Malware Analysis Report

2025-03-15 04:06

Sample ID 240827-t5c47sscrq
Target https://pastelink.net/ndnztegi
Tags
discovery motw phishing
score
6/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
6/10

Threat Level: Shows suspicious behavior

The file https://pastelink.net/ndnztegi was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery motw phishing

Mark of the Web detected: This indicates that the page was originally saved or cloned.

Probable phishing domain

Browser Information Discovery

Suspicious behavior: AddClipboardFormatListener

Suspicious use of SendNotifyMessage

NTFS ADS

Modifies registry class

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Enumerates system info in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-27 16:38

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-27 16:38

Reported

2024-08-27 16:43

Platform

win11-20240802-en

Max time kernel

257s

Max time network

303s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pastelink.net/ndnztegi

Signatures

Mark of the Web detected: This indicates that the page was originally saved or cloned.

phishing motw
Description Indicator Process Target
N/A https://storage.googleapis.com/script.aniview.com/ssync/62f53b2c7850d0786f227f64/ssync.html N/A N/A

Probable phishing domain

Description Indicator Process Target
HTTP URL https://upfiles.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=8b9d7e223f0562ce N/A N/A
HTTP URL https://plknu.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=8b9d7e4ebec36a61 N/A N/A

Browser Information Discovery

discovery

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\004-TO-006-AUG-19TH-2024.txt:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\004to006-AUG-19th-2024.rar:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: 33 N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
Token: 33 N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
Token: 33 N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3948 wrote to memory of 4084 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3948 wrote to memory of 4084 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3948 wrote to memory of 5240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3948 wrote to memory of 5240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3948 wrote to memory of 5240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3948 wrote to memory of 5240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3948 wrote to memory of 5240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3948 wrote to memory of 5240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3948 wrote to memory of 5240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3948 wrote to memory of 5240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3948 wrote to memory of 5240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3948 wrote to memory of 5240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3948 wrote to memory of 5240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3948 wrote to memory of 5240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3948 wrote to memory of 5240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3948 wrote to memory of 5240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3948 wrote to memory of 5240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3948 wrote to memory of 5240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3948 wrote to memory of 5240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3948 wrote to memory of 5240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3948 wrote to memory of 5240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3948 wrote to memory of 5240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3948 wrote to memory of 5240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3948 wrote to memory of 5240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3948 wrote to memory of 5240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3948 wrote to memory of 5240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3948 wrote to memory of 5240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3948 wrote to memory of 5240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3948 wrote to memory of 5240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3948 wrote to memory of 5240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3948 wrote to memory of 5240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3948 wrote to memory of 5240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3948 wrote to memory of 5240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3948 wrote to memory of 5240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3948 wrote to memory of 5240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3948 wrote to memory of 5240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3948 wrote to memory of 5240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3948 wrote to memory of 5240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3948 wrote to memory of 5240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3948 wrote to memory of 5240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3948 wrote to memory of 5240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3948 wrote to memory of 5240 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3948 wrote to memory of 3464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3948 wrote to memory of 3464 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3948 wrote to memory of 2392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3948 wrote to memory of 2392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3948 wrote to memory of 2392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3948 wrote to memory of 2392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3948 wrote to memory of 2392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3948 wrote to memory of 2392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3948 wrote to memory of 2392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3948 wrote to memory of 2392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3948 wrote to memory of 2392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3948 wrote to memory of 2392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3948 wrote to memory of 2392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3948 wrote to memory of 2392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3948 wrote to memory of 2392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3948 wrote to memory of 2392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3948 wrote to memory of 2392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3948 wrote to memory of 2392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3948 wrote to memory of 2392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3948 wrote to memory of 2392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3948 wrote to memory of 2392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 3948 wrote to memory of 2392 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pastelink.net/ndnztegi

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffda48f3cb8,0x7ffda48f3cc8,0x7ffda48f3cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,3271471540274651287,17106318175683237297,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1904 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1884,3271471540274651287,17106318175683237297,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2316 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1884,3271471540274651287,17106318175683237297,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2548 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3271471540274651287,17106318175683237297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3271471540274651287,17106318175683237297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3271471540274651287,17106318175683237297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3271471540274651287,17106318175683237297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3271471540274651287,17106318175683237297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1884,3271471540274651287,17106318175683237297,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5144 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3271471540274651287,17106318175683237297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3271471540274651287,17106318175683237297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3271471540274651287,17106318175683237297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5980 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3271471540274651287,17106318175683237297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5988 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3271471540274651287,17106318175683237297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6288 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3271471540274651287,17106318175683237297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6296 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3271471540274651287,17106318175683237297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6700 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3271471540274651287,17106318175683237297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6616 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3271471540274651287,17106318175683237297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6924 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3271471540274651287,17106318175683237297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3271471540274651287,17106318175683237297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6876 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3271471540274651287,17106318175683237297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7624 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3271471540274651287,17106318175683237297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7812 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3271471540274651287,17106318175683237297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7968 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3271471540274651287,17106318175683237297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8172 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3271471540274651287,17106318175683237297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8144 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3271471540274651287,17106318175683237297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8464 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3271471540274651287,17106318175683237297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8820 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3271471540274651287,17106318175683237297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8992 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3271471540274651287,17106318175683237297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9188 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3271471540274651287,17106318175683237297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9384 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3271471540274651287,17106318175683237297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3271471540274651287,17106318175683237297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7424 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3271471540274651287,17106318175683237297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7356 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3271471540274651287,17106318175683237297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9644 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3271471540274651287,17106318175683237297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9888 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3271471540274651287,17106318175683237297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9360 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3271471540274651287,17106318175683237297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10352 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3271471540274651287,17106318175683237297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10824 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1884,3271471540274651287,17106318175683237297,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7892 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3271471540274651287,17106318175683237297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8220 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3271471540274651287,17106318175683237297,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9548 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3271471540274651287,17106318175683237297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10908 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3271471540274651287,17106318175683237297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6552 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3271471540274651287,17106318175683237297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3271471540274651287,17106318175683237297,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3804 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3271471540274651287,17106318175683237297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8680 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3271471540274651287,17106318175683237297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3271471540274651287,17106318175683237297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6320 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3271471540274651287,17106318175683237297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9068 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3271471540274651287,17106318175683237297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6380 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3271471540274651287,17106318175683237297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10736 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3271471540274651287,17106318175683237297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3271471540274651287,17106318175683237297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9552 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3271471540274651287,17106318175683237297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3271471540274651287,17106318175683237297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1280 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3271471540274651287,17106318175683237297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3271471540274651287,17106318175683237297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9736 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3271471540274651287,17106318175683237297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3271471540274651287,17106318175683237297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7136 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3271471540274651287,17106318175683237297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6436 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3271471540274651287,17106318175683237297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10556 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3271471540274651287,17106318175683237297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9160 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1884,3271471540274651287,17106318175683237297,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9040 /prefetch:8

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\004-TO-006-AUG-19TH-2024.txt

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3271471540274651287,17106318175683237297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11220 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3271471540274651287,17106318175683237297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11172 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3271471540274651287,17106318175683237297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8296 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3271471540274651287,17106318175683237297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10056 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3271471540274651287,17106318175683237297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8944 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1884,3271471540274651287,17106318175683237297,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4760 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3271471540274651287,17106318175683237297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7064 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,3271471540274651287,17106318175683237297,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,3271471540274651287,17106318175683237297,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6900 /prefetch:2

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1884,3271471540274651287,17106318175683237297,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5092 /prefetch:8

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\004to006-AUG-19th-2024\" -spe -an -ai#7zMap5408:106:7zEvent24836

C:\Program Files\VideoLAN\VLC\vlc.exe

"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Downloads\004to006-AUG-19th-2024\004-AUG-19TH.mp4"

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x00000000000004E0 0x00000000000004CC

C:\Program Files\VideoLAN\VLC\vlc.exe

"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Downloads\004to006-AUG-19th-2024\005-AUG-19TH.mp4"

C:\Program Files\VideoLAN\VLC\vlc.exe

"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Downloads\004to006-AUG-19th-2024\006-AUG-19TH.mp4"

Network

Country Destination Domain Proto
US 8.8.8.8:53 pastelink.net udp
GB 88.208.215.108:443 pastelink.net tcp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
US 8.8.8.8:53 240.143.123.92.in-addr.arpa udp
US 104.18.95.41:443 challenges.cloudflare.com tcp
GB 159.65.211.77:443 cdn4.buysellads.net tcp
GB 173.222.211.8:80 apps.identrust.com tcp
US 104.22.74.216:443 btloader.com tcp
FR 216.58.215.34:443 securepubads.g.doubleclick.net tcp
FR 216.58.215.34:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 174.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 34.215.58.216.in-addr.arpa udp
FR 172.217.20.206:443 fundingchoicesmessages.google.com tcp
FR 172.217.20.206:443 fundingchoicesmessages.google.com udp
US 8.8.8.8:53 ads.servenobid.com udp
US 8.8.8.8:53 bidder.criteo.com udp
US 8.8.8.8:53 ib.adnxs.com udp
US 8.8.8.8:53 script.4dex.io udp
US 8.8.8.8:53 fastlane.rubiconproject.com udp
US 8.8.8.8:53 onetag-sys.com udp
US 8.8.8.8:53 hbopenbid.pubmatic.com udp
US 8.8.8.8:53 pbjs.e-planning.net udp
US 8.8.8.8:53 rt.marphezis.com udp
US 8.8.8.8:53 exchange.cootlogix.com udp
US 8.8.8.8:53 mp.4dex.io udp
US 34.120.63.153:443 prebid.media.net tcp
NL 81.17.55.113:443 prg.smartadserver.com tcp
NL 178.250.1.8:443 bidder.criteo.com tcp
DE 37.252.171.52:443 ib.adnxs.com tcp
IE 52.210.109.232:443 ads.servenobid.com tcp
GB 159.65.211.77:443 srv.buysellads.com tcp
NL 193.3.178.4:443 pbjs.e-planning.net tcp
US 104.26.9.169:443 script.4dex.io tcp
DE 51.89.9.252:443 onetag-sys.com tcp
FR 185.255.84.150:443 hb-api.omnitagjs.com tcp
NL 188.166.203.175:443 rt.marphezis.com tcp
US 137.184.76.2:443 exchange.cootlogix.com tcp
NL 185.64.189.112:443 hbopenbid.pubmatic.com tcp
US 172.64.153.78:443 mp.4dex.io tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
US 35.241.34.106:443 c.4dex.io tcp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 8.8.8.8:53 112.189.64.185.in-addr.arpa udp
US 8.8.8.8:53 2.76.184.137.in-addr.arpa udp
US 8.8.8.8:53 78.153.64.172.in-addr.arpa udp
US 8.8.8.8:53 139.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 106.34.241.35.in-addr.arpa udp
US 8.8.8.8:53 48.230.164.3.in-addr.arpa udp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
FR 216.58.214.66:443 ep1.adtrafficquality.google tcp
FR 142.250.179.65:443 732ed511a0dbc98c1a1cb65228e18592.safeframe.googlesyndication.com tcp
US 35.241.34.106:443 c.4dex.io udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
N/A 224.0.0.251:5353 udp
FR 142.250.179.97:443 ep2.adtrafficquality.google tcp
NL 81.17.55.113:443 prg.smartadserver.com tcp
NL 81.17.55.113:443 prg.smartadserver.com tcp
NL 81.17.55.113:443 prg.smartadserver.com tcp
DE 51.89.9.252:443 onetag-sys.com udp
US 34.120.63.153:443 prebid.media.net udp
FR 178.250.7.2:443 static.criteo.net tcp
FR 142.250.178.129:443 tpc.googlesyndication.com tcp
FR 142.250.179.68:443 www.google.com tcp
FR 216.58.214.161:443 cdn.ampproject.org tcp
FR 216.58.214.161:443 cdn.ampproject.org tcp
FR 216.58.214.161:443 cdn.ampproject.org tcp
FR 216.58.214.161:443 cdn.ampproject.org tcp
FR 216.58.214.161:443 cdn.ampproject.org tcp
FR 142.250.178.129:443 tpc.googlesyndication.com udp
GB 95.100.244.20:443 contextual.media.net tcp
GB 2.18.190.141:443 hb.trustedstack.com tcp
GB 2.18.108.192:443 ads.pubmatic.com tcp
GB 95.100.245.251:443 eus.rubiconproject.com tcp
GB 95.100.245.251:443 eus.rubiconproject.com tcp
US 151.101.1.108:443 acdn.adnxs.com tcp
US 159.223.152.254:443 sync.cootlogix.com tcp
FR 185.255.84.153:443 visitor.omnitagjs.com tcp
FR 216.58.214.162:443 googleads.g.doubleclick.net tcp
FR 142.250.178.129:443 tpc.googlesyndication.com udp
FR 142.250.179.68:443 www.google.com udp
FR 142.250.179.68:443 www.google.com tcp
SE 108.157.229.103:443 public.servenobid.com tcp
SE 108.157.214.74:443 eu-west-1-cs-rtb.openwebmp.com tcp
US 104.17.44.93:443 gum.aidemsrv.com tcp
GB 23.214.129.249:443 secure-assets.rubiconproject.com tcp
US 35.168.53.250:443 cs-server-s2s.yellowblue.io tcp
FR 216.58.214.162:443 googleads.g.doubleclick.net udp
US 67.202.105.24:443 pixel.33across.com tcp
GB 92.123.143.216:443 player.aniview.com tcp
NL 89.149.193.85:443 ssbsync.smartadserver.com tcp
NL 185.89.210.141:443 secure.adnxs.com tcp
NL 185.89.210.141:443 secure.adnxs.com tcp
US 54.243.98.238:443 api-2-0.spot.im tcp
NL 185.184.8.90:443 creativecdn.com tcp
DE 162.55.236.225:443 sync.richaudience.com tcp
IE 52.212.66.79:443 match.prod.bidr.io tcp
US 15.197.193.217:443 match.adsrvr.org tcp
NL 178.250.1.9:443 dis.criteo.com tcp
NL 46.228.174.117:443 sync.1rx.io tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
IE 52.210.249.45:443 g2.gumgum.com tcp
US 67.202.105.23:443 pixel.33across.com tcp
NL 89.149.193.85:443 ssbsync.smartadserver.com tcp
US 172.64.151.101:443 ssum-sec.casalemedia.com tcp
GB 23.214.129.249:443 secure-assets.rubiconproject.com tcp
US 35.168.53.250:443 cs-server-s2s.yellowblue.io tcp
US 172.64.145.29:443 cdn.dxkulture.com tcp
NL 69.173.156.149:443 token.rubiconproject.com tcp
NL 46.228.174.117:443 sync.1rx.io tcp
US 69.166.1.35:443 sync.go.sonobi.com tcp
IE 54.75.158.40:443 ce.lijit.com tcp
NL 145.40.97.77:443 prebid.a-mo.net tcp
US 54.209.247.102:443 ssp.disqus.com tcp
DE 18.184.119.72:443 match.sharethrough.com tcp
IE 18.203.117.181:443 ap.lijit.com tcp
NL 35.214.199.88:443 rtb.mfadsrvr.com tcp
NL 193.0.160.131:443 p.rfihub.com tcp
GB 95.100.244.20:443 contextual.media.net tcp
US 8.8.8.8:53 90.8.184.185.in-addr.arpa udp
US 8.8.8.8:53 225.236.55.162.in-addr.arpa udp
US 8.8.8.8:53 79.66.212.52.in-addr.arpa udp
US 8.8.8.8:53 217.193.197.15.in-addr.arpa udp
US 8.8.8.8:53 9.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 117.174.228.46.in-addr.arpa udp
US 8.8.8.8:53 91.149.214.35.in-addr.arpa udp
US 8.8.8.8:53 45.249.210.52.in-addr.arpa udp
US 8.8.8.8:53 101.151.64.172.in-addr.arpa udp
US 8.8.8.8:53 23.105.202.67.in-addr.arpa udp
US 8.8.8.8:53 29.145.64.172.in-addr.arpa udp
US 8.8.8.8:53 149.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 35.1.166.69.in-addr.arpa udp
US 64.74.236.63:443 b1sync.zemanta.com tcp
US 64.74.236.63:443 b1sync.zemanta.com tcp
US 34.96.71.22:443 s.company-target.com tcp
NL 35.214.249.215:443 csync.loopme.me tcp
DK 37.157.3.26:443 c1.adform.net tcp
NL 198.47.127.18:443 image8.pubmatic.com tcp
US 54.204.207.243:443 sync.srv.stackadapt.com tcp
NL 69.173.156.149:443 token.rubiconproject.com tcp
NL 35.214.199.88:443 rtb.mfadsrvr.com tcp
US 172.240.45.78:443 sync.aniview.com tcp
US 172.67.71.221:443 upfiles.com tcp
US 172.67.71.221:443 upfiles.com tcp
US 172.111.38.54:443 tracker.open-adsyield.com tcp
DK 37.157.3.26:443 c1.adform.net tcp
IE 54.171.130.238:443 jadserve.postrelease.com tcp
FR 172.217.20.162:443 cm.g.doubleclick.net tcp
JP 124.146.153.167:443 tg.socdm.com tcp
US 192.132.33.69:443 bttrack.com tcp
US 35.244.174.68:443 id.rlcdn.com tcp
US 8.8.8.8:53 88.199.214.35.in-addr.arpa udp
US 8.8.8.8:53 181.117.203.18.in-addr.arpa udp
US 8.8.8.8:53 131.160.0.193.in-addr.arpa udp
US 8.8.8.8:53 63.236.74.64.in-addr.arpa udp
US 8.8.8.8:53 22.71.96.34.in-addr.arpa udp
US 8.8.8.8:53 215.249.214.35.in-addr.arpa udp
US 8.8.8.8:53 18.127.47.198.in-addr.arpa udp
US 8.8.8.8:53 26.3.157.37.in-addr.arpa udp
US 8.8.8.8:53 243.207.204.54.in-addr.arpa udp
US 8.8.8.8:53 221.71.67.172.in-addr.arpa udp
US 8.8.8.8:53 78.45.240.172.in-addr.arpa udp
US 8.8.8.8:53 238.130.171.54.in-addr.arpa udp
US 8.8.8.8:53 54.38.111.172.in-addr.arpa udp
US 8.8.8.8:53 167.153.146.124.in-addr.arpa udp
US 8.8.8.8:53 162.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 69.33.132.192.in-addr.arpa udp
US 64.74.236.63:443 b1sync.zemanta.com tcp
IE 34.248.195.47:443 pr-bh.ybp.yahoo.com tcp
US 52.6.58.23:443 sync.ipredictive.com tcp
US 34.98.64.218:443 us-u.openx.net tcp
NL 208.93.169.131:443 bh.contextweb.com tcp
NL 81.17.55.116:443 rtb-csync.smartadserver.com tcp
US 169.197.150.7:443 match.deepintent.com tcp
US 34.36.216.150:443 pixel-sync.sitescout.com tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
US 192.132.33.69:443 bttrack.com tcp
NL 81.17.55.116:443 rtb-csync.smartadserver.com tcp
NL 35.214.149.91:443 x.bidswitch.net tcp
US 104.18.95.41:443 challenges.cloudflare.com tcp
SE 192.229.221.95:80 cacerts.rapidssl.com tcp
US 104.21.65.33:443 plknu.com tcp
US 172.67.142.83:443 prebid.revbid.net tcp
NL 139.45.197.239:443 glersakr.com tcp
NL 23.109.170.134:443 orbsdiacle.com tcp
FR 172.217.18.195:443 www.recaptcha.net tcp
NL 139.45.195.8:443 my.rtmark.net tcp
NL 139.45.197.236:443 yonmewon.com tcp
NL 212.117.190.201:443 sr7pv7n5x.com tcp
NL 139.45.197.239:443 glersakr.com tcp
US 104.21.11.245:443 tzegilo.com tcp
GB 23.214.144.96:443 campaign.aliexpress.com tcp
GB 23.214.144.96:443 campaign.aliexpress.com tcp
GB 23.214.144.96:443 campaign.aliexpress.com tcp
NL 139.45.197.239:443 glersakr.com tcp
FR 172.217.18.195:443 www.recaptcha.net udp
GB 23.214.144.96:443 campaign.aliexpress.com tcp
GB 23.214.144.96:443 campaign.aliexpress.com tcp
GB 23.214.144.96:443 campaign.aliexpress.com tcp
GB 95.100.244.36:443 ae01.alicdn.com tcp
DE 47.246.146.94:443 acs.aliexpress.com tcp
NL 139.45.197.239:443 glersakr.com tcp
GB 23.214.144.96:443 campaign.aliexpress.com tcp
SG 47.246.110.43:443 ae.mmstat.com tcp
GB 163.181.57.231:443 bottom.campaign.aliexpress.com tcp
GB 173.222.211.18:443 time-ae.akamaized.net tcp
US 172.67.203.133:443 ewuipld.pro tcp
US 172.67.203.133:443 ewuipld.pro tcp
US 104.21.235.169:443 upfiles.download tcp
US 104.21.235.169:443 upfiles.download tcp
FI 65.21.197.110:443 s5.upfiles.download tcp
US 104.17.151.117:443 static.mediafire.com tcp
US 104.17.151.117:443 static.mediafire.com tcp
US 104.16.79.73:443 static.cloudflareinsights.com tcp
US 104.21.42.32:443 the.gatekeeperconsent.com tcp
US 172.67.170.144:443 www.ezojs.com tcp
US 8.8.8.8:53 cdn.amplitude.com udp
SE 3.164.240.37:443 cdn.amplitude.com tcp
US 104.16.52.110:443 cdn.otnolatrnup.com tcp
US 104.26.3.173:443 www.mediafiredls.com tcp
US 199.91.152.86:443 download1586.mediafire.com tcp
US 199.91.152.86:443 download1586.mediafire.com tcp
FR 142.250.178.138:443 translate-pa.googleapis.com tcp
US 34.208.143.164:443 api.amplitude.com tcp
BE 74.125.71.155:443 stats.g.doubleclick.net tcp
US 216.239.38.181:443 analytics.google.com tcp
FR 142.250.178.138:443 translate-pa.googleapis.com udp
FR 213.36.253.119:80 update.videolan.org tcp
FR 213.36.253.119:80 update.videolan.org tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 03a56f81ee69dd9727832df26709a1c9
SHA1 ab6754cc9ebd922ef3c37b7e84ff20e250cfde3b
SHA256 65d97e83b315d9140f3922b278d08352809f955e2a714fedfaea6283a5300e53
SHA512 e9915f11e74c1bcf7f80d1bcdc8175df820af30f223a17c0fe11b6808e5a400550dcbe59b64346b7741c7c77735abefaf2c988753e11d086000522a05a0f7781

\??\pipe\LOCAL\crashpad_3948_WSTTPXQJNWJQMTUO

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 d30a5618854b9da7bcfc03aeb0a594c4
SHA1 7f37105d7e5b1ecb270726915956c2271116eab7
SHA256 3494c446aa3cb038f1d920b26910b7fe1f4286db78cb3f203ad02cb93889c1a8
SHA512 efd488fcd1729017a596ddd2950bff07d5a11140cba56ff8e0c62ef62827b35c22857bc4f5f5ea11ccc2e1394c0b3ee8651df62a25e66710f320e7a2cf4d1a77

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c7739041ebf7bf794c54c10e84889118
SHA1 cafdf3a991313bee0cd42ede77c991c3ca0ced82
SHA256 f23c1640cbff2768c9b8dbd326ec7bb11824574df86e2d10b953f4ebc2f16c15
SHA512 d68a8d0497312a0dbb8c5b08b88fe76813461371797da949433d3eaad0bced92b5d72f6fc73f92f84271fad0c1a6c33047325139e3f4f7904f4a9a887585ec06

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b8e21255fe946ed9f186a01bfc07f925
SHA1 299b67bfee28002840bb44df7132c698b6402cf7
SHA256 1ed008526ce898b500839fe95bed36a64ec038430c4d6eb8ac206fc9006b440b
SHA512 5c8743a6e87e69867e24c7d61dd1339cc1e99226d63b89192f1de2ab2dbfdd24f1041c50bdddfaac83c240be5edc39e19333cef148af901aca0d10604ae8a900

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d04df42e2882b5ff744ffdfa302ef09b
SHA1 d6af8325382e8e808313085c9ada1a26e035505c
SHA256 5e2f77c35e83427ddbf5d872078801527e18bdf1a0f1f3302e6ee00831507121
SHA512 5ac2ea5b96322ea5e5197a9fc3940f573898d056ba27582aa886ff4b17e1d8dcb94b6e0f8c1d06497ac7cfcdeca81392cd550815209204105b7ff2a3d83af350

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 800385e21144b5db2e9289f973e16989
SHA1 8fc2e56bf05a0cadfc519af83101120f1e58bf4f
SHA256 5ad9287170165f7697f11127b84046b9cc13577953d82fa6c7f0f347f6d08022
SHA512 e0dce3b87626a83ff48c6eb3548578f8d5653a83ee18434d334f06fb6a5b642369f1bb7cead695d98560d5779795819eb1b06e254be7b018e6683f9b20957154

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 115d96070b7870d6023dfd1d7b72c0bb
SHA1 d15a6045eb4c4bcb011991a8a4d9a345752e934c
SHA256 4b466c73018ea09024f2cb9c0a3c2f97397201d6e011a51e74bc4d6fa2d0ed96
SHA512 bc3ad292d447816d0e9c04ad46ef4a70070f58987b447242f9a39a0121f954157f9c96d17fe30819c3f22fbe7a87f892a0ee07297a7ceaf0e5c504c60b1b7ce0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ea9e.TMP

MD5 2fd191a262b8c0528e04c7913b6b8c59
SHA1 e1589d058a684f31a9f5bfeaace29e7ca0183ccf
SHA256 4ffb1d26ae104dd91e2aaf25d7f1172f2988dcd7511a7306756b0bf8e9d5c39c
SHA512 009ccd79f9e686d98380ba1d3f48e007ff24bc7e3bc57ceb42be49b18cdc610a129af51c0452b0efab00f8f435b4551ec7dee37121bafdb4b3004249e875a769

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 200bf1cff9c5b992d910d89b3c8da23e
SHA1 888b63745d710358969d30d85bab5982923ffd32
SHA256 ebcec56c6b814135f16abba2f91f84395fe73a486d64cb049d7c2b051fc13fbb
SHA512 5364a1110a601579454b378e254a95e2f0231498499bd859e561068095a892b82fe0e507f73dbb0cf21e91a5bbf3d07a94676d7fa7d0da816b6be07a8913d949

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 532bff5d0e3855898dcf8bbc6d95873a
SHA1 e417118a2030e98a8cd45e9db84fa2ee92ef1c14
SHA256 96f55cd63efbe581b012d86397cd8b845f1e421f720550ac83cf1c2b8f570faa
SHA512 d2469ca1059f578ae07304c7924897ae35498585ca326828e783251f80053ae29d8034e262542680c1e7e04477fd6eca0c35383d3d5ca4ea821633c9ee407921

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3063e8a034dd2167bdb9c67baeaa9b4f
SHA1 19d5b3f8b7f144ff57d9d6dbf0602b5849456ac9
SHA256 25442cc517efff3ac05201f0bb663302032fc118d98006cbb899270a4dafec9f
SHA512 732366934ba9c3b3b23b38c27895e3a9f8dfc9d6135d1856df55e3740939e3d30dfb7682cbb1360ffb507cc50b13877fbf50da7f0a511ab371a916cb8c0bcc35

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

MD5 2257803a7e34c3abd90ec6d41fd76a5a
SHA1 f7a32e6635d8513f74bd225f55d867ea56ae4803
SHA256 af23860fb3a448f2cc6107680078402555a345eb45bc5efb750f541fe5d7c174
SHA512 e9f4dc90d0829885f08879e868aa62041150b500f62682fc108da258eee26ad9509dcbf6e8a55f2d0bdba7aa9118dd149a70a7d851820d4ea683db7808c48540

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 6dfe114daf1e60853bb3d4d9164a44f3
SHA1 86bbefac0281c575ed8e9609df261b0aaa69a366
SHA256 f4899e91c6206501785221ba4af85bcb6b7b92da1681d540b01f1a9a730d8d94
SHA512 0cee7b208df6002878151d76969f8f261c545022992411f01b73507866bc460e1f64db059f52a9f863e1222211ff1cac5a8fb2b1b3bc5b3f481ebf652c0e7e9f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c0860615a50b28ddec0cad5d119a35ad
SHA1 7d91b785fce065a004a93a35f443bef7a0619a5f
SHA256 3cfc181461a71165b56843569fe8b7890121b1afc3375d178b00ee2fa0b491ab
SHA512 72278a6822ff928c8304aae423a620ba6f9d29275627f8fff2c6ab1aacc52835300e05f25ce44c66f05675a35843c1dd95411b986b236e7c25c1b565d2bec51d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 57cbcaadb7950266d28d52bda44d142d
SHA1 d6a1e08ccc76920c17715e4e384dfd30a7efad63
SHA256 5beaebc4cf92803fc6dc93561def63b0c784630c1b55d61e7f937bea7f3b25a8
SHA512 94684588b64a6a7ae1d3e7a507c36f5e82f6f0c5d9f1e9abb5feee5e2c3b680c12fcddf297fc9873c115265e33f78936d838c307c49fa511198f6dc0d2dd9f47

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 2a7e7245c670f2d4b93de9f6614ac281
SHA1 f5429a7ec7e555ee33ca152d58fbc44af4339331
SHA256 6aecc5b773da39429063ecccb0ea9cb3ec8523173f29837fd78a4cfb10002872
SHA512 6eab416f3d08bcecb7d92f5211d3ede973023a8173cf4d2e75ca0fcb85a70facdddf1f2943185f8b43c98fc1c5d89a2942a6143400410063aa8a6b6a61d500a8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

MD5 d9bc67c72a3716728ad545fb0c45bab5
SHA1 6a48456a53a4af4824e5038ae87412cdb8fe2848
SHA256 e3b8d7ea3f2e6baf7dbe0fd7769337e096331ce00d27a28a854d1c9bb75adbf2
SHA512 95558369c21a2723dd9eaf058b2c4967a23f94c7256f65be8ca39dbfc17421d7a87b179ea33d3172042b33c8fad5c48485900445edb2145e3e8ff73303398dab

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

MD5 ec600b7709829f76a32fa07cd6097ec0
SHA1 00d8145c801d12ce75bd7f8aead5b49a9efde586
SHA256 4aec02cb1374566c3dac30576488426bad939a161fbc5189e5f79777ef183dca
SHA512 807f3425f790a07cc72a3eaf1b50cf6a594f8c46135bd3a3894ca6108802b42ea827150bb079a719e5ab0ff2ad6ed9aca20b36da5a4d31c5d52a7d0c89a47ead

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

MD5 87e8230a9ca3f0c5ccfa56f70276e2f2
SHA1 eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7
SHA256 e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9
SHA512 37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

MD5 4ab82d4c7a50106e95158cfe6efc6359
SHA1 7ed049cc41cfddcf0d79005c69e1758850443230
SHA256 250eaa18d686e5cf195379952fca9dff556acdda3a00a94d5d1888b6f455a72a
SHA512 47584a8e95994b940591e7e73dd51300c70bacf11d5720a216b7af3b75a20f93b7d048d440741bcdc522f4306dca4aef69b5ae6becf4dbc4b18b2b15cfff1ba1

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 7b02697afa9df9d08cc13951055b250d
SHA1 41637ae70d168c9fb8ff86a22e0e454847f0a2b4
SHA256 cf510f9461a06fa89126dcc8e6910d00387a78502472f18ff46744c6aa988228
SHA512 a83b55f42f8a6275ca98ae7a510376d26a054c50fb671c192375475b5c200f393b1e3047488fadac2048948f7dcbdd62183d06d3c33b1054c9a62f1a6425a973

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 cc4e6b8a30b3676abc4c43511206beb1
SHA1 a9e0c9b354173cbfafeeb7db2f1ca7740ea62a84
SHA256 faa4a100c304f230065e703d53298f8f1a5e45e5288ffa5e824816b255de6b14
SHA512 16a4d1149e43ad7af0bbd2843d8e44bf3c20f0da454c26ffe8b590f61de046bf0347f8ea2d83646bd2ee3f52a7dcc7ed69232f0be7e3b9d03cbe32cda6a24941

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 8724e638ebe99bc8129b5feb54c9d2ab
SHA1 fddd35a2be35912dc46e1b666a10f11aba7a1c04
SHA256 0652129a18b4b3cde69b9db6fa65b20587471d5dd9406ae874d4196960b440dc
SHA512 c71dd3aa02d42296feac2b20e2047e449984f86064732aacfd2f0494e624926392ec0c27d144fd020b7ba1e8b52ece171046a6e18c3570d8e3eb626e81915c02

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3653df9de9037e4eeeff177b5f53971c
SHA1 3482b3a68b50c107624304c2355fccf410e5c1b4
SHA256 e0141fe0eb4b7b44ffa4c43652ac0ba7cb102e2269b9f4a59c9e64aad1b928b2
SHA512 019cbd4deef80b214d08bb07af27f0478501162267b1054927e3a88848dc4a24f61074eb17e42cbc3c509140fff9f7fa8a104d3d572aa281a55e2bf804168556

C:\Users\Admin\Downloads\004-TO-006-AUG-19TH-2024.txt:Zone.Identifier

MD5 4a59c90330c30db02d4f5c72cf87f5df
SHA1 63d81db9a22bd1c7f465817b9b32405eb1108957
SHA256 9c0f1319cef6b210cb9006906d4574bc963bce3ee3000d744351fc16eac1419d
SHA512 ec3fe9cc6479623aad3321ab44b8ecc80df5038f897288ca24cdcc12923073df1f3082e8cadea610cdf207c991c11961144236a3a8cfe42d978ae30bfaccf4a2

C:\Users\Admin\Downloads\004-TO-006-AUG-19TH-2024.txt

MD5 ae9f359fe5a4c8180096a3b1768ce611
SHA1 4a2e6e939fabaaa9ef3513ec819adf3c7fc29233
SHA256 05f04876142a7ff194162d896c778a0aa558d259bd142c88ea9595a2ccf2e143
SHA512 a80a3442f120363523d4a59cce78963f93c224020fad3dd53ac65fa5bb52d20818e5a93aeb5c7cd3f4ae679ebe0525fb9285962553d2b98ca5f2090e98639315

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 37d4a8d9032dd248c1504ffdfae20036
SHA1 5fbd58e7990477e8d5b22cb01e8929b3cd61fa74
SHA256 0aa62a7e6831387fcf66ae05c270ed7ce767f8de2c98db37c2cc03a588b9c84f
SHA512 abdcb7d0f4ff1964fde7ad1b4ad2e2674e8bbac57620ebf2478100de3d2c04fa965a6fe141c78bec2f5c7f3b8bc9e14d63a029673d5659f230cd1e35b68fbab0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 49cc291448d1fd8a86b04734224ebe22
SHA1 f4d5dc201ca01bd5c701806025301977aadfadbb
SHA256 497afa71430d92a6ca286661139464fb472a7ea92b5e048e27097c57cd4fdb7b
SHA512 45b52a2dd48cb6d27b686828a2bbd0b6e3dbc4eac26b85456e1a389c0ad7cb43af1e079ed787aff751066b2803d5feb25dcffa86d5466fa25532f8a860296d30

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 512298313a78d07a8f72a07dde0b1802
SHA1 592f90ad4b441369b18e5e3d3dbd3552fa9d7f60
SHA256 6c50d9a6b791bfddc257232ee7931b27d46026c73d67a8ebdb65378ca9561acf
SHA512 29959e642323293a1f3b2c81ffd19f6f6820993c262914cd1d9440bc882883cbb498e73591bd77d80bbf77b3d0c195e1043cfcae808ec3178a197bb849fc091d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 cecb69fa6bc9a13b6ccac355c9136100
SHA1 c25f2430353278dca3b539817d58176db7e4a776
SHA256 34907ee3b018f7b8def658263facc3c7fc7f31765aebb3e1bf565dc1b81ccc05
SHA512 9faf516f64e4ac7793e20e0fdedc367893a2b82dfd2856c240af5b49bc7f30e54fbeeca29c588b7a443184eeb740026151370048a1ad578f1bb7af3c08d608f9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 384f6faf77f73798bb9b8114037640ac
SHA1 b338ac832a3e48d3aea33b1fccda931d3991ee19
SHA256 595c4ebf6468b9d2ce53727c791a3cdd14566c924c5a7f595711aa8375817171
SHA512 0a5f8bd573dd3e77c436fa4491ee818f7aa261069906507928844e79e5eca5c24f7152aecac70c2d42ca172ed8d2130582462153e8dc3d76230a4fe691120117

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 becaf930dc2d5bdc7d88df717a37161f
SHA1 c48271aaa6502b7692950dc3d3a54d72906f28b3
SHA256 cc35ff3df32d50eca21e8054e6168fa21dcac754ea7e20697498476ffce08b37
SHA512 a0dff885cfeb346dc2de861870cab470e33ddc5d50dbb2c6293646710069d5a2bfd79d4effcd15be7b4ebbf6a3075629db82b58aa407ac06aaba2468eb561dd1

memory/2836-747-0x00007FF64A190000-0x00007FF64A288000-memory.dmp

memory/2836-748-0x00007FFDA86A0000-0x00007FFDA86D4000-memory.dmp

memory/2836-756-0x00007FFD98A50000-0x00007FFD98A61000-memory.dmp

memory/2836-749-0x00007FFD8F970000-0x00007FFD8FC26000-memory.dmp

memory/2836-757-0x00007FFD8F760000-0x00007FFD8F96B000-memory.dmp

memory/2836-755-0x00007FFD98DB0000-0x00007FFD98DCD000-memory.dmp

memory/2836-754-0x00007FFDA3A30000-0x00007FFDA3A41000-memory.dmp

memory/2836-753-0x00007FFDA3AD0000-0x00007FFDA3AE7000-memory.dmp

memory/2836-752-0x00007FFDA3BD0000-0x00007FFDA3BE1000-memory.dmp

memory/2836-751-0x00007FFDAC4F0000-0x00007FFDAC507000-memory.dmp

memory/2836-750-0x00007FFDACE70000-0x00007FFDACE88000-memory.dmp

memory/2836-762-0x00007FFD8E660000-0x00007FFD8E671000-memory.dmp

memory/2836-772-0x00007FFD8E420000-0x00007FFD8E477000-memory.dmp

memory/2836-771-0x00007FFD8E480000-0x00007FFD8E491000-memory.dmp

memory/2836-758-0x00007FFD8E6B0000-0x00007FFD8F760000-memory.dmp

memory/2836-770-0x00007FFD8E4A0000-0x00007FFD8E51C000-memory.dmp

memory/2836-769-0x00007FFD8E520000-0x00007FFD8E587000-memory.dmp

memory/2836-768-0x00007FFD8E590000-0x00007FFD8E5C0000-memory.dmp

memory/2836-767-0x00007FFD8E5C0000-0x00007FFD8E5D8000-memory.dmp

memory/2836-765-0x00007FFD8E600000-0x00007FFD8E61B000-memory.dmp

memory/2836-766-0x00007FFD8E5E0000-0x00007FFD8E5F1000-memory.dmp

memory/2836-764-0x00007FFD8E620000-0x00007FFD8E631000-memory.dmp

memory/2836-763-0x00007FFD8E640000-0x00007FFD8E651000-memory.dmp

memory/2836-761-0x00007FFD91760000-0x00007FFD91778000-memory.dmp

memory/2836-760-0x00007FFD8E680000-0x00007FFD8E6A1000-memory.dmp

memory/2836-759-0x00007FFD98A00000-0x00007FFD98A41000-memory.dmp

memory/2836-783-0x00007FF64A190000-0x00007FF64A288000-memory.dmp

memory/2836-784-0x00007FFDA86A0000-0x00007FFDA86D4000-memory.dmp

memory/2836-785-0x00007FFD8F970000-0x00007FFD8FC26000-memory.dmp

memory/2836-786-0x00007FFD8E6B0000-0x00007FFD8F760000-memory.dmp

memory/1420-802-0x00007FFDA3BD0000-0x00007FFDA3BE1000-memory.dmp

memory/1420-823-0x00007FFD8F7F0000-0x00007FFD8F801000-memory.dmp

memory/1420-824-0x00007FFD8B140000-0x00007FFD8B18E000-memory.dmp

memory/1420-822-0x00007FFD8F810000-0x00007FFD8F82D000-memory.dmp

memory/1420-818-0x00007FFD8F980000-0x00007FFD8FB00000-memory.dmp

memory/1420-821-0x00007FFD8F830000-0x00007FFD8F841000-memory.dmp

memory/1420-820-0x00007FFD8F850000-0x00007FFD8F867000-memory.dmp

memory/1420-819-0x00007FFD8F870000-0x00007FFD8F97E000-memory.dmp

memory/1420-815-0x00007FFD8FB40000-0x00007FFD8FBBC000-memory.dmp

memory/1420-817-0x00007FFD8FB00000-0x00007FFD8FB11000-memory.dmp

memory/1420-816-0x00007FFD8FB20000-0x00007FFD8FB31000-memory.dmp

memory/1420-814-0x00007FFD8FBC0000-0x00007FFD8FC27000-memory.dmp

memory/1420-813-0x00007FFD8FD20000-0x00007FFD8FD50000-memory.dmp

memory/1420-812-0x00007FFD91760000-0x00007FFD91778000-memory.dmp

memory/1420-799-0x00007FFD8FF60000-0x00007FFD90216000-memory.dmp

memory/1420-811-0x00007FFD98A00000-0x00007FFD98A11000-memory.dmp

memory/1420-810-0x00007FFD98A20000-0x00007FFD98A3B000-memory.dmp

memory/1420-809-0x00007FFD98DB0000-0x00007FFD98DC1000-memory.dmp

memory/1420-808-0x00007FFD99CD0000-0x00007FFD99CE1000-memory.dmp

memory/1420-807-0x00007FFDA3A30000-0x00007FFDA3A41000-memory.dmp

memory/1420-806-0x00007FFDA3AD0000-0x00007FFDA3AE8000-memory.dmp

memory/1420-805-0x00007FFD98A40000-0x00007FFD98A61000-memory.dmp

memory/1420-804-0x00007FFD99CF0000-0x00007FFD99D31000-memory.dmp

memory/1420-803-0x00007FFD8FD50000-0x00007FFD8FF5B000-memory.dmp

memory/1420-801-0x00007FFDAC4F0000-0x00007FFDAC507000-memory.dmp

memory/1420-800-0x00007FFDACE70000-0x00007FFDACE88000-memory.dmp

memory/1420-798-0x00007FFDA86A0000-0x00007FFDA86D4000-memory.dmp

memory/1420-797-0x00007FF64A190000-0x00007FF64A288000-memory.dmp

C:\Users\Admin\AppData\Roaming\vlc\ml.xspf.tmp1420

MD5 781602441469750c3219c8c38b515ed4
SHA1 e885acd1cbd0b897ebcedbb145bef1c330f80595
SHA256 81970dbe581373d14fbd451ac4b3f96e5f69b79645f1ee1ca715cff3af0bf20d
SHA512 2b0a1717d96edb47bdf0ffeb250a5ec11f7d0638d3e0a62fbe48c064379b473ca88ffbececb32a72129d06c040b107834f1004ccda5f0f35b8c3588034786461

memory/1420-835-0x00007FFDA86A0000-0x00007FFDA86D4000-memory.dmp

memory/1420-836-0x00007FFD8FF60000-0x00007FFD90216000-memory.dmp

memory/1420-837-0x00007FFD8F870000-0x00007FFD8F97E000-memory.dmp

memory/1420-834-0x00007FF64A190000-0x00007FF64A288000-memory.dmp

memory/2148-843-0x00007FFDA86A0000-0x00007FFDA86D4000-memory.dmp

memory/2148-842-0x00007FF64A190000-0x00007FF64A288000-memory.dmp