Malware Analysis Report

2024-10-24 18:04

Sample ID 240703-fwmemashln
Target http://google.com
Tags
aspackv2 macro macro_on_action
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

Threat Level: Likely malicious

The file http://google.com was found to be: Likely malicious.

Malicious Activity Summary

aspackv2 macro macro_on_action

Office macro that triggers on suspicious action

Downloads MZ/PE file

ASPack v2.12-2.42

Executes dropped EXE

Legitimate hosting services abused for malware hosting/C2

Enumerates connected drives

Enumerates physical storage devices

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of FindShellTrayWindow

Enumerates system info in registry

Modifies registry class

Suspicious use of SendNotifyMessage

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

Suspicious behavior: EnumeratesProcesses

NTFS ADS

Suspicious use of WriteProcessMemory

Suspicious behavior: AddClipboardFormatListener

Checks processor information in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-07-03 05:13

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-07-03 05:13

Reported

2024-07-03 05:21

Platform

win10v2004-20240611-en

Max time kernel

490s

Max time network

492s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.com

Signatures

Downloads MZ/PE file

Office macro that triggers on suspicious action

macro macro_on_action
Description Indicator Process Target
N/A N/A N/A N/A

ASPack v2.12-2.42

aspackv2
Description Indicator Process Target
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\Avoid.exe N/A
N/A N/A C:\Users\Admin\Downloads\Avoid.exe N/A
N/A N/A C:\Users\Admin\Downloads\Avoid.exe N/A
N/A N/A C:\Users\Admin\Downloads\Avoid.exe N/A
N/A N/A C:\Users\Admin\Downloads\Avoid.exe N/A
N/A N/A C:\Users\Admin\Downloads\Avoid.exe N/A
N/A N/A C:\Users\Admin\Downloads\Avoid.exe N/A
N/A N/A C:\Users\Admin\Downloads\Avoid.exe N/A
N/A N/A C:\Users\Admin\Downloads\Avoid.exe N/A
N/A N/A C:\Users\Admin\Downloads\Avoid.exe N/A
N/A N/A C:\Users\Admin\Downloads\Avoid.exe N/A
N/A N/A C:\Users\Admin\Downloads\Avoid.exe N/A
N/A N/A C:\Users\Admin\Downloads\Avoid.exe N/A
N/A N/A C:\Users\Admin\Downloads\Avoid.exe N/A
N/A N/A C:\Users\Admin\Downloads\Avoid.exe N/A
N/A N/A C:\Users\Admin\Downloads\Avoid.exe N/A
N/A N/A C:\Users\Admin\Downloads\Avoid.exe N/A
N/A N/A C:\Users\Admin\Downloads\Avoid.exe N/A
N/A N/A C:\Users\Admin\Downloads\Avoid.exe N/A
N/A N/A C:\Users\Admin\Downloads\Avoid.exe N/A
N/A N/A C:\Users\Admin\Downloads\Avoid.exe N/A
N/A N/A C:\Users\Admin\Downloads\ChilledWindows.exe N/A
N/A N/A C:\Users\Admin\Downloads\ChilledWindows.exe N/A
N/A N/A C:\Users\Admin\Downloads\CookieClickerHack.exe N/A
N/A N/A C:\Users\Admin\Downloads\CookieClickerHack.exe N/A
N/A N/A C:\Users\Admin\Downloads\CrazyNCS.exe N/A
N/A N/A C:\Users\Admin\Downloads\CrazyNCS.exe N/A
N/A N/A C:\Users\Admin\Downloads\CrazyNCS.exe N/A
N/A N/A C:\Users\Admin\Downloads\CrazyNCS.exe N/A
N/A N/A C:\Users\Admin\Downloads\CrazyNCS.exe N/A
N/A N/A C:\Users\Admin\Downloads\Curfun.exe N/A
N/A N/A C:\Users\Admin\Downloads\Curfun.exe N/A
N/A N/A C:\Users\Admin\Downloads\Curfun.exe N/A
N/A N/A C:\Users\Admin\Downloads\Melting.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\I: C:\Users\Admin\Downloads\ChilledWindows.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\Downloads\ChilledWindows.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\Downloads\ChilledWindows.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\Downloads\ChilledWindows.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\Downloads\ChilledWindows.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\Downloads\ChilledWindows.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\Downloads\ChilledWindows.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\Downloads\ChilledWindows.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\Downloads\ChilledWindows.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\Downloads\ChilledWindows.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\Downloads\ChilledWindows.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\Downloads\ChilledWindows.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\Downloads\ChilledWindows.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\Downloads\ChilledWindows.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\Downloads\ChilledWindows.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\Downloads\ChilledWindows.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\Downloads\ChilledWindows.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\Downloads\ChilledWindows.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\Downloads\ChilledWindows.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\Downloads\ChilledWindows.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\Downloads\ChilledWindows.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\Downloads\ChilledWindows.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\Downloads\ChilledWindows.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\Downloads\ChilledWindows.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\Downloads\ChilledWindows.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\Downloads\ChilledWindows.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\Downloads\ChilledWindows.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\Downloads\ChilledWindows.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\Downloads\ChilledWindows.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\Downloads\ChilledWindows.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\Downloads\ChilledWindows.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\Downloads\ChilledWindows.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\Downloads\ChilledWindows.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\Downloads\ChilledWindows.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\Downloads\ChilledWindows.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\Downloads\ChilledWindows.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\Downloads\ChilledWindows.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\Downloads\ChilledWindows.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\Downloads\ChilledWindows.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\Downloads\ChilledWindows.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\Downloads\ChilledWindows.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\Downloads\ChilledWindows.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\Downloads\ChilledWindows.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\Downloads\ChilledWindows.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\Downloads\ChilledWindows.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\Downloads\ChilledWindows.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Enumerates physical storage devices

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2447855248-390457009-3660902674-1000\{54F543D5-4392-4DD3-B49E-1A06D77DC6E4} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2447855248-390457009-3660902674-1000_Classes\Local Settings C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2447855248-390457009-3660902674-1000\{A586F0ED-ED73-4FB5-972F-F424CF0917C9} C:\Users\Admin\Downloads\ChilledWindows.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2447855248-390457009-3660902674-1000\{9CA40665-6D1E-40E7-AC75-D519BCAE4689} C:\Users\Admin\Downloads\ChilledWindows.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 325940.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 960823.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Temp\{3A352788-1168-4CC4-BC33-408F0C04B8CE}\8tr.exe:Zone.Identifier C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 857584.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 782560.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 121055.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 689111.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Users\Admin\Downloads\ChilledWindows.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\Downloads\ChilledWindows.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\Downloads\ChilledWindows.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\Downloads\ChilledWindows.exe N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\Downloads\ChilledWindows.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\Downloads\ChilledWindows.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\Downloads\ChilledWindows.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\Downloads\ChilledWindows.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\Downloads\ChilledWindows.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\Downloads\ChilledWindows.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\Downloads\Avoid.exe N/A
N/A N/A C:\Users\Admin\Downloads\Avoid.exe N/A
N/A N/A C:\Users\Admin\Downloads\Avoid.exe N/A
N/A N/A C:\Users\Admin\Downloads\Avoid.exe N/A
N/A N/A C:\Users\Admin\Downloads\Avoid.exe N/A
N/A N/A C:\Users\Admin\Downloads\Avoid.exe N/A
N/A N/A C:\Users\Admin\Downloads\Avoid.exe N/A
N/A N/A C:\Users\Admin\Downloads\Avoid.exe N/A
N/A N/A C:\Users\Admin\Downloads\Avoid.exe N/A
N/A N/A C:\Users\Admin\Downloads\Avoid.exe N/A
N/A N/A C:\Users\Admin\Downloads\Avoid.exe N/A
N/A N/A C:\Users\Admin\Downloads\Avoid.exe N/A
N/A N/A C:\Users\Admin\Downloads\Avoid.exe N/A
N/A N/A C:\Users\Admin\Downloads\Avoid.exe N/A
N/A N/A C:\Users\Admin\Downloads\Avoid.exe N/A
N/A N/A C:\Users\Admin\Downloads\Avoid.exe N/A
N/A N/A C:\Users\Admin\Downloads\Avoid.exe N/A
N/A N/A C:\Users\Admin\Downloads\Avoid.exe N/A
N/A N/A C:\Users\Admin\Downloads\Avoid.exe N/A
N/A N/A C:\Users\Admin\Downloads\Avoid.exe N/A
N/A N/A C:\Users\Admin\Downloads\Avoid.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2908 wrote to memory of 4824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 4824 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 2156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 2156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 2156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 2156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 2156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 2156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 2156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 2156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 2156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 2156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 2156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 2156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 2156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 2156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 2156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 2156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 2156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 2156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 2156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 2156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 2156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 2156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 2156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 2156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 2156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 2156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 2156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 2156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 2156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 2156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 2156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 2156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 2156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 2156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 2156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 2156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 2156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 2156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 2156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 2156 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 2164 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 2164 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 1004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 1004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 1004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 1004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 1004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 1004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 1004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 1004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 1004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 1004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 1004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 1004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 1004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 1004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 1004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 1004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 1004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 1004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 1004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2908 wrote to memory of 1004 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.com

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe35a746f8,0x7ffe35a74708,0x7ffe35a74718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2016,8429111046446795185,16999573201162431576,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2016,8429111046446795185,16999573201162431576,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2016,8429111046446795185,16999573201162431576,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2860 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,8429111046446795185,16999573201162431576,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,8429111046446795185,16999573201162431576,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,8429111046446795185,16999573201162431576,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2016,8429111046446795185,16999573201162431576,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5188 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2016,8429111046446795185,16999573201162431576,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5188 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,8429111046446795185,16999573201162431576,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3484 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,8429111046446795185,16999573201162431576,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,8429111046446795185,16999573201162431576,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4792 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,8429111046446795185,16999573201162431576,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,8429111046446795185,16999573201162431576,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,8429111046446795185,16999573201162431576,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2016,8429111046446795185,16999573201162431576,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3464 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2016,8429111046446795185,16999573201162431576,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5340 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,8429111046446795185,16999573201162431576,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,8429111046446795185,16999573201162431576,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,8429111046446795185,16999573201162431576,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2016,8429111046446795185,16999573201162431576,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=2648 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,8429111046446795185,16999573201162431576,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6300 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2016,8429111046446795185,16999573201162431576,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1700 /prefetch:8

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE

"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Downloads\metrofax.doc" /o ""

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE

"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Downloads\metrofax.doc" /o ""

C:\Windows\splwow64.exe

C:\Windows\splwow64.exe 12288

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE

"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /Automation -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,8429111046446795185,16999573201162431576,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6688 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2016,8429111046446795185,16999573201162431576,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6852 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2016,8429111046446795185,16999573201162431576,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3240 /prefetch:8

C:\Users\Admin\Downloads\Avoid.exe

"C:\Users\Admin\Downloads\Avoid.exe"

C:\Users\Admin\Downloads\Avoid.exe

"C:\Users\Admin\Downloads\Avoid.exe"

C:\Users\Admin\Downloads\Avoid.exe

"C:\Users\Admin\Downloads\Avoid.exe"

C:\Users\Admin\Downloads\Avoid.exe

"C:\Users\Admin\Downloads\Avoid.exe"

C:\Users\Admin\Downloads\Avoid.exe

"C:\Users\Admin\Downloads\Avoid.exe"

C:\Users\Admin\Downloads\Avoid.exe

"C:\Users\Admin\Downloads\Avoid.exe"

C:\Users\Admin\Downloads\Avoid.exe

"C:\Users\Admin\Downloads\Avoid.exe"

C:\Users\Admin\Downloads\Avoid.exe

"C:\Users\Admin\Downloads\Avoid.exe"

C:\Users\Admin\Downloads\Avoid.exe

"C:\Users\Admin\Downloads\Avoid.exe"

C:\Users\Admin\Downloads\Avoid.exe

"C:\Users\Admin\Downloads\Avoid.exe"

C:\Users\Admin\Downloads\Avoid.exe

"C:\Users\Admin\Downloads\Avoid.exe"

C:\Users\Admin\Downloads\Avoid.exe

"C:\Users\Admin\Downloads\Avoid.exe"

C:\Users\Admin\Downloads\Avoid.exe

"C:\Users\Admin\Downloads\Avoid.exe"

C:\Users\Admin\Downloads\Avoid.exe

"C:\Users\Admin\Downloads\Avoid.exe"

C:\Users\Admin\Downloads\Avoid.exe

"C:\Users\Admin\Downloads\Avoid.exe"

C:\Users\Admin\Downloads\Avoid.exe

"C:\Users\Admin\Downloads\Avoid.exe"

C:\Users\Admin\Downloads\Avoid.exe

"C:\Users\Admin\Downloads\Avoid.exe"

C:\Users\Admin\Downloads\Avoid.exe

"C:\Users\Admin\Downloads\Avoid.exe"

C:\Users\Admin\Downloads\Avoid.exe

"C:\Users\Admin\Downloads\Avoid.exe"

C:\Users\Admin\Downloads\Avoid.exe

"C:\Users\Admin\Downloads\Avoid.exe"

C:\Users\Admin\Downloads\Avoid.exe

"C:\Users\Admin\Downloads\Avoid.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,8429111046446795185,16999573201162431576,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6948 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2016,8429111046446795185,16999573201162431576,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5408 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2016,8429111046446795185,16999573201162431576,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5872 /prefetch:8

C:\Users\Admin\Downloads\ChilledWindows.exe

"C:\Users\Admin\Downloads\ChilledWindows.exe"

C:\Users\Admin\Downloads\ChilledWindows.exe

"C:\Users\Admin\Downloads\ChilledWindows.exe"

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x3c8 0x338

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2016,8429111046446795185,16999573201162431576,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5972 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,8429111046446795185,16999573201162431576,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6832 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2016,8429111046446795185,16999573201162431576,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6836 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2016,8429111046446795185,16999573201162431576,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5244 /prefetch:8

C:\Users\Admin\Downloads\CookieClickerHack.exe

"C:\Users\Admin\Downloads\CookieClickerHack.exe"

C:\Users\Admin\Downloads\CookieClickerHack.exe

"C:\Users\Admin\Downloads\CookieClickerHack.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,8429111046446795185,16999573201162431576,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6880 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2016,8429111046446795185,16999573201162431576,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5068 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2016,8429111046446795185,16999573201162431576,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5892 /prefetch:8

C:\Users\Admin\Downloads\CrazyNCS.exe

"C:\Users\Admin\Downloads\CrazyNCS.exe"

C:\Users\Admin\Downloads\CrazyNCS.exe

"C:\Users\Admin\Downloads\CrazyNCS.exe"

C:\Users\Admin\Downloads\CrazyNCS.exe

"C:\Users\Admin\Downloads\CrazyNCS.exe"

C:\Users\Admin\Downloads\CrazyNCS.exe

"C:\Users\Admin\Downloads\CrazyNCS.exe"

C:\Users\Admin\Downloads\CrazyNCS.exe

"C:\Users\Admin\Downloads\CrazyNCS.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,8429111046446795185,16999573201162431576,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6948 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2016,8429111046446795185,16999573201162431576,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4680 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2016,8429111046446795185,16999573201162431576,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5328 /prefetch:8

C:\Users\Admin\Downloads\Curfun.exe

"C:\Users\Admin\Downloads\Curfun.exe"

C:\Users\Admin\Downloads\Curfun.exe

"C:\Users\Admin\Downloads\Curfun.exe"

C:\Users\Admin\Downloads\Curfun.exe

"C:\Users\Admin\Downloads\Curfun.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,8429111046446795185,16999573201162431576,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2016,8429111046446795185,16999573201162431576,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2784 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2016,8429111046446795185,16999573201162431576,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3392 /prefetch:8

C:\Users\Admin\Downloads\Melting.exe

"C:\Users\Admin\Downloads\Melting.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 google.com udp
GB 142.250.178.14:80 google.com tcp
GB 142.250.178.14:80 google.com tcp
US 8.8.8.8:53 www.google.com udp
GB 142.250.187.196:80 www.google.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 142.250.187.196:443 www.google.com udp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 75.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 144.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 ogs.google.com udp
US 8.8.8.8:53 apis.google.com udp
GB 142.250.187.238:443 ogs.google.com tcp
GB 142.250.200.14:443 apis.google.com tcp
US 8.8.8.8:53 ssl.gstatic.com udp
GB 172.217.169.3:443 ssl.gstatic.com tcp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 238.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 14.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 3.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 142.250.179.238:443 play.google.com tcp
GB 142.250.179.238:443 play.google.com udp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
BE 88.221.83.211:443 www.bing.com tcp
US 8.8.8.8:53 211.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 r.bing.com udp
BE 2.17.107.113:443 r.bing.com tcp
BE 2.17.107.113:443 r.bing.com tcp
BE 88.221.83.203:443 th.bing.com tcp
BE 88.221.83.203:443 th.bing.com tcp
US 8.8.8.8:53 113.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 203.83.221.88.in-addr.arpa udp
US 8.8.8.8:53 login.microsoftonline.com udp
NL 40.126.32.68:443 login.microsoftonline.com tcp
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 services.bingapis.com udp
US 13.107.5.80:443 services.bingapis.com tcp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 8.8.8.8:53 github.githubassets.com udp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 185.199.110.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 80.5.107.13.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 185.199.110.133:443 user-images.githubusercontent.com tcp
US 8.8.8.8:53 154.110.199.185.in-addr.arpa udp
US 8.8.8.8:53 133.110.199.185.in-addr.arpa udp
US 8.8.8.8:53 67.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 collector.github.com udp
US 185.199.110.154:443 github.githubassets.com tcp
US 140.82.112.22:443 collector.github.com tcp
US 8.8.8.8:53 api.github.com udp
US 140.82.112.22:443 collector.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 210.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 22.112.82.140.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 172.64.154.167:443 www2.bing.com tcp
US 172.64.154.167:443 www2.bing.com tcp
US 8.8.8.8:53 167.154.64.172.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.109.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 133.109.199.185.in-addr.arpa udp
US 8.8.8.8:53 roaming.officeapps.live.com udp
GB 52.109.32.7:443 roaming.officeapps.live.com tcp
US 8.8.8.8:53 46.28.109.52.in-addr.arpa udp
US 8.8.8.8:53 7.32.109.52.in-addr.arpa udp
US 8.8.8.8:53 104.193.132.51.in-addr.arpa udp
US 8.8.8.8:53 138.201.86.20.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 3.173.189.20.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 3a09f853479af373691d131247040276
SHA1 1b6f098e04da87e9cf2d3284943ec2144f36ac04
SHA256 a358de2c0eba30c70a56022c44a3775aa99ffa819cd7f42f7c45ac358b5e739f
SHA512 341cf0f363621ee02525cd398ae0d462319c6a80e05fd25d9aca44234c42a3071b51991d4cf102ac9d89561a1567cbe76dfeaad786a304bec33821ca77080016

\??\pipe\LOCAL\crashpad_2908_HISUHDVALZJNUECG

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 db9081c34e133c32d02f593df88f047a
SHA1 a0da007c14fd0591091924edc44bee90456700c6
SHA256 c9cd202ebb55fe8dd3e5563948bab458e947d7ba33bc0f38c6b37ce5d0bd7c3e
SHA512 12f9809958b024571891fae646208a76f3823ae333716a5cec303e15c38281db042b7acf95bc6523b6328ac9c8644794d39a0e03d9db196f156a6ee1fb4f2744

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 fb25dc3e272393e6bb3e10c9a96814c7
SHA1 a1c43f8d94be02854d56e298e9aece43e7654bab
SHA256 f078b056b40dc86de240d8c94eabd677fc03ba89aaa45f1fb2a459d0c9b5a382
SHA512 be3ee7088674b214bb60219d534596292dd76b34a63a113c5657b25555849e4a8a5ba407ac9d06bf5acae6cca5fb2fd0292891125f969abee2661f6b6c5ea1c5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 8546a8ff899713f0efe64b085c5214e5
SHA1 2bf3b99ca4d79fbb0d7d807e67fb31d3227e256a
SHA256 0d1821df33785296c4a422447a2420cfa2ace100c48745129374b28407ed1757
SHA512 423373919b9e347060b203d0b239857d85cd426366d60de0f581261bdde33554242896d2bed5fadd53d50b6d0fc78f088a8446291184d998a6d20db54ec2cc16

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 65fb1f63cce159ca2522bb92ec961431
SHA1 dc11dcd1f9a5436ef1ef3e09cdf88f86956808a3
SHA256 5733f02c86002f1c68dcd412c4edb0b8df980ff6e6a26a6e83a052bbc0dbe8cd
SHA512 07539ac85f60293c9661a18da0651380becbde20b909872dc0c2f5e2bc8d7dc6a42a2270b27eb686c4230a71ba638d14d64c87aa8c31066c3c6f5cf59724f5de

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 0855897301867f9268620e45bd9a0adb
SHA1 997267a1c49e64d0a5b0471932ffcadcb4a6257c
SHA256 2fed50ab088725368267235d500d6588742e300e1e65281471939e9e53c73f84
SHA512 9a3d855caa9e735a644eb392f007ede569e0bce905c45a2f2e2458ec59f5088d1e0f9edfda9ff090b009c77b5db6984cc2c95ed5c8bcb0ef21d5150a45fe6b92

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5ab205fb480868d6debbe4a800e69a47
SHA1 0f2abf99ba204327f27e84af2b27cc114a56bfe6
SHA256 53d1bd79820ad6fdc46bda74cca8b20218ece20340d759aa5ea0e6ed2d778022
SHA512 558aeaf734b7627180a5af34074a4c2aeb14e28d32e2b8dca74ba2e04f1579d602b0ec4074952333c39b7defe951ebedb23daeb0d7029ba7db31f38312ac681d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ca16a34a0b4da650f4d1cff261852c8e
SHA1 bfc2cb460f86eb704bd1d055c1b832379848afa7
SHA256 f1c1eecc1b636ceaf4b73a2c78509ad22d4861137b8d8b27a18335a70e5269c7
SHA512 bbfa6148d61dc603e692febb0b9364d7370e6ed2daa9730727bdc0ee97b1869eead17d0d46c42330dcb680196c045bebccef985c4b17604985761d818836346e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c2d3.TMP

MD5 979002b42b0f91761ee5c7e5a5f26c4c
SHA1 9d7d2f1547350ae2ad6c85ca38f2e73013a81bb1
SHA256 f0aec0e8af79d28ea0f883995b260ed4bb53d9e86e3ae17e9453aa95757fbdd5
SHA512 343f6fb33ee1c1f8f75ddb80141602d3bdf7968cd1d7fbf0959d23dea04845db508f08a2db1e6265c725ee7f9f6368300b21bfc3813474611b7ea27aee74d2cd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 02fcd53a2283db38ae79fec6ebf8451f
SHA1 a8524da48f2b8414e352a09e40352ed7ef32dfb8
SHA256 42176ebc7394742139bbcf5e025c2a3cb3c005f8ee22579fc11fe18ec35e738c
SHA512 30b4dfefdfade285279db63457a4400007985c218c429556225495deb6cffb9c3ea073d2e17b5eee0950384720cd6e947f5147a335ac62172578d977709cf0af

C:\Users\Admin\Downloads\metrofax.doc

MD5 28e855032f83adbd2d8499af6d2d0e22
SHA1 6b590325e2e465d9762fa5d1877846667268558a
SHA256 b13b29772c29ccb412d6ab360ff38525836fcf0f65be637a7945a83a446dfd5e
SHA512 e401cbd41e044ff7d557f57960d50fb821244eaa97ce1218191d58e0935f6c069e6a0ff4788ed91ead279f36ba4eddfaa08dc3de01082c41dc9c2fc3c4b0ae34

memory/5188-460-0x00007FFE04150000-0x00007FFE04160000-memory.dmp

memory/5188-461-0x00007FFE04150000-0x00007FFE04160000-memory.dmp

memory/5188-462-0x00007FFE04150000-0x00007FFE04160000-memory.dmp

memory/5188-463-0x00007FFE04150000-0x00007FFE04160000-memory.dmp

memory/5188-464-0x00007FFE04150000-0x00007FFE04160000-memory.dmp

memory/5188-478-0x00007FFE01D10000-0x00007FFE01D20000-memory.dmp

memory/2752-480-0x00007FFE01D10000-0x00007FFE01D20000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat

MD5 74635f6e5554ebd726fdca0c002dbee2
SHA1 278e66625144f9d89050b0bedb482a68855b97d4
SHA256 483e814b8f7ff4423f67f93987147b151908e1eef88479b67d4c7c69e5444424
SHA512 bb5dfc5a78b97bd7a5bc0bfe1083b1f03b5592543abf9ce00a7a36c84fb540ddfb1c8ec8994f7e6eabc30b6de896414d171d7eb3c0735ee9708093162fd17f34

C:\Users\Admin\Downloads\~$trofax.doc

MD5 c9b7e6fe93c14c097bf6a47fe01b2576
SHA1 2d31da6a67db7d77fe6971ceef1069e89863b3ce
SHA256 b899340bc91b93a30b053b9694edd68a8ae3e8b21f7b11cb90f8156584dc6ecf
SHA512 bce0b8b2ad062029a67dba867e2bf75d7214772a8885d595e17c5a7680228a2536401ccca151528f129f0c6326053c58323411eb6197fac54b6b02319ea47144

C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

MD5 40aa1a4d21d8eb0222f68dc318284fd6
SHA1 5539147ba982ba900078bb144167a8ef0c030f81
SHA256 5503c8b16d6db7f194f7af3b8bb974619269be05c67c0f041aad32124b997f13
SHA512 3f205923a59b666014a0d75f60fc5fadeec0be3330c2e692892132096c55c9a6fe4517fa90975cca794827c7176a8b41a624e01c799d294027ae70608fbb500c

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\FFDD2894.emf

MD5 0ed5bc16545d23c325d756013579a697
SHA1 dcdde3196414a743177131d7d906cb67315d88e7
SHA256 3e430584cd9774ea3b21d8e19b485b48212fe356776158dd5f3c5f63a5bde7d3
SHA512 c93072d11058fa50e3b09ff4da9f3dbe2637c2b5df05e616bd8ddd04557ea1e8b0db106b1545fad334619118c467776f81cf97ca52d3f2fcbbe007f30032b8af

C:\Users\Admin\AppData\Local\Temp\vbhja.rtf

MD5 b3155199e8b1c0ef7d7f815198187138
SHA1 99689711af668fb92e67b7d081504870cd1709dc
SHA256 c1a6e396ad3735d1a38eadc8e15be0c506c7f2bfd82f3ece39e9bb8db97cc7a4
SHA512 0b13321930150b32dcbe1654ab8333eed9e9a631f50b84e8820f99a649281775e9295d9dc6c4bcec277ea1a43e319bbcc1c41f3dc0db498b41ae91fe49cb5729

C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\49dbe2955480c7f6ef8cec9c4320c9868d9293fd.tbres

MD5 b5333bc7da574e708d4de068d58a5619
SHA1 960673259c6e3079854aae08558dfee496f9567f
SHA256 76bb0e33bcfefa49842c948e304a47a3fd1135e9cc5a2ccd0f6d6965a560e25f
SHA512 b844349bd871768e348aea33a7b103961547130061b9de7e6dff046b9d1a94aaef4f469f59c09f57598d7b6757fa89b83c806b9c949ed206dbd395b7397b8d40

C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\089d66ba04a8cec4bdc5267f42f39cf84278bb67.tbres

MD5 ab2fbb7eafc21557e18f6ec78fd5f6de
SHA1 f3ff3b475cfc1a58da34c29f2bee04c1bd831d10
SHA256 d3fb3a9271501d00babeed5dc282f6aa57912aee8e6179482810553e43782af1
SHA512 9dc303b7eed0fd7e52a1bf322a4671138f1da22c7bbe1d329cac17359979e849f6e2a2ec24583464e304def30eef8a33657f98bcb71380068852bb4438d9e000

C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\4DCB178A-663D-45A6-8BF1-97D008269807

MD5 90bed0c9f80259ea6d3ada68f97fc620
SHA1 c7d7193aea13188a23087a4afcefb6f2814b9e1d
SHA256 256a760b6e9ff95c7043ee314556f53778a2a2ac8cc1892287f132ac7f19e532
SHA512 0c56e226c06d9131052fb7c924481477a51bfde3a451e8b8acc783ebae7fa3b639ba1e89e371e443cb117245456d25b627dcb49ab4aa9b60d8016b0388a2b305

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Content.Word\~WRC0001.tmp

MD5 76cf580647cd5f0208a3492f5a70de90
SHA1 fbbf83c589fe65293fadbc39ea5e795b5c3e87c7
SHA256 d75879e0ed96c7134cf7164dadf08d239cb486440ff497a7f353a9136660ce02
SHA512 c6d49d8b16438a34a6c4c0f7ae435d8a8ac5696f0d0e85d9f9df6b0a48539923244b59c0327664c9392a29309368d5340521e087d8f2cf1d329630251c386c16

C:\Users\Admin\AppData\Local\Microsoft\Office\OTele\winword.exe.db-wal

MD5 8a3cfe315323df7a906458082c7b7da7
SHA1 e501ed9d566e340456afea94ca8fdacfd601e457
SHA256 92ea19db10ab0fd4019b218b9f9da3b45fc526a783fa04d2309579efbf2e2ef4
SHA512 3d029dd7c1966b915cba5b13147b2136ce6ba0108e473cfb7f0fe86f7255ce885e9b7f50a7ca63a9b3514d7710afe4d18af5e1837dcde5af20c39d7cce3014eb

C:\Users\Admin\AppData\Local\Microsoft\Office\DLP\mip\logs\mip_sdk.miplog

MD5 1643f5620794ed41720974c12da663bc
SHA1 fdfbe320480912ffb96a98d3b3c85cbca12fa5bf
SHA256 75cda59a90f13d0f6049f183e63f5ea6a173c3b5c13e09c4ba89ab919c6b7b65
SHA512 a5e4cf790b4e8d1a3ef8765856c1399ba8350653b8339601e707f754e18c65fdaf61ae3ef7b49e075476ad1898c3bd100dfbcbe3193dadc51eb403b1265b89d1

C:\Users\Admin\AppData\Local\Microsoft\Office\OTele\winword.exe.db-wal

MD5 2db5421b53665509319947a178e13fa3
SHA1 07c0530e36472928adaf12db818db17b9d1de486
SHA256 af4a34120de264f4af38c4b2d2840cf93b2358af3382fc7daeae1b2773e26e0b
SHA512 98c98ee6400cbfed42a57dbe384b8705365ffb54d3516a1d7cdd0f9d01249650ef88de0ae6a68e68b70b54910e0e96a8a981b4034b2948eeb7b93cd39f9bda40

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d2a13aa79361c44a137ea35820e68f87
SHA1 bf921c0fa6cf0cd75cbb48dd97e163140aefde23
SHA256 f498cd5f0275ae8388f20cdde6f8c6f5a48185668b0fccd6a0482cf49fc38336
SHA512 051c5db6d2c9e141105faf2cf33d75244615f856f4ab62df4129c5e5fa538e4dbd21d0774e627bb8776a7735b47bc663c0088d8870e4f1993e5091323591f2fb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c145d1106f274a013116cbb33872e57e
SHA1 da19fb28371f183dfe2058e149501bfc8869cfc6
SHA256 f4cc45ede71533de93c4d4b8f50ef64eb36150293651ff2a4e6aa92fd8f3335e
SHA512 383bd52223bf8a3b9cdb2b3da0cfaf9d54968f302d5b38227586d671ed9d2ae9db05cd92872739db2eead8cbe98e088fb49e4673d65c9e2860ec689494683ce7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 88ec5156a898aeef4202023b55ff1928
SHA1 caf38b8873bdd8fd6d8ec34fc0af4e73da377af7
SHA256 a9bce31ce8ad06a9ece606007f315546e2881998721a94a0e78ac08606bbde47
SHA512 8030dd76bad02b648af58d4e6b8a6da3b7e4f4c373f41e42335166b1052b3d1f8f3915ff44fea5c3350b1ff147558647f0a49725400b751c32d5d2899454a9e0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 dd658b2c8822f23df483348e726e2410
SHA1 2e5daec1b43e658fddca9d43fb0239ff663305e6
SHA256 daa1405b1ca160dc60d585c95267d4c6e803ecec2ef2d7b38b655f32df1a1d43
SHA512 834d017d9da7066b50fcd7725f9db8218f6b9abda1dcbc6b6c458fa139705533ae9e399996d214eb6a8aa83ac5141ea03f6334af387bb2c3659795a514d8f5cd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_6372E0472AFF76BB926C97818BC773B9

MD5 82540c9cd5a887a5cd58f3d183b69d1f
SHA1 ada91f717966c800c8c26ee3c0b6c95c63e1f4b0
SHA256 9b43b6258227a4a4f3db2ecf0599c0072f802f5db12232b46dd5f3df01142b1a
SHA512 e672001b1ceded517f46e97a55d10d39cc8744aa19436616dff86dd247f0963bd3e3287f9a277f5d6b837a58694bd9a27928d4cafbcaca9082c9e66285a6786a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_6372E0472AFF76BB926C97818BC773B9

MD5 601eee9665ecb95256d9707f12766579
SHA1 4399ed73728074dc39f0e0266d480f2cc6a69627
SHA256 d72216945571a2f8d29dccdfd1904af6d8853f8501423ea31ca30fde7b9a3cc3
SHA512 2abfdd9f530eae9fb7b75ab2ed170d9ebb3ee173291e8c22e87f13d7c4b8010e622d22b068027d09598e414cf3bb45341a59573d75442898de73f7b5b494c33e

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms

MD5 b664acf1b58f4045131941df7ed26a8f
SHA1 bd0a079b853ca4af3e3738ea79a4f46b015ef641
SHA256 e57e27b236800527a64c74861adcd47426e39a32b1acd88421cdca84a603b9de
SHA512 57032b6cc440dbbc993a8dfe6fba90d682d1aabc206471539f54f873e6a23cab2023e0fe2543cc18484933a4643e2bfb743d7260750bd76d851a97a74a16e86c

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms

MD5 3ac97cd1df38633559566263ad3051fc
SHA1 c05f33600292e98f774c0d50df4c4a04c963bc8e
SHA256 bcb800bae26b0d2c17be4954c9d35bf8067b82995cd4ca66bfff547de0644be8
SHA512 fc661cf6e3668f004430066c759551c87aa388c2a35d542a95526b0bcb3765725ac6849b41768bb167d6609790fd33e2ce58b3b7ef8c06a68173fecc1bf8ada6

memory/2880-694-0x00007FFE04150000-0x00007FFE04160000-memory.dmp

memory/2880-697-0x00007FFE04150000-0x00007FFE04160000-memory.dmp

memory/2880-696-0x00007FFE04150000-0x00007FFE04160000-memory.dmp

memory/2880-695-0x00007FFE04150000-0x00007FFE04160000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\Floodgate\Word.SurveyHistoryStats.json

MD5 6ca4960355e4951c72aa5f6364e459d5
SHA1 2fd90b4ec32804dff7a41b6e63c8b0a40b592113
SHA256 88301f0b7e96132a2699a8bce47d120855c7f0a37054540019e3204d6bcbaba3
SHA512 8544cd778717788b7484faf2001f463320a357db63cb72715c1395ef19d32eec4278bab07f15de3f4fed6af7e4f96c41908a0c45be94d5cdd8121877eccf310d

C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\Floodgate\Word.CampaignStates.json

MD5 f1b59332b953b3c99b3c95a44249c0d2
SHA1 1b16a2ca32bf8481e18ff8b7365229b598908991
SHA256 138e49660d259061d8152137abd8829acdfb78b69179890beb489fe3ffe23e0c
SHA512 3c1f99ecc394df3741be875fbe8d95e249d1d9ac220805794a22caf81620d5fdd3cce19260d94c0829b3160b28a2b4042e46b56398e60f72134e49254e9679a4

C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\Floodgate\Word.Settings.json

MD5 e4e83f8123e9740b8aa3c3dfa77c1c04
SHA1 5281eae96efde7b0e16a1d977f005f0d3bd7aad0
SHA256 6034f27b0823b2a6a76fe296e851939fd05324d0af9d55f249c79af118b0eb31
SHA512 bd6b33fd2bbce4a46991bc0d877695d16f7e60b1959a0defc79b627e569e5c6cac7b4ad4e3e1d8389a08584602a51cf84d44cf247f03beb95f7d307fbba12bb9

C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\Floodgate\Word.GovernedChannelStates.json

MD5 c56ff60fbd601e84edd5a0ff1010d584
SHA1 342abb130dabeacde1d8ced806d67a3aef00a749
SHA256 200e8cc8dd12e22c9720be73092eafb620435d4569dbdcdba9404ace2aa4343c
SHA512 acd2054fddb33b55b58b870edd4eb6a3cdd3131dfe6139cb3d27054ac2b2a460694c9be9c2a1da0f85606e95e7f393cf16868b6c654e78a664799bc3418da86e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 6317c4af800273776d753c5e278dbf7f
SHA1 fd6b2b9c9e1cd6f75b8016ae6acfeff5367f231f
SHA256 c89418cc609c1005ccadc8f06e10472cd52860f848d5ebb2189f4dfcc47f75f4
SHA512 c863ec704c8829f98f2909fda632aa353ccd6db798ddc4e47894651e05572a32adea8c7c8192c0419c1ee13c99378ee3b16991b18656151f6955964b4a884357

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 4b52a17369999955cfd8ba6afc776ea5
SHA1 4c3c1086c39c074da1e949f094a15b555acdaf3e
SHA256 f121c0fe2e3b54e869e685e3b409375abef83dfc4f55e632ef6336c08714f0f5
SHA512 c182239e89fb04677e9a4a978a6f32c4afd0f552b3784b8a52dd3b8a89a6416e6e52ff00a4e56389e6eca3c0c160594198d45abd044e9a2ae6bc7f4ad537db85

C:\Users\Admin\Downloads\Unconfirmed 857584.crdownload

MD5 20d2c71d6d9daf4499ffc4a5d164f1c3
SHA1 38e5dcd93f25386d05a34a5b26d3fba1bf02f7c8
SHA256 3ac8cc58dcbceaec3dab046aea050357e0e2248d30b0804c738c9a5b037c220d
SHA512 8ffd56fb3538eb60da2dde9e3d6eee0dac8419c61532e9127f47c4351b6e53e01143af92b2e26b521e23cdbbf15d7a358d3757431e572e37a1eede57c7d39704

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 55a097749a4c3f409379b691d51dee33
SHA1 abaf2bac8a5bf8707cb4b36e086ffd9c83b58fdc
SHA256 bda151921392513247f711c2dea6f1186c2d86b4269102354157dfebc8a37b60
SHA512 bd277f25277d1406afc129441a8bb1a59b3ce9cc2fd2705de968acd93176a97ed3b78d55b96e1b042876493a8af5f960171b920d4bd374e04e3e5c08493a9cf0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 829558f597477c9bafe49aec58071d20
SHA1 7d42af673cb53a008af09ba2e9b1fca82d2e2190
SHA256 2b2d009439a8ca744c2849b0719c7a2475264950892d93987ab6eb11c09c410d
SHA512 c9ac91089c9fc6e52d44c65b7727c2e1e844e1b89ab62d85ff03cd419ece50ddf02b738cebc1e87ca7ede83361679f2f5120e7c74aba4b19c7b59b789d58e3bc

memory/3512-861-0x0000000000400000-0x00000000004A6000-memory.dmp

memory/5844-862-0x0000000000400000-0x00000000004A6000-memory.dmp

memory/4968-866-0x0000000000400000-0x00000000004A6000-memory.dmp

memory/4740-867-0x0000000000400000-0x00000000004A6000-memory.dmp

memory/5536-868-0x0000000000400000-0x00000000004A6000-memory.dmp

memory/5232-875-0x0000000000400000-0x00000000004A6000-memory.dmp

memory/956-881-0x0000000000400000-0x00000000004A6000-memory.dmp

memory/4620-884-0x0000000000400000-0x00000000004A6000-memory.dmp

memory/4192-883-0x0000000000400000-0x00000000004A6000-memory.dmp

memory/5144-882-0x0000000000400000-0x00000000004A6000-memory.dmp

memory/3172-880-0x0000000000400000-0x00000000004A6000-memory.dmp

memory/2696-879-0x0000000000400000-0x00000000004A6000-memory.dmp

memory/1420-878-0x0000000000400000-0x00000000004A6000-memory.dmp

memory/6096-877-0x0000000000400000-0x00000000004A6000-memory.dmp

memory/5284-876-0x0000000000400000-0x00000000004A6000-memory.dmp

memory/2752-874-0x0000000000400000-0x00000000004A6000-memory.dmp

memory/4528-873-0x0000000000400000-0x00000000004A6000-memory.dmp

memory/1956-872-0x0000000000400000-0x00000000004A6000-memory.dmp

C:\Users\Admin\Downloads\Unconfirmed 782560.crdownload

MD5 6a4853cd0584dc90067e15afb43c4962
SHA1 ae59bbb123e98dc8379d08887f83d7e52b1b47fc
SHA256 ccb9502bf8ba5becf8b758ca04a5625c30b79e2d10d2677cc43ae4253e1288ec
SHA512 feb223e0de9bd64e32dc4f3227e175b58196b5e614bca8c2df0bbca2442a564e39d66bcd465154149dc7ebbd3e1ca644ed09d9a9174b52236c76e7388cb9d996

memory/2608-893-0x0000000000400000-0x00000000004A6000-memory.dmp

memory/5124-894-0x0000000000400000-0x00000000004A6000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\82df39e2-940b-4fc7-9313-af7ba01e8352.tmp

MD5 4a629530cd0ab2391fbff8f8b34ae864
SHA1 cc9c60043c9fd564fd2df902e923cc4632d11dbb
SHA256 b863016bd04950f69e8d749a1a9a1932c29b8fe8bdf0782faecd8861bd536eb5
SHA512 ad5e51252565d9d1002af329fa71677396a77d85fa329790c00f34b023913fb295cc2e7d3b49ba774d0191f0965858b0de96d84750dcaea1caa7c74c83e65d47

memory/2916-928-0x0000000000670000-0x0000000000AD4000-memory.dmp

memory/5348-937-0x000000001F820000-0x000000001F828000-memory.dmp

memory/5348-939-0x00000000218A0000-0x00000000218AE000-memory.dmp

memory/5348-938-0x00000000218D0000-0x0000000021908000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

MD5 adbd8353954edbe5e0620c5bdcad4363
SHA1 aeb5c03e8c1b8bc5d55683ea113e6ce1be7ac6e6
SHA256 64eff10c4e866930d32d4d82cc88ec0e6f851ac49164122cae1b27eb3c9d9d55
SHA512 87bf4a2dc4dd5c833d96f3f5cb0b607796414ffee36d5c167a75644bcbb02ab5159aa4aa093ed43abe290481abc01944885c68b1755d9b2c4c583fcccd041fd2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9ead4eab01c9f667aa427aa19799ad4b
SHA1 8129bd326b181ad093846a51f5de21001d90b463
SHA256 af755943283691728ce9726cea93fd4796dbf510f99ab8fda52e378c50cb4bc5
SHA512 5f118bf6575c035693fc88edded8373fa09df912f1ad003d7272ca3c6e1ff005e0939345c7ee5fead5bd6d45cda28911bed9a2439a172e1a60939694f660ce27

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 6d06ce0164b9510f8d93eeff9f15e101
SHA1 3db227a4395ad0af38f96207d65814c4539204b7
SHA256 303af9b205e2cfdc3d52a5eecc9d51f2e76e1601c93de7e74fc511edc5ef4c7e
SHA512 5a6181ae2f7235a9226b63866ebc9ff2452320867eb5b4d89972e31d3d44965304515f83089fa4d424218ab66c4eac456a4f2361bf4349ec979e5c76bdbcd707

C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML.bak

MD5 7050d5ae8acfbe560fa11073fef8185d
SHA1 5bc38e77ff06785fe0aec5a345c4ccd15752560e
SHA256 cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b
SHA512 a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

C:\Users\Admin\Downloads\Unconfirmed 121055.crdownload

MD5 bc1e7d033a999c4fd006109c24599f4d
SHA1 b927f0fc4a4232a023312198b33272e1a6d79cec
SHA256 13adae722719839af8102f98730f3af1c5a56b58069bfce8995acd2123628401
SHA512 f5d9b8c1fd9239894ec9c075542bff0bcef79871f31038e627ae257b8c1db9070f4d124448a78e60ccc8bc12f138102a54825e9d7647cd34832984c7c24a6276

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 0171a240b261fc2a80c1772ff0a8de7c
SHA1 dcbd4a4a0cb5967ea2ef06a2102eb4e4a6bf8f7f
SHA256 13f3f4d0924e79cd19340af179a3cdc8d5c264c26ce7ecf52518c824765a5807
SHA512 d73b06e73a77e3c16c6ac3a7fea94f3113e35f87d2c8fd6260633923862fee0515a4c53ba19ead9ec999520f766103122fedcb7c3ec2605d524d18c93584e5f5

memory/5212-1201-0x000000001B850000-0x000000001B8F6000-memory.dmp

memory/5212-1202-0x000000001BE00000-0x000000001C2CE000-memory.dmp

memory/1644-1203-0x000000001C480000-0x000000001C51C000-memory.dmp

memory/5212-1204-0x000000001C2D0000-0x000000001C2D8000-memory.dmp

memory/1644-1205-0x000000001C5E0000-0x000000001C62C000-memory.dmp

C:\Users\Admin\Downloads\Unconfirmed 689111.crdownload

MD5 d043ba91e42e0d9a68c9866f002e8a21
SHA1 e9f177e1c57db0a15d1dc6b3e6c866d38d85b17c
SHA256 6820c71df417e434c5ad26438c901c780fc5a80b28a466821b47d20b8424ef08
SHA512 3e9783646e652e9482b3e7648fb0a5f7c8b6c386bbc373d5670d750f6f99f6137b5501e21332411609cbcc0c20f829ab8705c2835e2756455f6754c9975ac6bd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 3fb263e94ca543a44cd7f231721dfaef
SHA1 5f5704703a7044190cd9be8ff01a369546e9f9d9
SHA256 bb193e0ba5b99828a392b50dcf81b6527940a2e3c705ef3ade7d330772245b74
SHA512 e8750c85e0695e0418d2d3b64cb28659b9df14a7a0cf3916062502e13e6b6c40b50c0da115a8a72118590cbd81825ff7e407e6b5a7d0f12703d8940b8c1d5ec8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a570b8e0cdcc8a4ccfad265cff4ac08f
SHA1 bdcf5ac6649231ca026a8feda4db64abfa22e5ec
SHA256 56414ce1563f34c334ba6eaf37ffddc7828d3cd0cc23abf712f2fc9db2dc6117
SHA512 e9bce33c2fc907ecef873eb5276bb9cf299cfe014997460136417fd55972966de9385d3c058e3ff2efa98477ff0aad6e40256109a097925e41d75a53a08038f2

C:\Users\Admin\Downloads\Unconfirmed 325940.crdownload

MD5 0b3b2dff5503cb032acd11d232a3af55
SHA1 6efc31c1d67f70cf77c319199ac39f70d5a7fa95
SHA256 ef878461a149024f3065121ff4e165731ecabef1b94b0b3ed2eda010ad39202b
SHA512 484014d65875e706f7e5e5f54c2045d620e5cce5979bf7f37b45c613e6d948719c0b8e466df5d8908706133ce4c4b71a11b804417831c9dbaf72b6854231ea17

C:\Users\Admin\Downloads\Unconfirmed 325940.crdownload:SmartScreen

MD5 4047530ecbc0170039e76fe1657bdb01
SHA1 32db7d5e662ebccdd1d71de285f907e3a1c68ac5
SHA256 82254025d1b98d60044d3aeb7c56eed7c61c07c3e30534d6e05dab9d6c326750
SHA512 8f002af3f4ed2b3dfb4ed8273318d160152da50ee4842c9f5d9915f50a3e643952494699c4258e6af993dc6e1695d0dc3db6d23f4d93c26b0bc6a20f4b4f336e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 35c05d3b045139549a5cc2a8199a3a15
SHA1 a07ddaa5b804a0c37f4f214daaca5390cc293240
SHA256 1fb8c5c3b604d8d7c653efcf361e462c5a4f95377b09086e297152e35db9645f
SHA512 3174ad16c4446d8a4d796714c3b9a9430e3d91cac54318111cab83aaf3169f6907dae536a05b45c1377ff365c7417dd114ea59c139f728c379d93caa11329a3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f468d18bbd81f37b4c0724e9bc4662c0
SHA1 b6709bd1aacf43a3e857951290109b0445f06dd4
SHA256 8ad20deafc2d7b4b93dd1e236fb983d02ed2c1ab5e4b8fa3cd7026dc025bce48
SHA512 f22237a6421ac38bf8e00c5fcdf469b9f09b5427abfedfd26f83979dde56665d8f876ec7882aa079bedde490876f1210ef3b2565615d31c71b3a5e1fabe1b325

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 400b70e4f6e888caf6cfcf8530e11681
SHA1 2d09d23f7fcd098aa04e27accb97bfe5a6002787
SHA256 c1712bd1731d7359a58e59d3693e2bc4d799e2e2fb7bcce0e26c02feb6ec1ef0
SHA512 469791592c80e42b9ea711017721264781056a0ffb14867b2819dde3e0d1e77450e799d2645d89489031ec12c62bacdd570ddd8eb5fc58d5512a4e54e56dcebc

C:\Users\Admin\Downloads\Melting.exe

MD5 833619a4c9e8c808f092bf477af62618
SHA1 b4a0efa26f790e991cb17542c8e6aeb5030d1ebf
SHA256 92a284981c7ca33f1af45ce61738479fbcbb5a4111f5498e2cb54931c8a36c76
SHA512 4f231fc16339d568b5cf9353133aeae835eb262dab68bc80d92f37b43df64dce4fae0e913cbaa3bb61351a759aeecf9d280bc5779b0853c980559a654d6cca11

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 dca37a663d1973d322958b2984f5c318
SHA1 34b386be28a9c5c7bddf1b7343a0fffec770e1e4
SHA256 2cebb64af7d786812dc991dfabc275fe93def7446f44cfddb7add591283641ad
SHA512 c8db756764db0e1d8ce6c0b4a1469e12c670187c4cbba76ee899983cb24504dda3daf74aef33348081700f3b6c94c2167bf0830aba38ae79060af0025aa0c2ce