Malware Analysis Report

2025-01-22 13:48

Sample ID 240831-p46mxavapf
Target https://www.mediafire.com/folder/hmk7owk6yngw4/SMTPCracker
Tags
njrat hacked defense_evasion discovery evasion execution persistence privilege_escalation pyinstaller trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://www.mediafire.com/folder/hmk7owk6yngw4/SMTPCracker was found to be: Known bad.

Malicious Activity Summary

njrat hacked defense_evasion discovery evasion execution persistence privilege_escalation pyinstaller trojan

njRAT/Bladabindi

Modifies Windows Firewall

Command and Scripting Interpreter: PowerShell

Executes dropped EXE

Loads dropped DLL

Checks computer location settings

Hide Artifacts: Hidden Window

Adds Run key to start application

Event Triggered Execution: Netsh Helper DLL

Browser Information Discovery

Detects Pyinstaller

Enumerates physical storage devices

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

Suspicious use of FindShellTrayWindow

Kills process with taskkill

Suspicious use of SendNotifyMessage

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-31 12:54

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-31 12:54

Reported

2024-08-31 12:59

Platform

win10v2004-20240802-en

Max time kernel

337s

Max time network

331s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.mediafire.com/folder/hmk7owk6yngw4/SMTPCracker

Signatures

njRAT/Bladabindi

trojan njrat

Modifies Windows Firewall

evasion
Description Indicator Process Target
N/A N/A C:\Windows\SYSTEM32\netsh.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\svchost.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\Microsoft\Windows\version.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\explorer.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\SMTP Cracker V3.1\SMTP Cracker V3.1\SMTP Cracker.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\SMTP Cracker V3.1\SMTP Cracker V3.1\SMTP Cracker .exe N/A
N/A N/A C:\Users\Admin\Downloads\SMTP Cracker V3.1\SMTP Cracker V3.1\SMTP Cracker .exe N/A
N/A N/A C:\Users\Admin\Downloads\SMTP Cracker V3.1\SMTP Cracker V3.1\SMTP Cracker .exe N/A
N/A N/A C:\Users\Admin\Downloads\SMTP Cracker V3.1\SMTP Cracker V3.1\SMTP Cracker .exe N/A
N/A N/A C:\Users\Admin\Downloads\SMTP Cracker V3.1\SMTP Cracker V3.1\SMTP Cracker .exe N/A
N/A N/A C:\Users\Admin\Downloads\SMTP Cracker V3.1\SMTP Cracker V3.1\SMTP Cracker .exe N/A
N/A N/A C:\Users\Admin\Downloads\SMTP Cracker V3.1\SMTP Cracker V3.1\SMTP Cracker .exe N/A
N/A N/A C:\Users\Admin\Downloads\SMTP Cracker V3.1\SMTP Cracker V3.1\SMTP Cracker .exe N/A
N/A N/A C:\Users\Admin\Downloads\SMTP Cracker V3.1\SMTP Cracker V3.1\SMTP Cracker .exe N/A
N/A N/A C:\Users\Admin\Downloads\SMTP Cracker V3.1\SMTP Cracker V3.1\SMTP Cracker .exe N/A
N/A N/A C:\Users\Admin\Downloads\SMTP Cracker V3.1\SMTP Cracker V3.1\SMTP Cracker .exe N/A
N/A N/A C:\Users\Admin\Downloads\SMTP Cracker V3.1\SMTP Cracker V3.1\SMTP Cracker .exe N/A
N/A N/A C:\Users\Admin\Downloads\SMTP Cracker V3.1\SMTP Cracker V3.1\SMTP Cracker .exe N/A
N/A N/A C:\Users\Admin\Downloads\SMTP Cracker V3.1\SMTP Cracker V3.1\SMTP Cracker .exe N/A
N/A N/A C:\Users\Admin\Downloads\SMTP Cracker V3.1\SMTP Cracker V3.1\SMTP Cracker .exe N/A
N/A N/A C:\Users\Admin\Downloads\SMTP Cracker V3.1\SMTP Cracker V3.1\SMTP Cracker .exe N/A
N/A N/A C:\Users\Admin\Downloads\SMTP Cracker V3.1\SMTP Cracker V3.1\SMTP Cracker .exe N/A
N/A N/A C:\Users\Admin\Downloads\SMTP Cracker V3.1\SMTP Cracker V3.1\SMTP Cracker .exe N/A
N/A N/A C:\Users\Admin\Downloads\SMTP Cracker V3.1\SMTP Cracker V3.1\SMTP Cracker .exe N/A
N/A N/A C:\Users\Admin\Downloads\SMTP Cracker V3.1\SMTP Cracker V3.1\SMTP Cracker .exe N/A
N/A N/A C:\Users\Admin\Downloads\SMTP Cracker V3.1\SMTP Cracker V3.1\SMTP Cracker .exe N/A
N/A N/A C:\Users\Admin\Downloads\SMTP Cracker V3.1\SMTP Cracker V3.1\SMTP Cracker .exe N/A
N/A N/A C:\Users\Admin\Downloads\SMTP Cracker V3.1\SMTP Cracker V3.1\SMTP Cracker .exe N/A
N/A N/A C:\Users\Admin\Downloads\SMTP Cracker V3.1\SMTP Cracker V3.1\SMTP Cracker .exe N/A
N/A N/A C:\Users\Admin\Downloads\SMTP Cracker V3.1\SMTP Cracker V3.1\SMTP Cracker .exe N/A
N/A N/A C:\Users\Admin\Downloads\SMTP Cracker V3.1\SMTP Cracker V3.1\SMTP Cracker .exe N/A
N/A N/A C:\Users\Admin\Downloads\SMTP Cracker V3.1\SMTP Cracker V3.1\SMTP Cracker .exe N/A
N/A N/A C:\Users\Admin\Downloads\SMTP Cracker V3.1\SMTP Cracker V3.1\SMTP Cracker .exe N/A
N/A N/A C:\Users\Admin\Downloads\SMTP Cracker V3.1\SMTP Cracker V3.1\SMTP Cracker .exe N/A
N/A N/A C:\Users\Admin\Downloads\SMTP Cracker V3.1\SMTP Cracker V3.1\SMTP Cracker .exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft Corporation Security = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\svchost.exe" C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft Corporation Security = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\svchost.exe" C:\Users\Admin\AppData\Local\Temp\Setup.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Explorer = "\"C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\explorer.exe\" ." C:\Users\Admin\AppData\Roaming\Microsoft\Windows\explorer.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Explorer = "\"C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\explorer.exe\" ." C:\Users\Admin\AppData\Roaming\Microsoft\Windows\explorer.exe N/A

Hide Artifacts: Hidden Window

defense_evasion
Description Indicator Process Target
N/A N/A C:\Windows\System32\cmd.exe N/A
N/A N/A C:\Windows\System32\cmd.exe N/A
N/A N/A C:\Windows\System32\cmd.exe N/A
N/A N/A C:\Windows\System32\cmd.exe N/A
N/A N/A C:\Windows\System32\cmd.exe N/A
N/A N/A C:\Windows\System32\cmd.exe N/A
N/A N/A C:\Windows\System32\cmd.exe N/A
N/A N/A C:\Windows\System32\cmd.exe N/A

Browser Information Discovery

discovery

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Enumerates physical storage devices

Event Triggered Execution: Netsh Helper DLL

persistence privilege_escalation
Description Indicator Process Target
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\SYSTEM32\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\SYSTEM32\netsh.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh C:\Windows\SYSTEM32\netsh.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\taskkill.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\explorer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\explorer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\explorer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\explorer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\explorer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\explorer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\explorer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\explorer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\explorer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\explorer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\explorer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\explorer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\explorer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\explorer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\explorer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\explorer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\explorer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\explorer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\explorer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\explorer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\explorer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\explorer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\explorer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\explorer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\explorer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\explorer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\explorer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\explorer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\explorer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\explorer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\explorer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\explorer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\explorer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\explorer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\explorer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\explorer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\explorer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\explorer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\explorer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\explorer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\explorer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\explorer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\explorer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\explorer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\explorer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\explorer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\explorer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\explorer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\explorer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\explorer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\explorer.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\explorer.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\svchost.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\svchost.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\explorer.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\explorer.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\explorer.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\explorer.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\explorer.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\explorer.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\explorer.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\explorer.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\explorer.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\explorer.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\explorer.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\explorer.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\explorer.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Roaming\Microsoft\Windows\explorer.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 644 wrote to memory of 2152 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 644 wrote to memory of 2152 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 644 wrote to memory of 3152 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 644 wrote to memory of 3152 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 644 wrote to memory of 3152 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 644 wrote to memory of 3152 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 644 wrote to memory of 3152 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 644 wrote to memory of 3152 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 644 wrote to memory of 3152 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 644 wrote to memory of 3152 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 644 wrote to memory of 3152 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 644 wrote to memory of 3152 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 644 wrote to memory of 3152 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 644 wrote to memory of 3152 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 644 wrote to memory of 3152 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 644 wrote to memory of 3152 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 644 wrote to memory of 3152 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 644 wrote to memory of 3152 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 644 wrote to memory of 3152 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 644 wrote to memory of 3152 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 644 wrote to memory of 3152 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 644 wrote to memory of 3152 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 644 wrote to memory of 3152 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 644 wrote to memory of 3152 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 644 wrote to memory of 3152 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 644 wrote to memory of 3152 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 644 wrote to memory of 3152 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 644 wrote to memory of 3152 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 644 wrote to memory of 3152 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 644 wrote to memory of 3152 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 644 wrote to memory of 3152 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 644 wrote to memory of 3152 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 644 wrote to memory of 3152 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 644 wrote to memory of 3152 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 644 wrote to memory of 3152 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 644 wrote to memory of 3152 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 644 wrote to memory of 3152 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 644 wrote to memory of 3152 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 644 wrote to memory of 3152 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 644 wrote to memory of 3152 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 644 wrote to memory of 3152 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 644 wrote to memory of 3152 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 644 wrote to memory of 2196 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 644 wrote to memory of 2196 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 644 wrote to memory of 1992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 644 wrote to memory of 1992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 644 wrote to memory of 1992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 644 wrote to memory of 1992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 644 wrote to memory of 1992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 644 wrote to memory of 1992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 644 wrote to memory of 1992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 644 wrote to memory of 1992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 644 wrote to memory of 1992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 644 wrote to memory of 1992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 644 wrote to memory of 1992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 644 wrote to memory of 1992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 644 wrote to memory of 1992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 644 wrote to memory of 1992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 644 wrote to memory of 1992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 644 wrote to memory of 1992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 644 wrote to memory of 1992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 644 wrote to memory of 1992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 644 wrote to memory of 1992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 644 wrote to memory of 1992 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.mediafire.com/folder/hmk7owk6yngw4/SMTPCracker

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffed10146f8,0x7ffed1014708,0x7ffed1014718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,7325109689199102161,15554664216856183219,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2204 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2196,7325109689199102161,15554664216856183219,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2196,7325109689199102161,15554664216856183219,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,7325109689199102161,15554664216856183219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,7325109689199102161,15554664216856183219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,7325109689199102161,15554664216856183219,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,7325109689199102161,15554664216856183219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,7325109689199102161,15554664216856183219,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2196,7325109689199102161,15554664216856183219,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5356 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,7325109689199102161,15554664216856183219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6000 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,7325109689199102161,15554664216856183219,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6644 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,7325109689199102161,15554664216856183219,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6644 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,7325109689199102161,15554664216856183219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,7325109689199102161,15554664216856183219,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,7325109689199102161,15554664216856183219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4080 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,7325109689199102161,15554664216856183219,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,7325109689199102161,15554664216856183219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6408 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,7325109689199102161,15554664216856183219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6656 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,7325109689199102161,15554664216856183219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,7325109689199102161,15554664216856183219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7060 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,7325109689199102161,15554664216856183219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,7325109689199102161,15554664216856183219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6908 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,7325109689199102161,15554664216856183219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6840 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,7325109689199102161,15554664216856183219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,7325109689199102161,15554664216856183219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7040 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,7325109689199102161,15554664216856183219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4604 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,7325109689199102161,15554664216856183219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,7325109689199102161,15554664216856183219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6232 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,7325109689199102161,15554664216856183219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3112 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,7325109689199102161,15554664216856183219,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7320 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,7325109689199102161,15554664216856183219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3044 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2196,7325109689199102161,15554664216856183219,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7980 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\SMTP Cracker V3.1\" -ad -an -ai#7zMap19483:96:7zEvent5908

C:\Users\Admin\Downloads\SMTP Cracker V3.1\SMTP Cracker V3.1\SMTP Cracker.exe

"C:\Users\Admin\Downloads\SMTP Cracker V3.1\SMTP Cracker V3.1\SMTP Cracker.exe"

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\AppData\Local\Temp\Setup.exe

"C:\Users\Admin\AppData\Local\Temp\Setup.exe"

C:\Users\Admin\Downloads\SMTP Cracker V3.1\SMTP Cracker V3.1\SMTP Cracker .exe

"C:\Users\Admin\Downloads\SMTP Cracker V3.1\SMTP Cracker V3.1\SMTP Cracker .exe"

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\svchost.exe

"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\svchost.exe"

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\svchost.exe

"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\svchost.exe"

C:\Users\Admin\Downloads\SMTP Cracker V3.1\SMTP Cracker V3.1\SMTP Cracker .exe

"C:\Users\Admin\Downloads\SMTP Cracker V3.1\SMTP Cracker V3.1\SMTP Cracker .exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c cls

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\explorer.exe

"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\explorer.exe"

\??\c:\windows\system32\cmstp.exe

"c:\windows\system32\cmstp.exe" /au C:\Users\Admin\AppData\Local\Temp\0ctjb5im.inf

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\version.exe

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\version.exe

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c PowerShell.exe -windowstyle hidden Add-Mppreference -ExclusionPath C:\Users\Admin\AppData\Roaming\Microsoft\Windows\explorer.exe

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c PowerShell.exe -windowstyle hidden Add-Mppreference -ExclusionPath C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cortana.exe

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c PowerShell.exe -windowstyle hidden Add-Mppreference -ExclusionPath C:\Users\Admin\AppData\Roaming\Microsoft\Windows\OneDrive.exe

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c PowerShell.exe -windowstyle hidden Add-Mppreference -ExclusionPath C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\svchost.exe

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c PowerShell.exe -windowstyle hidden Add-Mppreference -ExclusionPath C:\Users\Admin\AppData\Roaming\Microsoft\Windows\SystemSettings.exe

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c PowerShell.exe -windowstyle hidden Add-Mppreference -ExclusionPath C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Taskmgr.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

PowerShell.exe -windowstyle hidden Add-Mppreference -ExclusionPath C:\Users\Admin\AppData\Roaming\Microsoft\Windows\explorer.exe

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c PowerShell.exe -windowstyle hidden Add-Mppreference -ExclusionPath C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\msedge.exe

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /c PowerShell.exe -windowstyle hidden Add-Mppreference -ExclusionPath C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\SystemSettingsBroker.exe

C:\Windows\system32\taskkill.exe

taskkill /IM cmstp.exe /F

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

PowerShell.exe -windowstyle hidden Add-Mppreference -ExclusionPath C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cortana.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

PowerShell.exe -windowstyle hidden Add-Mppreference -ExclusionPath C:\Users\Admin\AppData\Roaming\Microsoft\Windows\SystemSettings.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

PowerShell.exe -windowstyle hidden Add-Mppreference -ExclusionPath C:\Users\Admin\AppData\Roaming\Microsoft\Windows\OneDrive.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

PowerShell.exe -windowstyle hidden Add-Mppreference -ExclusionPath C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\svchost.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

PowerShell.exe -windowstyle hidden Add-Mppreference -ExclusionPath C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Taskmgr.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

PowerShell.exe -windowstyle hidden Add-Mppreference -ExclusionPath C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\msedge.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

PowerShell.exe -windowstyle hidden Add-Mppreference -ExclusionPath C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\SystemSettingsBroker.exe

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\explorer.exe

"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\explorer.exe"

C:\Windows\SYSTEM32\netsh.exe

netsh firewall add allowedprogram "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\explorer.exe" "explorer.exe" ENABLE

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\SMTP Cracker V3.1\SMTP Cracker V3.1\aws.txt

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.mediafire.com udp
US 104.17.151.117:443 www.mediafire.com tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 117.151.17.104.in-addr.arpa udp
US 8.8.8.8:53 138.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 73.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 static.mediafire.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
GB 142.250.179.228:443 www.google.com tcp
GB 216.58.201.106:443 ajax.googleapis.com tcp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 74.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 228.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 8.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 195.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 106.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 150.171.27.10:443 g.bing.com tcp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 cdn.amplitude.com udp
US 8.8.8.8:53 connect.facebook.net udp
US 8.8.8.8:53 translate.google.com udp
DE 185.60.217.28:443 connect.facebook.net tcp
GB 172.217.169.14:443 translate.google.com tcp
DE 185.60.217.28:443 connect.facebook.net tcp
GB 172.217.169.14:443 translate.google.com tcp
US 8.8.8.8:53 3.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 14.169.217.172.in-addr.arpa udp
GB 18.154.84.60:443 cdn.amplitude.com tcp
US 8.8.8.8:53 translate.googleapis.com udp
GB 142.250.200.10:443 translate.googleapis.com tcp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 60.84.154.18.in-addr.arpa udp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 10.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 www.google.co.uk udp
US 216.239.32.36:443 region1.analytics.google.com tcp
GB 142.250.200.3:443 www.google.co.uk tcp
US 216.239.32.36:443 region1.analytics.google.com tcp
US 8.8.8.8:53 translate-pa.googleapis.com udp
US 8.8.8.8:53 api.amplitude.com udp
US 44.233.154.209:443 api.amplitude.com tcp
US 8.8.8.8:53 3.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 28.217.60.185.in-addr.arpa udp
US 8.8.8.8:53 6.39.156.108.in-addr.arpa udp
US 8.8.8.8:53 209.154.233.44.in-addr.arpa udp
GB 173.194.76.155:443 stats.g.doubleclick.net tcp
US 8.8.8.8:53 155.76.194.173.in-addr.arpa udp
US 8.8.8.8:53 www.facebook.com udp
DE 185.60.217.35:443 www.facebook.com tcp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 35.217.60.185.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 216.239.32.36:443 region1.analytics.google.com udp
GB 142.250.200.10:443 translate-pa.googleapis.com udp
GB 142.250.200.10:443 translate-pa.googleapis.com tcp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 the.gatekeeperconsent.com udp
US 8.8.8.8:53 btloader.com udp
US 172.67.199.186:443 the.gatekeeperconsent.com tcp
US 172.67.41.60:443 btloader.com tcp
US 8.8.8.8:53 www.ezojs.com udp
US 172.67.199.186:443 the.gatekeeperconsent.com tcp
US 172.67.170.144:443 www.ezojs.com tcp
GB 172.217.169.14:443 translate.google.com udp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 8.8.8.8:53 g.ezoic.net udp
US 104.16.79.73:443 static.cloudflareinsights.com tcp
FR 13.37.187.223:443 g.ezoic.net tcp
US 8.8.8.8:53 privacy.gatekeeperconsent.com udp
US 172.67.199.186:443 privacy.gatekeeperconsent.com tcp
US 8.8.8.8:53 go.ezodn.com udp
US 8.8.8.8:53 ad-delivery.net udp
US 104.26.2.70:443 ad-delivery.net tcp
US 104.26.2.70:443 ad-delivery.net tcp
US 104.21.87.79:443 go.ezodn.com tcp
US 104.21.87.79:443 go.ezodn.com tcp
US 104.21.87.79:443 go.ezodn.com tcp
US 8.8.8.8:53 cdn.otnolatrnup.com udp
US 104.16.53.110:443 cdn.otnolatrnup.com tcp
US 8.8.8.8:53 www.mediafiredls.com udp
US 104.26.2.173:443 www.mediafiredls.com tcp
GB 142.250.180.10:443 translate-pa.googleapis.com udp
US 8.8.8.8:53 api.btloader.com udp
US 130.211.23.194:443 api.btloader.com tcp
US 8.8.8.8:53 186.199.67.172.in-addr.arpa udp
US 8.8.8.8:53 60.41.67.172.in-addr.arpa udp
US 8.8.8.8:53 144.170.67.172.in-addr.arpa udp
US 8.8.8.8:53 73.79.16.104.in-addr.arpa udp
US 8.8.8.8:53 223.187.37.13.in-addr.arpa udp
US 8.8.8.8:53 70.2.26.104.in-addr.arpa udp
US 8.8.8.8:53 79.87.21.104.in-addr.arpa udp
US 8.8.8.8:53 6.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 110.53.16.104.in-addr.arpa udp
US 8.8.8.8:53 10.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 173.2.26.104.in-addr.arpa udp
US 130.211.23.194:443 api.btloader.com tcp
US 8.8.8.8:53 download1638.mediafire.com udp
US 199.91.152.138:443 download1638.mediafire.com tcp
US 199.91.152.138:443 download1638.mediafire.com tcp
US 8.8.8.8:53 194.23.211.130.in-addr.arpa udp
US 8.8.8.8:53 138.152.91.199.in-addr.arpa udp
US 8.8.8.8:53 otnolatrnup.com udp
FR 13.37.187.223:443 g.ezoic.net tcp
FR 13.37.187.223:443 g.ezoic.net tcp
US 8.8.8.8:53 tags.crwdcntrl.net udp
US 8.8.8.8:53 bcp.crwdcntrl.net udp
US 8.8.8.8:53 ad.crwdcntrl.net udp
IE 52.17.67.251:443 ad.crwdcntrl.net tcp
GB 18.245.143.58:443 tags.crwdcntrl.net tcp
IE 34.248.222.184:443 ad.crwdcntrl.net tcp
IE 52.17.67.251:443 ad.crwdcntrl.net tcp
US 8.8.8.8:53 58.143.245.18.in-addr.arpa udp
US 8.8.8.8:53 184.222.248.34.in-addr.arpa udp
US 8.8.8.8:53 251.67.17.52.in-addr.arpa udp
US 8.8.8.8:53 g.ezodn.com udp
US 8.8.8.8:53 securepubads.g.doubleclick.net udp
GB 216.58.212.194:443 securepubads.g.doubleclick.net tcp
US 8.8.8.8:53 bshr.ezodn.com udp
US 172.67.142.121:443 bshr.ezodn.com tcp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 8.8.8.8:53 gum.criteo.com udp
US 8.8.8.8:53 ups.analytics.yahoo.com udp
US 8.8.8.8:53 id.a-mx.com udp
US 8.8.8.8:53 id5-sync.com udp
US 8.8.8.8:53 api.rlcdn.com udp
US 8.8.8.8:53 id.hadron.ad.gt udp
US 8.8.8.8:53 match.adsrvr.org udp
US 8.8.8.8:53 id.crwdcntrl.net udp
GB 142.250.187.194:443 googleads.g.doubleclick.net tcp
GB 216.58.212.194:443 securepubads.g.doubleclick.net udp
US 52.223.40.198:443 match.adsrvr.org tcp
NL 178.250.1.11:443 gum.criteo.com tcp
DE 3.75.62.37:443 ups.analytics.yahoo.com tcp
US 172.67.23.234:443 id.hadron.ad.gt tcp
DE 79.127.216.47:443 id.a-mx.com tcp
DE 162.19.138.116:443 id5-sync.com tcp
US 34.120.133.55:443 api.rlcdn.com tcp
US 8.8.8.8:53 dnacdn.net udp
US 8.8.8.8:53 c3.a-mo.net udp
FR 178.250.7.13:443 dnacdn.net tcp
US 8.8.8.8:53 lb.eu-1-id5-sync.com udp
US 8.8.8.8:53 fundingchoicesmessages.google.com udp
DE 79.127.216.47:443 c3.a-mo.net tcp
DE 162.19.138.117:443 lb.eu-1-id5-sync.com tcp
US 8.8.8.8:53 2.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 194.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 121.142.67.172.in-addr.arpa udp
US 8.8.8.8:53 194.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 198.40.223.52.in-addr.arpa udp
US 8.8.8.8:53 11.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 37.62.75.3.in-addr.arpa udp
US 8.8.8.8:53 234.23.67.172.in-addr.arpa udp
US 8.8.8.8:53 55.133.120.34.in-addr.arpa udp
US 8.8.8.8:53 116.138.19.162.in-addr.arpa udp
US 8.8.8.8:53 47.216.127.79.in-addr.arpa udp
US 8.8.8.8:53 13.7.250.178.in-addr.arpa udp
US 8.8.8.8:53 ep1.adtrafficquality.google udp
GB 216.58.213.2:443 ep1.adtrafficquality.google tcp
US 8.8.8.8:53 cdn.id5-sync.com udp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 8.8.8.8:53 oa.openxcdn.net udp
US 8.8.8.8:53 cdn.prod.uidapi.com udp
US 8.8.8.8:53 static.criteo.net udp
US 8.8.8.8:53 invstatic101.creativecdn.com udp
US 8.8.8.8:53 cdn-ima.33across.com udp
US 8.8.8.8:53 hb.yellowblue.io udp
US 8.8.8.8:53 tlx.3lift.com udp
US 8.8.8.8:53 fastlane.rubiconproject.com udp
US 8.8.8.8:53 hbopenbid.pubmatic.com udp
US 8.8.8.8:53 prebid.a-mo.net udp
US 8.8.8.8:53 onetag-sys.com udp
US 8.8.8.8:53 btlr.sharethrough.com udp
US 8.8.8.8:53 ap.lijit.com udp
US 34.102.146.192:443 oa.openxcdn.net tcp
US 151.101.129.229:443 cdn.jsdelivr.net tcp
US 34.96.70.87:443 invstatic101.creativecdn.com tcp
US 104.22.52.86:443 cdn.id5-sync.com tcp
US 172.64.152.89:443 cdn-ima.33across.com tcp
GB 18.245.255.11:443 cdn.prod.uidapi.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
GB 108.138.217.61:443 hb.yellowblue.io tcp
NL 147.75.34.177:443 prebid.a-mo.net tcp
DE 3.78.168.176:443 tlx.3lift.com tcp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
IE 99.80.120.232:443 ap.lijit.com tcp
US 8.8.8.8:53 ep2.adtrafficquality.google udp
GB 142.250.180.1:443 ep2.adtrafficquality.google tcp
US 151.101.129.229:443 cdn.jsdelivr.net tcp
DE 3.78.168.176:443 tlx.3lift.com tcp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
NL 147.75.34.177:443 prebid.a-mo.net tcp
IE 99.80.120.232:443 ap.lijit.com tcp
GB 142.250.187.194:443 googleads.g.doubleclick.net udp
US 8.8.8.8:53 tpc.googlesyndication.com udp
GB 142.250.187.225:443 tpc.googlesyndication.com tcp
GB 142.250.187.225:443 tpc.googlesyndication.com tcp
GB 142.250.187.225:443 tpc.googlesyndication.com tcp
GB 142.250.187.225:443 tpc.googlesyndication.com tcp
GB 142.250.187.225:443 tpc.googlesyndication.com tcp
GB 142.250.179.228:443 www.google.com udp
US 8.8.8.8:53 117.138.19.162.in-addr.arpa udp
US 8.8.8.8:53 2.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 192.146.102.34.in-addr.arpa udp
US 8.8.8.8:53 87.70.96.34.in-addr.arpa udp
US 8.8.8.8:53 89.152.64.172.in-addr.arpa udp
US 8.8.8.8:53 11.255.245.18.in-addr.arpa udp
US 8.8.8.8:53 61.217.138.108.in-addr.arpa udp
US 8.8.8.8:53 86.52.22.104.in-addr.arpa udp
US 8.8.8.8:53 139.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 1.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 229.129.101.151.in-addr.arpa udp
US 8.8.8.8:53 77.190.64.185.in-addr.arpa udp
US 8.8.8.8:53 232.120.80.99.in-addr.arpa udp
US 8.8.8.8:53 177.34.75.147.in-addr.arpa udp
US 8.8.8.8:53 176.168.78.3.in-addr.arpa udp
US 8.8.8.8:53 225.187.250.142.in-addr.arpa udp
GB 142.250.187.225:443 tpc.googlesyndication.com tcp
GB 142.250.179.228:443 www.google.com udp
NL 178.250.1.3:443 static.criteo.net tcp
US 8.8.8.8:53 oajs.openx.net udp
DE 18.192.67.89:443 btlr.sharethrough.com tcp
DE 18.192.67.89:443 btlr.sharethrough.com tcp
DE 18.192.67.89:443 btlr.sharethrough.com tcp
DE 18.192.67.89:443 btlr.sharethrough.com tcp
DE 18.192.67.89:443 btlr.sharethrough.com tcp
DE 51.89.9.252:443 onetag-sys.com tcp
DE 51.89.9.252:443 onetag-sys.com tcp
US 8.8.8.8:53 98.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 3.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 252.9.89.51.in-addr.arpa udp
US 8.8.8.8:53 89.67.192.18.in-addr.arpa udp
GB 142.250.187.225:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 ag.gbc.criteo.com udp
US 8.8.8.8:53 gem.gbc.criteo.com udp
FR 185.235.86.207:443 ag.gbc.criteo.com tcp
NL 185.235.87.153:443 gem.gbc.criteo.com tcp
US 8.8.8.8:53 6a78a78d31156e3a51e9dec45c528c17.safeframe.googlesyndication.com udp
GB 142.250.179.225:443 6a78a78d31156e3a51e9dec45c528c17.safeframe.googlesyndication.com tcp
US 8.8.8.8:53 207.86.235.185.in-addr.arpa udp
US 8.8.8.8:53 153.87.235.185.in-addr.arpa udp
US 8.8.8.8:53 225.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 cdn.ampproject.org udp
GB 142.250.178.1:443 cdn.ampproject.org tcp
GB 142.250.178.1:443 cdn.ampproject.org tcp
GB 142.250.178.1:443 cdn.ampproject.org tcp
GB 142.250.178.1:443 cdn.ampproject.org tcp
GB 142.250.178.1:443 cdn.ampproject.org tcp
US 34.120.135.53:443 oajs.openx.net tcp
GB 142.250.187.225:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 1.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 53.135.120.34.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 34.120.135.53:443 oajs.openx.net udp
US 8.8.8.8:53 google-bidout-d.openx.net udp
US 35.244.159.8:443 google-bidout-d.openx.net tcp
US 8.8.8.8:53 8.159.244.35.in-addr.arpa udp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
DE 18.192.67.89:443 btlr.sharethrough.com tcp
GB 216.58.212.194:443 securepubads.g.doubleclick.net udp
US 8.8.8.8:53 s0.2mdn.net udp
GB 142.250.187.225:443 tpc.googlesyndication.com udp
GB 142.250.187.198:443 s0.2mdn.net tcp
GB 142.250.200.3:443 www.google.co.uk udp
GB 142.250.187.198:443 s0.2mdn.net tcp
GB 142.250.187.225:443 tpc.googlesyndication.com udp
GB 142.250.179.228:443 www.google.com udp
GB 142.250.187.198:443 s0.2mdn.net udp
US 8.8.8.8:53 googleads4.g.doubleclick.net udp
US 8.8.8.8:53 198.187.250.142.in-addr.arpa udp
GB 13.224.245.120:443 bucket.cdnwebcloud.com tcp
GB 142.250.178.2:443 googleads4.g.doubleclick.net tcp
GB 142.250.178.2:443 googleads4.g.doubleclick.net udp
US 8.8.8.8:53 2.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 120.245.224.13.in-addr.arpa udp
US 8.8.8.8:53 neural40.cdnwebcloud.com udp
IE 52.213.124.182:443 neural40.cdnwebcloud.com tcp
IE 52.213.124.182:443 neural40.cdnwebcloud.com tcp
US 8.8.8.8:53 182.124.213.52.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 ade.googlesyndication.com udp
GB 172.217.16.226:443 ade.googlesyndication.com tcp
US 8.8.8.8:53 226.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 a.nel.cloudflare.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 8.8.8.8:53 1.80.190.35.in-addr.arpa udp
GB 172.217.16.226:443 ade.googlesyndication.com udp
US 8.8.8.8:53 www.facebook.com udp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
DE 51.89.9.252:443 onetag-sys.com udp
DE 18.192.67.89:443 btlr.sharethrough.com tcp
DE 51.89.9.252:443 onetag-sys.com tcp
US 8.8.8.8:53 btlr.sharethrough.com udp
DE 18.192.67.89:443 btlr.sharethrough.com tcp
GB 216.58.212.194:443 securepubads.g.doubleclick.net udp
GB 142.250.187.225:443 tpc.googlesyndication.com udp
GB 142.250.187.225:443 tpc.googlesyndication.com udp
GB 142.250.179.228:443 www.google.com udp
GB 142.250.187.194:443 googleads.g.doubleclick.net udp
GB 142.250.187.198:443 s0.2mdn.net udp
GB 142.250.178.2:443 googleads4.g.doubleclick.net udp
US 216.239.32.36:443 region1.analytics.google.com udp
DE 18.192.67.89:443 btlr.sharethrough.com tcp
GB 216.58.212.194:443 securepubads.g.doubleclick.net udp
GB 142.250.200.3:443 www.google.co.uk udp
GB 142.250.187.225:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.179.228:443 www.google.com udp
GB 142.250.187.194:443 googleads.g.doubleclick.net udp
GB 142.250.187.198:443 s0.2mdn.net udp
GB 142.250.178.2:443 googleads4.g.doubleclick.net udp
US 8.8.8.8:53 btlr.sharethrough.com udp
DE 18.199.220.232:443 btlr.sharethrough.com tcp
GB 142.250.187.225:443 tpc.googlesyndication.com udp
GB 142.250.179.228:443 www.google.com udp
GB 142.250.187.225:443 tpc.googlesyndication.com udp
US 8.8.8.8:53 232.220.199.18.in-addr.arpa udp
US 216.239.32.36:443 region1.analytics.google.com udp
GB 172.217.16.226:443 ade.googlesyndication.com udp
DE 18.199.220.232:443 btlr.sharethrough.com tcp
GB 142.250.200.3:443 www.google.co.uk udp
GB 142.250.200.10:443 translate-pa.googleapis.com udp
US 8.8.8.8:53 csm.nl3.eu.criteo.net udp
NL 178.250.1.25:443 csm.nl3.eu.criteo.net tcp
US 8.8.8.8:53 proxy-cheap.blogspot.com udp
GB 142.250.200.33:443 proxy-cheap.blogspot.com tcp
GB 142.250.200.33:443 proxy-cheap.blogspot.com tcp
US 8.8.8.8:53 amazonhost.thedreamsop.com udp
US 107.180.41.239:80 amazonhost.thedreamsop.com tcp
US 107.180.41.239:80 amazonhost.thedreamsop.com tcp
US 8.8.8.8:53 33.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 239.41.180.107.in-addr.arpa udp
US 8.8.8.8:53 acpanel.hackcrack.io udp
US 147.124.205.158:16164 acpanel.hackcrack.io tcp
US 147.124.205.158:16164 acpanel.hackcrack.io tcp
US 8.8.8.8:53 175.117.168.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 e765f3d75e6b0e4a7119c8b14d47d8da
SHA1 cc9f7c7826c2e1a129e7d98884926076c3714fc0
SHA256 986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89
SHA512 a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

\??\pipe\LOCAL\crashpad_644_VXPSQKFENNXWRFPN

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 53bc70ecb115bdbabe67620c416fe9b3
SHA1 af66ec51a13a59639eaf54d62ff3b4f092bb2fc1
SHA256 b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771
SHA512 cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 dcbe631d635dc4ae761774160c062a66
SHA1 8a81495468d4b27563a5858b5832914d89dc823d
SHA256 e701dcba3c3f38ac5da807b704a93fb21ed40188402ba7664ba911a33f38b56f
SHA512 434b54cdfcac6397329d5d0fea1e7046e4fdbdaf6ea3cfcacd2d52059df9afd83d6b20739873867e93af922003a1009ce749ee2015021e8d3331c73983bb0875

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d2541b35a7044553446fc127e16dd085
SHA1 af0e30fb2edf588d363e75922893ff871c41f598
SHA256 ac1dfe03fa4be11c792903c7aa38591a26f5acbb78e01ebfd491aeffcdcff10d
SHA512 22379f1d96ebce30f114a2b671a05493e9c3d59e7bdfd5a513fc46c676de8951eff017f93924ac9e9a218ed2d2dd704db50ed27af73b571fdc08063f5f1e493f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 43a34952dad327a9151ba14bbd1d8feb
SHA1 a043afd7f6a8bc435c65932ba49ed5e88a40c1b1
SHA256 a35b1501d407c5c6db01ecb30f306808eca38485793bdc510e8139f025087eb4
SHA512 cc30038ba60d02448fe6ddbc2b11538399bf2c14ec8eae4bb60a7ccfff3af2342ff87881eec7a48685fc9ce9083f0c07c4cb31a3f6d23e7a431155e9125eaa81

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8db32d9102eded346dc2905a497e1f05
SHA1 24e5a76e25304fb082f8684a3914835bfd187e0a
SHA256 67f29c54c0f08307bdf4829a3ca0cd8924b4b7e927d907f61d0b68c02b4223d8
SHA512 0b35006e8b0fc0be3ef87b4f68e20248224fcecd08e6f04dbb09bda088fb55c862fd45ddb219b5b46f4c062732a9f4ac96e4f2654ca22c2e59de84719078878c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ba1ac7b0e4f72a78c7b3a1af534909c8
SHA1 bd431bd3d74733c97b61708188459a0ab1a35934
SHA256 e21952d049445e2e8d061afe658ae2b35fda05643cb0c6f27c640e87c6888f8d
SHA512 5b64706672adb1a7cdeba548d79a386a61a639d37e8341e073e43a634be6bac2083a00b2ae5fc4a1dcdc64376d01d2fe4f300e18612fdd0c5d5ef8c9c57eee9b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe586ca0.TMP

MD5 5b4d767b91a5625f3297f778c1716d07
SHA1 b21852800009a6500ce15a73e94bece3347826e2
SHA256 ea37f38388a372718ffb3a29b919220a6ee0f5e7dd96a5c03e6a69ad2df67d88
SHA512 18dee0a15fa6bd40e16b8af112c7def8524815fd70be94bd61a4225954c19e021b10bdd0fdc8c4d96baa9538d72bf1ea6576a029d5ee78614eba368b72e422d3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 fa6ae0fb330bd0bbaddc2880f98f3b78
SHA1 a7cd9308f8ea0b2044071e4b453fe405bb7f800a
SHA256 c23c858fac7b85022e04006374a356609147cb857aa98e0c4c471b9c6d7976fb
SHA512 d3aebe16fa19afb63057f5a770d16ff8810a9f2cf6654c498ffd658bb5e6e4384776bbd75d90e0179d8495ecc44ef6fb82dba042a01816c7be2b8b79cd16d487

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 07304bdcd7ac61806e14e35e5ba792ac
SHA1 f672cdfac1ee242183ce72a51b62c2821c408aae
SHA256 54063b1857503ee5f36b84a73200f93eec630ca6809a25407537685fec9cc7a8
SHA512 b16016266443025e8854571304183e373b890f1fe84721fca003b46e5c61040edcb01dc0b4397fd0cb4ba3b2751d9d12d7a8d4208a2c442a841fc1bacca5c836

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d6ff1f728677e84e6049b9283218861f
SHA1 47f2ecc084233b36fd108187bb1e602032b912cd
SHA256 236e2a5608d3a20b8b671226a8bb026c2895e83aea8a2cc15f26f1d68bff55e1
SHA512 c7c474caf83da1b6db0ff360e162bb80668b5977a025106ce370f1fdd6fd920a35fc12e6a51d3d1cc62cf75e0b37ef52a057c2d8f512ba09625b7699e8d751da

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 103aee777bdbf4452d5e4f93aa45ae6d
SHA1 d2c6a321a2df946e7d74b2bd76c453b4bbe28360
SHA256 15a382ec4a3e0856999d87c6135f3672915a45ea94e5383dec005a89819695a5
SHA512 0e85273b47c99bfc07f11f48092da007e27de8977124eae8951036af4b6df60647b7dbe9db8dce9962401d2dd91df7262148771385ae99f91050ed4c9f9c39b6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 3adc712d142dca3b809226743758c1e6
SHA1 d3f3e73974f1eb437a7594a6c7d55acb78098741
SHA256 f03534358f481390d268ca5fb7cd0368d8f14b9fb387c440f774060d2d62fd04
SHA512 3193cacbbe0f259fc7e03e7e1b2b3e6341b633c0f04b42e8b437221459bb865cf4e0e59cdbaebfcf1f273ca12b15afeb3866711968133298de6e752fdbf7fe26

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 de790482d61741326efdb119837997b0
SHA1 a58c7450c8cd92a9ff89900950002296c4a7314c
SHA256 a9c2ee8f6bc085174bfc0b1d0ecf60ad149af0b3a8d635f6a8b123835d17647c
SHA512 89e84e2c885c8c7b3db0da5b015c7bc453c8e96a047cc51264d78e706161d1fdab77ece49c05117c13b26fd9679a13655c3279d255761bf9eb85cdd344b10679

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 e6af11cc378104884985ff4230a7252b
SHA1 19213608027fd8fed08e65ef6359364b70101a49
SHA256 28c99b1681c487942a4a2ccce7762110d4f32c609e82ac0ca3ce30313c8fb793
SHA512 2fbd0649e997bf7afb0785a0e64fd08575ce36432a0069251d133d960c5cbbdf2edb1d29885bb3be15506b674c44721bfff6212e6099fdc1ded71138b4f501f2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 f466f7f7641145e92f463f5ca15b2578
SHA1 ad850e78e1a3cef276ec9d36388a892b4fa91d5f
SHA256 3e2707eea3a9a29645dbe0f8c787acf65a38d4d91c10dc8cb7068007115ad030
SHA512 a568fe1d202a6b8553d99f11cc1c1e2be42717099fe4058dc2c720caa31cb81eaa87dd6bf8d64f852f11ea7138e9ce1152e168902240aeb483cfcb8753eb7fb2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

MD5 c03ff64e7985603de96e7f84ec7dd438
SHA1 dfc067c6cb07b81281561fdfe995aca09c18d0e9
SHA256 0db8e9f0a185bd5dd2ec4259db0a0e89363afa953069f5238a0537671de6f526
SHA512 bb0fd94c5a8944a99f792f336bb8a840f23f6f0f1cb9661b156511a9984f0bb6c96baf05b7c1cf0efb83f43a224ecea52740432e3cfc85e0799428765eefb692

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 588f8ad122afd65df6315422461823ee
SHA1 d8f9360aa9cf222a170a0f3a14534990082dcf38
SHA256 74a1df64836fadf886795ef34d0539f460a60b58ad2510c44544c3e6c1851f8f
SHA512 a6b7b7b70ae3e444cc7765121d87f14a4cd5395c01e9a7b014b5c29e0ef24f944cf0f5a1e1de260738af80f2d642ad0c11e5f4497b927c55dd1b3c08c01f0247

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a4fd314ec8b78af5b80e3962c0cc4321
SHA1 2b45963d65f06b6044511cef87db70107e3f85c4
SHA256 adcc905c9e3e02a315815a5bd558bef50586ba72cbe217bbdfb57bc19127fe2a
SHA512 5fb98f86a39ae50bfb07f00517c70bef36b36e35fbc12b4fa8ee707a302fde5dde470138fc3e0ad879c9129b96f66777811570950a11fa587d76955ad77998c1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 434ce709687ffb1ce31f1e4259013343
SHA1 7a83230cab2268ec31489d9abccae4a3558491bb
SHA256 489b93437b2fb565bee7cc297857eac8f16f97c0317b2aa07cc91ef7b8782762
SHA512 6b6ad70c529f059b30fed29853deab5d91b7297de86264c0eec2b844dd3ba9788d44237c9bcb8f3c423be0f91e6881e5de49b1baf0dd92374ff4645869b71ed3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

MD5 6b04ab52540bdc8a646d6e42255a6c4b
SHA1 4cdfc59b5b62dafa3b20d23a165716b5218aa646
SHA256 33353d2328ea91f6abf5fb5c5f3899853dcc724a993b9086cab92d880da99f4d
SHA512 4f3b417c77c65936486388b618a7c047c84fb2e2dd8a470f7fe4ffec1ad6699d02fa9c1bbd551414eef0f2e6747a9ee59ca87198b20f9f4a9a01394ae69fa730

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 7e71151d9c85f7d41f2909c833e818f8
SHA1 177e715bfe6bd99580fb7ebe9beedbe92a89c9ea
SHA256 f022eac8c2c7882a9b87fd75683ff4670f29b86637eeb4781ee7aacf5cdcad2d
SHA512 4818510bef5ca8bc3a7e87af5bbb67c4d59d2d6a26ca14c734b652f9adaea844181b455b14081a67eb81ba4adf7f74e8f57ffda616147328516d7114c66882bc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

MD5 050d96fd978cdf15bfb99fe5b858f749
SHA1 a3e5c4537dd46e93ac08368a57ccc48ff8d3c692
SHA256 70ede7cab9dee3aee40f5bd309f0f321fef66666bc5527ea5995b8665ac29ac4
SHA512 456295c8a20a6528699e5f47afc42837953b3f8b84c235c5e5daa8e30fc9ca6eb209f610d2635d1492b85cda051c7abfc0723422761423f936e84fb9e839c62b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 ee21bb8e2ddf2dd9cd5e435e3dbef605
SHA1 70661d54f284579e24642f2240b051a8c010b7f4
SHA256 dfa79c49c1b5b403ada349d6cf7fb7a1885841b3ecf7165aac745c5bcd593354
SHA512 927091b716b26e16195150df5555bad211173facd989e8b892dc1894d07fc57881dbab309bbf7e8d7ab0dd62685ee160eb337e89fa23acce060759919c7fa0d9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 034f4a498f79d1e92eca0222db662605
SHA1 9d93a74204e9623ac1591ccc94f1a64778316c02
SHA256 6aec9a6fc18ec34a4581eabb10a15fc2618be9f14289e6a5ad81d5605725af6b
SHA512 cfddf86535a350e4da3b96c3948e3f15e2ad5570acf09e766e5a28987325cbe1c57861d1956dcc56b0aeec9ea6c9d9f73cd721e8f3a94a205e4adc3e9c88b5bc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 4b331405b9e2f2d11d077e4c63d6a8f8
SHA1 1a508156d8bcc7a60e0b82e3b60ee7289ae8af69
SHA256 1628c52fb33bb52d7841a9bde80c561e0de33c1a1e242f5f8407d721dc09990f
SHA512 dadf402036a7fe0a67107a4a306deebf0cf7c2cf2b0e9c70cdab60df3b39fb2bf1b0a4e11922adf8e5d976ccdacd34b3d62ddee59469bf4cec45f50aca185a21

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f1dd82f7dca09dee79cfdb22a399df57
SHA1 80e614ff0a8b1c16a4a164f35da13779febee4a9
SHA256 b747d36fd39d1b130f24ecb0d19c74b1a4efee683ff43d0ed964e7cd88a9a93f
SHA512 5f2bd91bb1c44fd004c6b3dd1a786d71fbb5117dc62602a7242acb15861e8394482ef79d029ee51db9d271e3dc9af77089618202a71f7c154101982ccc127ae0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000037

MD5 5b00250ddf5a7b2d79d06f0a136fcd79
SHA1 14b9879e612c4a06aa19b5e81f887ba05e773234
SHA256 3884b9680767ec5e001eb84245a346efa31e866a6006a78f4038f8fa6f575b73
SHA512 9f6ca0bb0e6a05b294f6aa9b007ecbec7aec0d07f4c63a48056c7322492f7041fbf24262b3e12a99af4c4d91572477f33860c67f44bcf632fd21c9556049b342

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 fc358cb9d092cf131a6a342b88d90b01
SHA1 3509ea2ca974d6eaa4bd138b78ccd4f375cc6d2e
SHA256 98e7cc594bfcc67f02d915013e23397cb7f1dec2a2ec3d1f795f52ee7da41c0b
SHA512 fa82789a6b179ce1e5e01d2e7b6ae2002c3819644aae553cd30cfc76b473095a08ec411e81f189f16f2bbba4267d902af12be44cfe454b55d6b128dab71d65c6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 debe89fe04135992e1a6fa7aff13a535
SHA1 4bac13f275d10ae0b4b9fce7a40e547698cace0c
SHA256 4e92e961258ea89c3b2c021b9b578eb00db7cc8b9b077d5e1c311f9b010e8ac1
SHA512 c811efc6b399b674bc706d09bb4dae66f56c2d6cd093149a1cde7034f8a231d26f54ec9ad1ebdb47985b703703959a465d2515346115f082bec7a8d08cefd959

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 607319da462eba575f0cadaa4c2783f7
SHA1 310125b44335b9ea3539f5d9e1e56eae975b6962
SHA256 173a397e52e2d32ae060d8e0eb6caef9ef5f74502e8935eef9b692aa5b80e75a
SHA512 92fce02620af7653867eb2a3bee984498602d81ced74d3d10741692e1df19de1b6939c19c2f8c87b0bf53268b7e2443c8471e68a9e403cc9acb17ade7b423f3a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\56d6f409590db490_0

MD5 7d4e6ff7cff6496ae6d4d14c34c7c2b5
SHA1 b0ee53c0bbb9c05ee942f54afc48889ecae1787c
SHA256 f40cc6a20684f0706c348999892d6aba57ab0974f43d4464df86a521f93ed21f
SHA512 9a29e118f4f28391e32cc259f80ff68c67be88bfeb87545cc0ce2f4384f059bd5a4398eae3c30d57382d1ebaa45cae48c421f65ee3a00d3af91cab8f025ad4a6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b13d9848aa9ac2f2_0

MD5 bb46536a8c1c7bdb9e83b26277311d5b
SHA1 c788c16022b50d1a3257c492be3e87912aadfbc6
SHA256 b3e1f55e0c1234d8ae55887c20d4e995472b96835c74adec53b299495fc32faa
SHA512 746f114d8910efe0bc36706e573eab870f226b67c715c033a8b071e42d2c1942431b8e1f6505d0b94284ac8a50ffaf79cc8a3bb31a01636d230e9e87fa2d4205

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\12d18f176d99d20c_0

MD5 5cda30f5d82d4a091011d6e4acb6153e
SHA1 6c855838f834438eeac5edcb69fd7dffc8b8f077
SHA256 8d3ce2564aa655905d4a9729fbcd7e0995b6a85e83df76c5aa24391ec4d3919d
SHA512 e4b36c79cfe5cb3da6646a5c92fb50f449955a833ee4056a27f1981f2ddee92f24d5ea5a1d8583fd331a5bf1d47a49b8a71923b47e0e1e9d960bb35a9d8d9788

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c472784dec098560_0

MD5 d771cf1354d1462b114444d6df8cf52c
SHA1 d1d84853159ce51ca1436def9316e57d6cffda87
SHA256 4edda4138d5bb99941fe6b4688aa054a4a3848a405f2eb17c02f49ea66114549
SHA512 38bb04a1e78214d380c4ecc80bfcf9a10b991f55b52acc79745e2953dc6554ecaf940598db98cc751c774680e84cae629d801df95c5a911266c47ba4806d4aba

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7a8694aaa036738a_0

MD5 ec596b1536e2a294426dfdce0233e0cd
SHA1 92d66c10ac7a0b723c5a0c56b5c3331731c2b10f
SHA256 8fb390eaf668054de322bef49773c945f968283adfcf3ad3f6f69c199abe14a3
SHA512 ea2c9b588ef8351776f8e6b374a1894623d4aedbd2fae416a6a77e42ff83d4228607edcfbf67156a08c11aeebc83c884d8a5be303ba6ebda0f182657b48d090e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\481963cd074f1a48_0

MD5 d096709048478dbcac9503de042d4df2
SHA1 bed21e468eda9f2c2880a4617d9878b3d9bbce81
SHA256 768fba9803814380cd33f44a1d7658fc7dcd9903b8196034cef7ff7d6e94b56c
SHA512 574779763c5874e62b1c07ed6f3764d1f53068d76c638c98a549ef1d38a443095854f9ba9ad07acec5c75405feb7fbfe68b3b9d59e839d27ad11d7b7a632f725

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a623a1a6937c32ee7ea8fc8d9603074d
SHA1 4f0a28cdfa0910f78073f753ccd0caa9fb752bdc
SHA256 f3cde39d924e0f06b5fab56256bff339fb67ef2b5e85a6514495a667400d527a
SHA512 31bfe31a8c2a1b523c577eb7d2885e9806336d43b317608bb0e0f609e81bd6825a7a9ed9aa66d9fd7607a17e9d39932d2e32c826b620653e81fce599ad3ac802

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 4fb01ed118e26efe29247da991184944
SHA1 7f096185ea19132741e7e65a8f6eac4c259e01fd
SHA256 83cb6a64d631e1ed54bca91d35515ea7e7caeed41ef374049e8db3cd62247da5
SHA512 cf6e9d41893e5bffeb3fcb730083ccadeaed2a299b6ad0d48c5f40a9ca181b049c887b2604cd8e01d55591ea80f7a6ca6c3a31dbf342c62918ef432fb9b0f774

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 9f61ae30a03aa61f62c9d8f25c8e5631
SHA1 283d1948ecde0a8531c451adf3405f5179374b69
SHA256 b9b0203de83e37a84690ccc06bd0ee06d15def15022d91ae77719508e41e2cca
SHA512 62c98964350802c79546c22c33910c9ee864a6afb8548380e9898e6ccb269fbc97ae14d5f29de0f83b24c88c44fbfe883cdf8a54fbfdd7cc9f527f04a55ceddd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003a

MD5 5957c300b8653d48c875490dae6f3edd
SHA1 4960cb666c7863b2bd8a3449619005d0730875b0
SHA256 9dd3ea282d524bfc4a534223dadf1450686feae44cf231eedd604fd6238e96d7
SHA512 eb965c8beb916dccf7469399df4e504c1ea255a443d933648429e7b59ef04d249812912b171afcd45b155047773ed46218d2e3509a701f4bd63171c133efe66c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f4bfbdd3caf6555b0cc0b838762d59fa
SHA1 9e243d2463da8090df50277bdbe9a14e99071017
SHA256 36dd8fee80eb6cc10833d9e5bcb6fce49a27870faf96c31fbeadc4a5d29df989
SHA512 0e843e27c844833f3248832f9db8f644619c47160f259e25d90332b7669210dafa5a5ede1ce24c5f1d833dc3ba5ba6e17af512aae786614122ab56560ed139a6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 571d240d74ada393f31cfa7f417db8f9
SHA1 dd35f2ab0d7cdb08bbbb4056a6c7b36eba134d70
SHA256 1559278a9e7d6775a7facec082aa91c19526e2b194eaf73bf52406688076d4a0
SHA512 b5a4e6c5559361a8c5a94ddc540ccaf313229a395e85cec55a267298f3bc9521cd1f63367cfa9375083c148f65e07889a6e789f00401ee3a01f3af5358d93dca

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b6e460beb6d2604c29453350c7922b34
SHA1 e2aa53ff67825ac9b8f5eccaffb82142d6f328c5
SHA256 e147dbd480472f5584a195d614c45de277ddbdafc096628a39d415cfd5ff6724
SHA512 2c885b6fcd4ef8e8120ff0700fdf236432f195fd76888bbb55154cfd54119a758478705cf4560fbf5c7b0557e90eb1a8958d02c454eda09b3f50bd51ac7a02e1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 216f04c7c2ce1d56ef8865bccf51621f
SHA1 04e769b5d27bbaccf6b6f54809ef36dc962bf68b
SHA256 bd5a564e677dfc330e7e2810c21950aa81863c69424ba4e943ddc867584d41b9
SHA512 dfb2fb6a0a69e62e4ba819f01c13b664330aa99d75cee07bdb74160cb5d988a3302f5ced77c655805d730b9e27d23be9f45d6ca1be25896d85afd3abaf70fb94

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 93900df18168da17edeeb3db317f46c4
SHA1 f37d341da344a4e3257e770954171323b90fb727
SHA256 5e468b1a85d9d0d1444d08b5b2343effaf2dd307eb59ecfa9e609157b0237d2f
SHA512 7cf270cd669d2efc1fd9a9977287db1890c2bef355d7771a17b39f7d55e4914ed86797eba6794bdd1b247a9f3944ed364c12d604a0a686cd2ba87714075055f3

C:\Users\Admin\Downloads\SMTP Cracker V3.1\SMTP Cracker V3.1\SMTP Cracker.exe

MD5 84e9c4e1daf4f73e9a19ff5308e7fbd9
SHA1 7c397ff555d0739feaddb5126dd02e3cdac2d8a7
SHA256 727c2fb834c5b0050c0721647c63766593b8c13e50b3c61c5628b935f1383670
SHA512 9a979e468b8d3bc7a2fa8b5db133eeab30c3eaeec12162b1ffb2524418a3de7d345605bc6b43e0d563cad6da02e8fed08e9706833e42764f0730a1811af79796

memory/400-1073-0x000000001D210000-0x000000001D2B6000-memory.dmp

memory/400-1074-0x000000001DDF0000-0x000000001E2BE000-memory.dmp

memory/400-1075-0x000000001DD40000-0x000000001DDDC000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Setup.exe

MD5 8e4f8329f0837d6a3801dd96973a05fe
SHA1 7309226e370a33000c08653504f2ac5786944b2b
SHA256 0d8f6fc81065fc6f20ea5b9de9a85fbfffe2deb1f2055f1b304b5b0f3e99407d
SHA512 9df93293a5fec2a2fca0838f43b24af8347f229884fab4338f7804ef0050b0aba02235ae2368ffef7dd42640420b42f69eaf974f5107bdab0bf0a8c9b39671cc

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\svchost.exe

MD5 e5d01a5a8cc5c5ca9a5329459814c91a
SHA1 00ec50ab1cdab87816ec0f3e77fa8ad00ea9c067
SHA256 612bbbf476228032ebab743100c98dae7f01a1dc854298cd8ece588351acb3c6
SHA512 2d0d0d964e9100b0586043b16f91532e0f81347ef3697dee7ab0cd90469e6c118ac58e630d9a7fe0a84f5c275440813aeede0e0c44cacf316f59cb760081ab07

C:\Users\Admin\Downloads\SMTP Cracker V3.1\SMTP Cracker V3.1\SMTP Cracker .exe

MD5 e5da0b71aa57df70e07b8ddb841cb8cc
SHA1 11f7f4cfc263698b21709269e03b9b027daba55b
SHA256 8eb36e1a046717f0e788bca7b0bdc6b3d8e52e5c1eebf007c8379cc82fb20693
SHA512 fba13631c8606e9b1d0ddca69d795a1c1700d589890c65f903d12e564d0f2b0aed87752fddff77ee0c35687282186a7d0184627ae1f47e37bdd6511e55187312

C:\Users\Admin\AppData\Local\Microsoft\CLR_v2.0\UsageLogs\Setup.exe.log

MD5 8e1e19a5abcce21f8a12921d6a2eeeee
SHA1 b5704368dfd8fc7aeafb15c23b69895e809fe20e
SHA256 22cf24d10cc11a9bb23268f18afbc8f3481c27e1feb4cb42ba5c8775e12720e3
SHA512 48365f858592d677ef5d0e2948f672234898e47a153eec32592a2e079353702a64e41e1aa59250f05bd690690b9edfb8455dfac90c6695fb7c0b6907a057fe78

C:\Users\Admin\AppData\Local\Temp\_MEI52202\botocore\data\appflow\2020-08-23\paginators-1.json

MD5 8aa5cf05946154bb458837d470900282
SHA1 167bb1ca7291bcfc1d881ca364cc966d428ff6ae
SHA256 84843b01b2c1b18e1f3d234b54c834752e399ba72364a1538dba7764b878ce3f
SHA512 026db05c7a91284b26faa199add32f1c05069b017aede8afd7a3f9b487da74984ddfdfa547af646bb6ebfedd2806d5a606809270a5a18d87d87b317e284eb236

C:\Users\Admin\AppData\Local\Temp\_MEI52202\botocore\data\appsync\2017-07-25\examples-1.json

MD5 0584826da7a4673f48cd89e852d26691
SHA1 b423744f648cccdf3e210124b230635d4eda4975
SHA256 2b76fa9a06248adbdc79c4a5253fa257f1100139af3b24aceba88a248e6ac748
SHA512 ca79e3e2211f927e61c39874c19f6c6e3dade609eb1776f51e85262a3d8341a5cf9f1dd13b0f5e7ea6e45322cd58ee3b46c3df5a0239033303a84e46571577b8

C:\Users\Admin\AppData\Local\Temp\_MEI52202\botocore\data\cloudfront\2015-07-27\waiters-2.json

MD5 99bf7fd6a0bae78836407f02c6657c8a
SHA1 0a20b75298f52e9da04cf8056a99cbede7901a48
SHA256 8f3444a83c5f220d8a6e63d83a60e86200efcbc9960042b4c3f3661280aa8472
SHA512 3c4077e5dac77db12a3afb7b835f31cc2fd1976051113004416bf62b9bbe20730d9a4c45d003aae8952d2ce0fe5e362f2c1698d67c4293dc36e0222724f31106

C:\Users\Admin\AppData\Local\Temp\_MEI52202\botocore\data\cloudfront\2015-07-27\paginators-1.json

MD5 a9f3dde6c5e456029a2ebe3de89651cc
SHA1 5344f7ad65a011ea4acdb6c947e4182f14909222
SHA256 23bbb88753057e506f1497a672b2c74a7eee3ab11e0c573b79c586ab00f1185f
SHA512 381c046e6c2c567ded302c42f3bbbf03e8c272c9e9a985113c387bdf006011e61cf137704537f694f3db4f3f9f045c5153d86223692b065d76bd0e030bf1d060

C:\Users\Admin\AppData\Local\Temp\_MEI52202\pytz\zoneinfo\Africa\Lagos

MD5 8244c4cc8508425b6612fa24df71e603
SHA1 30ba925b4670235915dddfa1dd824dd9d7295eac
SHA256 cffeb0282ccbd7fba0e493ff8677a1e5a6dd5197885042e437f95a773f844846
SHA512 560c7581dcb2c800eae779005e41406beaf15d24efc763304e3111b9bb6074fe0ba59c48b5a2c5511245551b94418bbc35934d9bd46313fcc6e383323056668c

C:\Users\Admin\AppData\Local\Temp\_MEI52202\pytz\zoneinfo\Africa\Kigali

MD5 b77fb20b4917d76b65c3450a7117023c
SHA1 b99f3115100292d9884a22ed9aef9a9c43b31ccd
SHA256 93f19e9551d58868ae5820752d2c93a486124c364463dc9c9489d0458f8bc682
SHA512 a088c2a4c7d72717257c3125c7c2aca28463d68306ea452afaad75b8a0f9e5730a8d9c430d14668809717a672dc63c4816762acb046b339da662da421a6d65df

C:\Users\Admin\AppData\Local\Temp\_MEI52202\pytz\zoneinfo\Africa\Djibouti

MD5 86dcc322e421bc8bdd14925e9d61cd6c
SHA1 289d1fb5a419107bc1d23a84a9e06ad3f9ee8403
SHA256 c89b2e253a8926a6cecf7eff34e4bfcdb7fe24daff22d84718c30deec0ea4968
SHA512 d32771be8629fb3186723c8971f06c3803d31389438b29bf6baa958b3f9db9a38971019583ba272c7a8f5eb4a633dfc467bfcb6f76faa8e290bad4fd7366bb2b

C:\Users\Admin\AppData\Local\Temp\_MEI52202\pytz\zoneinfo\Africa\Conakry

MD5 09a9397080948b96d97819d636775e33
SHA1 5cc9b028b5bd2222200e20091a18868ea62c4f18
SHA256 d2efac4e5f23d88c95d72c1db42807170f52f43dd98a205af5a92a91b9f2d997
SHA512 2eccf2515599ed261e96da3fbcfbab0b6a2dfc86a1d87e3814091709f0bfe2f600c3044c8555ed027978a8ae9045666ee639a8c249f48d665d8e5c60f0597799

C:\Users\Admin\AppData\Local\Temp\_MEI52202\pytz\zoneinfo\America\Curacao

MD5 adf95d436701b9774205f9315ec6e4a4
SHA1 fcf8be5296496a5dd3a7a97ed331b0bb5c861450
SHA256 8491e557ff801a8306516b8ca5946ff5f2e6821af31477eb47d7d191cc5a6497
SHA512 f8fceff3c346224d693315af1ab12433eb046415200abaa6cdd65fd0ad40673fdddf67b83563d351e4aa520565881a4226fb37d578d3ba88a135e596ebb9b348

C:\Users\Admin\AppData\Local\Temp\_MEI52202\pytz\zoneinfo\Etc\Greenwich

MD5 9cd2aef183c064f630dfcf6018551374
SHA1 2a8483df5c2809f1dfe0c595102c474874338379
SHA256 6d9f378883c079f86c0387a5547a92c449869d806e07de10084ab04f0249018d
SHA512 dafa0cb9d0a8e0ff75a19be499751ad85372aafa856ff06dd68ecf2b1c5578bb98a040becaecf0aed2c3e4ff7372ff200fe7614334756d19fe79dd61c01d4e92

C:\Users\Admin\AppData\Local\Temp\_MEI52202\pytz\zoneinfo\Europe\London

MD5 3d9add8c0dd4f406b8a9ad6f1219fb95
SHA1 c0b30d0940f65b8819cd6628d0670784dcb6b344
SHA256 c69d3cc15e384d932601d06aa69b6d0c285001bf2d44dd3719c121b7df5162d6
SHA512 9c82987fa7919fc333f3f04b309345b91240fa60d205a144b6ca10fcb586fddc3e9725e71da5a588eddd21bf99265dfe1495bb16df4367a82df57e103a324c78

C:\Users\Admin\AppData\Local\Temp\_MEI52202\pytz\zoneinfo\Europe\Skopje

MD5 6213fc0a706f93af6ff6a831fecbc095
SHA1 961a2223fd1573ab344930109fbd905336175c5f
SHA256 3a95adb06156044fd2fa662841c0268c2b5af47c1b19000d9d299563d387093a
SHA512 8149de3fd09f8e0f5a388f546ffe8823bdcda662d3e285b5cebc92738f0c6548ccb6ed2a5d086fd738cb3edc8e9e1f81c5e2e48edb0571e7ea7f131675b99327

C:\Users\Admin\AppData\Local\Temp\_MEI52202\pytz\zoneinfo\PRC

MD5 09dd479d2f22832ce98c27c4db7ab97c
SHA1 79360e38e040eaa15b6e880296c1d1531f537b6f
SHA256 64ffc2e43a94435a043c040d1d3af7e92d031adc78e7737af1861baa4eeef3e6
SHA512 f88ae25f3f04c7d5d5f98aafecc03cc7e4e56f1cd4c8deba6afd043f0fb7fe67b4d50e4df5493e77c6b34ba183e019442e736a13f784ba8c2847c06fd74ff200

C:\Users\Admin\AppData\Local\Temp\_MEI52202\pytz\zoneinfo\UCT

MD5 38bb24ba4d742dd6f50c1cba29cd966a
SHA1 d0b8991654116e9395714102c41d858c1454b3bd
SHA256 8b85846791ab2c8a5463c83a5be3c043e2570d7448434d41398969ed47e3e6f2
SHA512 194867d0cf66c2de4969dbfeb58c775964ecb2132acdc1b000b5ef0998cefde4a2979ffc04ec8b7dcb430e43326a79d9cedb28ecea184345aa7d742eaf9234ac

C:\Users\Admin\AppData\Local\Temp\_MEI52202\ucrtbase.dll

MD5 9679f79d724bcdbd3338824ffe8b00c7
SHA1 5ded91cc6e3346f689d079594cf3a9bf1200bd61
SHA256 962c50afcb9fbfd0b833e0d2d7c2ba5cb35cd339ecf1c33ddfb349253ff95f36
SHA512 74ac8deb4a30f623af1e90e594d66fe28a1f86a11519c542c2bad44e556b2c5e03d41842f34f127f8f7f7cb217a6f357604cb2dc6aa5edc5cba8b83673d8b8bd

C:\Users\Admin\AppData\Local\Temp\_MEI52202\python310.dll

MD5 e9c0fbc99d19eeedad137557f4a0ab21
SHA1 8945e1811ceb4b26f21edcc7a36dcf2b1d34f0bf
SHA256 5783c5c5a3ffce181691f19d27de376a03010d32e41360b72bcdbd28467cfcc5
SHA512 74e1289683642ae2bc3cf780a07af1f27fed2011ef6cc67380f9c066c59d17a2fb2394a45a5c6cd75dad812a61093fdbd0f2108925f5c58fc6644c1c98be5c0b

C:\Users\Admin\AppData\Local\Temp\_MEI52202\VCRUNTIME140.dll

MD5 f34eb034aa4a9735218686590cba2e8b
SHA1 2bc20acdcb201676b77a66fa7ec6b53fa2644713
SHA256 9d2b40f0395cc5d1b4d5ea17b84970c29971d448c37104676db577586d4ad1b1
SHA512 d27d5e65e8206bd7923cf2a3c4384fec0fc59e8bc29e25f8c03d039f3741c01d1a8c82979d7b88c10b209db31fbbec23909e976b3ee593dc33481f0050a445af

C:\Users\Admin\AppData\Local\Temp\_MEI52202\base_library.zip

MD5 ef4948327530e64ef2bd1ea4e3041019
SHA1 b8cf8f474ca1a635eb96c73695f7ccc7107a62c2
SHA256 8db8f0dcf454e8ef0fd7f4a536573fc14e83cc4375c8f9a6ecf18983d2398833
SHA512 a7b76f67f3ba6864b9b9a2d3ac45bd175e07d9ab33bf3b314259e223559fb639c20cbd82faa4cb152faa3607bfd3d138f9a86508bb27b42a046c8c0d27db2958

C:\Users\Admin\AppData\Local\Temp\_MEI52202\python3.dll

MD5 704d647d6921dbd71d27692c5a92a5fa
SHA1 6f0552ce789dc512f183b565d9f6bf6bf86c229d
SHA256 a1c5c6e4873aa53d75b35c512c1cbadf39315deeec21a3ada72b324551f1f769
SHA512 6b340d64c808388fe95e6d632027715fb5bd801f013debaaa97e5ecb27a6f6ace49bf23648517dd10734daff8f4f44969cff2276010bf7502e79417736a44ec4

C:\Users\Admin\AppData\Local\Temp\_MEI52202\_ctypes.pyd

MD5 3fc444a146f7d667169dcb4f48760f49
SHA1 350a1300abc33aa7ca077daba5a883878a3bca19
SHA256 b545db2339ae74c523363b38835e8324799720f744c64e7142ddd48e4b619b68
SHA512 1609f792583c6293abddf7f7376ffa0d33a7a895de4d8b2ecebaede74e8850b225b3bf0998b056e40e4ebffb5c97babccf52d3184b2b05072c0dbb5dcb1866f8

C:\Users\Admin\AppData\Local\Temp\_MEI52202\libffi-7.dll

MD5 eef7981412be8ea459064d3090f4b3aa
SHA1 c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256 f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512 dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

C:\Users\Admin\AppData\Local\Temp\_MEI52202\pyexpat.pyd

MD5 4cb923b0d757fe2aceebf378949a50e7
SHA1 688bbbae6253f0941d52faa92dedd4af6f1dfc3b
SHA256 e41cff213307b232e745d9065d057bcf36508f3a7150c877359800f2c5f97cfc
SHA512 9e88542d07bd91202fcf13b7d8c3a2bbd3d78e60985b45f4fa76c6cd2a2abdee2a0487990bea0713f2ad2a762f120411c3fbbfaa71ef040774512da8f6328047

C:\Users\Admin\AppData\Local\Temp\_MEI52202\_lzma.pyd

MD5 afff5db126034438405debadb4b38f08
SHA1 fad8b25d9fe1c814ed307cdfddb5cd6fe778d364
SHA256 75d450e973cd1ccbd0f9a35ba0d7e6d644125eb311cc432bb424a299d9a52ee0
SHA512 3334d2ad9811e3be70b5a9fd84bc725c717a3ac59e2fd87e178cb39ac9172db7f9ec793011c4e613a89773b4f2425be66d44a21145a9051bed35f55a483759cc

C:\Users\Admin\AppData\Local\Temp\_MEI52202\_bz2.pyd

MD5 d61719bf7f3d7cdebdf6c846c32ddaca
SHA1 eda22e90e602c260834303bdf7a3c77ab38477d0
SHA256 31dd9bfb64b1bee8faf925296028e2af907e6d933a83ddc570ebc82d11c43cfb
SHA512 e6c7eab95c18921439f63a30f76313d8380e66bd715afc44a89d386ae4e80c980c2632c170a445bad7446ee5f2c3ee233ccc7333757358340d551e664204e21f

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\explorer.exe

MD5 794d834f4a9a70041b3cad4d0002030f
SHA1 facc1ed8ade82799866c8414406d80549c190a9b
SHA256 2ee18c24d8d7d58e740e3b12b8eacb747d2deb2139db95c4c9bb40930b40911b
SHA512 2b1a9d2a423c4ed1365b960fd706346620af4820312f67a177cf399bbf81d38acaf49830d21d3b7822072a2b1de08c028ca0855414ef7d0a53853d099736f565

memory/4844-3216-0x0000000001440000-0x0000000001448000-memory.dmp

memory/4844-3217-0x0000000001460000-0x000000000146C000-memory.dmp

memory/5184-3225-0x00000165CC760000-0x00000165CC782000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_5w0rjzoj.kcy.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/5680-3295-0x00000176F1860000-0x00000176F19CA000-memory.dmp

memory/5184-3296-0x00000165CCBE0000-0x00000165CCD4A000-memory.dmp

memory/5360-3301-0x000001E2F2060000-0x000001E2F21CA000-memory.dmp

memory/976-3302-0x0000020678100000-0x000002067826A000-memory.dmp

memory/4036-3304-0x00000227312C0000-0x000002273142A000-memory.dmp

memory/6044-3306-0x000002B439030000-0x000002B43919A000-memory.dmp

memory/5380-3298-0x000001F4C5BE0000-0x000001F4C5D4A000-memory.dmp

memory/628-3308-0x0000018134210000-0x000001813437A000-memory.dmp

C:\Users\Admin\Downloads\SMTP Cracker V3.1\SMTP Cracker V3.1\Result\key_generator\aws.txt

MD5 a238655bc3ae694f9055e85703f718d1
SHA1 5b5219e93ee6af1ff8b62d30cd01e5df67dee992
SHA256 efef29588a23859ed6c0b42b50ed4e74dcfaedfa0dd26cb0ad5ea84321821dbf
SHA512 7ed9da2ed68b75f3c20376c6ce41978f9f33fea8e38d8332c9303f5d70e8b5afb2587c1ca88f91eac113b1e4db81e846379b22701ff2530dd08a928a1d704006