Malware Analysis Report

2024-10-19 07:23

Sample ID 240702-g8c76atgjr
Target piggy.png
SHA256 38ce15ff72fe07a74ac9e4692fac7c0b964ca3c4f6def07d942fd94ecfd80981
Tags
aspackv2 defense_evasion evasion execution impact persistence privilege_escalation ransomware trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

38ce15ff72fe07a74ac9e4692fac7c0b964ca3c4f6def07d942fd94ecfd80981

Threat Level: Known bad

The file piggy.png was found to be: Known bad.

Malicious Activity Summary

aspackv2 defense_evasion evasion execution impact persistence privilege_escalation ransomware trojan

Modifies Windows Defender Real-time Protection settings

UAC bypass

Modifies WinLogon for persistence

Deletes shadow copies

Downloads MZ/PE file

Disables Task Manager via registry modification

Disables use of System Restore points

Event Triggered Execution: Image File Execution Options Injection

Disables RegEdit via registry modification

Modifies Windows Firewall

Checks computer location settings

Executes dropped EXE

ASPack v2.12-2.42

Impair Defenses: Safe Mode Boot

Legitimate hosting services abused for malware hosting/C2

Adds Run key to start application

Checks whether UAC is enabled

Program crash

Enumerates physical storage devices

Event Triggered Execution: Netsh Helper DLL

Uses Volume Shadow Copy service COM API

Enumerates system info in registry

Checks SCSI registry key(s)

Suspicious behavior: GetForegroundWindowSpam

System policy modification

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Suspicious use of SetWindowsHookEx

Modifies data under HKEY_USERS

NTFS ADS

Suspicious use of SendNotifyMessage

Modifies registry class

Interacts with shadow copies

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-07-02 06:28

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-07-02 06:28

Reported

2024-07-02 06:39

Platform

win7-20231129-en

Max time kernel

421s

Max time network

656s

Command Line

C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen C:\Users\Admin\AppData\Local\Temp\piggy.png

Signatures

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Windows\System32\rundll32.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2424 wrote to memory of 2540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2424 wrote to memory of 2540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2424 wrote to memory of 2540 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2424 wrote to memory of 2784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2424 wrote to memory of 2784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2424 wrote to memory of 2784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2424 wrote to memory of 2784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2424 wrote to memory of 2784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2424 wrote to memory of 2784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2424 wrote to memory of 2784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2424 wrote to memory of 2784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2424 wrote to memory of 2784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2424 wrote to memory of 2784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2424 wrote to memory of 2784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2424 wrote to memory of 2784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2424 wrote to memory of 2784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2424 wrote to memory of 2784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2424 wrote to memory of 2784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2424 wrote to memory of 2784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2424 wrote to memory of 2784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2424 wrote to memory of 2784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2424 wrote to memory of 2784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2424 wrote to memory of 2784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2424 wrote to memory of 2784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2424 wrote to memory of 2784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2424 wrote to memory of 2784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2424 wrote to memory of 2784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2424 wrote to memory of 2784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2424 wrote to memory of 2784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2424 wrote to memory of 2784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2424 wrote to memory of 2784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2424 wrote to memory of 2784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2424 wrote to memory of 2784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2424 wrote to memory of 2784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2424 wrote to memory of 2784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2424 wrote to memory of 2784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2424 wrote to memory of 2784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2424 wrote to memory of 2784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2424 wrote to memory of 2784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2424 wrote to memory of 2784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2424 wrote to memory of 2784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2424 wrote to memory of 2784 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2424 wrote to memory of 2484 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2424 wrote to memory of 2484 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2424 wrote to memory of 2484 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2424 wrote to memory of 2472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2424 wrote to memory of 2472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2424 wrote to memory of 2472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2424 wrote to memory of 2472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2424 wrote to memory of 2472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2424 wrote to memory of 2472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2424 wrote to memory of 2472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2424 wrote to memory of 2472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2424 wrote to memory of 2472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2424 wrote to memory of 2472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2424 wrote to memory of 2472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2424 wrote to memory of 2472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2424 wrote to memory of 2472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2424 wrote to memory of 2472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2424 wrote to memory of 2472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2424 wrote to memory of 2472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2424 wrote to memory of 2472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2424 wrote to memory of 2472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2424 wrote to memory of 2472 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen C:\Users\Admin\AppData\Local\Temp\piggy.png

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6ad9758,0x7fef6ad9768,0x7fef6ad9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1116 --field-trial-handle=1284,i,8948812601528560281,15759043680666476587,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1484 --field-trial-handle=1284,i,8948812601528560281,15759043680666476587,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1592 --field-trial-handle=1284,i,8948812601528560281,15759043680666476587,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2300 --field-trial-handle=1284,i,8948812601528560281,15759043680666476587,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2324 --field-trial-handle=1284,i,8948812601528560281,15759043680666476587,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1732 --field-trial-handle=1284,i,8948812601528560281,15759043680666476587,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3244 --field-trial-handle=1284,i,8948812601528560281,15759043680666476587,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3128 --field-trial-handle=1284,i,8948812601528560281,15759043680666476587,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3664 --field-trial-handle=1284,i,8948812601528560281,15759043680666476587,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3908 --field-trial-handle=1284,i,8948812601528560281,15759043680666476587,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3996 --field-trial-handle=1284,i,8948812601528560281,15759043680666476587,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2072 --field-trial-handle=1284,i,8948812601528560281,15759043680666476587,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3400 --field-trial-handle=1284,i,8948812601528560281,15759043680666476587,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=728 --field-trial-handle=1284,i,8948812601528560281,15759043680666476587,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3244 --field-trial-handle=1284,i,8948812601528560281,15759043680666476587,131072 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 pki.goog udp
US 8.8.8.8:53 pki.goog udp
US 216.239.32.29:80 pki.goog tcp
US 216.239.32.29:80 pki.goog tcp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 www.microsoft.com udp
US 8.8.8.8:53 apis.google.com udp
GB 142.250.200.14:443 apis.google.com tcp
US 8.8.8.8:53 play.google.com udp
GB 142.250.179.238:443 play.google.com tcp
N/A 224.0.0.251:5353 udp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
GB 142.250.187.202:443 content-autofill.googleapis.com tcp
GB 142.250.179.238:443 play.google.com udp
US 8.8.8.8:53 consent.google.com udp
GB 142.250.187.238:443 consent.google.com tcp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 8.8.8.8:53 github.githubassets.com udp
US 185.199.111.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
GB 142.250.187.202:443 content-autofill.googleapis.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 192.178.49.163:443 beacons.gcp.gvt2.com tcp
US 192.178.49.163:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 beacons2.gvt2.com udp
BG 172.217.169.99:443 beacons2.gvt2.com tcp
BG 172.217.169.99:443 beacons2.gvt2.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.111.133:443 user-images.githubusercontent.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 192.178.49.163:443 beacons.gcp.gvt2.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.179.238:443 play.google.com udp
US 8.8.8.8:53 github.com udp
US 185.199.108.154:443 github.githubassets.com tcp
GB 20.26.156.215:443 github.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.111.133:443 user-images.githubusercontent.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.111.133:443 raw.githubusercontent.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.111.133:443 raw.githubusercontent.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.111.133:443 raw.githubusercontent.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp

Files

memory/2212-0-0x00000000003B0000-0x00000000003B1000-memory.dmp

\??\pipe\crashpad_2424_ZRYRDZNYWRVIDTEE

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Temp\Cab18A1.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

MD5 aefd77f47fb84fae5ea194496b44c67a
SHA1 dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA256 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512 b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

memory/2212-108-0x00000000003B0000-0x00000000003B1000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000004

MD5 151fb811968eaf8efb840908b89dc9d4
SHA1 7ec811009fd9b0e6d92d12d78b002275f2f1bee1
SHA256 043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed
SHA512 83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 261aaf5706e87bed8dda0558097327d9
SHA1 7e4ce0b706b7c74e9a560b7278d6e9f484009de0
SHA256 b7d5a4de8e6f9a4eba843cfa41591e1ca9e73913a6f63268aab8040f65130fdb
SHA512 6e9841f21b24ec94465a83c220aae1fd441e92e50c64d1ff823e1f9e15fa55f4e00535d5c17969528556a8271d9396c423a4adb90f82c35914cef2b985eae650

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 700f18c63105bb0e1ce4cbd2644c12ce
SHA1 a4a9a90da67ebaa54d35326b94196124ec2d91fd
SHA256 8969b7f1347c9f43a2a9782e44078c9c20e47da3c26927a83c807bcdc30b76c5
SHA512 40fb39d7701e6ba75e7554b57595f2d75d42df63a2d7f862f68bbc67af1d170ea2a5729c588a44474433eed63e2978e4301fb18bb17c1d518c8dc8e670be8874

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 c0a803cf7cf3f953dcdf3e5339b14ba5
SHA1 d101bbe792d833a78ba79e7e613f7021e49d70dd
SHA256 e320b41b01f4bbaf4512c0ba8950b4f8de022b3972e9c710eb5f1c6e97d58b88
SHA512 5c7c6e2bb1262452c35e64c720e82c39de99c9c5e9200e40a42812886f688da51d46156d61614df324298d9d0c1975bbb4523b9a62dbe1e3f1c312404cf2cdeb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 332a99b32d75234ed551766daa652250
SHA1 8e9c8f68251d573ab28a661515e29ccb1190a560
SHA256 e5cc96e1142e97b755f8f7dc640c95f0ed2fa97cea758b61ce141a6d40623beb
SHA512 1691c049516f635d14c57af582001ced9531f93e24aab3ff6a916c81e118b4b43b24098c87fb134b801deec146530e0cac1358aa473e8db6c6cd0eeedc5cb6d7

C:\Users\Admin\AppData\Local\Temp\Tar2E27.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 a266bb7dcc38a562631361bbf61dd11b
SHA1 3b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256 df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA512 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

MD5 e565395dc75cf17167e12addca52071b
SHA1 c523b0ae2cebb8aeb55ebd197e13c282dd6472ce
SHA256 c578873eaf681b169f7b524905858e166f2ebfba1b6f13811c9c181999db1386
SHA512 a51ddbf3180eda34546ee73a07567259380f7f2396a968e2e1dfd8fa48d1ed3cb8abb2ff390f66daaa54fca719709a04f121af4283a635222322712966f83959

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 9163651b94606698eeb227d495f619f2
SHA1 f25925d52853006f244eab0279941dab40daae0a
SHA256 9bb677a14033a70e344d2cfd3d80bc766c7aae48a75d0521af7f6d5e65fcb878
SHA512 2689a32df412f444a38c149e15c4923ec67216560a885e43966f415af73080c32b6fcc129e248949b972b3f5cf0712726ea2b2c21ddf4f99f7aa0d0a64086aab

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 e4a68ac854ac5242460afd72481b2a44
SHA1 df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256 cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA512 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6178f8869004891bce7aecb3933072f2
SHA1 9ddf9fc227a7593ab7beec520cb48d3a2f92ab2c
SHA256 ed6cd0fe07ed6b33f8d20f6063601082bda6e94eecb9055f86054bfd67c415a7
SHA512 54e3eef6d6f0016e29f86298baee26032b5fafa4fbb004e8da8fa595e33b92e52a1e9921fd26e03b26701512901e7f0e48fbfe639ae74fb16ed0a651d908b066

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3853d2b6540db8d01f1b7856f5c61fcf
SHA1 b7934b5327a91e2aa32f1d73fa817a919d502590
SHA256 364c9a6e06ad48b762628f571864557fa6e71a3db8ffd59fb1133245ef81fca6
SHA512 4b0ca0a5dd781a50e11f3ec64c4b12a82c2985a0e3ee32d1980a18507dc2d1185f8cbf6b7daece2fff0876a5a783f4c8f286f221e403cb3a8d439647b59aab3f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 136236ab109e053c3572f69c15448780
SHA1 a4b17631c0fa13b622f94c39a3764be6ced67935
SHA256 1b5cd167cac5fb5a72f936c1ffa30ce13aed98cb59691510edf118f55243764c
SHA512 5d054701c50b9768f13a03df6ff0eea672eacb17f0995348257b51af452ee50fffefc532da31d6a3414c9202080c3e46909860d0121e3879fecc648b766a8a99

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 03f309798266fc44c3d67fa011200ed3
SHA1 a3f18db89298784287d4b373115fbb8dc1dcf3e0
SHA256 72c555ae0f71403156e6e8920f6805503ef7eaeb30ae439b257a7939846bc171
SHA512 6b68ec5d73d2fa3069284307206fd0ec76b622e1f44bd42e9d02586660554d9c6e9f9b2436f94c44023db7f08d49aa09af266b38a3706567653d9bfe679426af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 05f2f5e3d0594afc113410eb7e3ec88f
SHA1 ea263d3953519adee37a1b5415b3cc6f930ffd7f
SHA256 e063c2fa19039215011c779bca595ade6e648024d2ce724c32f4d576ad3bd962
SHA512 e26a071c40624407008e4b01f394b998c1750cdf66b3804cb2659cedcf9c0df4f12c41bd3c2cad41a3d917490fe88dae456764a77b0f01789cd1dfdd3727f3a8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

MD5 37e4791b48e8fe362c208ebd4da488a7
SHA1 64c2d606ec0920bd0af1249224c213e65d87cefb
SHA256 f6382422b66a575b2f907ae6a0263a7c936f2978844b359ee50c881d276693fe
SHA512 5db7b8351c97712f871a06d699e837fb8bef70fa131c4f86c6b0be636ddfe7175668f6da18cd687696adca0c864ee006fd310cf24b8a06aa6073087847242793

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

MD5 2280e0e4c8efa0f5fc1c10980425f5cf
SHA1 1d78ccb26fef7f1bf5bf29de100811e1ac8bda23
SHA256 b9225cb1f0df94ebe87b9eb2ad8c63cf664d2dfdb47aeaff785de6c7ce01aa74
SHA512 b759fcbf578947c0290ab703652df9f37abb1f9f5cf6140acaa8c4d4ee655ee0ee1f9bee9d4fd210d9e12585a51358b52e0e9c0878abf2713e6fd69a496ac624

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

MD5 8f5c02a2d7cb398342851ad2ca3c87cf
SHA1 21b7243532e43301a97ec5cf0d11e4d621b0d784
SHA256 08e636b5f642629c05ffe78ffb5f1b808fe37fe9a7b37409b11bb95e7990ece9
SHA512 348549184e00dd37d1217bdaed5fed7faa08362c3838ec8c0c2469359b659c2cae11d5aaface994499195b38412e1c07ee2300e531f2cc552e2d14761418f27c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

MD5 d3ce8132fff199a89682d53d7c7f33d3
SHA1 cebe2b4b10cdab32d5e883b51e21f4c8c62af86b
SHA256 24f1cbb7ca9a5e6ecbcc90504ed4c768ebe3a8ad2def99b58ea7cc89bc13813e
SHA512 4e5768a5278c732bf4878457d8acdd39b5b0230236e4577f856e5757aa38a508eab84c7f6b8df853ed5c4e9edad8d0233bbb1358e7b9aaf2e59d5ec2498791ab

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

MD5 c6f290874f88ed4d9d1b39c8b839be83
SHA1 6749bc017ec59d9ed36a2306bfe69e5a4f524ace
SHA256 f85e211a84acd58c1824e1327de169d58f645f006965135e363ba1537f87ec08
SHA512 45b5fd4a7e130f724b7abfa1c827005a2f47f96081bc5ad868d6881f6a75f46fe3908b0e09afe4d995f5f282f707a368ea1f2a9d12b933eb6270fe3b6c2a4064

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

MD5 0c938f8e47b2606f5765db41d8eb4f33
SHA1 303526623f46f4e9995cefc87a55a9eefe63b128
SHA256 2a2df6720064ddc92b5a335d553106027bd9b29772edea77ec9b77d90f211f1c
SHA512 35a84c6ea475b1c869931d9b5d7c71e4daa1b437e1f59f5974f8ca5d2a2200e3dd55e5489e1858c258fdceb093df0a5fa05a6d0fae0af7a5a83602b140c211ab

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

MD5 b60a229a2fea8350fe92c85c0894b6ca
SHA1 f6506414630f1f93efd4024287fac6424dc3415d
SHA256 59a5229eca96ec0769c5b1b075a0784d6d24eed0f050101f2cdfdc67863a63fd
SHA512 c7ef6bf14b3e51478c7d46dd0e2f0fa7b3140525bd7159bbf336d9c113e34df0bb4a498de63059a0302779b186b288b6cc29266f72adc8d6f6e611abcbd9e554

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e4a0a273f679299bc9ef160b2e52f3f9
SHA1 00d1cd7e41b0462082b6bc6b718764d50a633122
SHA256 d090a7f58bcf0ee6918628950f70610a1f0001c8aa07fc4628fc14a7c01ec1e3
SHA512 c02a550a91a7050ffc3a5c8155ad0964fccf24a48091f233e4a82ae837bf838d9aeb8f9ca05f36a550d5bf234b61058f4dcb1bd187c9ad9cf256fa5c792a58ab

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 97c70c1742d195b32c1bb7be164e7bea
SHA1 5741a56f7d4485e1d8ae51796a9e677f46d9343c
SHA256 47e01f98ad1259c7f7d2874882e236700b7cc29372439d260456fa1e193678b4
SHA512 8c9b6ab2602da32976c2c2afd5c1ff20d839044897301f174b3bc90410a95fb339be65fbb5d6046f84d0b7c3cc1f8a4e4caacdafad053e8848a6b3a65bfbcdcd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 ea002bda957334046d5a949ca2d55cd8
SHA1 7129d11328a611fc6c35a5d15f0f5d08d33ce70a
SHA256 5f0bd016b7a5a48fd4bf3c9649af91bceef75cf75266234591339df204abdbd0
SHA512 c7d3329fc9245a61ed1f035224023765566e707ebcb8f6573d0fad06194e785597f4df9247a996e29ce10d389979dc6ad797ddd6198d995da31bf2a7272f6c4b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 56d30a9af79b3f11f7274ce193ccb665
SHA1 f0dbe5fac3985b948acfe391d88b7d33810cf110
SHA256 0ebef066607a9e182e226839504b7a634b8c2509623e2003795ebd753170a828
SHA512 cf76d1f5a6840f217f34515ab8c0e2d77a10830bd06584367e92703c26ac3185c7314ebf01bc9ca8bfe73c19954f4425d5db3e1a3aa46c6af954369adced961f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 264319a52656f26a5a43e6d36ab8d9bf
SHA1 3f02080d1b25b13862ff2b2f43ff2e4463d816e7
SHA256 18a9e419ad92e3f3a763e294bef6b45f2d8cc51587780eff826ae56d47064051
SHA512 1d981d32da77ff824bc3653581c278db18de6e180307d2e878b6f22c3e93a303aa51cd976d10a4fd12cdf5c5814552f28a0d96789f5fe6f8e4a7c99a35f588a5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 fa5adf303c4912e914978dfae6d0d7de
SHA1 9772b69507dc5e60c2d51cc2da03b5dc1874a4ff
SHA256 ccdbb431a0e8be362b18cf4b9f69e8374bd4729201b961240899b8c669bdb1f0
SHA512 922065ea683008467183e4a561304a4d131f7728e262b1e5564f2b4fab856268b2a240012ad1c29e135ac6d66429a665d365c655d977c51728d5c1be4ae4ea43

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8bb69c9114b285edb5c2a53c0860ba77
SHA1 5837caf5510a18ab9c5cebe4795d01e56b318dc2
SHA256 9a2f3c0ca25efdc9b6c2117436e7ca46cfddc18d078ddaa19193405b000506f6
SHA512 ab6ac42ee8b0b6a1236cc29644d9a46fdaf5ce8d483dfb060d1673327e3ff14726b1240e621c128c5f27d161cfacb354d26381a59b446e6ef8414f321c55793b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

MD5 9b2145af0c354efcb06565fa97611b75
SHA1 5793fe34c2558cb239a8b897826991bcf42f52d2
SHA256 fc556002af9be2332dae3074c7b44acab761964b4dcf54f9c2a49425f784097e
SHA512 cbc37421352b247453b52a7a48efd91c80230e73151e5f5785a1d4d47706b30707e27fe31ae57876702e96f4275042a060e63754a18ac25c2d16f933e7fd4e16

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 9741ee9c1e56a5d78ec1579dcee24c8c
SHA1 9b2603794d978dcb01549e1dae993ff52c2a3421
SHA256 2ba31f2099eacd99b333ad01f6197fbd53c22756cd0876762f33083b7d28b96a
SHA512 6331c3bd6a0eebbbe55747c025184b7e659ebc52e9a5bee53a5cb6c0cd6aa01acb7f2ce866e49a3a85b0e4bfff0eb1b4dd5ba7cf03b19e498b96901340fbf168

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 0c200f8f8cdd1f7ad1e32606aa18d554
SHA1 3c2655de97fbb36bdc541bb614a7afd2c0f7d9e0
SHA256 379bbf5aecdccc270e452ce58946fc11e9eab2dc26dd6fca77862b328d7a1ec8
SHA512 53ff0e8a6f3ffd93a5390eb10e9ede23cf5af140a0196ee312f4bdde5bace8484c0e4a5615141d7833a309a73d99696752d1c85cbcf7c9cd0df9a3207b030f14

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 cab17dbefcb8b999f880ba2ae2a5ee12
SHA1 1321335e55f6c9b965c32a65dcea6ee1a850801c
SHA256 23ce7c54e7691f2ba7acb76af08528d22f015583e3347f438049c4b9683e8b8f
SHA512 bee7d444d53391cce7b206631b5c3e671eba86752574e3fbb6931fdf89ee64bf99810073bec7ff585649c91b561f46a08180b1009907c911d9c26c990108974e

Analysis: behavioral2

Detonation Overview

Submitted

2024-07-02 06:28

Reported

2024-07-02 06:38

Platform

win10v2004-20240611-en

Max time kernel

626s

Max time network

629s

Command Line

cmd /c C:\Users\Admin\AppData\Local\Temp\piggy.png

Signatures

Modifies WinLogon for persistence

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "C:\\Users\\Admin\\Downloads\\Annabelle.exe" C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "C:\\Users\\Admin\\Downloads\\Annabelle.exe" C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "C:\\Users\\Admin\\Downloads\\Annabelle.exe" C:\Users\Admin\Downloads\Annabelle.exe N/A

Modifies Windows Defender Real-time Protection settings

evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableRealtimeMonitoring = "1" C:\Users\Admin\Downloads\Annabelle.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableRealtimeMonitoring = "1" C:\Users\Admin\Downloads\Annabelle.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableRealtimeMonitoring = "1" C:\Users\Admin\Downloads\Annabelle.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection C:\Users\Admin\Downloads\Annabelle.exe N/A

UAC bypass

evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\Downloads\Annabelle.exe N/A

Deletes shadow copies

ransomware defense_evasion impact execution

Disables RegEdit via registry modification

evasion
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\Downloads\Annabelle.exe N/A

Disables Task Manager via registry modification

evasion

Disables use of System Restore points

evasion

Downloads MZ/PE file

Event Triggered Execution: Image File Execution Options Injection

persistence
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rundll32.exe C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DCIMAN32.exe\Debugger = "RIP" C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cabinet.dll\Debugger = "RIP" C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\notepad++.exe\Debugger = "RIP" C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shellstyle.dll\Debugger = "RIP" C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bcdedit.exe\Debugger = "RIP" C:\Users\Admin\Downloads\Annabelle.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ksuser.dll C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\opera.exe\Debugger = "RIP" C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Autoruns.exe\Debugger = "RIP" C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mspaint.exe\Debugger = "RIP" C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rasman.dll\Debugger = "RIP" C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe\Debugger = "RIP" C:\Users\Admin\Downloads\Annabelle.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\powershell.exe C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DCIMAN32.exe\Debugger = "RIP" C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wmplayer.exe\Debugger = "RIP" C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rundll32.exe\Debugger = "RIP" C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe\Debugger = "RIP" C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\notepad++.exe\Debugger = "RIP" C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dllhost.exe\Debugger = "RIP" C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe\Debugger = "RIP" C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\attrib.exe\Debugger = "RIP" C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DBGHELP.exe\Debugger = "RIP" C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe\Debugger = "RIP" C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gpedit.msc\Debugger = "RIP" C:\Users\Admin\Downloads\Annabelle.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\systemexplorer.exe C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\chrome.exe\Debugger = "RIP" C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\microsoftedgecp.exe\Debugger = "RIP" C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSASCuiL.exe\Debugger = "RIP" C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskkill.exe\Debugger = "RIP" C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shellstyle.dll\Debugger = "RIP" C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Autoruns.exe\Debugger = "RIP" C:\Users\Admin\Downloads\Annabelle.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DCIMAN32.exe C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\control.exe\Debugger = "RIP" C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe\Debugger = "RIP" C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mspaint.exe\Debugger = "RIP" C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rundll32.exe\Debugger = "RIP" C:\Users\Admin\Downloads\Annabelle.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSASCuiL.exe\Debugger = "RIP" C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\chkdsk.exe\Debugger = "RIP" C:\Users\Admin\Downloads\Annabelle.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\url.dll C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe\Debugger = "RIP" C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MSASCuiL.exe\Debugger = "RIP" C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mydocs.dll\Debugger = "RIP" C:\Users\Admin\Downloads\Annabelle.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\notepad.exe C:\Users\Admin\Downloads\Annabelle.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\attrib.exe C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cabinet.dll\Debugger = "RIP" C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DBGHELP.exe\Debugger = "RIP" C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wmplayer.exe\Debugger = "RIP" C:\Users\Admin\Downloads\Annabelle.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\secpol.msc C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe\Debugger = "RIP" C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\attrib.exe\Debugger = "RIP" C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\control.exe\Debugger = "RIP" C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wmplayer.exe\Debugger = "RIP" C:\Users\Admin\Downloads\Annabelle.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\opera.exe C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\microsoftedgecp.exe\Debugger = "RIP" C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UserAccountControlSettings.exe\Debugger = "RIP" C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\powershell.exe\Debugger = "RIP" C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mspaint.exe\Debugger = "RIP" C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rundll.exe\Debugger = "RIP" C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rasman.dll\Debugger = "RIP" C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\url.dll\Debugger = "RIP" C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DBGHELP.exe\Debugger = "RIP" C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bcdedit.exe\Debugger = "RIP" C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dllhost.exe\Debugger = "RIP" C:\Users\Admin\Downloads\Annabelle.exe N/A

Modifies Windows Firewall

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SYSTEM32\NetSh.exe N/A
N/A N/A C:\Windows\SYSTEM32\NetSh.exe N/A
N/A N/A C:\Windows\SYSTEM32\NetSh.exe N/A

ASPack v2.12-2.42

aspackv2
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\Annabelle.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\YouAreAnIdiot.exe N/A
N/A N/A C:\Users\Admin\Downloads\YouAreAnIdiot.exe N/A
N/A N/A C:\Users\Admin\Downloads\YouAreAnIdiot.exe N/A
N/A N/A C:\Users\Admin\Downloads\YouAreAnIdiot.exe N/A
N/A N/A C:\Users\Admin\Downloads\YouAreAnIdiot.exe N/A
N/A N/A C:\Users\Admin\Downloads\Hydra.exe N/A
N/A N/A C:\Users\Admin\Downloads\CookieClickerHack.exe N/A
N/A N/A C:\Users\Admin\Downloads\CookieClickerHack.exe N/A
N/A N/A C:\Users\Admin\Downloads\Flasher.exe N/A
N/A N/A C:\Users\Admin\Downloads\Flasher.exe N/A
N/A N/A C:\Users\Admin\Downloads\Flasher.exe N/A
N/A N/A C:\Users\Admin\Downloads\Flasher.exe N/A
N/A N/A C:\Users\Admin\Downloads\Flasher.exe N/A
N/A N/A C:\Users\Admin\Downloads\Flasher.exe N/A
N/A N/A C:\Users\Admin\Downloads\Flasher.exe N/A
N/A N/A C:\Users\Admin\Downloads\Flasher.exe N/A
N/A N/A C:\Users\Admin\Downloads\Flasher.exe N/A
N/A N/A C:\Users\Admin\Downloads\Flasher.exe N/A
N/A N/A C:\Users\Admin\Downloads\Flasher.exe N/A
N/A N/A C:\Users\Admin\Downloads\Flasher.exe N/A
N/A N/A C:\Users\Admin\Downloads\Flasher.exe N/A
N/A N/A C:\Users\Admin\Downloads\Popup.exe N/A
N/A N/A C:\Users\Admin\Downloads\rickroll.exe N/A
N/A N/A C:\Users\Admin\Downloads\rickroll.exe N/A
N/A N/A C:\Users\Admin\Downloads\rickroll.exe N/A
N/A N/A C:\Users\Admin\Downloads\WinNuke.98.exe N/A
N/A N/A C:\Users\Admin\Downloads\WinNuke.98 (1).exe N/A
N/A N/A C:\Users\Admin\Downloads\Annabelle.exe N/A
N/A N/A C:\Users\Admin\Downloads\Annabelle.exe N/A
N/A N/A C:\Users\Admin\Downloads\Annabelle.exe N/A
N/A N/A C:\Users\Admin\Downloads\WinNuke.98.exe N/A
N/A N/A C:\Users\Admin\Downloads\rickroll.exe N/A
N/A N/A C:\Users\Admin\Downloads\Annabelle.exe N/A

Impair Defenses: Safe Mode Boot

defense_evasion
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\MinimalX = "1" C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (int) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\MinimalX = "1" C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (int) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\MinimalX = "1" C:\Users\Admin\Downloads\Annabelle.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\UpdateBackup = "C:\\Users\\Admin\\Downloads\\Annabelle.exe" C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\UpdateBackup = "C:\\Users\\Admin\\Downloads\\Annabelle.exe" C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\UpdateBackup = "C:\\Users\\Admin\\Downloads\\Annabelle.exe" C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\UpdateBackup = "C:\\Users\\Admin\\Downloads\\Annabelle.exe" C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\UpdateBackup = "C:\\Users\\Admin\\Downloads\\Annabelle.exe" C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\UpdateBackup = "C:\\Users\\Admin\\Downloads\\Annabelle.exe" C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\UpdateBackup = "C:\\Users\\Admin\\Downloads\\Annabelle.exe" C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\UpdateBackup = "C:\\Users\\Admin\\Downloads\\Annabelle.exe" C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\UpdateBackup = "C:\\Users\\Admin\\Downloads\\Annabelle.exe" C:\Users\Admin\Downloads\Annabelle.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\Downloads\Annabelle.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Enumerates physical storage devices

Event Triggered Execution: Netsh Helper DLL

persistence privilege_escalation
Description Indicator Process Target
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\SYSTEM32\NetSh.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\SYSTEM32\NetSh.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\SYSTEM32\NetSh.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\SYSTEM32\NetSh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\SYSTEM32\NetSh.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\SYSTEM32\NetSh.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\SYSTEM32\NetSh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\SYSTEM32\NetSh.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\SYSTEM32\NetSh.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent C:\Windows\system32\LogonUI.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00 C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" C:\Windows\system32\LogonUI.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271" C:\Windows\system32\LogonUI.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "64" C:\Windows\system32\LogonUI.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 C:\Users\Admin\Downloads\Popup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Pictures" C:\Users\Admin\Downloads\Popup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlgLegacy\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}" C:\Users\Admin\Downloads\Popup.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlgLegacy\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295" C:\Users\Admin\Downloads\Popup.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlgLegacy\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1" C:\Users\Admin\Downloads\Popup.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff C:\Users\Admin\Downloads\Popup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Downloads" C:\Users\Admin\Downloads\Popup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlgLegacy\{885A186E-A440-4ADA-812B-DB871B942259} C:\Users\Admin\Downloads\Popup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags C:\Users\Admin\Downloads\Popup.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlgLegacy\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16" C:\Users\Admin\Downloads\Popup.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2447855248-390457009-3660902674-1000\{8829DD77-F18F-43EA-8A13-D25DCD10FC56} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Users\Admin\Downloads\Popup.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\NodeSlot = "2" C:\Users\Admin\Downloads\Popup.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlgLegacy\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Users\Admin\Downloads\Popup.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlgLegacy\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295" C:\Users\Admin\Downloads\Popup.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff C:\Users\Admin\Downloads\Popup.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\MRUListEx = ffffffff C:\Users\Admin\Downloads\Popup.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlgLegacy\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4" C:\Users\Admin\Downloads\Popup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 C:\Users\Admin\Downloads\Popup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlgLegacy C:\Users\Admin\Downloads\Popup.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlgLegacy\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1" C:\Users\Admin\Downloads\Popup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings C:\Users\Admin\Downloads\Popup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell C:\Users\Admin\Downloads\Popup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}" C:\Users\Admin\Downloads\Popup.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202 C:\Users\Admin\Downloads\Popup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2 C:\Users\Admin\Downloads\Popup.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlgLegacy\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257" C:\Users\Admin\Downloads\Popup.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlgLegacy\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff C:\Users\Admin\Downloads\Popup.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlgLegacy\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14" C:\Users\Admin\Downloads\Popup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell C:\Users\Admin\Downloads\Popup.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 = 14002e8005398e082303024b98265d99428e115f0000 C:\Users\Admin\Downloads\Popup.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 C:\Users\Admin\Downloads\Popup.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 112755.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 909674.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 16040.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 334406.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 740554.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 475881.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 976590.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 539034.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 974181.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 924786.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 723463.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\Popup.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: 33 N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\vssvc.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\shutdown.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\shutdown.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Users\Admin\Downloads\Popup.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2316 wrote to memory of 724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2316 wrote to memory of 724 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2316 wrote to memory of 1384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2316 wrote to memory of 1384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2316 wrote to memory of 1384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2316 wrote to memory of 1384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2316 wrote to memory of 1384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2316 wrote to memory of 1384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2316 wrote to memory of 1384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2316 wrote to memory of 1384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2316 wrote to memory of 1384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2316 wrote to memory of 1384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2316 wrote to memory of 1384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2316 wrote to memory of 1384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2316 wrote to memory of 1384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2316 wrote to memory of 1384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2316 wrote to memory of 1384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2316 wrote to memory of 1384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2316 wrote to memory of 1384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2316 wrote to memory of 1384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2316 wrote to memory of 1384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2316 wrote to memory of 1384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2316 wrote to memory of 1384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2316 wrote to memory of 1384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2316 wrote to memory of 1384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2316 wrote to memory of 1384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2316 wrote to memory of 1384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2316 wrote to memory of 1384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2316 wrote to memory of 1384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2316 wrote to memory of 1384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2316 wrote to memory of 1384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2316 wrote to memory of 1384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2316 wrote to memory of 1384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2316 wrote to memory of 1384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2316 wrote to memory of 1384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2316 wrote to memory of 1384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2316 wrote to memory of 1384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2316 wrote to memory of 1384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2316 wrote to memory of 1384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2316 wrote to memory of 1384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2316 wrote to memory of 1384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2316 wrote to memory of 1384 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2316 wrote to memory of 2332 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2316 wrote to memory of 2332 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2316 wrote to memory of 4612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2316 wrote to memory of 4612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2316 wrote to memory of 4612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2316 wrote to memory of 4612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2316 wrote to memory of 4612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2316 wrote to memory of 4612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2316 wrote to memory of 4612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2316 wrote to memory of 4612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2316 wrote to memory of 4612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2316 wrote to memory of 4612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2316 wrote to memory of 4612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2316 wrote to memory of 4612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2316 wrote to memory of 4612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2316 wrote to memory of 4612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2316 wrote to memory of 4612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2316 wrote to memory of 4612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2316 wrote to memory of 4612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2316 wrote to memory of 4612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2316 wrote to memory of 4612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2316 wrote to memory of 4612 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

System policy modification

evasion
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr = "1" C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr = "1" C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\Downloads\Annabelle.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoControlPanel = "1" C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\WindowsDefenderMAJ = "1" C:\Users\Admin\Downloads\Annabelle.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\Downloads\Annabelle.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoControlPanel = "1" C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun = "1" C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\WindowsDefenderMAJ = "1" C:\Users\Admin\Downloads\Annabelle.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\Downloads\Annabelle.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\WindowsDefenderMAJ = "1" C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoControlPanel = "1" C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\Downloads\Annabelle.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\Downloads\Annabelle.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr = "1" C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun = "1" C:\Users\Admin\Downloads\Annabelle.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\Downloads\Annabelle.exe N/A
Key created \REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun = "1" C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" C:\Users\Admin\Downloads\Annabelle.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\Downloads\Annabelle.exe N/A

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Windows\system32\cmd.exe

cmd /c C:\Users\Admin\AppData\Local\Temp\piggy.png

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffdaa6f46f8,0x7ffdaa6f4708,0x7ffdaa6f4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,12616514243304262712,11329423419477690377,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2216 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,12616514243304262712,11329423419477690377,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2420 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2164,12616514243304262712,11329423419477690377,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2772 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12616514243304262712,11329423419477690377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12616514243304262712,11329423419477690377,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12616514243304262712,11329423419477690377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12616514243304262712,11329423419477690377,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,12616514243304262712,11329423419477690377,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3572 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,12616514243304262712,11329423419477690377,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3572 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12616514243304262712,11329423419477690377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12616514243304262712,11329423419477690377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2164,12616514243304262712,11329423419477690377,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5368 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2164,12616514243304262712,11329423419477690377,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5508 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12616514243304262712,11329423419477690377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12616514243304262712,11329423419477690377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4012 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12616514243304262712,11329423419477690377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12616514243304262712,11329423419477690377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12616514243304262712,11329423419477690377,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4340 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12616514243304262712,11329423419477690377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3644 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12616514243304262712,11329423419477690377,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6048 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2164,12616514243304262712,11329423419477690377,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5416 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12616514243304262712,11329423419477690377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5896 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2164,12616514243304262712,11329423419477690377,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6304 /prefetch:8

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12616514243304262712,11329423419477690377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6792 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12616514243304262712,11329423419477690377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6828 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12616514243304262712,11329423419477690377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7140 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12616514243304262712,11329423419477690377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,12616514243304262712,11329423419477690377,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5872 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12616514243304262712,11329423419477690377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6748 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2164,12616514243304262712,11329423419477690377,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6172 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2164,12616514243304262712,11329423419477690377,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1296 /prefetch:8

C:\Users\Admin\Downloads\YouAreAnIdiot.exe

"C:\Users\Admin\Downloads\YouAreAnIdiot.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 208 -p 1116 -ip 1116

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1116 -s 1204

C:\Users\Admin\Downloads\YouAreAnIdiot.exe

"C:\Users\Admin\Downloads\YouAreAnIdiot.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 372 -p 4788 -ip 4788

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4788 -s 1200

C:\Users\Admin\Downloads\YouAreAnIdiot.exe

"C:\Users\Admin\Downloads\YouAreAnIdiot.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 1752 -ip 1752

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 1752 -s 1200

C:\Users\Admin\Downloads\YouAreAnIdiot.exe

"C:\Users\Admin\Downloads\YouAreAnIdiot.exe"

C:\Users\Admin\Downloads\YouAreAnIdiot.exe

"C:\Users\Admin\Downloads\YouAreAnIdiot.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 2424 -ip 2424

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2424 -s 1200

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12616514243304262712,11329423419477690377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2164,12616514243304262712,11329423419477690377,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7028 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12616514243304262712,11329423419477690377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7144 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2164,12616514243304262712,11329423419477690377,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5352 /prefetch:8

C:\Users\Admin\Downloads\Hydra.exe

"C:\Users\Admin\Downloads\Hydra.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12616514243304262712,11329423419477690377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2164,12616514243304262712,11329423419477690377,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6004 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2164,12616514243304262712,11329423419477690377,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6940 /prefetch:8

C:\Users\Admin\Downloads\CookieClickerHack.exe

"C:\Users\Admin\Downloads\CookieClickerHack.exe"

C:\Users\Admin\Downloads\CookieClickerHack.exe

"C:\Users\Admin\Downloads\CookieClickerHack.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12616514243304262712,11329423419477690377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1968 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2164,12616514243304262712,11329423419477690377,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6740 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2164,12616514243304262712,11329423419477690377,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3024 /prefetch:8

C:\Users\Admin\Downloads\Flasher.exe

"C:\Users\Admin\Downloads\Flasher.exe"

C:\Users\Admin\Downloads\Flasher.exe

"C:\Users\Admin\Downloads\Flasher.exe"

C:\Users\Admin\Downloads\Flasher.exe

"C:\Users\Admin\Downloads\Flasher.exe"

C:\Users\Admin\Downloads\Flasher.exe

"C:\Users\Admin\Downloads\Flasher.exe"

C:\Users\Admin\Downloads\Flasher.exe

"C:\Users\Admin\Downloads\Flasher.exe"

C:\Users\Admin\Downloads\Flasher.exe

"C:\Users\Admin\Downloads\Flasher.exe"

C:\Users\Admin\Downloads\Flasher.exe

"C:\Users\Admin\Downloads\Flasher.exe"

C:\Users\Admin\Downloads\Flasher.exe

"C:\Users\Admin\Downloads\Flasher.exe"

C:\Users\Admin\Downloads\Flasher.exe

"C:\Users\Admin\Downloads\Flasher.exe"

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\Downloads\Flasher.exe

"C:\Users\Admin\Downloads\Flasher.exe"

C:\Users\Admin\Downloads\Flasher.exe

"C:\Users\Admin\Downloads\Flasher.exe"

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

C:\Users\Admin\Downloads\Flasher.exe

"C:\Users\Admin\Downloads\Flasher.exe"

C:\Users\Admin\Downloads\Flasher.exe

"C:\Users\Admin\Downloads\Flasher.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12616514243304262712,11329423419477690377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4424 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2164,12616514243304262712,11329423419477690377,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7048 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2164,12616514243304262712,11329423419477690377,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6516 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2164,12616514243304262712,11329423419477690377,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6728 /prefetch:8

C:\Users\Admin\Downloads\Popup.exe

"C:\Users\Admin\Downloads\Popup.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12616514243304262712,11329423419477690377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7016 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2164,12616514243304262712,11329423419477690377,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6928 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2164,12616514243304262712,11329423419477690377,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6068 /prefetch:8

C:\Users\Admin\Downloads\rickroll.exe

"C:\Users\Admin\Downloads\rickroll.exe"

C:\Users\Admin\Downloads\rickroll.exe

"C:\Users\Admin\Downloads\rickroll.exe"

C:\Users\Admin\Downloads\rickroll.exe

"C:\Users\Admin\Downloads\rickroll.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12616514243304262712,11329423419477690377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6772 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2164,12616514243304262712,11329423419477690377,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6796 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2164,12616514243304262712,11329423419477690377,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1760 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12616514243304262712,11329423419477690377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2164,12616514243304262712,11329423419477690377,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4396 /prefetch:8

C:\Users\Admin\Downloads\WinNuke.98.exe

"C:\Users\Admin\Downloads\WinNuke.98.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2164,12616514243304262712,11329423419477690377,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6256 /prefetch:8

C:\Users\Admin\Downloads\WinNuke.98 (1).exe

"C:\Users\Admin\Downloads\WinNuke.98 (1).exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,12616514243304262712,11329423419477690377,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4436 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2164,12616514243304262712,11329423419477690377,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6964 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2164,12616514243304262712,11329423419477690377,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6264 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2164,12616514243304262712,11329423419477690377,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6760 /prefetch:8

C:\Users\Admin\Downloads\Annabelle.exe

"C:\Users\Admin\Downloads\Annabelle.exe"

C:\Users\Admin\Downloads\Annabelle.exe

"C:\Users\Admin\Downloads\Annabelle.exe"

C:\Users\Admin\Downloads\Annabelle.exe

"C:\Users\Admin\Downloads\Annabelle.exe"

C:\Users\Admin\Downloads\WinNuke.98.exe

"C:\Users\Admin\Downloads\WinNuke.98.exe"

C:\Windows\SYSTEM32\vssadmin.exe

vssadmin delete shadows /all /quiet

C:\Windows\SYSTEM32\vssadmin.exe

vssadmin delete shadows /all /quiet

C:\Windows\SYSTEM32\vssadmin.exe

vssadmin delete shadows /all /quiet

C:\Users\Admin\Downloads\rickroll.exe

"C:\Users\Admin\Downloads\rickroll.exe"

C:\Windows\SYSTEM32\NetSh.exe

NetSh Advfirewall set allprofiles state off

C:\Windows\system32\vssvc.exe

C:\Windows\system32\vssvc.exe

C:\Windows\SYSTEM32\vssadmin.exe

vssadmin delete shadows /all /quiet

C:\Windows\SYSTEM32\vssadmin.exe

vssadmin delete shadows /all /quiet

C:\Windows\SYSTEM32\vssadmin.exe

vssadmin delete shadows /all /quiet

C:\Windows\SYSTEM32\NetSh.exe

NetSh Advfirewall set allprofiles state off

C:\Windows\SYSTEM32\vssadmin.exe

vssadmin delete shadows /all /quiet

C:\Windows\SYSTEM32\vssadmin.exe

vssadmin delete shadows /all /quiet

C:\Windows\SYSTEM32\vssadmin.exe

vssadmin delete shadows /all /quiet

C:\Windows\SYSTEM32\NetSh.exe

NetSh Advfirewall set allprofiles state off

C:\Windows\system32\werfault.exe

werfault.exe /h /shared Global\eab971bbf1e1417c8c0ed44698064140 /t 400 /p 3452

C:\Users\Admin\Downloads\Annabelle.exe

C:\Users\Admin\Downloads\Annabelle.exe

C:\Windows\System32\shutdown.exe

"C:\Windows\System32\shutdown.exe" -r -t 00 -f

C:\Windows\system32\LogonUI.exe

"LogonUI.exe" /flags:0x4 /state0:0xa38b0055 /state1:0x41c64e6d

Network

Country Destination Domain Proto
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 45.19.74.20.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 31.121.18.2.in-addr.arpa udp
US 8.8.8.8:53 144.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
NL 23.62.61.89:443 www.bing.com tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 89.61.62.23.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 r.bing.com udp
NL 23.62.61.72:443 r.bing.com tcp
NL 23.62.61.72:443 r.bing.com tcp
NL 23.62.61.72:443 r.bing.com tcp
NL 23.62.61.72:443 r.bing.com tcp
US 8.8.8.8:53 login.microsoftonline.com udp
US 8.8.8.8:53 72.61.62.23.in-addr.arpa udp
NL 20.190.160.20:443 login.microsoftonline.com tcp
US 8.8.8.8:53 services.bingapis.com udp
US 13.107.5.80:443 services.bingapis.com tcp
US 8.8.8.8:53 20.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 80.5.107.13.in-addr.arpa udp
US 8.8.8.8:53 23.159.190.20.in-addr.arpa udp
US 104.18.33.89:443 www2.bing.com tcp
US 104.18.33.89:443 www2.bing.com tcp
US 8.8.8.8:53 89.33.18.104.in-addr.arpa udp
US 104.18.33.89:443 www2.bing.com tcp
US 104.18.33.89:443 www2.bing.com tcp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 8.8.8.8:53 github.githubassets.com udp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 154.109.199.185.in-addr.arpa udp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 collector.github.com udp
US 185.199.109.154:443 github.githubassets.com tcp
US 8.8.8.8:53 api.github.com udp
US 140.82.113.21:443 collector.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 21.113.82.140.in-addr.arpa udp
US 8.8.8.8:53 210.156.26.20.in-addr.arpa udp
US 185.199.110.133:443 user-images.githubusercontent.com tcp
US 185.199.110.133:443 user-images.githubusercontent.com tcp
US 8.8.8.8:53 133.110.199.185.in-addr.arpa udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 aefd.nelreports.net udp
GB 2.19.252.146:443 aefd.nelreports.net tcp
GB 2.19.252.146:443 aefd.nelreports.net udp
US 8.8.8.8:53 146.252.19.2.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
N/A 127.0.0.1:53720 tcp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 89.16.208.104.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 3a09f853479af373691d131247040276
SHA1 1b6f098e04da87e9cf2d3284943ec2144f36ac04
SHA256 a358de2c0eba30c70a56022c44a3775aa99ffa819cd7f42f7c45ac358b5e739f
SHA512 341cf0f363621ee02525cd398ae0d462319c6a80e05fd25d9aca44234c42a3071b51991d4cf102ac9d89561a1567cbe76dfeaad786a304bec33821ca77080016

\??\pipe\LOCAL\crashpad_2316_VTFBUJJRGWIIDDPV

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 18d36b5770878077a714fe7076e75491
SHA1 293f4c95015d75331357806f179fc0fb64e094a6
SHA256 119bc0f5a96b00ad58654aa7cf9c3d993c4b86954d03f460959b72c59ceb4e15
SHA512 0c6af3041b31ca9f3f8a269db8a27266ca962cfe2107c2540f7fc0c05f8137cc319eb64a476349da113c69faaa28dff294f73b80f3febe3e2e2cda7339de78d6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 2f67ee20a4f3e355db1d615e3ffff499
SHA1 5a2cca47c88a8b0463e4b10d3f0cea8b92ea834f
SHA256 f745e65214bf92d1f2122d318468df1401066834802eed26d7ecd27704dafd96
SHA512 115dd1e91ae9274aae055fa08808718299e49727fda072a6c48b0b03004ab83d44bebff80c82a8d188bad6dac19968a49df6cef7718e03aa103989ffe2fe4383

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 da88d869764948a449905eefe2319300
SHA1 4c191268507bcb613dfd10c12e8966638547cab6
SHA256 3cf878aaabce718795568f0063d7852c3ae3e858e3191760edee75fae6a21819
SHA512 a2c076894412e71dd710e1e142bfacaae7766f769ec3a4ff2c67054cbdd508c54370680c0c67edeabb9d0f8c6f709e56a7f0d13efb3bb8df2e1182c617a8cc1b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

MD5 56d57bc655526551f217536f19195495
SHA1 28b430886d1220855a805d78dc5d6414aeee6995
SHA256 f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4
SHA512 7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

MD5 c3c0eb5e044497577bec91b5970f6d30
SHA1 d833f81cf21f68d43ba64a6c28892945adc317a6
SHA256 eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb
SHA512 83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

MD5 9e3f75f0eac6a6d237054f7b98301754
SHA1 80a6cb454163c3c11449e3988ad04d6ad6d2b432
SHA256 33a84dec02c65acb6918a1ae82afa05664ee27ad2f07760e8b008636510fd5bf
SHA512 5cea53f27a4fdbd32355235c90ce3d9b39f550a1b070574cbc4ea892e9901ab0acace0f8eeb5814515ca6ff2970bc3cc0559a0c87075ac4bb3251bc8eaee6236

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

MD5 59cb232c37a25811223c1101b7aaf371
SHA1 6290c495c0acfbc1931b2d4290e5e780e2397994
SHA256 156f9d51bef921526c82613f57aed91f7a498452f1c9a33e9adb502304b9eae1
SHA512 85a87d653b551cb1edc64a61348f632217d33cab3eac1e636c2235c15a2f3fd13479151f787af1047d891f4b9449669d11296298da36ac96f087a29df011761e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

MD5 74e33b4b54f4d1f3da06ab47c5936a13
SHA1 6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c
SHA256 535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287
SHA512 79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

MD5 2e86a72f4e82614cd4842950d2e0a716
SHA1 d7b4ee0c9af735d098bff474632fc2c0113e0b9c
SHA256 c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f
SHA512 7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

MD5 620dd00003f691e6bda9ff44e1fc313f
SHA1 aaf106bb2767308c1056dee17ab2e92b9374fb00
SHA256 eea7813cba41e7062794087d5d4c820d7b30b699af3ec37cb545665940725586
SHA512 3e245851bfa901632ea796ddd5c64b86eda217ec5cd0587406f5c28328b5cb98c5d8089d868e409e40560c279332ba85dd8ce1159ae98e8588e35ed61da2f006

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7c0a496e46445f0c8ab289087fcbeea5
SHA1 88c901e66e51a78fdb3b005d5cef4f47a406fe79
SHA256 0b056f531bb58e3b1eae185614441cc81a3ac53b894b842c413164789f3fde60
SHA512 d8532be18493633b134844f9569407343e0d4ee3317eb51a1de9099026371de829244f4c5dcaf60a126ea5100106dad870d97aa4d1852e0454bee9681fa3e31b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe592997.TMP

MD5 e8ecdbeeb5d8997abf349beb22ad3343
SHA1 b7b65a86a14abbc5007d986d04c1da0125960774
SHA256 fde86e1a0642636335d4c47e95634bef4df67eda9c2d3538d189c45497f5c496
SHA512 a176ae7faf95f1f1ddd1f0b2e61356302443fd789c55e9f9e2dd3692874a8d74516de8d01143ba048c47e092a7aa76023c2f9210e895c2fa425b6aadb34192b3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ccc034a13930d3b1f0404e4180376eab
SHA1 af939a8cfbbdf70c3326d8196f1313f6492b2b30
SHA256 1a9a603081d106e74a4637a603c62a8a005b1da6c0265d7d482e4564cf0c2cc7
SHA512 0763fdd929d4d827bf647e56823e30cbbd09df20f388ec568d0f360746f607c3077d9c3ea6b1af6bd6ff6b239c78f2da973d9ef7c4e813cb1f71bce5c3bcf9ed

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c821fd5a7864eecdb380fb089c9344aa
SHA1 d907277f4fd91c54e7445a768ba319431e22c1ca
SHA256 790e415aacadd1d6eaf02b2e4597a69e9aa3656b782b8ee600f15a9a92d9e06d
SHA512 265668393b9936a3b5f90db7525e69b453da338966504c7c6a6338ce565eba8c7226c6beb9eec42c940ccbdfa0b9446738a720ac6d8c2a6820e052215cf3c54d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 55db151d9a2760133ad0a36610289c3c
SHA1 333514b39a2210364aba1cf44abc898e59ba4ddf
SHA256 a074e8a090da3a0d5d542566f9033415a165ad80bddaf740107e21e8e5ee629e
SHA512 d945f39b1a916c60faf80dc840978c13898e98ef45273374f58668c639592e5852ea12277576fffd1a29a2f2b79eb619dc7046a7e4b6214b6d9f77078413da81

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 4ad5665ac29cbab164fb9864e645231d
SHA1 6d69982be6cae49fd76154921a7ea20d8ccc43c5
SHA256 b89dccf51dbb7d366569c4ee5f4062a269c233f93b5cd9b62c9ed0f023e2a2af
SHA512 4354f51f75d16593506c8832cd9e437885e1bee95521fb0bc48c05169ea2c224dbe231e78c537e87eb5a19c4886d09d2143b760e411f0ec2eea239fb69d870e0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 02d9adbb518ebaa58606c96e3433a017
SHA1 8c435b11a76ef6cdcbe7fce2c0deaefcef6c96a9
SHA256 1b7ce21fc9628f7590553f65b1ffb69c736082efc9724d825e7047bc3b35ba51
SHA512 5ad8e492674ac611c960dc1db5913e8623460a9d56dbeb54d3d84874e88272d6cc8b0a3bce6b49530680ab6ab2fd042bbbe92a72bb7f5216cad9515e184e95bb

C:\Users\Admin\Downloads\Program.cs

MD5 607c56333f829244a7bbd94505381bea
SHA1 d38b47b7aa3ebbfd6d2130708581c60e03a8c9d0
SHA256 baf34a243bda12c7bfda937cc998acb1edb5c815c42730504d603817a21afe40
SHA512 6a6125fb7d64ba598c07543d4f54761eeb10a740a6dc1e7549392585ffe715bdb4996bade57060dc39ebb7e5f33be205bd5efbce21c0cf209607d51faeccec3c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 b0cc3678b24eb443081847f456dd0a3f
SHA1 ebf264938d56b9a26696658043b1fedfc33e74c8
SHA256 6dbd253e1cb77cee041c6bfa676e29388afdddd71a29717d12e90e29c81d1b0b
SHA512 4326cef0c03e183930ddc8947906b6bb6115053121fb9719419ccb88d104394512b3bba0bbaac03c16d70ea0d8a009419b82ab507c79811ec4ecf9f4ab47a948

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5b3bca98c742c0ed979f560d229e303a
SHA1 4b1cb1f95ed9d51cbf99d6b9cc63c386e5d1291d
SHA256 416774cfd0370394b5e95c8c0740cf47f9ffbfea415f66ff0cbf44a825923170
SHA512 8bc9281f0239eb1746a78b140c2b3eff35107aab38c12f61314c6dbd2cf1f6f6e20e9461e3ca5f8650e2a9defa33ac0df089ecfea6bdfa189e7ea74069a00246

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 28cfd339cba3f9c1942df7c316073c4d
SHA1 92dd6af557f3c970e35ea9f21553bdd59e6482ca
SHA256 21d4b9a4abb61f2d2ebef0ea17cc9711625886969571bdd7763ce9ff838bb403
SHA512 19983081a459fbf78a368c1a8cdd1b3b82cf1dcc3b9080e0bfc81e557c0cead499933e1220b44747460dde8c21cd32798aecdc640895f42ed6ac0450207146e5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 5485beb6e3c193d2acaa9e943f8c3e5a
SHA1 ad730d01eda84aae06715aaf8bd504ab0350cec9
SHA256 e9028b02cf8f2e10c0a8f63e598a0d56fc1760692ecc52d21f8dbf5b3044fbb7
SHA512 08b8a15b98d6bdce454bfb27c13f63cd046ae09438da84b5408371e96ce71796131074f8c178a9cb0a0b30c91b6d2c79ea1c9a27f902b41f4fff35ae15167820

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

MD5 628ba8d31375849e0943894669cd033c
SHA1 4fa6d50a37fa2dadec892474d3e713ef9de2d8a1
SHA256 80e3440c312f921afe33a7d4a3d11d1d2dc7162f8f50b748b796f424441d10d6
SHA512 d4406493dc8767c479460f3039b038866549feebf392280384da08adbcad2e871720d046220cb67ebe3ab75c14e06a31df2fa7c0f2c17f91eda26ba0a709d27f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

MD5 f31a1ab9f483d9db21349522e39dd16e
SHA1 01a275d7fc1c4f578fa506c8e0bf9b7787dd4806
SHA256 463800c9ec072ae72a4f6fdc1f2f779c792cb7ceb6f57c7d1231eabefad2bd9d
SHA512 cab9bf13c36b854bef939e1d09c8d896caf1d7c20f6948f70f27eaf2869e49c8b9be728b4c95926ba869a987516a79d3193d416b0582b7570a58269c8caa7603

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

MD5 669b1563b95fce26d9ddc3c7e9bdc538
SHA1 275e4ae2606a0da908003b77ea06b24ea8b66214
SHA256 d46765072d87d9892a0f6f8f9849eafe0abecee9d662e99f8b45d8c5b22ac667
SHA512 09e066f5a1974927b2cb607a8b953f2732928c7347f65cdfcdb573170840562de6eae091a61108827b3ae0799c16bfbd41d858ee1a8bc57d9bb1fac814438302

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

MD5 0e52c094a93d5bcd8875cce575d7da9a
SHA1 de9ecbf399f77a497c96c1a4b3509153ad9751a2
SHA256 abafb66ae53e45e075a02ab40e19bc2dbb0126d83f4da5f1fbd3bed1a4b4fdce
SHA512 b2cbb5075eb1cf84b9b24c2a2f3165675496d506d5e98a8868c18514c5740c366b5a29a925dcf6f6cacdb8ce6e39eb8673b15ebb55c5e9078e0d7eff631905cb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 0ab45a68bcab8d99f5cd38f39b2ef5a3
SHA1 e59c4f90308a520ef60a2856e06f55d53f59b54d
SHA256 7aa9a44b9db523265ac785c737cef4f4f7793d9c235739a1471f3a5841ffae62
SHA512 9e0da3cbada88dc5fac734042549f45e62a7f4c7599638ee8a826ddcdd064f49e103f566c050d677fbb16c6eee324aa100928f3da68048db00a72d404ac6db3b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 46bb313c2265c92276ddaa494dceb289
SHA1 9bdb9a1426d76ea62a9248c3b8c18db1fe297cd3
SHA256 ba986174d6b3f971aface00cdd90b2676650041bb6ebf0a90c795a76229d3791
SHA512 2ae4953a6da5f45f8df65c3fd8ef2d66d501e12fb86f16a00e2ca6e88434a586de288e092087a4d35999afd408a2063181fb1ca982d2d9379b09ef2319a5d33c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

MD5 4bc7fdb1eed64d29f27a427feea007b5
SHA1 62b5f0e1731484517796e3d512c5529d0af2666b
SHA256 05282cd78e71a5d9d14cc9676e20900a1d802016b721a48febec7b64e63775f6
SHA512 9900aecac98f2ca3d642a153dd5a53131b23ceec71dd9d3c59e83db24796a0db854f49629449a5c9fe4b7ca3afcdd294086f6b1ba724955551b622bc50e3ba1e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

MD5 7fb1f32a308a59e167e201dc4c1160ec
SHA1 8f52c9884726d22f48751040d9d622213840d605
SHA256 c38018600386a5b57c7a90afaf3dadad705c210ee49b58854133b0614da81226
SHA512 b9d96a8518c6e5a61166e4077f084da92664e356515c29c7cc064525714d3035074e4031ea9b1ad929b62be6616eace309c8a8302b9fc3990ec0d21af0e9615d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

MD5 0f3de113dc536643a187f641efae47f4
SHA1 729e48891d13fb7581697f5fee8175f60519615e
SHA256 9bef33945e76bc0012cdbd9941eab34f9472aca8e0ddbbaea52658423dc579f8
SHA512 8332bf7bd97ec1ebfc8e7fcf75132ca3f6dfd820863f2559ab22ac867aa882921f2b208ab76a6deb2e6fa2907bb0244851023af6c9960a77d3ad4101b314797f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

MD5 18afd1da750d6447a8954b3e2e0c446e
SHA1 f8c8a7cbf81af5c9de298e031dfd69c1ec836f81
SHA256 446938498d26217dd63160bcd02aa1ee15e7fa76b8f0902b459ec6db609d1cc7
SHA512 a033fcfacf5f9f74ce8a02ffb6adc4766fbfe1d25f86ee4afc54c5f3ca1ea9655d65f6c29c67e7a86ef28edca1e8b2fcaa362730e8a6bedbdd8a16b52142dfb8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

MD5 f817e737bd803df8a4f12c1937ab0d51
SHA1 24e172cdf9d4b77b0cb4c271aed4a7c9eba98fc9
SHA256 17b0202476b336c41e4108aa245ac863c3e19ef8c5e430fe112a0900f0a18802
SHA512 d417d62e0fdcdfa883d4ffb317546e7ac5258aac538cbfad4eb111b134839750a65c55b5230507ff6912ffd272c0eb6317bcdd95c38cfb81c63b8e85b1359346

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\be68bc274cf0fd90_0

MD5 f2a5fa224a7973d8197eaf115b7c66fb
SHA1 12095d6c6f8dc057f3e022f7e0aa20ff42943237
SHA256 e208045af9648d880b8d65fec6c55821b3e70ff6e9496ce7cf9daad978562934
SHA512 c67fa1d60258e3d52cc52f3701cd952bded484837647f18b8f8c81d4183c58cf8e5c865299336fb1b13d8e69bfedbbe56e4ae183dd8a7c858c5e6fd68988ae9e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 467b4536587a67358634690c5e718110
SHA1 9ef111781e6b266811f8db161ddfa5a8cec412dd
SHA256 1fac0e6611b4330972eb6dede1b541a2f1785e97431da34f45743781e337aaa8
SHA512 5ac2a2b6a51e1bf3a9b9c783a7611fa3be89d9185f68fec10d4b5433cbf2d722907aae93a597c60dd32ed5e01a1988940e8280a2a4741757f8603164a18c56e9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 96023ff56f72e340774daf762aca0f61
SHA1 78f510bc40d9b2f73d63642a0f248463f920f71e
SHA256 ba71cec80465fd624e92772811d67b71013b57aea888a9f9f98414c30f8b1b76
SHA512 1592750bec7c7d426ee53d08f4fd62bbac145ed02392fabed740c9e6c8a25214f260c465520479b01c9f70a5221f274c48ebe170c762ea03b36d55874698f5ec

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 dcdddaf7bded2cdd65b3ef87277444fc
SHA1 3078fea439fd3a1e4f3ae076280293cae8015036
SHA256 4cb04aa328d96d0048ef56333c8921f1d8f08e0ca3f677cb70b9e8eb11f11496
SHA512 306d8aeece16bfa560fd8136142a678603843267310fd2773aa3039e7521d0af7eb2b6c819e8fa6d7e7125c8271273fe7c25e5ce79e4288ebe96e93248cd0300

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 bf28ebbcea7418b23aa739cfe1ee85f5
SHA1 34e9765ac4fe88781f1a3a3804d9cad443ab0148
SHA256 132dbfdfacfe1603c9aa811dc44fc05859a5a7c536921ac130cb35a58ca8752e
SHA512 d4568dde937d7f746110085cd9c38adb3521d19365c52fd2d443b673566a76a3177c90401bc40a21cf85375039e8689342450abe8dbb2d96081ef89c07068b4b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 3ddfa9eca1d36e6e1cf5af6ee5391de7
SHA1 d636aabbde7eb7ca8464001800090868611aee3c
SHA256 db76c50ef2d57b55acfdc6eb45be1842a503b64cfdccf07eef9e79bfc23bdeea
SHA512 33f2a7422898131cad37e72120b12c66a4eaf741bc9100a63a0a263c3245de431c0a9e386f2b4b70c111b650834ab7ec061594f2d848f94315fa07dacbfcd257

C:\Users\Admin\Downloads\Unconfirmed 112755.crdownload

MD5 e263c5b306480143855655233f76dc5a
SHA1 e7dcd6c23c72209ee5aa0890372de1ce52045815
SHA256 1f69810b8fe71e30a8738278adf09dd982f7de0ab9891d296ce7ea61b3fa4f69
SHA512 e95981eae02d0a8bf44493c64cca8b7e50023332e91d75164735a1d0e38138f358100c93633ff3a0652e1c12a5155cba77d81e01027422d7d5f71000eafb4113

memory/1116-1298-0x0000000000A60000-0x0000000000AD2000-memory.dmp

memory/1116-1299-0x0000000005450000-0x00000000054EC000-memory.dmp

memory/1116-1300-0x0000000005AD0000-0x0000000006074000-memory.dmp

memory/1116-1301-0x00000000055C0000-0x0000000005652000-memory.dmp

memory/1116-1302-0x0000000005570000-0x000000000557A000-memory.dmp

memory/1116-1303-0x00000000057C0000-0x0000000005816000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 49881ca96a64a8f747003a454bbde748
SHA1 66cfc5d3ae65eba2a51930c65b539b033a0ba6d9
SHA256 416bc52f1cced6011bf5d7bb69380dabe4e24ef3f21597777e9ccbd5b19571e5
SHA512 869dbc79eea11fa95dd1862a0622cfe727f7de503054e2049f05a014a6805bbea9f9e421fc4bb843dfb6960a86e2ac42a0f693d03079414a87151682db86113d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 5b922a2f3108ab8cec9f52eb3e560563
SHA1 c57cf1458a6bfeb98f937283305b6e8734bdfb69
SHA256 a69d93b3f628a27557e4291f18370136e1e2f24c2c26b74a81c6244547f45a8f
SHA512 6b90bdd9c05a897e4200144b916401520b101e942f1f3108b4a869cd3c1379324bb894ce2530f324f241776de66ff57e22070743de64398fb1be9ec4ac5b2c3d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 1ac3f022762fda3b5ef14f0bc3670071
SHA1 f86ed2ad81b24d0e336c203f5bcda3f29c1faad1
SHA256 9f2a4c336844fefeb6bb0a37ece868ce17c44e9efbf6a5b10b37dfe72ae92621
SHA512 4376127444d06b14b7b352bb0c191595043386407b6bdad026e1720ffb0425b6a8bf4348292abaa530bdfdd458ef02bbc94d4d07295aa1547c45fe3b9b8a7426

C:\Users\Admin\Downloads\Unconfirmed 475881.crdownload

MD5 b2eca909a91e1946457a0b36eaf90930
SHA1 3200c4e4d0d4ece2b2aadb6939be59b91954bcfa
SHA256 0b6c0af51cde971b3e5f8aa204f8205418ab8c180b79a5ac1c11a6e0676f0f7c
SHA512 607d20e4a46932c7f4d9609ef9451e2303cd79e7c4778fe03f444e7dc800d6de7537fd2648c7c476b9f098588dc447e8c39d8b21cd528d002dfa513a19c6ebbf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 355052915da63d0fb250f60f5c42f1dc
SHA1 3a3f2729c837038dfa301f74a47be979686536af
SHA256 9d2934146f6a44f4e6cd3f462255231dd1732e9173fde5a930c514afd0f04007
SHA512 a348e7c4a7aa239c648090233f5be80ae1d26236c1ec5e35273b120002a586b684324d8e12eb73e629a0028d92fb2413de511ffb52043cbe5145a95f94980b62

memory/4192-1395-0x0000000000B60000-0x0000000000B70000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 b754b723be00e99e0e69c0d9119859b0
SHA1 8303690b6016aa195d15cb531fd09ea37e25d689
SHA256 195c4d2d8b62fa6db1cf64db8b0578b23dcb31e42fa5964eb5e48d3ecdd2a363
SHA512 1448b73e274868ba8ab509b10629eee0ded1ce409662f4015c7c009dce6e18a0c5081b39a4acefad39a90afb011d40b6a46dc51031888183184abeb02432ca95

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 571fa9f61b41121fb44810a65d0cb618
SHA1 804c28c8a44b96a76dab13f70e5eabf53519133c
SHA256 e94ae684016b53e23aec3272875e72ff7fe7a18699293d6e5cf123c4c120cf76
SHA512 a4389533f1811737dca97ebd89df3b18b94babd2f196fb4f5af501a74ec444d03466a7a40809ae9e08ff59e91631a2bf92e24014ec68432579b4d6eeea97ccf8

C:\Users\Admin\Downloads\Unconfirmed 976590.crdownload

MD5 bc1e7d033a999c4fd006109c24599f4d
SHA1 b927f0fc4a4232a023312198b33272e1a6d79cec
SHA256 13adae722719839af8102f98730f3af1c5a56b58069bfce8995acd2123628401
SHA512 f5d9b8c1fd9239894ec9c075542bff0bcef79871f31038e627ae257b8c1db9070f4d124448a78e60ccc8bc12f138102a54825e9d7647cd34832984c7c24a6276

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 bf95d6768e6ed5d47071402a5c8b3bd5
SHA1 f47e71184a15d2fc59001b1770f29e5af0d7ee4f
SHA256 188dd2bdd7f71c6a4884cfe3c4182dbd28449ff7cd633ec0cbf842f5c2dff01c
SHA512 9431bc86ce14a0f3e94683bc37acc518c524f140ea5079db667495950a5484094ff86e4a90d05ab5766920e9ee4da3ffa986a8e058b1871b674c75b707ab0004

memory/4008-1476-0x000000001BCA0000-0x000000001BD46000-memory.dmp

memory/4008-1477-0x000000001C220000-0x000000001C6EE000-memory.dmp

memory/4008-1478-0x000000001C7F0000-0x000000001C88C000-memory.dmp

memory/4008-1479-0x00000000015B0000-0x00000000015B8000-memory.dmp

memory/4008-1480-0x000000001C950000-0x000000001C99C000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a5e072db62645936a8a0ad1bb91cf256
SHA1 ea014104bad60705570dbcf7fe63e80b2a84ad0b
SHA256 643dfb53e47247d1d18460c8c049a3cad097c1e13bdf237d48cee1c4795a5a5a
SHA512 444d7d37c63f78aa3729a5dc51a0589c6743141ee0694a5d9a2bf85bdf73a9fd6b3afca5c80e84344a62a5ec729fb613cb32f821c5316680503cc1a5990cf002

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 067d185cac92900458caf58ff36c5ea5
SHA1 7ada041cbbee3549edbc6973c5a6fc70adc4b074
SHA256 1209dfb08a4c8599974d97d0f6e7a6c61bde9c37dc71923948f2e269c9bfd852
SHA512 07724617f105f694a8ade65049fca0aff82b153973e81671a35ae513849f5ddfe75a968a8e29d8165a117090149d6e5b3e3880278ad2ab0a8117fcbeda0486b4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 1ac44251efde9691fa394228e0327830
SHA1 e3a93c828f2791c8547e7b20943aff7dc9d8f4ba
SHA256 1bcad23bf4ac09e83e5915852e4e5f1836ec423555de432dbc86a7216ab53bc0
SHA512 c2133a4ce7c4f4bb3de62d8d1521e2b24604a87d94cd22d5203e0adcca0c7c872783128b8694eb9a676cceca190a7e29d153c87c56dad4c91a5a3d830fbc68d2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 5540e246832a190ae7b9ebb4438c9c80
SHA1 3ebbe7c2967481bdd3fd15101c8598e455e92fd9
SHA256 43f014246741e5d599cba8e130983dcaf56193fc11c0eed68964dfa585dccca1
SHA512 e474855a258da28c9de9c44d00c3cb40a9ef4c96153d4c3f4713114a91bdaec6af6877827da6ecb1eac97ddd8897d7ab915108571cf14cf119c812401469540f

C:\Users\Admin\Downloads\Unconfirmed 909674.crdownload

MD5 9254ca1da9ff8ad492ca5fa06ca181c6
SHA1 70fa62e6232eae52467d29cf1c1dacb8a7aeab90
SHA256 30676ad5dc94c3fec3d77d87439b2bf0a1aaa7f01900b68002a06f11caee9ce6
SHA512 a84fbbdea4e743f3e41878b9cf6db219778f1479aa478100718af9fc8d7620fc7a3295507e11df39c7863cb896f946514e50368db480796b6603c8de5580685a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 27b33df9c417ef52815f361f78fc61d0
SHA1 478c03bb6115a913771b4c3c7651f9f781ae4e92
SHA256 912b28b8ec2182a1214c870b5f3053fb9b772a0cb39f39b60b737733b0fa33c1
SHA512 221079f717e98881a628b70c0195f9a88ed832d05bd0bd7f6afdc1ddeb88c0071f3ed03ddb423a6dc2b965c9748852483ec41f361e361cf5f275f14a34c8240a

memory/1304-1575-0x0000000000400000-0x00000000004A4000-memory.dmp

memory/1084-1576-0x0000000000400000-0x00000000004A4000-memory.dmp

memory/596-1580-0x0000000000400000-0x00000000004A4000-memory.dmp

memory/2996-1592-0x0000000000400000-0x00000000004A4000-memory.dmp

memory/1444-1593-0x0000000000400000-0x00000000004A4000-memory.dmp

memory/4808-1596-0x0000000000400000-0x00000000004A4000-memory.dmp

memory/2752-1598-0x0000000000400000-0x00000000004A4000-memory.dmp

memory/4032-1597-0x0000000000400000-0x00000000004A4000-memory.dmp

memory/4820-1599-0x0000000000400000-0x00000000004A4000-memory.dmp

memory/1652-1613-0x00000210714C0000-0x00000210714C1000-memory.dmp

memory/1652-1615-0x00000210714C0000-0x00000210714C1000-memory.dmp

memory/1652-1614-0x00000210714C0000-0x00000210714C1000-memory.dmp

memory/1652-1620-0x00000210714C0000-0x00000210714C1000-memory.dmp

memory/1652-1625-0x00000210714C0000-0x00000210714C1000-memory.dmp

memory/1652-1624-0x00000210714C0000-0x00000210714C1000-memory.dmp

memory/1652-1623-0x00000210714C0000-0x00000210714C1000-memory.dmp

memory/1652-1622-0x00000210714C0000-0x00000210714C1000-memory.dmp

memory/1652-1621-0x00000210714C0000-0x00000210714C1000-memory.dmp

memory/1652-1619-0x00000210714C0000-0x00000210714C1000-memory.dmp

memory/2492-1628-0x0000000000400000-0x00000000004A4000-memory.dmp

memory/4708-1633-0x0000000000400000-0x00000000004A4000-memory.dmp

memory/1304-1635-0x0000000000400000-0x00000000004A4000-memory.dmp

memory/1084-1637-0x0000000000400000-0x00000000004A4000-memory.dmp

memory/596-1640-0x0000000000400000-0x00000000004A4000-memory.dmp

memory/2996-1647-0x0000000000400000-0x00000000004A4000-memory.dmp

memory/1444-1654-0x0000000000400000-0x00000000004A4000-memory.dmp

memory/4808-1657-0x0000000000400000-0x00000000004A4000-memory.dmp

memory/4032-1658-0x0000000000400000-0x00000000004A4000-memory.dmp

memory/2752-1659-0x0000000000400000-0x00000000004A4000-memory.dmp

memory/4820-1661-0x0000000000400000-0x00000000004A4000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000036

MD5 9c3e9e30d51489a891513e8a14d931e4
SHA1 4e5a5898389eef8f464dee04a74f3b5c217b7176
SHA256 f8f7b5f20ca57c61df6dc8ff49f2f5f90276a378ec17397249fdc099a6e1dcd8
SHA512 bf45677b7dd6c67ad350ec6ecad5bc3f04dea179fae0ff0a695c69f7de919476dd7a69c25b04c8530a35119e4933f4a8c327ed6dcef892b1114dfd7e494a19a7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 0b5c8f11e8ea50d1b51e39b8d3317ef4
SHA1 1c0fa4747504af5a618b0245cb9f0755e4955328
SHA256 0db8f30545c658fb4cfc71b4581f8b35435946274bfd88e88077a0d82d7d36f1
SHA512 e51e698a95fafae906a144ef4eff28e18e71a4faaaca14d184d68c9338f14b257504166f1a78b66680061152bbcae6bb9157d5142ca968f5610931749c4e25cc

C:\Users\Admin\Downloads\Unconfirmed 539034.crdownload:SmartScreen

MD5 4047530ecbc0170039e76fe1657bdb01
SHA1 32db7d5e662ebccdd1d71de285f907e3a1c68ac5
SHA256 82254025d1b98d60044d3aeb7c56eed7c61c07c3e30534d6e05dab9d6c326750
SHA512 8f002af3f4ed2b3dfb4ed8273318d160152da50ee4842c9f5d9915f50a3e643952494699c4258e6af993dc6e1695d0dc3db6d23f4d93c26b0bc6a20f4b4f336e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 8fda7d6ac1784a8580d9cca280c947fb
SHA1 88e3f46c9f459cbbc05b9341783306824a200906
SHA256 a7441fbd135fba66ee711ede9751a83e845b7ee29c1dd563c3af3d2b9d00cc0a
SHA512 f034da7176392cb8a0c64eb4957650474957bb23f774c0d90ad7dc7673feaa5614c8cced2116bf62fa9fc24c7aafb93b893052abe4b2fc990d00047424ae5b73

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 75e1cd7eb18c189debe8a2ca8d3b519e
SHA1 4c351c46be033f77036cdc5479d11744aa0cdf1e
SHA256 cde31f5fdb4a2af8ed20366d82fdd8361c870ba5b7d503ce5d142f5eb115f2e3
SHA512 a2379304bb719dddc464cddd5886a38a7576edffe6e6993fcae4c6589928b7aa68be1b0b008b279b9ba13f849ff1c16050443d8fb4d2408664eb90ebc655e1c6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 14047075ad24090a3c036b28bef3137d
SHA1 5f766a1cdb5f131a3d0abbe6066416aabb82ad0f
SHA256 ffd07cb8642392ebcedd4800124200fe347558a620f8bc5f02f522abf885776e
SHA512 a4938d7a8a8db3a0d69d4b6c52ea55eeb0f8db8ad01c7edeeca147d0e2df084a82716eff9906a004dfe820a7dcc182ae7c1e630a018d55078866a879cf80a18b

C:\Users\Admin\Downloads\Unconfirmed 16040.crdownload

MD5 0ec108e32c12ca7648254cf9718ad8d5
SHA1 78e07f54eeb6af5191c744ebb8da83dad895eca1
SHA256 48b08ea78124ca010784d9f0faae751fc4a0c72c0e7149ded81fc03819f5d723
SHA512 1129e685f5dd0cb2fa22ef4fe5da3f1e2632e890333ce17d3d06d04a4097b4d9f4ca7d242611ffc9e26079900945cf04ab6565a1c322e88e161f1929d18a2072

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 af6094220b8f74294f67419cfe5a428f
SHA1 1efa69139fa92f438f3d7fb2ce7657f390e9ec25
SHA256 0d8714fbe72d8fcb5feeb388f1e40c52f0ddade7eb45cdb1a243898c27e5d0b5
SHA512 6c3e3ac154270fbee6507c7ad0a9a5310536d7950343d9dd3a2082ed6fb34655d32cd05d829d132e6b0de2631544f43c024319bf1a6f79ed79d8abe5ffe875d1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a957b8209de4767970d59f2f867c38dc
SHA1 e6c93bc326a7da472db02c04438d8eff7f2868cd
SHA256 7f4e9ef1b6e49d00bb932b232b75b71bb12131e1c0d78ce2e36365df55f930cc
SHA512 c498b88b26fcff17a1792e68aeb40de808dc10396e09b178ac861bc81d3329e3b824eff3447205b7849fe5d3857a3ea70ccfd0947904b0ebd1cac8ff6829c4e2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d94422f94e0cccb28119642e401505dc
SHA1 2eb318ef4e316fab00a6e6a0f95adb1d14a84aa3
SHA256 2f1af7974f2748288a15bde054b43e6fbcc3ad6058b3e1d1d26aa2ccfbbf5168
SHA512 d957dd344701703d3e4840c94d0cc07050db2ae41692e38a98fda5365b0649320460e5345068e9bc67e93f216df085a211c08e6f258013b78337d207846eceac

C:\Users\Admin\Downloads\Unconfirmed 924786.crdownload

MD5 eb9324121994e5e41f1738b5af8944b1
SHA1 aa63c521b64602fa9c3a73dadd412fdaf181b690
SHA256 2f1f93ede80502d153e301baf9b7f68e7c7a9344cfa90cfae396aac17e81ce5a
SHA512 7f7a702ddec8d94cb2177b4736d94ec53e575be3dd2d610410cb3154ba9ad2936c98e0e72ed7ab5ebbcbe0329be0d9b20a3bcd84670a6d1c8d7e0a9a3056edd2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 8bde7417a4071ea284a7a001bf3ef3fe
SHA1 ccf97951c6833e8fd02812ab7d5e53e8dd252052
SHA256 da94c87a8cd2328543d1775759a4c314fee1e09ef27164f7f0e2864bb31e3811
SHA512 6a7f113e80712dc239c0f3972c675165a58dffda5cb79739394d20bd1598b6a5708a9a115bc8042addb94b3289e76998673d65e137369c65a0b7aa2142085000

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 124194a5165162a3a3bfdaaf16bcfb26
SHA1 552379e7bdbe780ee35cbe74a320922d21aee9de
SHA256 b8ca56fae94fdd354ad65df68ed52da16006703e046588cf25883741ef315c2e
SHA512 58334775ad6ad097b12f29b4a8af5eddb12c140144b43b6e19b7864aa620eccab75ef0b7357f03a87648ff41824489c6f840035a2d7e8658bbc2b98e770e6bfe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 6ffb871c4d8fee7e5fc56f8557d328d0
SHA1 b10a9fef2b837a476cea0814402f617c7edd5b3e
SHA256 3b0dd1d9a6229b0c1d968c732ac46b4d38da509f57021a81fea31fb23516032d
SHA512 04166d3123035fcb0e6cc00057d89b50897d4c404a89e7cee2d52938bb298aa93a75189bfcf68643031a20648275dd2fcc633175a97007bfaf81c51021eeb967

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 91685d576a640bbd98793b20acdf4732
SHA1 9ac2115e4c9e9b0d05e34c714cbee0615e5efcf4
SHA256 7a541cec2e887e5b293a3ce9b30d65cc25a081e4c6b81c0e075372a323799c0d
SHA512 aa315f994e5171f15281b08806254b573c0e1dca84ce829633e452b87adadc5ec480a12586e616e3415458a543133d45ce89f8fdc97277c8a897c9671a2996f2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\blob_storage\991eec12-e4f8-47ef-bbb4-3a76c7db7020\1

MD5 c2c4450dd9dd82f2214c555cead43118
SHA1 af8f5b2955f2f1976128d08045b35d6c939495f5
SHA256 838fa0b08fba45c99233254dd2e1b02840c6f2c842a3848ee1fd343d0f3dc6b7
SHA512 6e30efbaab63f33776e263a72a42a52fa15cf145edee80b129b50ac80be97411285dc1263cb4609896be6150ba49ba59fae3f906e9cdf55f8539da0d79837de9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003c

MD5 0f743287c9911b4b1c726c7c7edcaf7d
SHA1 9760579e73095455fcbaddfe1e7e98a2bb28bfe0
SHA256 716335ba5cd1e7186c40295b199190e2b6655e48f1c1cbe12139ba67faa5e1ac
SHA512 2a6dd6288303700ef9cb06ae1efeb1e121c89c97708e5ecd15ed9b2a35d0ecff03d8da58b30daeadad89bd38dc4649521ada149fb457408e5a2bdf1512f88677

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 64b56eb9f92487d6a5285d4583e954cb
SHA1 0c0e1fbca0f4faea9cde1021608e66024e5e40f5
SHA256 cb63d60b196c09f5cc0dcaafa2c2407dcc2b7d1c5b2018183fddf3399b452db6
SHA512 d01e9996b1c5a48958dd234747269bb2133fdcce7e3e566293fca099e5b8fdc61931f6ef17e688c0b8e52025855518a54ae4d0b718fda3d2fcf6e8511ff4ee56

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 6178422c3e6c31f983f5b99dabdef841
SHA1 89b49817ca0e1172f11d8292ea2101216d3d467d
SHA256 10206378ab1e0c349f6f5d02ba6aa2699b7f799147509d057329b8fc4711cbb4
SHA512 6d745a477d0a56f9ffc62f902909ff410d97114a461fba499ba8902213e9caf23e6f6d37d3e20605145c09f5039f796403418a34a25d5c8694002ea4b1448178

memory/4496-2331-0x000002B5694E0000-0x000002B56A4D4000-memory.dmp

memory/4496-2359-0x000002B56CA80000-0x000002B56E00E000-memory.dmp