\AppData\Roaming\DriverUpdt.exe C:\Windows\System32\schtasks.exe
PID 3928 wrote to memory of 4840 N/A C:\Users\Admin\AppData\Roaming\DriverUpdt.exe C:\Program Files\VideoLAN\VLC\vlc.exe
PID 3928 wrote to memory of 4840 N/A C:\Users\Admin\AppData\Roaming\DriverUpdt.exe C:\Program Files\VideoLAN\VLC\vlc.exe
PID 3928 wrote to memory of 3076 N/A C:\Users\Admin\AppData\Roaming\DriverUpdt.exe C:\Program Files\VideoLAN\VLC\vlc.exe
PID 3928 wrote to memory of 3076 N/A C:\Users\Admin\AppData\Roaming\DriverUpdt.exe C:\Program Files\VideoLAN\VLC\vlc.exe
PID 3928 wrote to memory of 4124 N/A C:\Users\Admin\AppData\Roaming\DriverUpdt.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3928 wrote to memory of 4124 N/A C:\Users\Admin\AppData\Roaming\DriverUpdt.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4124 wrote to memory of 2040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4124 wrote to memory of 2040 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4124 wrote to memory of 5112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4124 wrote to memory of 5112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4124 wrote to memory of 5112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4124 wrote to memory of 5112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4124 wrote to memory of 5112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4124 wrote to memory of 5112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4124 wrote to memory of 5112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4124 wrote to memory of 5112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4124 wrote to memory of 5112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4124 wrote to memory of 5112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4124 wrote to memory of 5112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4124 wrote to memory of 5112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4124 wrote to memory of 5112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4124 wrote to memory of 5112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4124 wrote to memory of 5112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4124 wrote to memory of 5112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4124 wrote to memory of 5112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4124 wrote to memory of 5112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4124 wrote to memory of 5112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4124 wrote to memory of 5112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4124 wrote to memory of 5112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4124 wrote to memory of 5112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4124 wrote to memory of 5112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4124 wrote to memory of 5112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4124 wrote to memory of 5112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4124 wrote to memory of 5112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4124 wrote to memory of 5112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4124 wrote to memory of 5112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4124 wrote to memory of 5112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4124 wrote to memory of 5112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4124 wrote to memory of 5112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4124 wrote to memory of 5112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4124 wrote to memory of 5112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4124 wrote to memory of 5112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4124 wrote to memory of 5112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4124 wrote to memory of 5112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4124 wrote to memory of 5112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4124 wrote to memory of 5112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4124 wrote to memory of 5112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4124 wrote to memory of 5112 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4124 wrote to memory of 3972 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Users\Admin\AppData\Local\Temp\WaveWindowsCracked.exe

"C:\Users\Admin\AppData\Local\Temp\WaveWindowsCracked.exe"

C:\Users\Admin\AppData\Roaming\WaveWindows.exe

"C:\Users\Admin\AppData\Roaming\WaveWindows.exe"

C:\Users\Admin\AppData\Roaming\DriverUpdt.exe

"C:\Users\Admin\AppData\Roaming\DriverUpdt.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 364 -p 5108 -ip 5108

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5108 -s 1112

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming\DriverUpdt.exe'

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'DriverUpdt.exe'

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming\DriverUpdt'

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'DriverUpdt'

C:\Windows\System32\schtasks.exe

"C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "DriverUpdt" /tr "C:\Users\Admin\AppData\Roaming\DriverUpdt"

C:\Users\Admin\AppData\Roaming\DriverUpdt

C:\Users\Admin\AppData\Roaming\DriverUpdt

C:\Users\Admin\AppData\Roaming\DriverUpdt

C:\Users\Admin\AppData\Roaming\DriverUpdt

C:\Users\Admin\AppData\Roaming\DriverUpdt

C:\Users\Admin\AppData\Roaming\DriverUpdt

C:\Users\Admin\AppData\Roaming\DriverUpdt

C:\Users\Admin\AppData\Roaming\DriverUpdt

C:\Users\Admin\AppData\Roaming\DriverUpdt

C:\Users\Admin\AppData\Roaming\DriverUpdt

C:\Users\Admin\AppData\Roaming\DriverUpdt

C:\Users\Admin\AppData\Roaming\DriverUpdt

C:\Users\Admin\AppData\Roaming\DriverUpdt

C:\Users\Admin\AppData\Roaming\DriverUpdt

C:\Users\Admin\AppData\Roaming\DriverUpdt

C:\Users\Admin\AppData\Roaming\DriverUpdt

C:\Users\Admin\AppData\Roaming\DriverUpdt

C:\Users\Admin\AppData\Roaming\DriverUpdt

C:\Users\Admin\AppData\Roaming\DriverUpdt

C:\Users\Admin\AppData\Roaming\DriverUpdt

C:\Users\Admin\AppData\Roaming\DriverUpdt

C:\Users\Admin\AppData\Roaming\DriverUpdt

C:\Users\Admin\AppData\Roaming\DriverUpdt

C:\Users\Admin\AppData\Roaming\DriverUpdt

C:\Users\Admin\AppData\Roaming\DriverUpdt

C:\Users\Admin\AppData\Roaming\DriverUpdt

C:\Users\Admin\AppData\Roaming\DriverUpdt

C:\Users\Admin\AppData\Roaming\DriverUpdt

C:\Users\Admin\AppData\Roaming\DriverUpdt

C:\Users\Admin\AppData\Roaming\DriverUpdt

C:\Users\Admin\AppData\Roaming\DriverUpdt

C:\Users\Admin\AppData\Roaming\DriverUpdt

C:\Users\Admin\AppData\Roaming\DriverUpdt

C:\Users\Admin\AppData\Roaming\DriverUpdt

C:\Users\Admin\AppData\Roaming\DriverUpdt

C:\Users\Admin\AppData\Roaming\DriverUpdt

C:\Program Files\VideoLAN\VLC\vlc.exe

"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\ProgramData\Microsoft OneDrive\raperbean.mp4"

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x00000000000004EC 0x00000000000004D8

C:\Users\Admin\AppData\Roaming\DriverUpdt

C:\Users\Admin\AppData\Roaming\DriverUpdt

C:\Users\Admin\AppData\Roaming\DriverUpdt

C:\Users\Admin\AppData\Roaming\DriverUpdt

C:\Program Files\VideoLAN\VLC\vlc.exe

"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\ProgramData\Microsoft OneDrive\raperbean.mp4"

C:\Users\Admin\AppData\Roaming\DriverUpdt

C:\Users\Admin\AppData\Roaming\DriverUpdt

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://call-me.lol/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fffa27f3cb8,0x7fffa27f3cc8,0x7fffa27f3cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,17797784761744440713,16607786630527825846,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1924 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1908,17797784761744440713,16607786630527825846,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2384 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1908,17797784761744440713,16607786630527825846,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2640 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,17797784761744440713,16607786630527825846,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,17797784761744440713,16607786630527825846,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1908,17797784761744440713,16607786630527825846,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5164 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,17797784761744440713,16607786630527825846,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,17797784761744440713,16607786630527825846,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1908,17797784761744440713,16607786630527825846,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3332 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,17797784761744440713,16607786630527825846,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,17797784761744440713,16607786630527825846,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1908,17797784761744440713,16607786630527825846,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5232 /prefetch:8

C:\Users\Admin\AppData\Roaming\DriverUpdt

C:\Users\Admin\AppData\Roaming\DriverUpdt

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3520.0.1291100790\1276010429" -parentBuildID 20230214051806 -prefsHandle 1752 -prefMapHandle 1732 -prefsLen 21996 -prefMapSize 235091 -appDir "C:\Program Files\Mozilla Firefox\browser" - {046b4a68-2bdc-4d10-a600-ac8546b5983f} 3520 "\\.\pipe\gecko-crash-server-pipe.3520" 1832 29399d21158 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3520.1.1621006116\1690990997" -parentBuildID 20230214051806 -prefsHandle 2344 -prefMapHandle 2332 -prefsLen 22032 -prefMapSize 235091 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {40ab2125-5ae7-486f-b3ec-9a8bbdf6d32a} 3520 "\\.\pipe\gecko-crash-server-pipe.3520" 2356 2938cf8a558 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3520.2.1285624422\2070716714" -childID 1 -isForBrowser -prefsHandle 3052 -prefMapHandle 2876 -prefsLen 22070 -prefMapSize 235091 -jsInitHandle 1348 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c1875f8c-2ce7-4e53-86a4-789473289491} 3520 "\\.\pipe\gecko-crash-server-pipe.3520" 2988 2939cb14258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3520.3.1093053364\1288976023" -childID 2 -isForBrowser -prefsHandle 1304 -prefMapHandle 2492 -prefsLen 27536 -prefMapSize 235091 -jsInitHandle 1348 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1a75da79-9a8a-47d2-905f-5e339de403b2} 3520 "\\.\pipe\gecko-crash-server-pipe.3520" 3528 2938cf85f58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3520.4.122925433\2071208779" -childID 3 -isForBrowser -prefsHandle 5052 -prefMapHandle 5064 -prefsLen 27536 -prefMapSize 235091 -jsInitHandle 1348 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6329a70a-5f33-4bf0-a1a5-787a5b651f3a} 3520 "\\.\pipe\gecko-crash-server-pipe.3520" 5044 293a0be0d58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3520.5.2089951560\50173316" -childID 4 -isForBrowser -prefsHandle 5200 -prefMapHandle 5204 -prefsLen 27536 -prefMapSize 235091 -jsInitHandle 1348 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4cce37d6-d36e-4847-9221-5930db832316} 3520 "\\.\pipe\gecko-crash-server-pipe.3520" 5188 293a1194b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3520.6.1468298854\96881677" -childID 5 -isForBrowser -prefsHandle 5388 -prefMapHandle 5392 -prefsLen 27536 -prefMapSize 235091 -jsInitHandle 1348 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dab0fb21-a29e-4012-aa2c-49f9faea51fd} 3520 "\\.\pipe\gecko-crash-server-pipe.3520" 5380 293a1193658 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3520.7.1053342920\1777311458" -childID 6 -isForBrowser -prefsHandle 5868 -prefMapHandle 5864 -prefsLen 27536 -prefMapSize 235091 -jsInitHandle 1348 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dfdf9c73-ae78-45dc-a4b1-e06f25969505} 3520 "\\.\pipe\gecko-crash-server-pipe.3520" 5856 293a2666158 tab

C:\Users\Admin\AppData\Roaming\DriverUpdt

C:\Users\Admin\AppData\Roaming\DriverUpdt

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,17797784761744440713,16607786630527825846,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4624 /prefetch:2

C:\Users\Admin\AppData\Roaming\DriverUpdt

C:\Users\Admin\AppData\Roaming\DriverUpdt

C:\Users\Admin\AppData\Roaming\DriverUpdt

C:\Users\Admin\AppData\Roaming\DriverUpdt

C:\Users\Admin\AppData\Roaming\DriverUpdt

C:\Users\Admin\AppData\Roaming\DriverUpdt

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3520.8.694606828\1745854223" -childID 7 -isForBrowser -prefsHandle 5132 -prefMapHandle 5156 -prefsLen 31070 -prefMapSize 235091 -jsInitHandle 1348 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5ef9aece-f54a-4526-b5fd-107afc51322c} 3520 "\\.\pipe\gecko-crash-server-pipe.3520" 4184 293a145d658 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3520.9.1632384485\958062158" -childID 8 -isForBrowser -prefsHandle 7420 -prefMapHandle 7888 -prefsLen 31070 -prefMapSize 235091 -jsInitHandle 1348 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4f3af915-2e6e-44eb-98b4-2cf3fa48f441} 3520 "\\.\pipe\gecko-crash-server-pipe.3520" 10280 293a5114a58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3520.10.2108817479\1673027241" -parentBuildID 20230214051806 -prefsHandle 10088 -prefMapHandle 10084 -prefsLen 31070 -prefMapSize 235091 -appDir "C:\Program Files\Mozilla Firefox\browser" - {81fe33cd-6e45-4a2c-aeb9-f84ef59fd184} 3520 "\\.\pipe\gecko-crash-server-pipe.3520" 10152 293a5de7958 rdd

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3520.11.1090557392\1755301950" -parentBuildID 20230214051806 -sandboxingKind 1 -prefsHandle 10100 -prefMapHandle 10096 -prefsLen 31070 -prefMapSize 235091 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ada2bae0-0d03-4bfd-8891-5d743cfcf9d9} 3520 "\\.\pipe\gecko-crash-server-pipe.3520" 10280 293a5de7c58 utility

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3520.12.1872319128\742132062" -childID 9 -isForBrowser -prefsHandle 9624 -prefMapHandle 9780 -prefsLen 31070 -prefMapSize 235091 -jsInitHandle 1348 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7676aac7-bd75-4289-92e2-09570060eb95} 3520 "\\.\pipe\gecko-crash-server-pipe.3520" 9732 293a9183658 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3520.13.829208263\591499407" -childID 10 -isForBrowser -prefsHandle 9092 -prefMapHandle 9412 -prefsLen 31070 -prefMapSize 235091 -jsInitHandle 1348 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b2b2d768-6c32-40ce-bed2-e15b1c5f1244} 3520 "\\.\pipe\gecko-crash-server-pipe.3520" 8960 293a506a258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3520.14.541139170\1474848662" -childID 11 -isForBrowser -prefsHandle 8720 -prefMapHandle 8716 -prefsLen 31070 -prefMapSize 235091 -jsInitHandle 1348 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {386ad311-cf24-4318-843f-afcbdf55f8d0} 3520 "\\.\pipe\gecko-crash-server-pipe.3520" 8728 293aaed4558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3520.15.773698370\1336297786" -childID 12 -isForBrowser -prefsHandle 8544 -prefMapHandle 8548 -prefsLen 31070 -prefMapSize 235091 -jsInitHandle 1348 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3dc2b137-779f-4be8-8a78-f8b2df14e9e8} 3520 "\\.\pipe\gecko-crash-server-pipe.3520" 8636 293aaed5758 tab

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe

"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3520.16.1851127025\1019597268" -childID 13 -isForBrowser -prefsHandle 8232 -prefMapHandle 8236 -prefsLen 31070 -prefMapSize 235091 -jsInitHandle 1348 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dcbd727c-c94c-40de-9e03-10a4aeffb75b} 3520 "\\.\pipe\gecko-crash-server-pipe.3520" 8220 293aa16ed58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3520.17.1196738510\953451174" -childID 14 -isForBrowser -prefsHandle 7988 -prefMapHandle 8196 -prefsLen 31070 -prefMapSize 235091 -jsInitHandle 1348 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e452e856-1b26-40cf-8154-ee0806ae5186} 3520 "\\.\pipe\gecko-crash-server-pipe.3520" 7996 293a837c558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3520.18.2107622122\121893336" -childID 15 -isForBrowser -prefsHandle 8012 -prefMapHandle 8196 -prefsLen 31070 -prefMapSize 235091 -jsInitHandle 1348 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3a1b7ca1-91c8-409e-b2fc-909783f605ca} 3520 "\\.\pipe\gecko-crash-server-pipe.3520" 7872 293a556b458 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3520.19.2130247768\1045026588" -childID 16 -isForBrowser -prefsHandle 7588 -prefMapHandle 7592 -prefsLen 31070 -prefMapSize 235091 -jsInitHandle 1348 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {08759edb-6d4e-40a3-a735-778f3782a2c1} 3520 "\\.\pipe\gecko-crash-server-pipe.3520" 7672 293a556d258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3520.20.1590136977\1058596948" -childID 17 -isForBrowser -prefsHandle 7480 -prefMapHandle 7472 -prefsLen 31070 -prefMapSize 235091 -jsInitHandle 1348 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4ddfa7d2-477f-487d-9b60-41222cd56c07} 3520 "\\.\pipe\gecko-crash-server-pipe.3520" 7392 293a556d558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3520.21.97091117\2108993832" -childID 18 -isForBrowser -prefsHandle 6704 -prefMapHandle 6700 -prefsLen 31070 -prefMapSize 235091 -jsInitHandle 1348 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0b3c88b3-a7d0-4dda-9c2b-945c240352ec} 3520 "\\.\pipe\gecko-crash-server-pipe.3520" 6652 293aa10c558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3520.22.1518776746\248227828" -childID 19 -isForBrowser -prefsHandle 6812 -prefMapHandle 6816 -prefsLen 31070 -prefMapSize 235091 -jsInitHandle 1348 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {89a57e0f-4370-46c1-8662-20fdff246748} 3520 "\\.\pipe\gecko-crash-server-pipe.3520" 6748 293aa10cb58 tab

C:\Users\Admin\AppData\Roaming\DriverUpdt

C:\Users\Admin\AppData\Roaming\DriverUpdt

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3520.23.2135710875\1526889261" -childID 20 -isForBrowser -prefsHandle 8388 -prefMapHandle 6812 -prefsLen 31070 -prefMapSize 235091 -jsInitHandle 1348 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d947c196-b2c3-4799-8334-1168a234d1b6} 3520 "\\.\pipe\gecko-crash-server-pipe.3520" 7080 293aa2f6858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3520.24.1955934140\871658951" -childID 21 -isForBrowser -prefsHandle 6768 -prefMapHandle 6764 -prefsLen 31070 -prefMapSize 235091 -jsInitHandle 1348 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {383c2ab7-4f55-47d5-af08-6ae7ef5f37de} 3520 "\\.\pipe\gecko-crash-server-pipe.3520" 6912 293a7493858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3520.25.195973749\544906118" -childID 22 -isForBrowser -prefsHandle 6812 -prefMapHandle 6984 -prefsLen 31070 -prefMapSize 235091 -jsInitHandle 1348 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8d28f777-4668-48f2-8df9-8285095ed23d} 3520 "\\.\pipe\gecko-crash-server-pipe.3520" 6608 293a91c5458 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3520.26.433728932\1938756796" -childID 23 -isForBrowser -prefsHandle 10308 -prefMapHandle 10312 -prefsLen 31070 -prefMapSize 235091 -jsInitHandle 1348 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5264cf04-e6a0-4fa0-aeb2-4a588655cd0f} 3520 "\\.\pipe\gecko-crash-server-pipe.3520" 10300 293aa31bf58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3520.27.376983830\909604547" -childID 24 -isForBrowser -prefsHandle 10480 -prefMapHandle 10484 -prefsLen 31070 -prefMapSize 235091 -jsInitHandle 1348 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {625ada87-a2cd-43f1-a891-bb1048af9cfb} 3520 "\\.\pipe\gecko-crash-server-pipe.3520" 10560 293abb14b58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3520.28.214993280\816297283" -childID 25 -isForBrowser -prefsHandle 10916 -prefMapHandle 10860 -prefsLen 31070 -prefMapSize 235091 -jsInitHandle 1348 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8df15dd5-f58a-49b9-a740-ec9fe37b8a8f} 3520 "\\.\pipe\gecko-crash-server-pipe.3520" 10904 293a5605658 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3520.29.1188696000\589412970" -childID 26 -isForBrowser -prefsHandle 10732 -prefMapHandle 10740 -prefsLen 31070 -prefMapSize 235091 -jsInitHandle 1348 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dd4ed900-ec59-4633-91bc-8502d7302990} 3520 "\\.\pipe\gecko-crash-server-pipe.3520" 10720 293a5857258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3520.30.399260111\1437815504" -childID 27 -isForBrowser -prefsHandle 11056 -prefMapHandle 11060 -prefsLen 31070 -prefMapSize 235091 -jsInitHandle 1348 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9106e9cb-8f54-4f30-9493-11f41c05a789} 3520 "\\.\pipe\gecko-crash-server-pipe.3520" 11044 293a837a458 tab

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe

"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe" -ServerName:CortanaUI.AppXstmwaab17q5s3y22tp6apqz7a45vwv65.mca

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3520.31.1311846057\888490085" -childID 28 -isForBrowser -prefsHandle 7504 -prefMapHandle 7436 -prefsLen 31079 -prefMapSize 235091 -jsInitHandle 1348 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b404c471-3aa2-4a4f-b205-77d262137f11} 3520 "\\.\pipe\gecko-crash-server-pipe.3520" 5056 293a678d258 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3520.32.1781333783\1672097005" -childID 29 -isForBrowser -prefsHandle 9692 -prefMapHandle 9204 -prefsLen 31079 -prefMapSize 235091 -jsInitHandle 1348 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9c986a3d-0111-4e3d-98d1-a75a1be12faf} 3520 "\\.\pipe\gecko-crash-server-pipe.3520" 6700 293a0b08d58 tab

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE

"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Desktop\ConvertMove.rtf" /o ""

C:\Users\Admin\AppData\Roaming\DriverUpdt

C:\Users\Admin\AppData\Roaming\DriverUpdt

C:\Users\Admin\AppData\Roaming\DriverUpdt

C:\Users\Admin\AppData\Roaming\DriverUpdt

C:\Program Files\VideoLAN\VLC\vlc.exe

"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\ProgramData\Microsoft OneDrive\raperbean.mp4"

C:\Users\Admin\AppData\Roaming\DriverUpdt

C:\Users\Admin\AppData\Roaming\DriverUpdt

Network

Country Destination Domain Proto
US 8.8.8.8:53 ip-api.com udp
US 208.95.112.1:80 ip-api.com tcp
US 8.8.8.8:53 1.112.95.208.in-addr.arpa udp
DE 193.161.193.99:37537 stewiegriffin-37537.portmap.host tcp
DE 193.161.193.99:37537 stewiegriffin-37537.portmap.host tcp
DE 193.161.193.99:37537 stewiegriffin-37537.portmap.host tcp
DE 193.161.193.99:37537 stewiegriffin-37537.portmap.host tcp
DE 193.161.193.99:37537 stewiegriffin-37537.portmap.host tcp
DE 193.161.193.99:37537 stewiegriffin-37537.portmap.host tcp
DE 193.161.193.99:37537 stewiegriffin-37537.portmap.host tcp
US 185.199.110.153:443 call-me.lol tcp
N/A 224.0.0.251:5353 udp
N/A 127.0.0.1:50711 tcp
US 8.8.8.8:53 getpocket.cdn.mozilla.net udp
US 8.8.8.8:53 content-signature-2.cdn.mozilla.net udp
US 8.8.8.8:53 shavar.services.mozilla.com udp
US 34.117.188.166:443 prod.ads.prod.webservices.mozgcp.net tcp
US 34.120.5.221:443 prod.pocket.prod.cloudops.mozgcp.net tcp
US 8.8.8.8:53 push.services.mozilla.com udp
US 8.8.8.8:53 firefox.settings.services.mozilla.com udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 34.160.144.191:443 content-signature-2.cdn.mozilla.net tcp
US 44.241.14.171:443 shavar.prod.mozaws.net tcp
US 34.117.188.166:443 prod.ads.prod.webservices.mozgcp.net udp
US 34.117.188.166:443 prod.ads.prod.webservices.mozgcp.net tcp
US 34.107.243.93:443 push.services.mozilla.com tcp
US 34.107.243.93:443 push.services.mozilla.com tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
N/A 127.0.0.1:50717 tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com udp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
GB 142.250.179.238:443 play.google.com tcp
GB 142.250.179.238:443 play.google.com udp
GB 142.250.187.238:443 consent.google.com tcp
GB 142.250.187.238:443 consent.google.com udp
US 35.244.181.201:443 aus5.mozilla.org tcp
NL 2.18.121.79:80 ciscobinary.openh264.org tcp
GB 142.250.187.206:443 redirector.gvt1.com tcp
GB 142.250.187.206:443 redirector.gvt1.com udp
NL 74.125.100.199:443 r2.sn-5hne6nz6.gvt1.com tcp
NL 74.125.100.199:443 r2.sn-5hne6nz6.gvt1.com udp
US 34.117.121.53:443 attachments.prod.remote-settings.prod.webservices.mozgcp.net tcp
US 34.117.121.53:443 attachments.prod.remote-settings.prod.webservices.mozgcp.net tcp
US 34.117.121.53:443 attachments.prod.remote-settings.prod.webservices.mozgcp.net tcp
US 34.117.121.53:443 attachments.prod.remote-settings.prod.webservices.mozgcp.net tcp
US 34.117.121.53:443 attachments.prod.remote-settings.prod.webservices.mozgcp.net tcp
US 34.117.121.53:443 attachments.prod.remote-settings.prod.webservices.mozgcp.net tcp
GB 142.250.187.196:443 www.google.com udp
GB 18.154.84.50:443 pitchfork.com tcp
GB 18.154.84.50:443 pitchfork.com udp
US 8.8.8.8:53 cdn.cookielaw.org udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 ads-static.conde.digital udp
GB 142.250.200.34:443 securepubads.g.doubleclick.net tcp
US 104.19.177.52:443 cdn.cookielaw.org tcp
GB 108.156.39.49:443 ads-static.conde.digital tcp
US 8.8.8.8:53 cdn.cookielaw.org udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
US 151.101.64.239:443 condenast.map.fastly.net tcp
US 151.101.64.239:443 condenast.map.fastly.net tcp
US 151.101.64.239:443 condenast.map.fastly.net tcp
US 151.101.64.239:443 condenast.map.fastly.net tcp
US 151.101.64.239:443 condenast.map.fastly.net tcp
US 151.101.64.239:443 condenast.map.fastly.net tcp
US 104.19.177.52:443 cdn.cookielaw.org tcp
US 151.101.129.91:443 polyfill-fastly.io tcp
GB 142.250.200.34:443 securepubads.g.doubleclick.net udp
US 151.101.1.44:443 cdn.taboola.com tcp
US 8.8.8.8:53 apv-launcher.minute.ly udp
NL 178.250.1.11:443 gum.nl3.vip.prod.criteo.com tcp
US 199.232.211.52:443 ioriver.map.fastly.net tcp
US 8.8.8.8:53 34.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 52.177.19.104.in-addr.arpa udp
US 8.8.8.8:53 49.39.156.108.in-addr.arpa udp
US 8.8.8.8:53 239.64.101.151.in-addr.arpa udp
US 8.8.8.8:53 91.129.101.151.in-addr.arpa udp
US 8.8.8.8:53 44.1.101.151.in-addr.arpa udp
NL 178.250.1.25:443 csm.nl3.eu.criteo.net tcp
US 172.64.155.119:443 geolocation.onetrust.com tcp
NL 185.235.87.241:443 ag.gbc.criteo.com tcp
FR 178.250.7.13:443 dnacdn.net tcp
FR 185.235.86.203:443 gbc7.fr3.eu.criteo.com tcp
GB 18.244.179.100:443 d2941xw9rhwgkc.cloudfront.net tcp
US 8.8.8.8:53 119.155.64.172.in-addr.arpa udp
US 8.8.8.8:53 241.87.235.185.in-addr.arpa udp
US 8.8.8.8:53 13.7.250.178.in-addr.arpa udp
US 8.8.8.8:53 203.86.235.185.in-addr.arpa udp
US 8.8.8.8:53 100.179.244.18.in-addr.arpa udp
GB 13.224.132.12:443 globalservices.conde.digital tcp
GB 18.245.162.12:443 recs-api.conde.digital tcp
US 3.217.134.0:443 c.pitchfork.com tcp
US 3.217.134.0:443 c.pitchfork.com tcp
US 151.101.1.91:443 n.sni.global.fastly.net tcp
US 8.8.8.8:53 cdn.parsely.com udp
US 8.8.8.8:53 sb.scorecardresearch.com udp
US 8.8.8.8:53 static.hotjar.com udp
GB 13.224.243.39:443 cdn.parsely.com tcp
GB 18.165.242.8:443 sb.scorecardresearch.com tcp
US 8.8.8.8:53 static-cdn.hotjar.com udp
GB 13.224.245.27:443 static-cdn.hotjar.com tcp
US 8.8.8.8:53 sb.scorecardresearch.com udp
US 8.8.8.8:53 t.skimresources.com udp
US 8.8.8.8:53 p.skimresources.com udp
US 8.8.8.8:53 12.162.245.18.in-addr.arpa udp
US 8.8.8.8:53 12.132.224.13.in-addr.arpa udp
US 8.8.8.8:53 104.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 0.134.217.3.in-addr.arpa udp
US 8.8.8.8:53 91.1.101.151.in-addr.arpa udp
US 8.8.8.8:53 194.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 39.243.224.13.in-addr.arpa udp
US 8.8.8.8:53 8.242.165.18.in-addr.arpa udp
US 35.190.91.160:443 p.skimresources.com tcp
US 35.190.91.160:443 p.skimresources.com tcp
US 8.8.8.8:53 r.skimresources.com udp
US 35.190.59.101:443 r.skimresources.com tcp
US 34.149.137.56:443 tagging.conde.digital tcp
US 35.190.91.160:443 p.skimresources.com udp
GB 18.245.253.79:443 script.hotjar.com tcp
US 35.190.59.101:443 r.skimresources.com udp
GB 216.58.212.206:443 ampcid.google.com tcp
IE 54.155.18.159:443 p1.parsely.com tcp
US 34.149.137.56:443 tagging.conde.digital udp
GB 216.58.212.206:443 ampcid.google.com udp
US 35.201.67.47:443 t.skimresources.com tcp
GB 13.224.245.103:443 vc-live-cf.hotjar.io tcp
GB 18.244.179.100:443 d2941xw9rhwgkc.cloudfront.net tcp
US 35.201.67.47:443 t.skimresources.com udp
GB 99.84.9.46:443 player-frontend.cnevids.com tcp
GB 99.84.9.46:443 player-frontend.cnevids.com tcp
GB 142.250.187.202:443 imasdk.googleapis.com tcp
GB 142.250.187.202:443 imasdk.googleapis.com tcp
GB 142.250.187.202:443 imasdk.googleapis.com udp
GB 18.245.162.63:443 capture.condenastdigital.com tcp
GB 99.84.9.46:443 player-frontend.cnevids.com tcp
GB 216.58.204.70:443 s0.2mdn.net tcp
GB 163.70.147.23:443 connect.facebook.net tcp
GB 108.138.225.196:443 dwgyu36up6iuz.cloudfront.net tcp
GB 216.58.204.70:443 s0.2mdn.net udp
GB 163.70.147.23:443 connect.facebook.net udp
GB 216.137.44.120:443 dp8hsntg6do36.cloudfront.net tcp
GB 216.137.44.120:443 dp8hsntg6do36.cloudfront.net tcp
GB 216.137.44.120:443 dp8hsntg6do36.cloudfront.net tcp
IE 34.241.213.103:443 pacman-metrics-live.live.eks.hotjar.com tcp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 www.facebook.com udp
US 8.8.8.8:53 a.ad.gt udp
US 104.22.4.69:443 a.ad.gt tcp
US 35.244.174.68:443 idsync.rlcdn.com tcp
US 35.241.19.70:443 sync.graph.fake.bluecava.com tcp
GB 157.240.214.35:443 www.facebook.com tcp
GB 157.240.214.35:443 www.facebook.com tcp
DE 91.228.74.200:443 secure.quantserve.com tcp
US 151.101.188.157:443 static.ads-twitter.com tcp
US 3.163.248.4:443 sc-static.net tcp
GB 18.165.201.36:443 ak.sail-horizon.com tcp
US 2.19.252.133:443 snap.licdn.com tcp
DE 37.252.171.149:443 secure.adnxs.com tcp
GB 99.86.114.67:443 cdn-magiclinks.trackonomics.net tcp
NL 23.62.61.96:443 analytics.tiktok.com tcp
GB 2.21.189.145:443 amplify.outbrain.com tcp
US 34.120.253.250:443 tag.wknd.ai tcp
GB 142.250.187.196:443 www.google.com udp
US 35.244.174.68:443 idsync.rlcdn.com udp
GB 157.240.214.35:443 www.facebook.com udp
US 172.64.155.119:443 condenast-privacy.my.onetrust.com tcp
GB 52.84.90.35:443 static.adsafeprotected.com tcp
GB 13.224.223.9:443 c.amazon-adsystem.com tcp
GB 2.21.189.220:443 z.moatads.com tcp
US 172.64.146.86:443 cdn.permutive.app tcp
US 35.241.19.70:443 sync.graph.fake.bluecava.com udp
US 34.120.253.250:443 tag.wknd.ai udp
US 8.8.8.8:53 4d.condenastdigital.com udp
US 8.8.8.8:53 157.188.101.151.in-addr.arpa udp
US 8.8.8.8:53 200.74.228.91.in-addr.arpa udp
US 8.8.8.8:53 69.4.22.104.in-addr.arpa udp
US 8.8.8.8:53 36.201.165.18.in-addr.arpa udp
US 8.8.8.8:53 4.248.163.3.in-addr.arpa udp
US 8.8.8.8:53 250.253.120.34.in-addr.arpa udp
US 8.8.8.8:53 67.114.86.99.in-addr.arpa udp
US 8.8.8.8:53 96.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 149.171.252.37.in-addr.arpa udp
US 8.8.8.8:53 sync.graph.fake.bluecava.com udp
US 8.8.8.8:53 star-mini.c10r.facebook.com udp
US 8.8.8.8:53 global.px.quantserve.com udp
GB 18.165.242.29:443 d3bw5exom9006l.cloudfront.net tcp
US 99.83.154.140:443 api.sail-personalize.com tcp
US 99.83.154.140:443 api.sail-personalize.com tcp
US 216.239.34.36:443 region1.analytics.google.com tcp
GB 142.250.200.3:443 www.google.co.uk tcp
US 34.98.72.95:443 static.bounceexchange.com tcp
PL 93.184.221.165:443 t.co tcp
PL 93.184.221.165:443 t.co tcp
PL 93.184.221.165:443 t.co tcp
PL 93.184.221.165:443 t.co tcp
PL 93.184.221.165:443 t.co tcp
PL 93.184.221.165:443 t.co tcp
US 104.244.42.195:443 analytics.twitter.com tcp
US 104.244.42.195:443 analytics.twitter.com tcp
US 104.244.42.195:443 analytics.twitter.com tcp
US 104.244.42.195:443 analytics.twitter.com tcp
US 104.244.42.195:443 analytics.twitter.com tcp
US 104.244.42.195:443 analytics.twitter.com tcp
US 50.31.142.255:443 tr.outbrain.com tcp
US 50.31.142.255:443 tr.outbrain.com tcp
GB 2.21.189.145:443 wave.outbrain.com tcp
GB 142.250.200.3:443 www.google.co.uk udp
US 216.239.34.36:443 region1.analytics.google.com udp
US 34.98.72.95:443 static.bounceexchange.com udp
US 8.8.8.8:53 133.252.19.2.in-addr.arpa udp
US 8.8.8.8:53 35.90.84.52.in-addr.arpa udp
US 8.8.8.8:53 9.223.224.13.in-addr.arpa udp
US 8.8.8.8:53 86.146.64.172.in-addr.arpa udp
US 8.8.8.8:53 220.189.21.2.in-addr.arpa udp
US 8.8.8.8:53 145.189.21.2.in-addr.arpa udp
US 8.8.8.8:53 29.242.165.18.in-addr.arpa udp
US 8.8.8.8:53 6.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 140.154.83.99.in-addr.arpa udp
US 8.8.8.8:53 3.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 95.72.98.34.in-addr.arpa udp
US 8.8.8.8:53 36.34.239.216.in-addr.arpa udp
US 8.8.8.8:53 195.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 165.221.184.93.in-addr.arpa udp
US 13.107.42.14:443 l-0005.l-msedge.net tcp
GB 18.245.187.55:443 d2fashanjl7d9f.cloudfront.net tcp
IE 54.171.37.95:443 pixel.adsafeprotected.com tcp
GB 52.84.90.126:443 config.aps.amazon-adsystem.com tcp
GB 54.192.137.23:443 launchpad-wrapper.privacymanager.io tcp
DE 91.228.74.159:443 pixel.quantserve.com tcp
GB 108.156.46.68:443 launchpad.privacymanager.io tcp
US 35.190.43.134:443 gcp.api.sc-gw.com tcp
US 35.190.43.134:443 gcp.api.sc-gw.com tcp
US 35.190.43.134:443 gcp.api.sc-gw.com tcp
GB 141.147.81.223:443 mb.moatads.com tcp
US 8.8.8.8:53 launchpad.privacymanager.io udp
US 35.190.43.134:443 gcp.api.sc-gw.com udp
GB 172.217.169.65:443 pagead-googlehosted.l.google.com tcp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 geo.privacymanager.io udp
GB 172.217.16.225:443 tpc.googlesyndication.com tcp
US 8.8.8.8:53 pubads.g.doubleclick.net udp
GB 18.244.179.43:443 geo.privacymanager.io tcp
GB 18.244.179.43:443 geo.privacymanager.io tcp
BE 23.55.97.75:443 e9957.b.akamaiedge.net tcp
US 8.8.8.8:53 14.42.107.13.in-addr.arpa udp
US 8.8.8.8:53 55.187.245.18.in-addr.arpa udp
US 8.8.8.8:53 95.37.171.54.in-addr.arpa udp
GB 172.217.169.65:443 pagead-googlehosted.l.google.com udp
US 8.8.8.8:53 126.90.84.52.in-addr.arpa udp
US 8.8.8.8:53 65.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 225.16.217.172.in-addr.arpa udp
GB 142.250.200.2:443 pubads.g.doubleclick.net tcp
US 8.8.8.8:53 pubads.g.doubleclick.net udp
GB 172.217.16.225:443 tpc.googlesyndication.com udp
US 34.111.8.32:443 api.bounceexchange.com tcp
US 35.241.9.51:443 bd1cec50-00d1-4ce9-9572-785857419a1e.prmutv.co tcp
NL 185.89.210.20:443 ib.adnxs.com tcp
GB 142.250.200.2:443 pubads.g.doubleclick.net udp
US 34.111.8.32:443 api.bounceexchange.com udp
BE 64.233.167.154:443 stats.g.doubleclick.net tcp
US 35.241.9.51:443 bd1cec50-00d1-4ce9-9572-785857419a1e.prmutv.co udp
US 34.111.8.32:443 api.bounceexchange.com tcp
US 34.111.8.32:443 api.bounceexchange.com tcp
US 34.111.8.32:443 api.bounceexchange.com tcp
US 34.111.8.32:443 api.bounceexchange.com udp
BE 64.233.167.154:443 stats.g.doubleclick.net udp
GB 2.21.189.220:443 px.moatads.com tcp
GB 2.21.189.110:443 e9957.d.akamaiedge.net tcp
GB 2.21.189.110:443 e9957.d.akamaiedge.net tcp
GB 18.154.84.15:443 ats-wrapper.privacymanager.io tcp
US 34.107.161.9:443 a.api.permutive.app tcp
GB 18.172.154.232:443 aax.amazon-adsystem.com tcp
US 34.120.63.153:443 prebid.media.net tcp
US 34.120.63.153:443 prebid.media.net tcp
US 8.8.8.8:53 direct.adsrvr.org udp
NL 178.250.1.8:443 bidder.criteo.com tcp
US 35.71.170.66:443 ie1-bid.adsrvr.org tcp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
US 172.64.151.101:443 ssum-sec.casalemedia.com tcp
NL 69.173.156.139:443 tagged-by.rubiconproject.net.akadns.net tcp
US 35.227.252.103:443 rtb.openx.net tcp
DE 3.124.64.248:443 eu-tlx.3lift.com tcp
US 34.107.161.9:443 a.api.permutive.app udp
US 34.120.63.153:443 prebid.media.net udp
US 35.227.252.103:443 rtb.openx.net udp
US 172.64.151.101:443 ssum-sec.casalemedia.com udp
US 8.8.8.8:53 101.151.64.172.in-addr.arpa udp
US 8.8.8.8:53 153.63.120.34.in-addr.arpa udp
US 8.8.8.8:53 8.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 103.252.227.35.in-addr.arpa udp
US 8.8.8.8:53 66.170.71.35.in-addr.arpa udp
US 8.8.8.8:53 139.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 248.64.124.3.in-addr.arpa udp
US 34.107.161.9:443 a.api.permutive.app udp
US 104.17.118.17:443 cdn.permutive.com tcp
GB 108.138.217.39:443 trx-hub.com tcp
US 151.101.65.229:443 cdn.jsdelivr.net tcp
BE 23.14.90.89:443 cdn.doubleverify.com tcp
US 151.101.65.229:443 cdn.jsdelivr.net udp
US 35.71.170.66:443 ie1-bid.adsrvr.org tcp
BE 104.68.68.28:443 e4751.b.akamaiedge.net tcp
GB 108.156.39.12:443 choices.truste.com tcp
GB 95.101.129.216:443 tcp
GB 142.250.179.226:443 cm.g.doubleclick.net tcp
GB 142.250.179.226:443 cm.g.doubleclick.net udp
US 34.107.254.252:443 googlesync.permutive.com tcp
NL 23.62.61.136:443 e248251.b.akamaiedge.net tcp
US 34.107.254.252:443 googlesync.permutive.com udp
NL 23.62.61.194:443 r.bing.com tcp
NL 23.62.61.194:443 r.bing.com tcp
NL 23.62.61.194:443 r.bing.com tcp
NL 23.62.61.194:443 r.bing.com tcp
NL 23.62.61.194:443 r.bing.com tcp
NL 23.62.61.194:443 r.bing.com tcp
GB 51.132.193.104:443 browser.pipe.aria.microsoft.com tcp
US 130.211.44.5:443 tpsc-ew1.doubleverify.com tcp
BE 35.210.149.152:443 tps-dn-ew1.doubleverify.com tcp
IE 67.220.226.232:443 aax-eu.amazon-adsystem.com tcp
GB 13.224.245.124:443 d1dvhck2p605dz.cloudfront.net tcp
US 104.18.36.155:443 dsum-sec.casalemedia.com tcp
GB 2.21.188.239:443 e6603.g.akamaiedge.net tcp
US 34.98.64.218:443 u.openx.net tcp
BE 23.55.98.169:443 e8960.b.akamaiedge.net tcp
FR 51.178.195.212:443 ssbsync-euw2.smartadserver.com tcp
US 76.223.111.18:443 eu-eb2.3lift.com tcp
US 104.18.36.155:443 dsum-sec.casalemedia.com udp
US 34.98.64.218:443 u.openx.net udp
US 52.46.155.104:443 s.amazon-adsystem.com tcp
US 52.223.40.198:443 match.adsrvr.org tcp
IE 52.208.101.151:443 match.prod.bidr.io tcp
US 172.64.151.101:443 dsum-sec.casalemedia.com tcp
IE 67.220.226.232:443 aax-eu.amazon-adsystem.com tcp
DK 37.157.2.228:443 c1.adform.net tcp
US 151.101.2.49:443 sync-tm.everesttech.net tcp
US 172.64.151.101:443 dsum-sec.casalemedia.com udp
NL 35.214.149.91:443 x.bidswitch.net tcp
NL 69.173.156.149:443 pixel.rubiconproject.com tcp
US 8.8.8.8:53 218.64.98.34.in-addr.arpa udp
US 8.8.8.8:53 169.98.55.23.in-addr.arpa udp
US 8.8.8.8:53 212.195.178.51.in-addr.arpa udp
US 8.8.8.8:53 18.111.223.76.in-addr.arpa udp
US 8.8.8.8:53 198.40.223.52.in-addr.arpa udp
US 8.8.8.8:53 239.188.21.2.in-addr.arpa udp
US 8.8.8.8:53 151.101.208.52.in-addr.arpa udp
US 8.8.8.8:53 104.155.46.52.in-addr.arpa udp
US 8.8.8.8:53 49.2.101.151.in-addr.arpa udp
US 8.8.8.8:53 228.2.157.37.in-addr.arpa udp
US 8.8.8.8:53 91.149.214.35.in-addr.arpa udp
US 8.8.8.8:53 sonata-notifications.taptapnetworks.com udp
DE 3.75.159.177:443 sonata-notifications.taptapnetworks.com tcp
NL 69.173.156.149:443 pixel-eu.rubiconproject.net.akadns.net tcp
US 35.244.159.8:443 eu-u.openx.net tcp
US 35.244.159.8:443 eu-u.openx.net tcp
US 35.244.159.8:443 eu-u.openx.net tcp
US 172.64.151.101:443 dsum.casalemedia.com tcp
US 35.244.159.8:443 eu-u.openx.net udp
US 35.244.159.8:443 eu-u.openx.net udp
US 172.64.151.101:443 dsum.casalemedia.com udp
NL 198.47.127.19:443 pugm-amsfpairbc.pubmnet.com tcp
NL 69.173.156.149:443 pixel-eu.rubiconproject.net.akadns.net tcp
NL 69.173.156.149:443 pixel-eu.rubiconproject.net.akadns.net tcp
NL 69.173.156.149:443 pixel-eu.rubiconproject.net.akadns.net tcp
NL 69.173.156.149:443 pixel-eu.rubiconproject.net.akadns.net tcp
NL 69.173.156.149:443 pixel-eu.rubiconproject.net.akadns.net tcp
NL 69.173.156.149:443 pixel-eu.rubiconproject.net.akadns.net tcp
NL 69.173.156.149:443 pixel-eu.rubiconproject.net.akadns.net tcp
US 8.8.8.8:53 l-0005.l-msedge.net udp
NL 69.173.156.149:443 pixel-eu.rubiconproject.net.akadns.net tcp
US 104.22.51.98:443 mwzeom.zeotap.com tcp
NL 35.204.158.49:443 um.simpli.fi tcp
IE 52.50.8.163:443 sync.crwdcntrl.net tcp
NL 178.250.1.9:443 widget.nl3.vip.prod.criteo.com tcp
NL 69.173.156.149:443 pixel-eu.rubiconproject.net.akadns.net tcp
US 34.111.129.221:443 cr.frontend.weborama.fr tcp
NL 198.47.127.205:443 pug-ams-bc.pubmnet.com tcp
NL 198.47.127.205:443 pug-ams-bc.pubmnet.com tcp
GB 185.64.191.210:443 simage2.pubmatic.com tcp
GB 185.64.191.210:443 simage2.pubmatic.com tcp
IE 54.217.40.10:443 ds-pr-bh.ybp.gysm.yahoodns.net tcp
IE 52.17.116.73:443 ce.lijit.com tcp
NL 145.40.97.66:443 am6-prebid.a-mx.net tcp
US 34.111.8.32:443 api.bounceexchange.com udp
IE 54.217.40.10:443 ds-pr-bh.ybp.gysm.yahoodns.net tcp
IE 52.17.116.73:443 ce.lijit.com tcp
NL 145.40.97.66:443 am6-prebid.a-mx.net tcp
US 34.111.129.221:443 cr.frontend.weborama.fr udp
US 34.111.131.239:443 idsync.frontend.weborama.fr tcp
US 34.111.131.239:443 idsync.frontend.weborama.fr udp
US 8.8.8.8:53 tpsc-ew1.doubleverify.com udp
DE 3.65.142.90:443 match.sharethrough.com tcp
US 104.18.41.104:443 capi.connatix.com.cdn.cloudflare.net tcp
GB 99.84.9.37:443 d2wcz8sc48ztgm.cloudfront.net tcp
US 8.8.8.8:53 98.51.22.104.in-addr.arpa udp
US 8.8.8.8:53 49.158.204.35.in-addr.arpa udp
US 8.8.8.8:53 9.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 163.8.50.52.in-addr.arpa udp
US 8.8.8.8:53 221.129.111.34.in-addr.arpa udp
US 8.8.8.8:53 205.127.47.198.in-addr.arpa udp
US 8.8.8.8:53 210.191.64.185.in-addr.arpa udp
US 8.8.8.8:53 10.40.217.54.in-addr.arpa udp
US 8.8.8.8:53 73.116.17.52.in-addr.arpa udp
US 8.8.8.8:53 239.131.111.34.in-addr.arpa udp
US 8.8.8.8:53 66.97.40.145.in-addr.arpa udp
GB 18.244.140.22:443 choices.trustarc.com tcp
GB 18.244.140.22:443 choices.trustarc.com tcp
US 130.211.44.5:443 tpsc-ew1.doubleverify.com tcp
US 104.18.41.104:443 capi.connatix.com.cdn.cloudflare.net udp
GB 99.84.9.37:443 d2wcz8sc48ztgm.cloudfront.net udp
NL 178.250.1.3:443 static.criteo.net tcp
NL 178.250.1.11:443 gum.nl3.vip.prod.criteo.com tcp
NL 178.250.1.3:443 static.criteo.net tcp
FR 178.250.7.13:443 dnacdn.net tcp
NL 185.235.87.241:443 ag.gbc.criteo.com tcp
FR 185.235.86.203:443 gbc7.fr3.eu.criteo.com tcp
BE 23.55.96.51:443 cdn.flashtalking.com tcp
BE 23.55.96.51:443 cdn.flashtalking.com tcp
BE 23.55.96.51:443 cdn.flashtalking.com tcp
GB 3.9.133.23:443 ad-interactions-prod-lb-1426714899.eu-west-2.elb.amazonaws.com tcp
GB 185.64.190.81:443 spug-lhrc.pubmnet.com tcp
US 76.223.3.47:443 enduser.adsrvr.org tcp
FR 54.38.113.2:443 pixel.onaudience.com tcp
DK 77.243.51.122:443 uip.semasio.net tcp
DE 91.228.74.200:443 cms.quantserve.com tcp
DE 3.71.149.231:443 ats-eks.eu-central-1.dcs-online-targeting-prd.aws.oath.cloud tcp
BE 35.210.53.219:443 adizio.geo.iponweb.net tcp
BE 35.210.53.219:443 adizio.geo.iponweb.net udp
GB 2.21.188.27:443 pb-logs.media.net tcp
US 104.18.38.76:443 js-sec.indexww.com tcp
BE 23.55.96.24:443 contextual.media.net tcp
US 34.98.64.218:443 condenastus-d.openx.net tcp
GB 2.21.188.221:443 acdn.adnxs.com tcp
US 34.98.64.218:443 condenastus-d.openx.net udp
US 8.8.8.8:53 condenastus-d.openx.net udp
US 8.8.8.8:53 contextual.media.net udp
US 54.174.33.90:443 sync.srv.stackadapt.com tcp
US 54.174.33.90:443 sync.srv.stackadapt.com tcp
US 54.174.33.90:443 sync.srv.stackadapt.com tcp
US 54.174.33.90:443 sync.srv.stackadapt.com tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
DE 91.228.74.200:443 cms.quantserve.com tcp
NL 185.184.8.90:443 creativecdn.com tcp
US 8.8.8.8:53 e6115.g.akamaiedge.net udp
US 8.8.8.8:53 spug-lhrc.pubmnet.com udp
US 8.8.8.8:53 ads.avct.cloud udp
US 35.244.159.8:443 condenastus-d.openx.net udp
BE 23.55.96.24:443 contextual.media.net udp
GB 2.21.188.27:443 hbx.media.net tcp
US 8.8.8.8:53 pixel-sync.sitescout.com udp
US 8.8.8.8:53 dsp.adfarm1.adition.com udp
US 8.8.8.8:53 pubmatic-match.dotomi.com udp
US 8.8.8.8:53 ad.mrtnsvr.com udp
US 8.8.8.8:53 ad.turn.com udp
US 8.8.8.8:53 envoy-hl.envoy-csync1.core-b8mf.ov1o.com udp
US 8.8.8.8:53 76.38.18.104.in-addr.arpa udp
US 8.8.8.8:53 24.96.55.23.in-addr.arpa udp
NL 35.214.154.11:443 envoy-hl.envoy-csync1.core-b8mf.ov1o.com tcp
GB 2.21.188.27:443 hbx.media.net tcp
NL 63.215.202.172:443 medianet-match.dotomi.com tcp
US 54.174.33.90:443 sync.srv.stackadapt.com tcp
IE 52.208.101.151:443 match.prod.bidr.io tcp
US 8.8.8.8:53 221.188.21.2.in-addr.arpa udp
US 8.8.8.8:53 90.8.184.185.in-addr.arpa udp
US 8.8.8.8:53 90.33.174.54.in-addr.arpa udp
NL 46.228.164.11:443 ad.turn.com tcp
NL 63.215.202.169:443 pubmatic-match.dotomi.com tcp
DE 85.114.159.93:443 dsp.adfarm1.adition.com tcp
US 34.36.216.150:443 pixel-sync.sitescout.com tcp
NL 82.145.213.8:443 outspot2-ams.adx.opera.com tcp
US 34.102.163.6:443 ad.mrtnsvr.com tcp
GB 2.21.188.27:443 hbx.media.net tcp
GB 2.21.188.27:443 hbx.media.net tcp
GB 2.21.188.27:443 hbx.media.net udp
US 104.18.36.155:443 dsum.casalemedia.com udp
US 3.230.255.165:443 qvdt3feo.com tcp
US 3.230.255.165:443 qvdt3feo.com tcp
US 3.230.255.165:443 qvdt3feo.com tcp
US 3.230.255.165:443 qvdt3feo.com tcp
US 34.36.216.150:443 pixel-sync.sitescout.com udp
US 3.230.255.165:443 qvdt3feo.com tcp
DE 37.252.171.149:443 secure.adnxs.com tcp
FR 51.178.195.212:443 ssbsync-euw2.smartadserver.com tcp
US 64.74.236.191:443 b1sync.zemanta.com tcp
FR 45.137.176.88:443 sync.adotmob.com tcp
US 54.85.51.123:443 rtb.adentifi.com tcp
US 172.64.149.180:443 cdn.indexww.com tcp
US 172.64.151.101:443 dsum.casalemedia.com udp
IE 52.49.35.255:443 dpm.demdex.net tcp
NL 89.149.192.73:443 rtb-csync.smartadserver.com tcp
US 8.8.8.8:53 sync.adotmob.com udp
US 3.230.255.165:443 qvdt3feo.com tcp
US 8.8.8.8:53 dcs-public-edge-irl1-150041215.eu-west-1.elb.amazonaws.com udp
US 8.8.8.8:53 rtb-csync-euw1.smartadserver.com udp
US 35.244.159.8:443 condenastus-d.openx.net udp
US 8.8.8.8:53 150.216.36.34.in-addr.arpa udp
US 8.8.8.8:53 169.202.215.63.in-addr.arpa udp
US 8.8.8.8:53 11.164.228.46.in-addr.arpa udp
US 8.8.8.8:53 6.163.102.34.in-addr.arpa udp
US 8.8.8.8:53 8.213.145.82.in-addr.arpa udp
US 8.8.8.8:53 93.159.114.85.in-addr.arpa udp
US 8.8.8.8:53 165.255.230.3.in-addr.arpa udp
NL 178.250.1.25:443 csm.nl3.eu.criteo.net tcp
NL 35.214.154.11:443 envoy-hl.envoy-csync1.core-b8mf.ov1o.com tcp
US 8.8.8.8:53 cm.adgrx.com udp
SE 213.155.156.166:443 d5p.de17a.com tcp
US 35.186.193.173:443 ipac.ctnsnet.com tcp
FR 141.94.242.204:443 green.erne.co tcp
NL 64.227.64.62:443 match.adsby.bidtheatre.com tcp
SG 35.186.154.107:443 cm-supply-web.gammaplatform.com tcp
SI 195.5.165.20:443 core.iprom.net tcp
IE 52.215.155.11:443 cm.adgrx.com tcp
NL 46.228.174.117:443 sync.1rx.io tcp
NL 193.0.160.131:443 a-emea.rfihub.com.akadns.net tcp
US 8.8.8.8:53 11.155.215.52.in-addr.arpa udp
US 8.8.8.8:53 20.165.5.195.in-addr.arpa udp
US 8.8.8.8:53 117.174.228.46.in-addr.arpa udp
US 8.8.8.8:53 131.160.0.193.in-addr.arpa udp
US 35.186.193.173:443 ipac.ctnsnet.com udp
SG 35.186.154.107:443 cm-supply-web.gammaplatform.com tcp
FR 54.38.113.3:443 pixel-eu.onaudience.com tcp
NL 46.228.174.117:443 sync.1rx.io tcp
NL 23.62.61.97:443 www.bing.com tcp
NL 23.62.61.97:443 www.bing.com tcp
NL 23.62.61.97:443 www.bing.com tcp
NL 23.62.61.97:443 www.bing.com tcp
US 13.107.21.200:443 bing.com tcp
US 34.111.8.32:443 nginx-ingress.wunderkind.co udp
US 20.189.173.13:443 browser.pipe.aria.microsoft.com tcp
BE 23.55.96.209:443 e6449.a.akamaiedge.net tcp
BE 23.55.96.209:443 e6449.a.akamaiedge.net tcp
BE 23.55.96.209:443 e6449.a.akamaiedge.net tcp
BE 23.55.96.209:443 e6449.a.akamaiedge.net tcp
BE 23.55.96.209:443 e6449.a.akamaiedge.net tcp
BE 23.55.96.209:443 e6449.a.akamaiedge.net tcp
BE 23.55.96.209:443 e6449.a.akamaiedge.net udp
DE 162.55.120.196:443 matching.truffle.bid tcp
US 104.18.25.173:443 s.tribalfusion.com tcp
US 104.18.25.173:443 s.tribalfusion.com udp
US 104.18.24.173:443 s.tribalfusion.com tcp
US 104.18.24.173:443 s.tribalfusion.com udp
NL 178.250.1.11:443 gum.nl3.vip.prod.criteo.com tcp
NL 178.250.1.11:443 gum.nl3.vip.prod.criteo.com tcp
NL 178.250.1.25:443 csm.nl3.eu.criteo.net tcp
NL 178.250.1.11:443 gum.nl3.vip.prod.criteo.com tcp
US 80.77.87.161:443 cs.admanmedia.com tcp
FR 178.250.7.13:443 dnacdn.net tcp
NL 185.235.87.241:443 ag.gbc.criteo.com tcp
FR 185.235.86.203:443 gbc7.fr3.eu.criteo.com tcp
US 150.171.70.254:443 mcr-ring.msedge.net tcp
US 13.107.237.254:443 t-ring-fdv2.msedge.net tcp
US 13.78.175.221:443 714ec37a90b4c9cc79c0f69aa7a0c7c3.azr.footprintdns.com tcp
US 34.117.188.166:443 contile.services.mozilla.com udp
IE 52.109.76.243:443 roaming.officeapps.live.com tcp
NL 23.62.61.184:443 metadata.templates.cdn.office.net tcp
US 2.19.252.143:443 binaries.templates.cdn.office.net tcp
US 2.19.252.143:443 binaries.templates.cdn.office.net tcp
US 2.19.252.143:443 binaries.templates.cdn.office.net tcp
US 2.19.252.143:443 binaries.templates.cdn.office.net tcp
US 2.19.252.143:443 binaries.templates.cdn.office.net tcp
US 2.19.252.143:443 binaries.templates.cdn.office.net tcp
US 2.19.252.143:443 binaries.templates.cdn.office.net tcp
US 2.19.252.143:443 binaries.templates.cdn.office.net tcp
US 2.19.252.143:443 binaries.templates.cdn.office.net tcp
US 2.19.252.143:443 binaries.templates.cdn.office.net tcp
US 2.19.252.143:443 binaries.templates.cdn.office.net tcp
US 2.19.252.143:443 binaries.templates.cdn.office.net tcp
US 2.19.252.143:443 binaries.templates.cdn.office.net tcp
US 2.19.252.143:443 binaries.templates.cdn.office.net tcp
US 2.19.252.143:443 binaries.templates.cdn.office.net tcp
US 2.19.252.143:443 binaries.templates.cdn.office.net tcp
US 2.19.252.143:443 binaries.templates.cdn.office.net tcp
US 2.19.252.143:443 binaries.templates.cdn.office.net tcp
US 2.19.252.143:443 binaries.templates.cdn.office.net tcp
US 2.19.252.143:443 binaries.templates.cdn.office.net tcp
US 2.19.252.143:443 binaries.templates.cdn.office.net tcp
US 2.19.252.143:443 binaries.templates.cdn.office.net tcp
US 2.19.252.143:443 binaries.templates.cdn.office.net tcp
US 2.19.252.143:443 binaries.templates.cdn.office.net tcp
US 2.19.252.143:443 binaries.templates.cdn.office.net tcp
US 2.19.252.143:443 binaries.templates.cdn.office.net tcp
US 2.19.252.143:443 binaries.templates.cdn.office.net tcp
US 2.19.252.143:443 binaries.templates.cdn.office.net tcp
US 2.19.252.143:443 binaries.templates.cdn.office.net tcp
US 2.19.252.143:443 binaries.templates.cdn.office.net tcp
US 2.19.252.143:443 binaries.templates.cdn.office.net tcp
US 2.19.252.143:443 binaries.templates.cdn.office.net tcp
US 2.19.252.143:443 binaries.templates.cdn.office.net tcp
US 2.19.252.143:443 binaries.templates.cdn.office.net tcp
US 2.19.252.143:443 binaries.templates.cdn.office.net tcp
US 2.19.252.143:443 binaries.templates.cdn.office.net tcp
US 2.19.252.143:443 binaries.templates.cdn.office.net tcp
US 2.19.252.143:443 binaries.templates.cdn.office.net tcp
US 2.19.252.143:443 binaries.templates.cdn.office.net tcp
US 2.19.252.143:443 binaries.templates.cdn.office.net tcp
US 2.19.252.143:443 binaries.templates.cdn.office.net tcp
US 2.19.252.143:443 binaries.templates.cdn.office.net tcp
US 2.19.252.143:443 binaries.templates.cdn.office.net tcp
US 2.19.252.143:443 binaries.templates.cdn.office.net tcp
US 2.19.252.143:443 binaries.templates.cdn.office.net tcp
US 2.19.252.143:443 binaries.templates.cdn.office.net tcp
US 2.19.252.143:443 binaries.templates.cdn.office.net tcp
US 2.19.252.143:443 binaries.templates.cdn.office.net tcp
US 2.19.252.143:443 binaries.templates.cdn.office.net tcp
US 2.19.252.143:443 binaries.templates.cdn.office.net tcp
US 34.149.100.209:443 prod.remote-settings.prod.webservices.mozgcp.net tcp

Files

memory/328-0-0x00007FFFB4903000-0x00007FFFB4905000-memory.dmp

memory/328-1-0x0000000000340000-0x0000000000AE6000-memory.dmp

C:\Users\Admin\AppData\Roaming\WaveWindows.exe

MD5 cd34bf9c69f229818a4c9301e51435eb
SHA1 bfb95a5dc5d777e2b5940f354da271fed397adb2
SHA256 3b217daf815ced5cf1087d1f408fc3833c9d80a1e3e25b3f9041698b9e34216f
SHA512 2c68b211a4c8c144713cbe99214e8dc33d3ef6c1f244af4a313ff5ab93d946a4281d404b02c5f66ef5652071279649082877eaa728912a0e769c2c848e0a8e6b

C:\Users\Admin\AppData\Roaming\DriverUpdt.exe

MD5 65485b0475b6c8a3b4f35bba541938a6
SHA1 28e6e6cd2ebf8a9fdffeb4aeba13b70ea7ea03a3
SHA256 c6740ee5c8afdc2c7be42fb03ab5a346925efc6ac785fe7d68dec2d5f05d276b
SHA512 034303ee48132b80da79e54a6077676cfd436ef869493a11a27c29dc7cb730fd2ce902320d554a0cde81fc0a06f6c56efa5c170a1360906ec9fa7fd101c3706d

memory/3928-25-0x0000000000CD0000-0x0000000000CEC000-memory.dmp

memory/5108-27-0x00000000743DE000-0x00000000743DF000-memory.dmp

memory/3928-26-0x00007FFFB4900000-0x00007FFFB53C2000-memory.dmp

memory/5108-28-0x00000000006B0000-0x0000000000E3C000-memory.dmp

memory/5108-29-0x00000000743D0000-0x0000000074B81000-memory.dmp

memory/5108-30-0x0000000005740000-0x000000000578A000-memory.dmp

memory/5108-31-0x00000000057B0000-0x00000000057D4000-memory.dmp

memory/5108-32-0x0000000005EE0000-0x0000000005FC6000-memory.dmp

memory/5108-33-0x0000000005DE0000-0x0000000005E56000-memory.dmp

memory/5108-34-0x00000000743D0000-0x0000000074B81000-memory.dmp

memory/3928-35-0x0000000002D80000-0x0000000002D90000-memory.dmp

memory/5040-36-0x0000027E767B0000-0x0000027E767D2000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_rdryaqdy.t34.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

MD5 627073ee3ca9676911bee35548eff2b8
SHA1 4c4b68c65e2cab9864b51167d710aa29ebdcff2e
SHA256 85b280a39fc31ba1e15fb06102a05b8405ff3b82feb181d4170f04e466dd647c
SHA512 3c5f6c03e253b83c57e8d6f0334187dbdcdf4fa549eecd36cbc1322dca6d3ca891dc6a019c49ec2eafb88f82d0434299c31e4dfaab123acb42e0546218f311fb

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 e3840d9bcedfe7017e49ee5d05bd1c46
SHA1 272620fb2605bd196df471d62db4b2d280a363c6
SHA256 3ac83e70415b9701ee71a4560232d7998e00c3db020fde669eb01b8821d2746f
SHA512 76adc88ab3930acc6b8b7668e2de797b8c00edcfc41660ee4485259c72a8adf162db62c2621ead5a9950f12bfe8a76ccab79d02fda11860afb0e217812cac376

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 80707036df540b6657f9d443b449e3c3
SHA1 b3e7d5d97274942164bf93c8c4b8a9b68713f46f
SHA256 6651e5f976619cef991deef61776cf43d4c4b3d7c551dd2192b647df71586ab0
SHA512 65e41e9e730fed4f7a7d3f6f35875a16948b897f87c8c70b371fd0ac7f0951814f6a75e7698665194bbc65a3665a684e7be229e7e24193b50483ae7e55eebf4f

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 4ae54c3a00d1d664f74bfd4f70c85332
SHA1 67f3ed7aaea35153326c1f907c0334feef08484c
SHA256 1e56a98f74d4a604bef716b47ef730d88f93aec57a98c89aa4423394cbc95b5c
SHA512 b3bbdefeaadbdaac00f23ce3389bbd3b565bd7e0079aeebf3e4afba892382e1cd3896c00bb2e5a98146ac593f9bdc5568d0bd08c5b0139f0814b1a38911c3889

memory/3928-81-0x00007FFFB4900000-0x00007FFFB53C2000-memory.dmp

memory/3928-82-0x0000000002D80000-0x0000000002D90000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\DriverUpdt.log

MD5 2cbbb74b7da1f720b48ed31085cbd5b8
SHA1 79caa9a3ea8abe1b9c4326c3633da64a5f724964
SHA256 e31b18f21621d9983bfdf1ea3e53884a9d58b8ffd79e0e5790da6f3a81a8b9d3
SHA512 ecf02d5240e0c1c005d3ab393aa7eff62bd498c2db5905157e2bf6d29e1b663228a9583950842629d1a4caef404c8941a0c7799b1a3bd1eb890a09fdb7efcff9

memory/3928-90-0x0000000002DA0000-0x0000000002DAC000-memory.dmp

memory/3928-92-0x000000001CAF0000-0x000000001CAFC000-memory.dmp

memory/3928-93-0x000000001EBB0000-0x000000001F0D8000-memory.dmp

memory/3928-107-0x000000001CD10000-0x000000001CE2E000-memory.dmp

memory/3928-146-0x000000001BC80000-0x000000001BD30000-memory.dmp

C:\ProgramData\Microsoft OneDrive\raperbean.mp4

MD5 960cd3720b7fa9c003d4137a10db0f60
SHA1 6cf4972b5c829f4feb2642065f46826b0a01f89d
SHA256 485b9ed24abec42430c54adc7b0aa8f89a558f98bcb5ecf90ad000392f51e1b4
SHA512 2f0bf1ff78ac53068d10d24ac09e2afcbbc4baed8c6bde0263f569ff7c394e12494d728971299915540743d68fe24002b88ba329cb181da56566bb033f10c475

memory/4840-161-0x00007FF78DC90000-0x00007FF78DD88000-memory.dmp

memory/4840-162-0x00007FFFC6970000-0x00007FFFC69A4000-memory.dmp

memory/4840-170-0x00007FFFC68D0000-0x00007FFFC68E1000-memory.dmp

memory/4840-163-0x00007FFFAC230000-0x00007FFFAC4E6000-memory.dmp

memory/4840-169-0x00007FFFC68F0000-0x00007FFFC690D000-memory.dmp

memory/4840-171-0x00007FFFA9940000-0x00007FFFA9B4B000-memory.dmp

memory/4840-168-0x00007FFFC6910000-0x00007FFFC6921000-memory.dmp

memory/4840-167-0x00007FFFCA230000-0x00007FFFCA247000-memory.dmp

memory/4840-166-0x00007FFFCA400000-0x00007FFFCA411000-memory.dmp

memory/4840-165-0x00007FFFCB830000-0x00007FFFCB847000-memory.dmp

memory/4840-164-0x00007FFFCE870000-0x00007FFFCE888000-memory.dmp

memory/4840-186-0x00007FFFC2260000-0x00007FFFC22B7000-memory.dmp

memory/4840-185-0x00007FFFC5C80000-0x00007FFFC5C91000-memory.dmp

memory/4840-172-0x00007FFFA7900000-0x00007FFFA89B0000-memory.dmp

memory/4840-184-0x00007FFFB54B0000-0x00007FFFB552C000-memory.dmp

memory/4840-183-0x00007FFFBBEA0000-0x00007FFFBBF07000-memory.dmp

memory/4840-182-0x00007FFFC5CA0000-0x00007FFFC5CD0000-memory.dmp

memory/4840-181-0x00007FFFC5CD0000-0x00007FFFC5CE8000-memory.dmp

memory/4840-180-0x00007FFFC64A0000-0x00007FFFC64B1000-memory.dmp

memory/4840-179-0x00007FFFC6500000-0x00007FFFC651B000-memory.dmp

memory/4840-178-0x00007FFFC6520000-0x00007FFFC6531000-memory.dmp

memory/4840-177-0x00007FFFC6540000-0x00007FFFC6551000-memory.dmp

memory/4840-176-0x00007FFFC6560000-0x00007FFFC6571000-memory.dmp

memory/4840-175-0x00007FFFC6580000-0x00007FFFC6598000-memory.dmp

memory/4840-174-0x00007FFFC66C0000-0x00007FFFC66E1000-memory.dmp

memory/4840-173-0x00007FFFC65A0000-0x00007FFFC65E1000-memory.dmp

memory/4840-199-0x00007FFFA7900000-0x00007FFFA89B0000-memory.dmp

memory/3928-214-0x0000000020620000-0x00000000206AE000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

MD5 40d8cceb9c45d1aae467437c7e3fbe60
SHA1 2319d76a7e72e23ccb6a1385cbd786e8d8127c5f
SHA256 6e79fe0a8d3ec265fda5cd9ba326ff99a472e7f1cd638a692d8859be4ff09eaf
SHA512 679b485199afa8ddd16d808170703c594ecfa7d418030e66299109baf0e22e0f0463d16228762620bec821f6fd928275698d45b8b1c7cd3155e5ee39badffaf0

C:\ProgramData\Microsoft OneDrive\@rsg666hfguhser0__dgsfghd-rsg666hfguhser0__dgsfghd-profile.jpeg

MD5 a1214c53984db3c4fe0ee97c5d35a59b
SHA1 e2f6296991766b98f9755a1819042c57b742fedb
SHA256 ce3fdb7f689d17cbc88d2b6c1499dd25f3000fd0d8a41695bf77216e6023fc57
SHA512 b1a564e5584ced8e7e2b832502ba886f5f549d1e0537a160a196f5faf3f49d7b15181d2fd761864e5bda3286e48f6fec126f92a353b029486c42604157d19861

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 6486ee9e961a437dadb68ff1544d18a8
SHA1 05f4daccca0bc1ce73fe71ad2325ba5dadd3df25
SHA256 9a98b4686c9e90672a548c873943b3027fb111f7992263111d912318429f5834
SHA512 ee3659f68a46f37f340f98b85a7aa289e700c5ced2a4f0104673bb5f18cc82d1e9b838ec0278407213c6ed2073998e7aad78a7a39390b7e460c8e26dfa91d0e9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 2dfecbb576ee9795c5284da8a2a3c7f5
SHA1 f1f0a6a97850aca2b4ab267a017564af02f24948
SHA256 dca6901942fa748fc01339192c0738a06847d8497c9c61298f1e5df1f8352fb0
SHA512 d664cc261113427810dd0b2d32763ddd08611a528fe6b285782d6b8ac03304b72a90fe7f3f7142e825ab8d948d5c9cf52f420546f3796b2ac23f3d00f3c17389

\??\pipe\LOCAL\crashpad_4124_PJJTSAAVZUEVAIKZ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 692bf03f95c556c6d202dac33d5aa28f
SHA1 ca43aa79b873b97c13f2aa08bc304dd1d9ceddc8
SHA256 335a197af1ccdef8740fa85f0b5fd7745ce60c274a9bf0cc875be92a7d6c9383
SHA512 5d0674913590c83f8e485c5b727caf9c10dc921a95ce16e6548bec35b27bfef8d2c2fb31f2f535d508373c6c4e4096439c7a6ed53b41289e2351cc966f767a0c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

MD5 7a04784b98f1c72789cf3742a7c9756f
SHA1 beb579e49d1433b30b7f6af9f864633f84b85802
SHA256 10968379db9a431c83717c092e34953bc4ce7796e122333c62795606a57f79c8
SHA512 9a99bbee64389821b55362ca2467c3f994b68917d940ea60f44cca2fb7a202a0fd0d074ff8d2378175c261e5a9faef51b84617fbf793153d903661e39d76b486

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d0d7a528f1c833a4655a6b3d0dbf9711
SHA1 fc4d9e88ee867486a4c4fa7bafb17fba8353cda6
SHA256 cbef33b1492dfd00d335a5cac302bda1fb904bb404566b60f9f2a355a0392a67
SHA512 43265e0a3809cb6297a2ab0a08dd66855e29f2cc4e0dbc727077a13082def679b005e99f9e4fe99c119211a71d19c18312ac94b1e5d3a864c91da4ba31da429d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5089036ae0ff3671e7dc3a98409f9cdf
SHA1 28d29c626d7098c78efab398aa6408f975523537
SHA256 c3bc89966046636d2be1e2f98e0ae934421ae8e48ec31e9118af8589119246f7
SHA512 5a036d88de5e57de12305112dfdb0fffa727ca8ee5e223a5d38d73c6685ccc217456c71bfa255c7df52d53890aa77aee614737eef923215f1416b3227794469a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 26ef10d1afa7c9a412236d59b767e00c
SHA1 cfdabe8d7e5114914ba983a2ce2db4b77eb4c35c
SHA256 c7e88a7262a0543c3da63f57943082e7aadcf2b02c903e22f26a36ca6100b701
SHA512 d90b6f78ba27c8af3642c4bfd187e4ced74f9d4e3be65b0f8c29a6cacb3a25ea238b150e40ec902cad4f44ea9b488f289e718f3e248c5cfe74896e6844800973

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 eab9b5be5de9f4257dbf8335097b10be
SHA1 60585b8a973710ec1b493137ee2fa7835a05ee32
SHA256 0635ca4cdbd4f671d43ca07152a59699421fb82cf3746181a842b8ffa31f56f0
SHA512 f98888cb3d45d095273affc27978885ce3ee8c3cfd2cd43f24ff4d2adbf3bbcfa3bb8f809b59c6dba88424dc3c73a7ec7b6a5a82d70f31376ed292c1ea5b7e8f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 a2937afc7e59b520dbc940085207e89c
SHA1 6817114819c7c627244fd52ff334cc87767fdabe
SHA256 e44894379bb598339996d5f2a6473cc18ad24a8454b9219c97b190354921a646
SHA512 11e9aee7fa1156422493eefd0c34e4aa88dba8d00e80f3888289760080471efc4016d50c3a13836bed0794d994df29c2432c1ba1185653d4a0979cc279f39482

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xde90bbv.default-release\prefs-1.js

MD5 ea2b59a4fffb88e2ee83068ea16fbc58
SHA1 5fe696b86ffa1a1d954d56832a0a86af6d97ec06
SHA256 9190dfdd0cdd745e9671646280ab241f6f1b41733e6eb3fff2cbafde3dfcf27e
SHA512 27d9b05441b65642a22d5c12c9f427011a135b7d39ec3ebf37f9ed7be95c81a334727fc6d5a1ed04e0960c43b600f95d5a576774faf752c1341bc3e20ee438bd

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xde90bbv.default-release\activity-stream.discovery_stream.json.tmp

MD5 80d23b3dedacc33a203571ef260d1235
SHA1 a4b83a2f888215422d2b9ea81b2b676805876f2b
SHA256 4d2b6bb6c5ae056d69bc48309f232a5f3ce64f76107b17e4b79813b8f779ef4a
SHA512 3b2250d663df85adbe1e339f434702430a45159780b160e195a56f952e0a7da6d604b5b3a211781a398cacd5f95d8100a39130dce10fd2085e3cd0044ab04732

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0e8f385d683b96dd794ad3e9e76e5f0d
SHA1 fdf9ada28fea99e30e5d7c537206f21ad232221a
SHA256 e1570877c3fabf999baa150e78431b6c80e2bfc88791725766646a376b1997b3
SHA512 344c8298b3c7f0b27024e0fdbc59c4bed7296da7dff2a060dcbf3f775174e1ebcab746321a7eba90e4a4a836e88bc5a0ffaecbeb5179f180ec62540dbac4af90

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xde90bbv.default-release\sessionstore-backups\recovery.jsonlz4

MD5 1b2e04dc444e9da878c1dd9313741d61
SHA1 ebd2cb50e64b9b5f344fcd0610c4805c92a0e2fd
SHA256 ec03135d36a7bbe12930e4b39e03c77797f1715bd77e3811c2d6b965a81774c6
SHA512 d985a4686ebcfdfd9b64431a3376b8bda91fda2c54f656ccf5d06c6054a1edd9e2f3eb06e759b2a5626684ec3c96dd0635724e39d5399600b221fcb7082e575e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xde90bbv.default-release\prefs.js

MD5 77406f4e1a4c207c64339ab897b06122
SHA1 28cb47558468bf749c855de7d6d3278a0cfc97ce
SHA256 63ae009009363de306bc06b70dd5d501fb6e003685c609d545176473e468e713
SHA512 503ad4dff71fe4c8b2c3494957c17d840ede6947b648eeab42355183b272c82ded294bd3df8009279e228134af25c43e4ca1a34ebc6b29468ce6c60035b4b99b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xde90bbv.default-release\prefs-1.js

MD5 a23426b1615678e1220cf6f2959e2b97
SHA1 f0c7f7f0c827b6977614fdc1151dece333bdaace
SHA256 8fa65e538668d1a5f22a7ac6e76e42c03069af88f23c3c49514c2bce431db17d
SHA512 cb8ed6e8362c0801372228bf143d3fd71e1016f3abbdfb3ca66b7a01e6c7dc6d9e489889fee028f692bfcad632d58465d47798bfc6802fac0110ba8766934ea3

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xde90bbv.default-release\sessionstore-backups\recovery.jsonlz4

MD5 52e38eb63ced7b13fce88fefb4c533ab
SHA1 9aad0d4f75b4cb205c08afd52521c1562271fced
SHA256 84d0baf7a376c3f5499327a6c90f5416b20bca59154e1b99e0f746368efdb5f8
SHA512 ccaaf043c15854bd221f675e93e64616ad896280ed9b9d676ed517fe06fb9c8cdfcfa2efe80ff82bdefbf6be356f6270bcb2993f6802b1087b6091412146d7f3

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xde90bbv.default-release\cache2\doomed\22641

MD5 dba4db478334b14ea8b4b99cefec56af
SHA1 8d5a959564b9480edddf3317ffbe868188ad441d
SHA256 a5c861cfa9ad31076d767ff961c6ff4c2b57efa75f72f33fe228ab93ded86570
SHA512 b722d9449eb6e1115c5a4c4bd3af3903f8c461bc85ba6773b41d1c23974aac7fd37b2c0eb2b2de587b988633b7371e1f8552a211c75c5329231aefd40231c5ba

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xde90bbv.default-release\sessionstore-backups\recovery.jsonlz4

MD5 fca1dc47d06ab2469ac73f1557be5cf6
SHA1 159ecd187e2a45d105f44d25fc21ede6175581d8
SHA256 13f44f65f10ea4a16cf28c0de9ce387a4370692a22d73f4be07ccadd417757d9
SHA512 7de7c70971901a6557796fc98bf6eac84991d8a15f4f2a8c16a9e7bb283bafb9fc4ff134965717b0599d87e91467ab969766e95cc0b7cfbfc8369414d679ee3b

C:\Users\Admin\AppData\Local\Temp\Log.tmp

MD5 37061ba8d1d73bb3148d2015d6e61c77
SHA1 ac5f784fa9b7dd66bc4ecbec5a7166d98f2e29d4
SHA256 ffc23ca04769b4c81e5061eb67aaadc281dfb74c0b0d8c002a4952010b6324fc
SHA512 3a587ce83bd940b71ea8abd25900b9125bd11fce129a71802fc3300874e53f696c631921c003f05cb932c355c32c84532e7119fbe76c7b0f86af84b85cd0a816

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xde90bbv.default-release\sessionstore-backups\recovery.jsonlz4

MD5 1567234fe218601bc5b717c5bb549ff7
SHA1 193f461335aeb3a8851c26865935e11712469b25
SHA256 40cb46535cc6fa572457ea331bbef51338cb5366ac532abf49b2be69befcc8ec
SHA512 3ae678f37cc556144d5815c38311fdf3292c350104433db8d22da8126ee540e95b59c5537fb257a361b5d7d14b7a7e100537e6fbfd8d75ce617ea0fd0c8e8056

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xde90bbv.default-release\sessionstore-backups\recovery.jsonlz4

MD5 02e7611fd083ba6ef23fefce69c21277
SHA1 881234f1cfe7939ca6bd8e66f7ba38cf7424d971
SHA256 c04259fd9317a5bbee0fb77c5f251fbf07177a1e48eb2ef5b85d7c8711d8dd91
SHA512 923bd4580414f39bf4028a221fe917f67fe09cc5c44ed5b9ce03315c52e0876818c795aadbeb80493752e0dd93f7144436244a13344b1cd7282c424a945ff42d

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xde90bbv.default-release\cache2\entries\5CD1EBDF6B57F13C7E783CE5E6D8E9C44014FE1A

MD5 625c24c4a038b70473f86cdc7f5059fe
SHA1 7bf556f43114a7c069cc652c0bb5d473bbbfb366
SHA256 332386bbb0c06020b49bbfb0e4c2fc429e3f595f447b14658182472559f63cd4
SHA512 18050eef7b001fffd5a578168a1faaa3e4fa732d27e48512c433ab5792ce7ba9792cc46fbc21060e4dfca39b7e6ccce26b415b3da6e485aab14f75647fdd1dda

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xde90bbv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xde90bbv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xde90bbv.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 45b41c5aa94a0bea29021d7bddced4e4
SHA1 885f1de1a3dff23a4b6e278cc9c6861b3614b1a0
SHA256 8717119801665c9faf24db2091cef6fa87011f26afafd7e99c562dbaad3ffd38
SHA512 8ba22d1ecc49c62301fca94866c1e7b65998e0380f9d82aa9972834f3ecff136364a96da34910614dacedfea4db8e57faed02d052e0f4cea4d13316d60df2d9d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xde90bbv.default-release\prefs-1.js

MD5 c60edac48868754b9598e8d51473dbda
SHA1 c83d2346c2d5cc7aadfc8c7c44f5d87179ec2ae0
SHA256 862eac57a9ad828fec1ecff0e69a1801d0ed0a08ce5f5cb10498c3759ddbcd4f
SHA512 29bca0ca3960feee0219550ff81d98e7ffa6d079665231b36cc773f3458a136d556fd304588086c91de496cac8ea0627eb0b74c9a299288226050e2d6a4ddd54

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 a01c5ecd6108350ae23d2cddf0e77c17
SHA1 c6ac28a2cd979f1f9a75d56271821d5ff665e2b6
SHA256 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42
SHA512 b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xde90bbv.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xde90bbv.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xde90bbv.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xde90bbv.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xde90bbv.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 33bf7b0439480effb9fb212efce87b13
SHA1 cee50f2745edc6dc291887b6075ca64d716f495a
SHA256 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e
SHA512 d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xde90bbv.default-release\sessionstore-backups\recovery.jsonlz4

MD5 d1a4d498b8eac3628431014c5749e1d5
SHA1 c76f2266d1676d16844e52ebda1bfe5adf805065
SHA256 6ebe42b58d7cdbc2860a748c6859e6a3537fc2ab32f272d5fb5a346e3f40368e
SHA512 ab5ac340f0901b33faf7481a24e92489ed7552688d7051f73b8c9d0ed136097e2f3d0eb434c51c645cc32797901281cb25e7dd8494c901337da4c681e9d46ff7

C:\Users\Admin\AppData\Local\Temp\Log.tmp

MD5 8e9c850e39120933c4a39108f99c3ef6
SHA1 6345b147ed101f101b849abcc432147edc46345f
SHA256 0e672585ede27ce2c1992f6bb67b9e16f8d862bfa2614708bb8aa4d763bc32e6
SHA512 c45ad736e2144a0f1a2f0eedfc65b14aee2f28e40a99af3ed3bcb9ffabf40a6f19bbd8886472cafe8b62b75f0b95f8f6976513ea769247791a508bfadbbed3d2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xde90bbv.default-release\sessionstore-backups\recovery.jsonlz4

MD5 7b55db9dcf1a57abf9cdba2352176be5
SHA1 1363ed84254ed02afd34fa1791a9e332203e0c99
SHA256 573f29258abe18777d74a43e76e69a4313b851dcbd153740f53f1194858198a9
SHA512 78f2bc7a609b825ca93690ccb2dcaed91a13d45b1c35d34616c919efc5a277f88963b1ef2d7bbdc89bacd5c33b8d4957f1d5b6ab5eeb87ac3ad2ca04e8f6025f

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 2aba0069a2caa684cab702e117cb8461
SHA1 24f1f61a296c643177a18e03e359e692c0e36f8b
SHA256 de0b7e6352ef5dd19620aed04e25a682d23fd62164fd9b65cf2d64fe3ccb3d83
SHA512 2e3230493f63fa8fa7944b774ea8351391615c6da751b1c012e3990f4533791616d4e93be0dd7c1f517520321e8106477b5a15e269e01adfaddc2987454cbbbb

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 8060264703743567a3ea2aeb17ee11e3
SHA1 cc1987defde9b3ffc55342f85dcae10e54f9cd42
SHA256 910102468edc96972517f81bbf8bcfce8a9632fa67543fd95763a6ea4348d0ec
SHA512 1da04f045e8ee3fdee707f8ece605f10fa834d627cc138c97daeb13f30342f97ce3948e80fe3023d7fe6aadecd7c21c45977a4f17f848a098f096f5f30349973

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xde90bbv.default-release\cache2\doomed\27281

MD5 118664acb7ae704e869deade1564513d
SHA1 df74b2c0d3de69dae607adefd6d4d2ee3622bcd8
SHA256 0c86d25846d2e80388b82e76f67a6b3558a1d20db3a5dad3e1f98f7e56787cb3
SHA512 1cd42bc776d2f4aba7b9e49d50e8b52487e76150a3abeabc906b74787b6c1e2e330c6df53dadfbbea5059fc7f364679758b814686490abff0f4fef8926a0a277

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xde90bbv.default-release\storage\default\https+++pitchfork.com\idb\1230268062weo1rak9e1r4_7b5d815c.sqlite

MD5 ce4548c6d0f7e3b6dca7be7e58fc38c6
SHA1 fd16ed78207ddddde211c9e19d1010317780a11b
SHA256 efdba10445477dde7ffd3c964b11003076cde4ced7a986785588304bffbd9246
SHA512 abaddaf47fcd76c02c898d0a096e3b5de15749c525250030d0756d7c3eaa664b83c37ff1e4ba12876ae62d1bd8ba2df2a128bb37f00562c4cdbf9ff04d899569

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xde90bbv.default-release\cache2\entries\297A2F10A099300981879F233BEC9C89D2A8EEAC

MD5 9637eaefcf984931fe924cb75121096f
SHA1 4d0a66bc8ac42e4a0770ba43ad4ffc3a88e5b8f8
SHA256 fc5553393541eca97dbaf5a9c7305778b83caa15d92ef59dfe2fb226199886ac
SHA512 26c70b1f0b4897fcfbca9890121592bf4d2bee22e63cc8cee9441c2a2a14f599adae7956ed233d9b9a874ae1abfd76edd98bdb79848042d4f0d9e11f34764f19

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xde90bbv.default-release\sessionstore-backups\recovery.jsonlz4

MD5 dea49efa6855ee1bb4402501282accc0
SHA1 18e6d77d9fde950e3fb43527c467b24c361f32ae
SHA256 bd3c64261c57dbbd1d230bcdedee7eb20116c3a5053b2c86a5a2ec0ec06f366b
SHA512 24d5d04d0bf517ba09e4d13f94ea22b9b7a5babe135f8a418873709cf3191337cc624f777df85c82aa988c597ade8c5d3854c4cb882f860add254ae9f07a2349

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8075aaf7b5175282b9b3ed5cae564b94
SHA1 de572959f483572f17a77ea065f1348cd491aec3
SHA256 bc8790ad33279251ed641a12f225c076b7b6f5657e6a20694ff9958196ca59e7
SHA512 72612e5e667efee1a5c67e411e58233b594fb45d8fd534388d16548f228143787e06ee02804999f733a8d9b8c33f1ad547de0eed7b769a81becccdc02aaf913b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 531b0a1dee8a8e60b027cc489ac4f50d
SHA1 8b22fa8120893e00b94fd74103e023382ea1fefd
SHA256 888bae3445bb523cc531d87e6a93e85323b38a551ae62f2342fe6c2b228105da
SHA512 a73d2899ea5ccaa00baffa74bccd95c31532335d3ff9db0b92df2c398f2bac84c1ab8bc2dfb7c1d540392f1aa9c5ad555d840c3f8e3fb8305df0ebaa185e45ef

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xde90bbv.default-release\cache2\entries\2FAF583B0DAE8C3C7B14947A2FCE4DE42E892813

MD5 ef2325b4544351093ad16328dad61712
SHA1 d0d9eb3f91f8b8eeda4e9fe14ba9bbffae40e44c
SHA256 119d745d62340ed8cdf53767a8691c08dae37da404bb5587fac9de7a1e258e2e
SHA512 e30c23d96c9aa04712a10f75f45b89ce8be78d3bafa20aca895488c7f7e4809b0bd30039cc5a873e15f5c6f474878688c7ff9667a03a53fc66a154929ad52d7f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xde90bbv.default-release\sessionstore-backups\recovery.jsonlz4

MD5 6b36fc69d97fe9e24e996ae6c93bffe6
SHA1 69ffdb2b138c2aa3ec60ac728fa038dd86289ecb
SHA256 08391a68401a2d10ec8932b041f1348d0f148927fb1f1dc58997504a23db3ead
SHA512 bab68be61045bc7f723eeb5329243571c61d6f470b9c3ffc3ba829f828d2014b5b806748f4fe2b60efdb6ff78b1ae288ca4a82077d42b20e9d828b2619e0b536

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\UNRE18W1\www.bing[1].xml

MD5 0083207da18e4fa802f7a9d1d36ede44
SHA1 a25f860a6c752e011d9b4c8c99617bdd5c19d2c7
SHA256 9a11efd3bed5bd12e935284f161e6a7a47806b04266cbab2965e2337fdd24ece
SHA512 9a2be036388c3baab5f56e9cb28ab9812c94f4f941ab954724066bcacea480fb89c22b6bc9860cd03d6412f0131079bf34d2a69ec9090562a9283af8fa7e96a5

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xde90bbv.default-release\sessionstore-backups\recovery.jsonlz4

MD5 9a940570751cec481c8205dad05bc700
SHA1 55e21e03e15c6aa76ff28183e0bc32c4a56cc693
SHA256 49dc70c58bef8dd9a01c51badd54850600ab5f4a36f41a93a77ec9793cf32c85
SHA512 76ed60a7b8b213a2a38ee15702d161544c4822f45da03a24a277f7d4628ffc2cbeca69ccf0804618184a2fd8e18fac333a2e6e20466608b61eb8538a69075d1d

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xde90bbv.default-release\sessionstore-backups\recovery.jsonlz4

MD5 c0450fe2bf6803fd5d43798aa04f6667
SHA1 d8e96c8d846204601fa44f9c341060924e8755f3
SHA256 cd3ba4302888e6d87754e1be3c113f5c81c0cbb9d2cf947c4f0b042ee894c8a9
SHA512 fa60e9afd43743d1a30f7b1e83c9132d7cf70278eac955cad7a2ebb0d2d9add8de4c03a41cbcd180c56883991c3160dda81727bf8d10d342f17744d3c7d2e815

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\UNRE18W1\www.bing[1].xml

MD5 893fbfbca22608de8eecdc8d0f0fdba7
SHA1 335398f0ea93811a06fbf26b6fdb545ed3c4b1b4
SHA256 15306f49b02c551dc35153bc5d691d4ed819102fff5303bbffbf74b99576f184
SHA512 7ac91937546212cc1d97de58d417b8d0459e6a750c310f44395b3ab62d0f62f71384eaffbca12d8620dd4b85e6f670057447f63c22f6c6cb3c2920070d51254b

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\UNRE18W1\www.bing[1].xml

MD5 67b22bcf66bf08bfd118b14b58142372
SHA1 33e9926ea1ddd662279915889fd229da27075e33
SHA256 036b3cb3f8924e244b19d32942117160cdf0ae4b6b35ffad6fe01d2f44d7fd85
SHA512 640a9664b04bf5b4fff66863ac9bd68281800ed032db9e3c86f54ece63c49788fb4bc3cdd4070720cbd3c37a828ea01777aa02477d6cc1a9f0508af7c7020119

C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat

MD5 afc6bbc10070adf70b5877e1891cb683
SHA1 2acc322c1c83fbe22e7d675b2c7fc8f1b58d3e8a
SHA256 630d5baa994d82dfc7a4853f21d6f1fa7290dc198779bf2b97c6028a78125664
SHA512 636b37a2d1f643e786bf21bdc4c60099b9a717c8c13454d99ff7caa4733426c9a5400ab7f4e2cc5b888fe5e1acce82023ac896d140cb8e4d1bbf85462479774e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xde90bbv.default-release\sessionstore-backups\recovery.jsonlz4

MD5 ea255c7352be247347475f667ad65bbe
SHA1 25ce4b80a28b8958d915cc64c69ced2590fc2500
SHA256 6ad1900889063a92b3d16bc6cbb3df2d77c2dac45167d079a9b53fbb7ab26edc
SHA512 9f345cce35af1a2e56462eef20f8cda9b74d9468edaea538c7b43574ec6c76d0b13beb37101e5521540871890af0eb60213d9d03992c7991f05c612e08ce8c0e

C:\Users\Admin\AppData\Roaming\Microsoft\UProof\ExcludeDictionaryEN0409.lex

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms

MD5 49c4deb90160c2fc09ece7710d313177
SHA1 5de3db0bcf1bf54419a9fa86111f4611f11e409e
SHA256 24a58f34a5b3b3a172d75b85ad5ce1594de192137454e9f47273e0fc67fa2cea
SHA512 190745df3d9ad828980a91289a36ea554910366ac4a17fc90d292de6cea6070910a76f8ccbba8b2709b288cf5ac9851f6b782b4720237d728a89aafb02bc3735

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms

MD5 566c0c9070b3a257e35cc739147a03f5
SHA1 6c1432f0b28b64857fec5a47fb63709812a5e6d9
SHA256 25c15ac4d2a7a415bcf5ca61472042f57e4c6be2f067ae8f8691b064b5b043ec
SHA512 d8a7005c5016378de660055bd2037b1e75758792767c07e78b2df2f1324225cfcead5deb0568c79bfda58ef9a997fd7b05b362f51cfc3007255ffa83f90442b0

C:\Users\Admin\AppData\Local\Temp\TCDACBB.tmp\gb.xsl

MD5 51d32ee5bc7ab811041f799652d26e04
SHA1 412193006aa3ef19e0a57e16acf86b830993024a
SHA256 6230814bf5b2d554397580613e20681752240ab87fd354ececf188c1eabe0e97
SHA512 5fc5d889b0c8e5ef464b76f0c4c9e61bda59b2d1205ac9417cc74d6e9f989fb73d78b4eb3044a1a1e1f2c00ce1ca1bd6d4d07eeadc4108c7b124867711c31810

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xde90bbv.default-release\sessionstore-backups\recovery.jsonlz4

MD5 5bd69aa67f7f9c961c32b6a64e685fc8
SHA1 0d3acdbd73418a8011e6c8be4f98a5cca02a551f
SHA256 aff4c9c49333cebda70e5a3ad722e1478b6d9aff7fd9fe296cf9dbce03037a10
SHA512 01617eb58c5e61a5f961b89a8b596c4ce63a46b2f76ce24e33d5c0020a41972f2af4e47a6f40c035da4dea5b973ed74ff6462da9ec94f7e9d6f763b568045145

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 e57951540dd8f49e7e41259d51b1b5d7
SHA1 9116eaaae3c4aa40d0b96ec5dba1f382ba0fc431
SHA256 26b09be79f8450c16646e8cc3fc82d554e41bd3eb4edf540b06ec29b51b0dafe
SHA512 4f23df629e085d64f75aa9f80566ff4bdbcff60c20524208b684af314bbc8262450836934f128b712b46e5854cd9e16c440c2033922cb10faf90bee7955411dd

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xde90bbv.default-release\prefs.js

MD5 e91440af8a4691622b8e2574b8616178
SHA1 69e4d6671a74b6286a831e52eb3e0617d23fd22d
SHA256 4f45d288786c8a357c9ebebecd15c440ce67905fa5ba3f2470357a74666822ac
SHA512 f3d815a670cc0a6d574547c2697904a9af607191ff870076ed539d01c65e824ae8fdd95ad8c70be8c59d232e13decc8ecbf692ec279567bfc3c3565b274c5280

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xde90bbv.default-release\prefs-1.js

MD5 6ac5a6cd0f393fcc1d7c217c055aaf4c
SHA1 ef85a854b80171a0d78a85a89a043f9d445fea01
SHA256 63c3893a7e87b5c67fde65e11c2377556d2b449c0d19fa21e93dc349e7e52f34
SHA512 a91d97eba9964bfb3a578d7598502f04b8a3d6ce3b87e4f7e1112180b99d06e70c513b3b02a6431ada148676919e3fc4f90c7ec2f1cc00413946e4aac3c27eab

C:\Users\Admin\AppData\Roaming\vlc\vlcrc

MD5 7b37c4f352a44c8246bf685258f75045
SHA1 817dacb245334f10de0297e69c98b4c9470f083e
SHA256 ec45f6e952b43eddc214dba703cf7f31398f3c9f535aad37f42237c56b9b778e
SHA512 1e8d675b3c6c9ba257b616da268cac7f1c7a9db12ffb831ed5f8d43c0887d711c197ebc9daf735e3da9a0355bf21c2b29a2fb38a46482a2c5c8cd5628fea4c02

C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini

MD5 60a332fa2a816e4eac86fbe8ef0822f9
SHA1 4a4bbb7fd5b4f09a5b41d05db4b49c7b42aa43a4
SHA256 958d8f20aa738e2c7743ceda3c5411b2ed11d00d2b5783a08b8de3b700d87fb9
SHA512 de479942e57a1add2eade47965ff54a8f26fe7893f53bdb7aa29f6ab62f980caae1e70d86be38fc9d776b445877d1ec7df93563b1577bfde53f4d26764f6a329

C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML.bak

MD5 7050d5ae8acfbe560fa11073fef8185d
SHA1 5bc38e77ff06785fe0aec5a345c4ccd15752560e
SHA256 cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b
SHA512 a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

Analysis: behavioral4

Detonation Overview

Submitted

2024-06-29 00:10

Reported

2024-06-29 00:41

Platform

win11-20240508-en

Max time kernel

455s

Max time network

1177s

Command Line

"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\bin\Background.mp4"

Signatures

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\Z: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\unregmp2.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\unregmp2.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Windows\system32\unregmp2.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\system32\unregmp2.exe N/A

Processes

C:\Program Files (x86)\Windows Media Player\wmplayer.exe

"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\bin\Background.mp4"

C:\Program Files (x86)\Windows Media Player\setup_wm.exe

"C:\Program Files (x86)\Windows Media Player\setup_wm.exe" /RunOnce:"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\bin\Background.mp4"

C:\Windows\SysWOW64\unregmp2.exe

"C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon

C:\Windows\system32\unregmp2.exe

"C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT

Network

Files

C:\Users\Admin\AppData\Local\Temp\wmsetup.log

MD5 8d68f1287176c23655d1b47cca643c82
SHA1 0c99c4f89eb2204ceb83b1b0994256389dac30e7
SHA256 4dad03e199e3ea631edbc8d3f6d8e19262b4d8203819b767dcbef844b5c9831d
SHA512 1c892ad257370285a3f8cd0d0a788bde66690da474c27878b737129ff48b27d6e20a77be0e944e0f0c0fff0f0f71844eab7bcc4b42e1f994803d79a0bfe65dd2

C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML.bak

MD5 7050d5ae8acfbe560fa11073fef8185d
SHA1 5bc38e77ff06785fe0aec5a345c4ccd15752560e
SHA256 cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b
SHA512 a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

MD5 c22827ce26657a6f0e81f951a24015c7
SHA1 7599ded671a93ad7dce359598be6e79d5cc0aaf6
SHA256 19434a11eb38a783a992de731c9034d09b02df7caf4fdc18a76ffe8f76c160af
SHA512 f5cf767bdfdb23a9c4ac130894bf2448a0b19e61d3459ba34c63be6bcea485099fa203e2186acbc1e267694fab892e3ac8bd7ad63f284959a74fc61485276e3a

Analysis: behavioral7

Detonation Overview

Submitted

2024-06-29 00:10

Reported

2024-06-29 00:41

Platform

win11-20240508-en

Max time kernel

450s

Max time network

1171s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\bin\xxhash.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\bin\xxhash.dll,#1

Network

Files

N/A

Analysis: behavioral8

Detonation Overview

Submitted

2024-06-29 00:10

Reported

2024-06-29 00:41

Platform

win11-20240611-en

Max time kernel

1485s

Max time network

1499s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\bin\zlib1.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\bin\zlib1.dll,#1

Network

Country Destination Domain Proto
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp

Files

N/A

Analysis: behavioral11

Detonation Overview

Submitted

2024-06-29 00:10

Reported

2024-06-29 00:41

Platform

win11-20240419-en

Max time kernel

454s

Max time network

1177s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\d3dcompiler_47.dll,#1

Signatures

N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\d3dcompiler_47.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

N/A