Malware Analysis Report

2024-12-08 01:28

Sample ID 240904-sd1whstfpa
Target https://bit.ly/4cQDt11
Tags
redline sectoprat xmrig octosniff tgsetupfudvero credential_access defense_evasion discovery evasion execution infostealer miner persistence privilege_escalation rat spyware stealer trojan upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://bit.ly/4cQDt11 was found to be: Known bad.

Malicious Activity Summary

redline sectoprat xmrig octosniff tgsetupfudvero credential_access defense_evasion discovery evasion execution infostealer miner persistence privilege_escalation rat spyware stealer trojan upx

xmrig

RedLine payload

SectopRAT payload

SectopRAT

RedLine

Credentials from Password Stores: Credentials from Web Browsers

XMRig Miner payload

Creates new service(s)

Stops running service(s)

Command and Scripting Interpreter: PowerShell

Downloads MZ/PE file

Executes dropped EXE

Loads dropped DLL

Event Triggered Execution: Component Object Model Hijacking

UPX packed file

Checks installed software on the system

Accesses cryptocurrency files/wallets, possible credential harvesting

Drops file in System32 directory

Suspicious use of SetThreadContext

Subvert Trust Controls: Mark-of-the-Web Bypass

Launches sc.exe

Drops file in Program Files directory

Browser Information Discovery

System Location Discovery: System Language Discovery

Enumerates physical storage devices

Suspicious use of SetWindowsHookEx

Suspicious behavior: EnumeratesProcesses

NTFS ADS

Suspicious use of SendNotifyMessage

Modifies data under HKEY_USERS

Modifies registry class

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of AdjustPrivilegeToken

Enumerates system info in registry

Suspicious use of WriteProcessMemory

Checks processor information in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Checks SCSI registry key(s)

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-09-04 15:01

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-09-04 15:01

Reported

2024-09-04 15:17

Platform

win11-20240802-en

Max time kernel

964s

Max time network

963s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://bit.ly/4cQDt11

Signatures

RedLine

infostealer redline

RedLine payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

SectopRAT

trojan rat sectoprat

SectopRAT payload

Description Indicator Process Target
N/A N/A N/A N/A

xmrig

miner xmrig

Credentials from Password Stores: Credentials from Web Browsers

credential_access stealer

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Creates new service(s)

persistence execution

Downloads MZ/PE file

Stops running service(s)

evasion execution

Event Triggered Execution: Component Object Model Hijacking

persistence privilege_escalation

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Program Files\7-Zip\7zFM.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tool\Tool.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tool\Tool.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tool\Tool.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tool\Tool.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tool\Tool.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tool\Tool.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tool\Tool.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tool\Tool.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tool\Tool.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tool\Tool.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tool\Tool.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tool\Tool.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tool\Tool.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tool\Tool.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tool\Tool.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tool\Tool.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tool\Tool.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tool\Tool.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tool\Tool.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tool\Tool.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tool\Tool.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tool\Tool.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tool\Tool.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tool\Tool.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tool\Tool.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tool\Tool.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tool\Tool.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tool\Tool.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tool\Tool.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tool\Tool.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tool\Tool.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tool\Tool.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tool\Tool.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tool\Tool.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tool\Tool.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tool\Tool.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tool\Tool.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tool\Tool.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tool\Tool.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tool\Tool.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tool\Tool.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tool\Tool.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tool\Tool.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tool\Tool.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tool\Tool.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tool\Tool.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tool\Tool.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tool\Tool.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tool\Tool.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tool\Tool.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tool\Tool.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tool\Tool.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tool\Tool.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tool\Tool.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tool\Tool.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tool\Tool.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tool\Tool.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tool\Tool.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tool\Tool.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tool\Tool.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tool\Tool.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tool\Tool.exe N/A
N/A N/A C:\Users\Admin\Desktop\Tool\Tool.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Accesses cryptocurrency files/wallets, possible credential harvesting

spyware

Checks installed software on the system

discovery

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\system32\MRT.exe C:\Users\Admin\Desktop\Roblox UHQ Account Checker 2024\Roblox UHQ Account Checker.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe N/A
File opened for modification C:\Windows\system32\MRT.exe C:\ProgramData\amgleqmyetup\yggukvuokpyc.exe N/A
File opened for modification C:\Windows\system32\MRT.exe C:\Users\Admin\Desktop\Roblox UHQ Account Checker 2024\x64\vcredist.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe N/A
File opened for modification C:\Windows\system32\MRT.exe C:\ProgramData\koqxdtmoglvp\djacvklwlqtq.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\7-Zip\Lang\hy.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\kk.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ne.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\bg.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\sw.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\fy.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ast.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\si.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\vi.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\cy.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\sv.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\gu.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\mr.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\7z.sfx C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\eo.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ne.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\7-zip32.dll C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\mng2.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\br.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\io.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\mng.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\7-zip.dll C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\kk.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ta.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\7z.dll C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ms.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\sl.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\tr.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\tr.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\7zFM.exe C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\yo.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\descript.ion C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\an.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\be.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\gl.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\kab.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\cs.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\en.ttt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\hu.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\sa.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\7-zip.chm C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ar.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\va.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ko.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\mng.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\zh-cn.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\mk.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\sr-spl.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\tk.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\is.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\License.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\af.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\es.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\kaa.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ps.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\mk.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\br.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\fur.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\pt-br.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\7-zip.dll C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\7z.exe C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\si.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\az.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\de.txt C:\Users\Admin\Downloads\7z2408-x64.exe N/A

Subvert Trust Controls: Mark-of-the-Web Bypass

defense_evasion
Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\winrar-x64-701.exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\winrar-x64-701 (1).exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\7z2408-x64.exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\7z2408-x64.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\7z2408-x64.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\Roblox UHQ Account Checker 2024\x64\fix.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\Roblox UHQ Account Checker 2024\x64\fix.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\System32\Taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName C:\Windows\System32\Taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 C:\Windows\System32\Taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\System32\Taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName C:\Windows\System32\Taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 C:\Windows\System32\Taskmgr.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\System32\Taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\System32\Taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Windows\System32\Taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\System32\Taskmgr.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1" C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1" C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0" C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1" C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1" C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Users\Admin\Downloads\7z2408-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Users\Admin\Downloads\7z2408-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Users\Admin\Downloads\7z2408-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment" C:\Users\Admin\Downloads\7z2408-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 C:\Users\Admin\Downloads\7z2408-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Users\Admin\Downloads\7z2408-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip C:\Users\Admin\Downloads\7z2408-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip C:\Users\Admin\Downloads\7z2408-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 C:\Users\Admin\Downloads\7z2408-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000} C:\Users\Admin\Downloads\7z2408-x64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings\MuiCache C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000} C:\Users\Admin\Downloads\7z2408-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000} C:\Users\Admin\Downloads\7z2408-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip C:\Users\Admin\Downloads\7z2408-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment" C:\Users\Admin\Downloads\7z2408-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip C:\Users\Admin\Downloads\7z2408-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Users\Admin\Downloads\7z2408-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Users\Admin\Downloads\7z2408-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment" C:\Users\Admin\Downloads\7z2408-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip C:\Users\Admin\Downloads\7z2408-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Users\Admin\Downloads\7z2408-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Users\Admin\Downloads\7z2408-x64.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-970747758-134341002-3585657277-1000\{BBEA073B-7A4F-4ADE-A7B3-A0613ED1EBA3} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension" C:\Users\Admin\Downloads\7z2408-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip32.dll" C:\Users\Admin\Downloads\7z2408-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Users\Admin\Downloads\7z2408-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" C:\Users\Admin\Downloads\7z2408-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip C:\Users\Admin\Downloads\7z2408-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension" C:\Users\Admin\Downloads\7z2408-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment" C:\Users\Admin\Downloads\7z2408-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 C:\Users\Admin\Downloads\7z2408-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000} C:\Users\Admin\Downloads\7z2408-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip32.dll" C:\Users\Admin\Downloads\7z2408-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip C:\Users\Admin\Downloads\7z2408-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip C:\Users\Admin\Downloads\7z2408-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension" C:\Users\Admin\Downloads\7z2408-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 C:\Users\Admin\Downloads\7z2408-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip.dll" C:\Users\Admin\Downloads\7z2408-x64.exe N/A
Key created \REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension" C:\Users\Admin\Downloads\7z2408-x64.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip.dll" C:\Users\Admin\Downloads\7z2408-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip C:\Users\Admin\Downloads\7z2408-x64.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip C:\Users\Admin\Downloads\7z2408-x64.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 62409.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\7z2408-x64.exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Roblox_UHQ_Account_Checker_2024_•_100%_Free_&_Working_•_Private.rar:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Tool.zip:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 888631.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\winrar-x64-701.exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 394617.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\winrar-x64-701 (1).exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe N/A
N/A N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\System32\Taskmgr.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Taskmgr.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Taskmgr.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\System32\Taskmgr.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe N/A
Token: 33 N/A C:\Windows\System32\Taskmgr.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\Taskmgr.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zFM.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Windows\system32\conhost.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Taskmgr.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Taskmgr.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Windows\System32\Taskmgr.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Desktop\Roblox UHQ Account Checker 2024\x64\fix.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Desktop\Roblox UHQ Account Checker 2024\x64\fix.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A
N/A N/A C:\Windows\System32\Taskmgr.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4708 wrote to memory of 4352 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4708 wrote to memory of 4352 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4708 wrote to memory of 2468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4708 wrote to memory of 2468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4708 wrote to memory of 2468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4708 wrote to memory of 2468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4708 wrote to memory of 2468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4708 wrote to memory of 2468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4708 wrote to memory of 2468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4708 wrote to memory of 2468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4708 wrote to memory of 2468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4708 wrote to memory of 2468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4708 wrote to memory of 2468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4708 wrote to memory of 2468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4708 wrote to memory of 2468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4708 wrote to memory of 2468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4708 wrote to memory of 2468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4708 wrote to memory of 2468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4708 wrote to memory of 2468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4708 wrote to memory of 2468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4708 wrote to memory of 2468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4708 wrote to memory of 2468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4708 wrote to memory of 2468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4708 wrote to memory of 2468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4708 wrote to memory of 2468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4708 wrote to memory of 2468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4708 wrote to memory of 2468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4708 wrote to memory of 2468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4708 wrote to memory of 2468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4708 wrote to memory of 2468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4708 wrote to memory of 2468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4708 wrote to memory of 2468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4708 wrote to memory of 2468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4708 wrote to memory of 2468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4708 wrote to memory of 2468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4708 wrote to memory of 2468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4708 wrote to memory of 2468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4708 wrote to memory of 2468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4708 wrote to memory of 2468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4708 wrote to memory of 2468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4708 wrote to memory of 2468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4708 wrote to memory of 2468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4708 wrote to memory of 3900 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4708 wrote to memory of 3900 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4708 wrote to memory of 2844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4708 wrote to memory of 2844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4708 wrote to memory of 2844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4708 wrote to memory of 2844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4708 wrote to memory of 2844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4708 wrote to memory of 2844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4708 wrote to memory of 2844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4708 wrote to memory of 2844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4708 wrote to memory of 2844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4708 wrote to memory of 2844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4708 wrote to memory of 2844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4708 wrote to memory of 2844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4708 wrote to memory of 2844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4708 wrote to memory of 2844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4708 wrote to memory of 2844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4708 wrote to memory of 2844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4708 wrote to memory of 2844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4708 wrote to memory of 2844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4708 wrote to memory of 2844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4708 wrote to memory of 2844 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://bit.ly/4cQDt11

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffffa363cb8,0x7ffffa363cc8,0x7ffffa363cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1844,15116981974474123358,8542969404384809999,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1932 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1844,15116981974474123358,8542969404384809999,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2372 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1844,15116981974474123358,8542969404384809999,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,15116981974474123358,8542969404384809999,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,15116981974474123358,8542969404384809999,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,15116981974474123358,8542969404384809999,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,15116981974474123358,8542969404384809999,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3828 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,15116981974474123358,8542969404384809999,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,15116981974474123358,8542969404384809999,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,15116981974474123358,8542969404384809999,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,15116981974474123358,8542969404384809999,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1844,15116981974474123358,8542969404384809999,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6524 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,15116981974474123358,8542969404384809999,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6464 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,15116981974474123358,8542969404384809999,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6392 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,15116981974474123358,8542969404384809999,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6792 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1844,15116981974474123358,8542969404384809999,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6680 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,15116981974474123358,8542969404384809999,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6288 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,15116981974474123358,8542969404384809999,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5920 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,15116981974474123358,8542969404384809999,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,15116981974474123358,8542969404384809999,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1848 /prefetch:1

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,15116981974474123358,8542969404384809999,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6360 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1844,15116981974474123358,8542969404384809999,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5760 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1844,15116981974474123358,8542969404384809999,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6576 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,15116981974474123358,8542969404384809999,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3716 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,15116981974474123358,8542969404384809999,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2580 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1844,15116981974474123358,8542969404384809999,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5000 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1844,15116981974474123358,8542969404384809999,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3716 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,15116981974474123358,8542969404384809999,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7028 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,15116981974474123358,8542969404384809999,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,15116981974474123358,8542969404384809999,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,15116981974474123358,8542969404384809999,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1844,15116981974474123358,8542969404384809999,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6288 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1844,15116981974474123358,8542969404384809999,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5888 /prefetch:8

C:\Users\Admin\Downloads\winrar-x64-701.exe

"C:\Users\Admin\Downloads\winrar-x64-701.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,15116981974474123358,8542969404384809999,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3916 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,15116981974474123358,8542969404384809999,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7072 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,15116981974474123358,8542969404384809999,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1844,15116981974474123358,8542969404384809999,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4140 /prefetch:8

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe

"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1844,15116981974474123358,8542969404384809999,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3412 /prefetch:8

C:\Users\Admin\Downloads\winrar-x64-701 (1).exe

"C:\Users\Admin\Downloads\winrar-x64-701 (1).exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,15116981974474123358,8542969404384809999,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,15116981974474123358,8542969404384809999,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1020 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,15116981974474123358,8542969404384809999,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,15116981974474123358,8542969404384809999,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6496 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1844,15116981974474123358,8542969404384809999,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7452 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1844,15116981974474123358,8542969404384809999,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7476 /prefetch:8

C:\Users\Admin\Downloads\7z2408-x64.exe

"C:\Users\Admin\Downloads\7z2408-x64.exe"

C:\Users\Admin\Downloads\7z2408-x64.exe

"C:\Users\Admin\Downloads\7z2408-x64.exe"

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Tool.zip"

C:\Users\Admin\Desktop\Tool\Tool.exe

"C:\Users\Admin\Desktop\Tool\Tool.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe"

C:\Users\Admin\Desktop\Tool\Tool.exe

"C:\Users\Admin\Desktop\Tool\Tool.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe"

C:\Windows\System32\Taskmgr.exe

"C:\Windows\System32\Taskmgr.exe"

C:\Users\Admin\Desktop\Tool\Tool.exe

"C:\Users\Admin\Desktop\Tool\Tool.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe"

C:\Users\Admin\Desktop\Tool\Tool.exe

"C:\Users\Admin\Desktop\Tool\Tool.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess32.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffffa363cb8,0x7ffffa363cc8,0x7ffffa363cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,11398313154095442896,5901064324845455561,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1776 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1884,11398313154095442896,5901064324845455561,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2340 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1884,11398313154095442896,5901064324845455561,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2640 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,11398313154095442896,5901064324845455561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,11398313154095442896,5901064324845455561,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,11398313154095442896,5901064324845455561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4348 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,11398313154095442896,5901064324845455561,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1856 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,11398313154095442896,5901064324845455561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2572 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1884,11398313154095442896,5901064324845455561,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5352 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1884,11398313154095442896,5901064324845455561,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5508 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,11398313154095442896,5901064324845455561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4068 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,11398313154095442896,5901064324845455561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2608 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,11398313154095442896,5901064324845455561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,11398313154095442896,5901064324845455561,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3664 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,11398313154095442896,5901064324845455561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5980 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,11398313154095442896,5901064324845455561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,11398313154095442896,5901064324845455561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,11398313154095442896,5901064324845455561,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,11398313154095442896,5901064324845455561,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1756 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,11398313154095442896,5901064324845455561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5984 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,11398313154095442896,5901064324845455561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6600 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,11398313154095442896,5901064324845455561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6384 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,11398313154095442896,5901064324845455561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6364 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,11398313154095442896,5901064324845455561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6504 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,11398313154095442896,5901064324845455561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6296 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,11398313154095442896,5901064324845455561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,11398313154095442896,5901064324845455561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6360 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,11398313154095442896,5901064324845455561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1884,11398313154095442896,5901064324845455561,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7256 /prefetch:8

C:\Program Files\7-Zip\7zFM.exe

"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Roblox_UHQ_Account_Checker_2024_•_100%_Free_&_Working_•_Private.rar"

C:\Users\Admin\Desktop\Roblox UHQ Account Checker 2024\Roblox UHQ Account Checker.exe

"C:\Users\Admin\Desktop\Roblox UHQ Account Checker 2024\Roblox UHQ Account Checker.exe"

C:\Users\Admin\Desktop\Roblox UHQ Account Checker 2024\Roblox UHQ Account Checker.exe

"C:\Users\Admin\Desktop\Roblox UHQ Account Checker 2024\Roblox UHQ Account Checker.exe"

C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe delete "QTOCDQJM"

C:\Windows\system32\wusa.exe

wusa /uninstall /kb:890830 /quiet /norestart

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe create "QTOCDQJM" binpath= "C:\ProgramData\amgleqmyetup\yggukvuokpyc.exe" start= "auto"

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe stop eventlog

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe start "QTOCDQJM"

C:\ProgramData\amgleqmyetup\yggukvuokpyc.exe

C:\ProgramData\amgleqmyetup\yggukvuokpyc.exe

C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart

C:\Windows\system32\conhost.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\conhost.exe

conhost.exe

C:\Windows\system32\wusa.exe

wusa /uninstall /kb:890830 /quiet /norestart

C:\Windows\System32\Taskmgr.exe

"C:\Windows\System32\Taskmgr.exe"

C:\Users\Admin\Desktop\Roblox UHQ Account Checker 2024\x64\vcredist.exe

"C:\Users\Admin\Desktop\Roblox UHQ Account Checker 2024\x64\vcredist.exe"

C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe delete "UWTPBHGW"

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe create "UWTPBHGW" binpath= "C:\ProgramData\koqxdtmoglvp\djacvklwlqtq.exe" start= "auto"

C:\Windows\system32\wusa.exe

wusa /uninstall /kb:890830 /quiet /norestart

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe stop eventlog

C:\Windows\system32\sc.exe

C:\Windows\system32\sc.exe start "UWTPBHGW"

C:\ProgramData\koqxdtmoglvp\djacvklwlqtq.exe

C:\ProgramData\koqxdtmoglvp\djacvklwlqtq.exe

C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe

C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart

C:\Windows\system32\conhost.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wusa.exe

wusa /uninstall /kb:890830 /quiet /norestart

C:\Users\Admin\Desktop\Roblox UHQ Account Checker 2024\x64\fix.exe

"C:\Users\Admin\Desktop\Roblox UHQ Account Checker 2024\x64\fix.exe"

C:\Users\Admin\Desktop\Roblox UHQ Account Checker 2024\x64\fix.exe

"C:\Users\Admin\Desktop\Roblox UHQ Account Checker 2024\x64\fix.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 bit.ly udp
US 67.199.248.11:443 bit.ly tcp
US 67.199.248.11:443 bit.ly tcp
US 67.199.248.11:443 bit.ly tcp
US 104.17.151.117:443 www.mediafire.com tcp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 117.151.17.104.in-addr.arpa udp
US 172.67.199.186:443 the.gatekeeperconsent.com tcp
US 104.22.74.216:443 btloader.com tcp
US 104.21.42.32:443 the.gatekeeperconsent.com tcp
US 104.21.63.106:443 www.ezojs.com tcp
GB 172.217.169.14:443 translate.google.com tcp
US 3.165.190.44:443 cdn.amplitude.com tcp
US 104.16.80.73:443 static.cloudflareinsights.com tcp
US 104.16.53.110:443 cdn.otnolatrnup.com tcp
US 172.67.73.78:443 www.mediafiredls.com tcp
US 104.26.3.70:443 ad-delivery.net tcp
US 104.26.3.70:443 ad-delivery.net tcp
FR 13.37.187.223:443 g.ezoic.net tcp
US 8.8.8.8:53 14.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 73.80.16.104.in-addr.arpa udp
US 8.8.8.8:53 44.190.165.3.in-addr.arpa udp
US 8.8.8.8:53 78.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 110.53.16.104.in-addr.arpa udp
US 8.8.8.8:53 78.73.67.172.in-addr.arpa udp
US 8.8.8.8:53 70.3.26.104.in-addr.arpa udp
US 8.8.8.8:53 6.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 22.103.224.13.in-addr.arpa udp
US 8.8.8.8:53 223.187.37.13.in-addr.arpa udp
US 188.114.97.0:443 bshr.ezodn.com tcp
US 188.114.97.0:443 bshr.ezodn.com tcp
US 188.114.97.0:443 bshr.ezodn.com tcp
GB 173.194.76.157:443 stats.g.doubleclick.net tcp
US 216.239.32.36:443 region1.analytics.google.com tcp
US 130.211.23.194:443 api.btloader.com tcp
US 130.211.23.194:443 api.btloader.com tcp
GB 142.250.200.3:443 www.google.co.uk tcp
GB 172.217.169.74:443 translate.googleapis.com tcp
US 172.67.142.121:443 g.ezodn.com tcp
US 52.32.112.66:443 api.amplitude.com tcp
US 188.114.97.0:443 bshr.ezodn.com tcp
US 3.165.190.83:443 tags.crwdcntrl.net tcp
IE 54.229.219.223:443 ad.crwdcntrl.net tcp
IE 54.77.8.248:443 ad.crwdcntrl.net tcp
US 8.8.8.8:53 66.112.32.52.in-addr.arpa udp
US 8.8.8.8:53 226.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 83.190.165.3.in-addr.arpa udp
US 8.8.8.8:53 223.219.229.54.in-addr.arpa udp
US 8.8.8.8:53 248.8.77.54.in-addr.arpa udp
GB 216.58.212.194:443 securepubads.g.doubleclick.net tcp
GB 216.58.212.194:443 securepubads.g.doubleclick.net udp
GB 172.217.169.14:443 fundingchoicesmessages.google.com udp
N/A 224.0.0.251:5353 udp
FR 13.37.187.223:443 g.ezoic.net tcp
US 8.8.8.8:53 static.criteo.net udp
US 8.8.8.8:53 oa.openxcdn.net udp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 8.8.8.8:53 invstatic101.creativecdn.com udp
US 8.8.8.8:53 cdn.prod.uidapi.com udp
US 8.8.8.8:53 cdn-ima.33across.com udp
NL 79.127.227.46:443 c3.a-mo.net tcp
GB 87.248.114.12:443 ups.analytics.yahoo.com tcp
US 15.197.193.217:443 match.adsrvr.org tcp
DE 162.19.138.119:443 lb.eu-1-id5-sync.com tcp
US 34.102.146.192:443 oa.openxcdn.net tcp
US 151.101.193.229:443 cdn.jsdelivr.net tcp
US 104.22.4.69:443 id.hadron.ad.gt tcp
NL 178.250.1.11:443 dnacdn.net tcp
US 104.18.35.167:443 cdn-ima.33across.com tcp
CH 18.165.186.65:443 cdn.prod.uidapi.com tcp
US 34.96.70.87:443 invstatic101.creativecdn.com tcp
NL 178.250.1.3:443 static.criteo.net tcp
US 104.22.53.86:443 cdn.id5-sync.com tcp
US 34.120.133.55:443 api.rlcdn.com tcp
DE 79.127.216.47:443 c3.a-mo.net tcp
US 34.120.107.143:443 oajs.openx.net tcp
GB 142.250.180.1:443 ep2.adtrafficquality.google tcp
DE 141.95.98.64:443 lb.eu-1-id5-sync.com tcp
NL 178.250.1.11:443 dnacdn.net tcp
GB 142.250.179.228:443 www.google.com tcp
US 34.120.107.143:443 oajs.openx.net udp
GB 142.250.187.225:443 tpc.googlesyndication.com tcp
IE 52.209.96.96:443 ap.lijit.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
DE 51.38.120.206:443 onetag-sys.com tcp
FR 163.5.194.33:443 prebid.a-mo.net tcp
GB 185.64.190.77:443 hbopenbid.pubmatic.com tcp
DE 3.78.168.176:443 tlx.3lift.com tcp
US 23.227.151.194:443 ghb.adtelligent.com tcp
US 3.165.190.56:443 hb.yellowblue.io tcp
US 3.165.190.56:443 hb.yellowblue.io tcp
US 8.8.8.8:53 11.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 ghb1.adtelligent.com udp
US 8.8.8.8:53 3.1.250.178.in-addr.arpa udp
US 8.8.8.8:53 55.133.120.34.in-addr.arpa udp
US 8.8.8.8:53 65.186.165.18.in-addr.arpa udp
US 8.8.8.8:53 133.66.101.151.in-addr.arpa udp
US 8.8.8.8:53 47.216.127.79.in-addr.arpa udp
US 8.8.8.8:53 143.107.120.34.in-addr.arpa udp
US 8.8.8.8:53 64.98.95.141.in-addr.arpa udp
US 8.8.8.8:53 1.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 228.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 225.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 77.190.64.185.in-addr.arpa udp
US 8.8.8.8:53 139.156.173.69.in-addr.arpa udp
US 8.8.8.8:53 33.194.5.163.in-addr.arpa udp
US 8.8.8.8:53 96.96.209.52.in-addr.arpa udp
US 8.8.8.8:53 206.120.38.51.in-addr.arpa udp
US 8.8.8.8:53 176.168.78.3.in-addr.arpa udp
US 8.8.8.8:53 google-bidout-d.openx.net udp
US 23.227.151.194:443 ghb1.adtelligent.com tcp
US 35.244.159.8:443 google-bidout-d.openx.net tcp
GB 142.250.179.225:443 a452c91c164772ad7c242c1894786d50.safeframe.googlesyndication.com tcp
GB 142.250.187.225:443 tpc.googlesyndication.com udp
US 199.91.155.89:443 download2348.mediafire.com tcp
US 199.91.155.89:443 download2348.mediafire.com tcp
US 104.16.53.110:80 otnolatrnup.com tcp
US 104.16.53.110:80 otnolatrnup.com tcp
US 3.165.190.115:443 woreppercomming.com tcp
US 104.21.79.34:443 www.chancial.com tcp
DE 3.125.90.140:443 www.opera.com tcp
NL 92.122.63.46:443 cdn-production-opera-website.operacdn.com tcp
NL 92.122.63.46:443 cdn-production-opera-website.operacdn.com tcp
NL 92.122.63.46:443 cdn-production-opera-website.operacdn.com tcp
NL 92.122.63.46:443 cdn-production-opera-website.operacdn.com tcp
NL 92.122.63.46:443 cdn-production-opera-website.operacdn.com tcp
NL 92.122.63.46:443 cdn-production-opera-website.operacdn.com tcp
GB 172.217.169.14:443 www.googleoptimize.com tcp
GB 172.217.169.74:443 translate.googleapis.com udp
US 216.239.32.36:443 region1.analytics.google.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
FR 13.37.187.223:443 g.ezoic.net tcp
GB 2.17.209.40:443 www.bing.com tcp
GB 2.17.209.40:443 www.bing.com tcp
GB 2.17.209.65:443 th.bing.com tcp
GB 2.17.209.56:443 th.bing.com tcp
GB 2.17.209.56:443 th.bing.com tcp
GB 2.17.209.65:443 th.bing.com tcp
US 216.239.32.36:443 region1.analytics.google.com udp
GB 142.250.200.3:443 www.google.co.uk udp
GB 172.217.169.74:443 translate.googleapis.com udp
NL 40.126.32.76:443 login.microsoftonline.com tcp
US 13.107.5.80:443 services.bingapis.com tcp
US 172.64.154.167:443 www2.bing.com tcp
US 172.64.154.167:443 www2.bing.com tcp
DE 51.195.68.162:443 www.rarlab.com tcp
DE 51.195.68.162:443 www.rarlab.com tcp
DE 51.195.68.162:443 www.rarlab.com tcp
GB 173.222.211.41:443 aefd.nelreports.net tcp
GB 173.222.211.41:443 aefd.nelreports.net tcp
DE 51.195.68.163:443 www.win-rar.com tcp
DE 51.195.68.163:443 www.win-rar.com tcp
DE 51.195.68.163:443 www.win-rar.com tcp
US 8.8.8.8:53 r.bing.com udp
GB 92.123.142.34:443 r.bing.com tcp
GB 173.222.211.41:443 aefd.nelreports.net udp
US 172.64.154.167:443 www2.bing.com tcp
US 172.64.154.167:443 www2.bing.com tcp
DE 49.12.202.237:443 www.7-zip.org tcp
DE 49.12.202.237:443 www.7-zip.org tcp
GB 20.26.156.215:443 github.com tcp
US 185.199.109.133:443 objects.githubusercontent.com tcp
GB 173.222.211.41:443 aefd.nelreports.net udp
GB 173.222.211.41:443 aefd.nelreports.net udp
GB 51.195.206.227:38719 tcp
US 8.8.8.8:53 aefd.nelreports.net udp
GB 173.222.211.40:443 aefd.nelreports.net udp
US 8.8.8.8:53 227.206.195.51.in-addr.arpa udp
US 8.8.8.8:53 40.211.222.173.in-addr.arpa udp
GB 51.195.206.227:38719 tcp
US 104.17.150.117:443 www.mediafire.com tcp
US 8.8.8.8:53 btloader.com udp
US 8.8.8.8:53 translate.google.com udp
US 104.22.74.216:443 btloader.com tcp
GB 172.217.169.14:443 translate.google.com udp
FR 13.37.187.223:443 g.ezoic.net tcp
US 8.8.8.8:53 api.amplitude.com udp
US 35.155.145.183:443 api.amplitude.com tcp
US 104.26.3.70:443 ad-delivery.net tcp
US 8.8.8.8:53 www.mediafiredls.com udp
US 104.21.87.79:443 go.ezodn.com tcp
US 104.26.3.173:443 www.mediafiredls.com tcp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
US 216.239.32.36:443 region1.analytics.google.com udp
US 104.16.52.110:443 otnolatrnup.com tcp
GB 216.58.212.194:443 googleads.g.doubleclick.net udp
US 216.239.32.36:443 region1.analytics.google.com tcp
GB 142.250.200.3:443 www.google.co.uk udp
GB 142.250.200.3:443 www.google.co.uk tcp
US 172.67.142.121:443 bshr.ezodn.com tcp
NL 178.250.1.11:443 dnacdn.net tcp
US 8.8.8.8:53 id.a-mx.com udp
US 8.8.8.8:53 ups.analytics.yahoo.com udp
US 8.8.8.8:53 api.btloader.com udp
DE 162.19.138.82:443 lb.eu-1-id5-sync.com tcp
DE 3.71.149.231:443 ups.analytics.yahoo.com tcp
DE 79.127.216.47:443 id.a-mx.com tcp
US 130.211.23.194:443 api.btloader.com udp
US 8.8.8.8:53 tags.crwdcntrl.net udp
US 8.8.8.8:53 ad.crwdcntrl.net udp
GB 216.58.213.10:443 translate-pa.googleapis.com udp
US 3.165.190.69:443 tags.crwdcntrl.net tcp
IE 34.248.222.184:443 ad.crwdcntrl.net tcp
US 8.8.8.8:53 c3.a-mo.net udp
DE 162.19.138.117:443 lb.eu-1-id5-sync.com tcp
NL 178.250.1.11:443 dnacdn.net tcp
NL 79.127.227.46:443 c3.a-mo.net tcp
US 8.8.8.8:53 173.3.26.104.in-addr.arpa udp
US 8.8.8.8:53 183.145.155.35.in-addr.arpa udp
US 8.8.8.8:53 110.52.16.104.in-addr.arpa udp
US 8.8.8.8:53 82.138.19.162.in-addr.arpa udp
US 8.8.8.8:53 231.149.71.3.in-addr.arpa udp
US 8.8.8.8:53 10.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 69.190.165.3.in-addr.arpa udp
US 8.8.8.8:53 184.222.248.34.in-addr.arpa udp
US 8.8.8.8:53 117.138.19.162.in-addr.arpa udp
DE 51.38.120.206:443 onetag-sys.com udp
US 3.165.190.22:443 hb.yellowblue.io tcp
DE 3.120.207.148:443 btlr.sharethrough.com tcp
DE 3.120.207.148:443 btlr.sharethrough.com tcp
DE 3.120.207.148:443 btlr.sharethrough.com tcp
DE 3.120.207.148:443 btlr.sharethrough.com tcp
DE 3.120.207.148:443 btlr.sharethrough.com tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
DE 3.124.64.248:443 tlx.3lift.com tcp
FR 163.5.194.35:443 prebid.a-mo.net tcp
IE 52.49.78.189:443 ap.lijit.com tcp
NL 185.64.189.112:443 hbopenbid.pubmatic.com tcp
GB 142.250.200.2:443 ep1.adtrafficquality.google udp
DE 51.38.120.206:443 onetag-sys.com tcp
GB 142.250.179.228:443 www.google.com udp
GB 142.250.179.225:443 154c8c04850fd463b7db65c5b30e7ce7.safeframe.googlesyndication.com tcp
GB 142.250.187.225:443 tpc.googlesyndication.com udp
GB 142.250.187.225:443 tpc.googlesyndication.com tcp
US 8.8.8.8:53 248.64.124.3.in-addr.arpa udp
US 8.8.8.8:53 2.200.250.142.in-addr.arpa udp
GB 216.58.212.234:443 translate.googleapis.com udp
GB 216.58.212.234:443 translate.googleapis.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
FR 13.37.187.223:443 g.ezoic.net tcp
FR 13.37.187.223:443 g.ezoic.net tcp
FR 13.37.187.223:443 g.ezoic.net tcp
GB 92.123.143.138:443 www.bing.com tcp
GB 92.123.143.138:443 www.bing.com tcp
GB 92.123.143.138:443 www.bing.com tcp
GB 92.123.143.138:443 www.bing.com tcp
GB 92.123.143.138:443 www.bing.com tcp
US 67.199.248.10:80 bit.ly tcp
US 67.199.248.10:80 bit.ly tcp
GB 216.58.212.234:443 translate.googleapis.com udp
GB 216.58.212.234:443 translate.googleapis.com tcp
GB 172.217.169.14:443 fundingchoicesmessages.google.com udp
GB 172.217.169.14:443 fundingchoicesmessages.google.com tcp
US 216.239.32.36:443 region1.analytics.google.com udp
GB 142.250.200.3:443 www.google.co.uk udp
US 104.16.52.110:443 otnolatrnup.com tcp
US 54.187.177.119:443 api.amplitude.com tcp
US 216.239.32.36:443 region1.analytics.google.com tcp
GB 142.250.200.3:443 www.google.co.uk tcp
US 54.187.177.119:443 api.amplitude.com tcp
US 104.16.52.110:443 otnolatrnup.com tcp
US 130.211.23.194:443 api.btloader.com udp
US 130.211.23.194:443 api.btloader.com tcp
US 172.67.170.144:443 www.ezojs.com tcp
US 172.67.170.144:443 www.ezojs.com tcp
IE 34.247.16.8:443 ad.crwdcntrl.net tcp
GB 216.58.212.194:443 securepubads.g.doubleclick.net udp
DE 3.71.149.231:443 ups.analytics.yahoo.com tcp
DE 3.71.149.231:443 ups.analytics.yahoo.com tcp
FR 163.5.194.35:443 prebid.a-mo.net tcp
NL 69.173.156.139:443 fastlane.rubiconproject.com tcp
US 8.8.8.8:53 ads.yieldmo.com udp
DE 51.89.9.252:443 onetag-sys.com tcp
DE 3.124.64.248:443 tlx.3lift.com tcp
IE 54.217.175.130:443 ads.yieldmo.com tcp
IE 52.31.181.208:443 ap.lijit.com tcp
GB 142.250.200.2:443 ep1.adtrafficquality.google udp
GB 142.250.200.2:443 ep1.adtrafficquality.google tcp
GB 142.250.187.225:443 tpc.googlesyndication.com udp
GB 216.58.212.194:443 securepubads.g.doubleclick.net udp
GB 216.58.212.234:443 translate.googleapis.com udp
GB 216.58.212.234:443 translate.googleapis.com tcp
US 205.196.123.8:443 download1320.mediafire.com tcp
US 205.196.123.8:443 download1320.mediafire.com tcp
GB 20.58.112.186:443 x.urs.microsoft.com tcp
US 205.196.123.8:443 download1320.mediafire.com tcp
NL 35.204.130.99:443 track.wargaming-aff.com tcp
NL 35.204.130.99:443 track.wargaming-aff.com tcp
US 8.8.8.8:53 track.wg-aff.com udp
US 8.8.8.8:53 186.112.58.20.in-addr.arpa udp
US 8.8.8.8:53 99.130.204.35.in-addr.arpa udp
US 8.8.8.8:53 8.123.196.205.in-addr.arpa udp
GB 20.58.112.186:443 x.urs.microsoft.com tcp
NL 35.204.130.99:443 track.wg-aff.com tcp
LU 92.223.23.231:443 trck.wargaming.net tcp
LU 92.223.51.163:443 join.worldoftanks.eu tcp
US 8.8.8.8:53 cdn.cookielaw.org udp
US 8.8.8.8:53 cdn2wotcom.gcdn.co udp
GB 93.123.11.62:443 cdn2wotcom.gcdn.co tcp
GB 93.123.11.62:443 cdn2wotcom.gcdn.co tcp
GB 93.123.11.62:443 cdn2wotcom.gcdn.co tcp
GB 93.123.11.62:443 cdn2wotcom.gcdn.co tcp
GB 93.123.11.62:443 cdn2wotcom.gcdn.co tcp
GB 93.123.11.62:443 cdn2wotcom.gcdn.co tcp
US 8.8.8.8:53 163.51.223.92.in-addr.arpa udp
US 8.8.8.8:53 62.11.123.93.in-addr.arpa udp
US 8.8.8.8:53 95.133.125.74.in-addr.arpa udp
US 8.8.8.8:53 bat.bing.com udp
US 8.8.8.8:53 cdn.taboola.com udp
US 8.8.8.8:53 connect.facebook.net udp
US 8.8.8.8:53 tenor.wargaming.net udp
US 8.8.8.8:53 www.clarity.ms udp
US 150.171.27.10:443 bat.bing.com tcp
US 151.101.129.44:443 cdn.taboola.com tcp
LU 92.223.21.16:443 tenor.wargaming.net tcp
DE 157.240.27.27:443 connect.facebook.net tcp
US 13.107.253.64:443 www.clarity.ms tcp
LU 92.223.21.16:443 tenor.wargaming.net tcp
GB 93.123.11.62:443 cdn2wotcom.gcdn.co tcp
US 104.18.86.42:443 cdn.cookielaw.org tcp
US 104.18.86.42:443 cdn.cookielaw.org tcp
US 8.8.8.8:53 44.129.101.151.in-addr.arpa udp
US 8.8.8.8:53 16.21.223.92.in-addr.arpa udp
US 8.8.8.8:53 27.27.240.157.in-addr.arpa udp
US 8.8.8.8:53 64.253.107.13.in-addr.arpa udp
US 104.18.86.42:443 cdn.cookielaw.org tcp
GB 93.123.11.62:443 cdn2wotcom.gcdn.co tcp
US 8.8.8.8:53 stats.g.doubleclick.net udp
GB 173.194.76.157:443 stats.g.doubleclick.net udp
GB 142.250.179.228:443 www.google.com udp
GB 142.250.179.228:443 www.google.com tcp
US 104.18.86.42:443 cdn.cookielaw.org tcp
GB 173.194.76.157:443 stats.g.doubleclick.net tcp
US 104.18.86.42:443 cdn.cookielaw.org tcp
US 8.8.8.8:53 geolocation.onetrust.com udp
US 104.18.32.137:443 geolocation.onetrust.com tcp
US 8.8.8.8:53 42.86.18.104.in-addr.arpa udp
US 8.8.8.8:53 137.32.18.104.in-addr.arpa udp
NL 141.226.228.48:443 trc-events.taboola.com tcp
US 8.8.8.8:53 48.228.226.141.in-addr.arpa udp
US 172.64.155.119:443 wargaming-privacy.my.onetrust.com tcp
US 8.8.8.8:53 119.155.64.172.in-addr.arpa udp
DE 157.240.27.35:443 www.facebook.com tcp
US 8.8.8.8:53 35.27.240.157.in-addr.arpa udp
US 35.190.80.1:443 a.nel.cloudflare.com udp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
CH 179.43.191.162:51020 tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
CH 179.43.191.162:51020 tcp
CH 179.43.191.162:51020 tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
CH 179.43.191.162:51020 tcp
CH 179.43.191.162:51020 tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
CH 179.43.191.162:51020 tcp
CH 179.43.191.162:51020 tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
CH 179.43.191.162:51020 tcp
CH 179.43.191.162:51020 tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
CH 179.43.191.162:51020 tcp
CH 179.43.191.162:51020 tcp
CH 179.43.191.162:51020 tcp
DE 162.19.139.184:2222 xmr.2miners.com tcp
CH 179.43.191.162:51020 tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 058032c530b52781582253cb245aa731
SHA1 7ca26280e1bfefe40e53e64345a0d795b5303fab
SHA256 1c3a7192c514ef0d2a8cf9115cfb44137ca98ec6daa4f68595e2be695c7ed67e
SHA512 77fa3cdcd53255e7213bb99980049e11d6a2160f8130c84bd16b35ba9e821a4e51716371526ec799a5b4927234af99e0958283d78c0799777ab4dfda031f874f

\??\pipe\LOCAL\crashpad_4708_DTFOJSXBZHORNFXU

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 a8276eab0f8f0c0bb325b5b8c329f64f
SHA1 8ce681e4056936ca8ccd6f487e7cd7cccbae538b
SHA256 847f60e288d327496b72dbe1e7aa1470a99bf27c0a07548b6a386a6188cd72da
SHA512 42f91bf90e92220d0731fa4279cc5773d5e9057a9587f311bee0b3f7f266ddceca367bd0ee7f1438c3606598553a2372316258c05e506315e4e11760c8f13918

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a24b5057f57a02c7d83a25b846f9c076
SHA1 3476eba7a9915e229c66a9fc3dd3ccfa8ad96bf6
SHA256 46d3471a29f84e92460bc7cac4d1012d8fb992ed98d902690df98c3f52183148
SHA512 a915e5c7c94401d096a2bff8c686dd98692dab7a276515cb6be9ea3165299b1e0cf5b44a789366212da45ce9d7a1f1f1b78bc448d4c66589912d818d22574f1d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b8b9c1d1516c74093dfe66f12afc9f64
SHA1 b41ce38f30c390596dc01f9b984d9622822c1e22
SHA256 f8ed4db5d2d619f8561c944159262c2a07329f185852f9be1ddaed5000b9a03f
SHA512 c5c9bd15e4ddd790ab2077c250e00733474e747c8ce7ac5eed11e4a3b61251313807fc2f2513edfd4e0bad867ddbae292b7ed1a2211e2c5df7e58180e755625a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 4d155971bfc8d73bc38c95cb28db0b8c
SHA1 56d946e4b6fe8be214b3ddd1842655aeafa4c275
SHA256 8897b2ea8087f7355a950374194dc595c3ff2e0b8da9c1cd673ac06a610468d8
SHA512 d196e08fd2e54217d04007f649386f9126b6c27ad3c5f1121b5f609c8e734ace174bb3b9c052b71f85e0be59d48348d1a4dd3947d5be58ccc293d4fbc58115c6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 b6cb4b09c6326d9f6fca5290e8f89870
SHA1 55bb85b406be378487c01a4e8b20559001c04c99
SHA256 c9561405416fbbc74a6433a3ae5adf2457fbeaefdfa0e7c0b3825cc163ab228c
SHA512 96814006d590a2aaaa65dcf67656f5650dc0f0ceed443c2b3b329cebe781feedd28647bbeb75403db55edebe93fa322b1ef6aa64041ebb3d5c0c894a8c12bde1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 bda38c99c825eda3acee79d7c1b8bc61
SHA1 cec4433d6ba995bf82edff1d080422f8f12755ff
SHA256 293a04fb8ae11125fed1349e663054f198d2ac018e1055d1ab39ee4b8a8ba533
SHA512 2c3b694a023128a81ace3ff6f972f55d82e48121ccb3e1599578385ec01b357de0726ab5565253f4be4802f10aa0dfcd7373141ddfc0291c98216771dbe98c80

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58026c.TMP

MD5 d3197ac2f38098b637089d450b55a561
SHA1 3037554aff3f1c1b46895635777df5783c360f7d
SHA256 83046db1562142f12ae7ec578a263655d38636c1a1236857bb99d9371d665fac
SHA512 4da8873cdda1c1ea38f048fa4f87543d766e25d25a5bf85631bd78cd4624883f98f32214dad0f6ee5a9354d931d60788a88cd7f6a198ef93532f28c456f1afd6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7d914cf4bf8ccfa8cad6db2880f0c032
SHA1 32c0a701857928043e4591e402da6238ea9c7f0c
SHA256 4b68885bbae5329fb0a0b99a6af5f15bd12c8795b095cde06c24855df42815f9
SHA512 55a0b5aafbe848e5d6422b6798e06eb75a0e8e33b00554e47abf9451138bb8d207e44da5a9ad8e4e923ee4c11b37f2f7e2f59fbf31285a4526a3f6da920f4259

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 95ea5a9b0a1989361f71d0dd210965dc
SHA1 ec94d901d4f3e78b7ef949244d7041d6a3ef4ba2
SHA256 85cfb7408797456ac02d250bda643e77cafe205d9235ade1efb85322557fb4b5
SHA512 d50476f17afbb12cc965ab97b9f6b91b39ed799142cc714b8ddaf042ae4a9e194dc012f19280ce30554e0fc8e8bdc9f5fd0ad4d24f78c2607b1e0c8d28d0240b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 7a1328f022276832691bd065b5919039
SHA1 2fa60bb0b097e2232695d2d49b89fa8cc16606ba
SHA256 30cbe8cdb6ac65d3dba87494adc552e678db363dc1b6c6113662fddde542d6bc
SHA512 b3662294bfd22edb2dfda36c3cfa79e910ca9a9d7e4cac79703fb0477d8543afacbd9edc960dea1b628d54364aea3620017c202ba0c8cab07e7762f7a4ab8774

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 3697f2762685f1bfc548df433646fea6
SHA1 e067ae4b9ca06fd7a9cfbb5ddd05869399adc19a
SHA256 45e3a59d9005f7cfdea92705f1534128537390bb32779a557d7f80c68f447056
SHA512 5544a0d1cb1bc34edf4d903571c44ec0a76a97a595b6858b7eb4201ad0b8d0cc3740be216fcbfe7f083748f602f275efe75b8d885534a1b1bbeeaa057c30c760

C:\Users\Admin\Downloads\Tool.zip:Zone.Identifier

MD5 fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1 d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256 eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512 aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

C:\Users\Admin\Downloads\Tool.zip

MD5 27ae86a9f43183e11a50817f33bdcef5
SHA1 aeff55bf8208b5e028540e204f71c26a547940e6
SHA256 745a35df6cc0345cbe54c6383f742fb1a3aa9d8e43aa8dbb4aba2412c5dab6dd
SHA512 56f6dc276cde284757558d0a4110bf6c304bad7f23341788ed7d1da3eca26412d0e8f9676dbc9a92e9c105b6467fc4b4261771ca14b1da1a23da8331b4ec07a0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 834ead8ccd606d929ef6f6849808e0e3
SHA1 418bab869e535d31baba1048713543861ea99d80
SHA256 104e677491bd27d767f8b103ce4aad585cc805035ff4c5113c22878ec204b3f0
SHA512 d923fb2e379cf6fb3a1f9c832973fe22a03f7ee42215e4cce1f977ad6e5ae83819febb6d4bb28e79316ebe549591d9b4b6bbc92487e12eea1cb3e492f764b594

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d18bac22b050dcf14769e8a1863701e9
SHA1 af2d5bbf1a1f1bd7acabc3a2a49b9790d992fdbe
SHA256 5c9872fd3c4879211436186f7543319e915340724e58dd09c109010b52449aa4
SHA512 e3fd4cdb05761f03f85a7de1e6bb69f29be8aa9b2f6b03a9cbb66e9e628fc236e8e4fd4813e8d21176a6b99a9a405f80f88d567ffa6d5abcd76b92872ad80a9d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f5f61fc23e46368467dcb99b46c11bcb
SHA1 b1f0178074dae9a17a609a47cc0100b105fea12f
SHA256 634703dcd15f7f39f416e249a5f9bb705effebc5989f4bcdd60fdc80802fa7d9
SHA512 918d802e80f520e8aaf2db5b62cd47a5743504de58d4769505bcc6a44b1bfba9a52c7a6ca65b50b4e7664b392e8ed590dcbf8357f736d28967a1bc35506fa2b9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 8126b41dd002e39e98b656afaf6c0bb9
SHA1 30767abf278c96031f0b660fe809ff37fca96ff6
SHA256 b5b554057610e5c73c9b6af8a35e9aac3a7d2d514a7fa4702c4ba8784ff02d5e
SHA512 98ea48435bc7262dd7700d2d27eabde0c662296b40929d6c5966139f0b0960163e9e26d295b58ac67c1322f9679e85f6fa00542c0150b1ac6c503e03eef830ec

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f99ed81320a66c6e62dd884bf0841a46
SHA1 7d155eb5fec01094ad6a3df51c7cbbdf0eba8ac1
SHA256 2b2b391af6ca9977b1533932020d33534bbffac44c9b17e7f4b5250f3caf28cb
SHA512 6ff1063fd7503ac3810e1a7a44fd24e56b31c59ea85bfae09e10aff9f87792791a2fcb5d776b5bcd98eb14c3963a9b76104f0516a95f28930c25cdd2d006db30

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 6f49021dc283869cf3bae2372283da2e
SHA1 3136d70cd3d577f18e9851f849662d3e8d5cd92f
SHA256 76604b0a48ccd73fe4f8030f7aaae470d6bfcb0f83e9d491d95a4ef8ae0fb10d
SHA512 222ec81ccd738b51bbb43a665ae9e5ed99c91c8a7ac712642d9d1dd8cad5c781b031c23ebccb05c15cc6dd937fef32800be8ff629e02fc954085d16b5192f28e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7bea22127f121067e2eefb3041e3858f
SHA1 0045d6fbb3a0052013ff5d7040282038d144696a
SHA256 713fb2c3d308c88182d209eca48dfc17ed8231439f58c4f42dc7ad819f79de44
SHA512 bd05cb48250812bb416c50a34e33b4bb896f1317b05fe1e02f2593508cc4e994bf56bf38caa653db6220d4fc6471ae14c0ab1cf119da310f28772fd5dc58ab6c

C:\Users\Admin\Downloads\winrar-x64-701.exe

MD5 3a2f16a044d8f6d2f9443dff6bd1c7d4
SHA1 48c6c0450af803b72a0caa7d5e3863c3f0240ef1
SHA256 31f7ba37180f820313b2d32e76252344598409cb932109dd84a071cd58b64aa6
SHA512 61daee2ce82c3b8e79f7598a79d72e337220ced7607e3ed878a3059ac03257542147dbd377e902cc95f04324e2fb7c5e07d1410f0a1815d5a05c5320e5715ef6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 2b99d156fb81d71a0cfeae8c592664ea
SHA1 9ab4a75b52e9f2b98b978d1142afa4d0f8f0078d
SHA256 3048117c91d4d0c9d83acb4c49c33aa05953bea483da1abb41f57d9c0727fef6
SHA512 be6b8f82ae83f765aadebcd05ffb9a787e25b4d9659bf49701c8ba892489b3c05cae67ed9cc862fe71d8edbf19707d6dba3464b5d97291a5a2731facef91d468

C:\Users\Admin\Downloads\Unconfirmed 394617.crdownload

MD5 46c17c999744470b689331f41eab7df1
SHA1 b8a63127df6a87d333061c622220d6d70ed80f7c
SHA256 c5b5def1c8882b702b6b25cbd94461c737bc151366d2d9eba5006c04886bfc9a
SHA512 4b02a3e85b699f62df1b4fe752c4dee08cfabc9b8bb316bc39b854bd5187fc602943a95788ec680c7d3dc2c26ad882e69c0740294bd6cb3b32cdcd165a9441b6

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

MD5 cd6829f53a60318a54648f4ff9d694c2
SHA1 eda672c23f219a9cdbe740079412f5fbe04a157d
SHA256 5410184dfd5ef071de14c78cc7e9488049a85e313a3454250d53e974251ac906
SHA512 25a54ac013419868211b704a9b1f4cbc7c0a5b1a0e10cec09cd8eee3fbde7497e36c8e35f0506622eb9a47939c2c6b9590bf9bbf8d43508be13d7f85f7838ec9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 05decd75f4b23bd80c55de19f9a91601
SHA1 0eed92372fceb5af418f3072b4c1f5df9dcb2d08
SHA256 3e1d2a5744d13aacae12df38de9c03f75103c8f16f9c75d508dd083fcc039070
SHA512 62d6ee3d3e3002b79d33b215b16f79d86239e9de3b739d781f4d8f36f1016f6b8148658fa2fbc3dacdfa961a17debdd8421a46e9afd9d82aba5cf0db44a06f15

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 0e0f2fca99ed1ae20f7bfa691ad162f5
SHA1 91b740e8a5ac50686c589d0cdbbea9835a1507e7
SHA256 9bd0ae19182ee355a5bcf22ad4beda7f5b66fffae95d800b540f8a81a46ded67
SHA512 2f30a73fc0ce89d7de78fc3af06bcfa734414a7c31513207ee430bbe54b9b74030061f7524f2605b46ae091cd9bbfaabf0320ce714edaa616ec1ccc8a2fecca0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a6113e1734f4f5e606a2bd4f90240729
SHA1 00639ed2a93e3a45586139e2fa5fb7cb5753dd90
SHA256 77c30426b0aced3b13f9cb5128dc37ef6d75773b3bdbcb0f146b95ef653d4599
SHA512 e880c6fee715736b31f0716206702e426132629b0c3615fdb7a668d90cd2f1cf8d8b9849ec581ed87313829648ff59c1be74aeb55e238a8aa5275cbc2e61795d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 e923b82fcfb50ecee5f2ee7ed89a8264
SHA1 bfcc53ba2bc3cdb22b2ca5d2508e99c830c08ce4
SHA256 8f367c2ca832d15ec7060d6b444539b252df7989aa709fc1544fc85288f2ceb6
SHA512 30742ddf82610c7ddc3bdf2b61548b5a064c93d3a405c35073cdaee7f67a51ece4edc257cf22006a71a6164776611811c0e4015c8fe6d5c43a88ff089a3edfde

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 3b2e4b4a1c29e9350002f6ef25683d64
SHA1 771cfd7b21c1ecfb0fbac3ca106265516580b348
SHA256 5cf6a4d65d8a4166bf90d2d30d6b338332127efb649358f86ee0e55f3cc1012f
SHA512 f4a32ea2ec0c50cbec0bc61c2f1179a521721bac46df3c80adeea7b19e19a595ff037d0e2e2a2c3fee851948690e3a41520ea6dc1c6383673428893064138697

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

MD5 ed124bdf39bbd5902bd2529a0a4114ea
SHA1 b7dd9d364099ccd4e09fd45f4180d38df6590524
SHA256 48232550940208c572ebe487aa64ddee26e304ba3e310407e1fc31a5c9deed44
SHA512 c4d180292afa484ef9556d15db1d3850416a85ad581f6f4d5eb66654991fa90f414029b4ce13ed142271a585b46b3e53701735ee3e0f45a78b67baa9122ba532

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

MD5 76a3f1e9a452564e0f8dce6c0ee111e8
SHA1 11c3d925cbc1a52d53584fd8606f8f713aa59114
SHA256 381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c
SHA512 a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

MD5 f3d0a156d6ecb39d1805d60a28c8501d
SHA1 d26dd641e0b9d7c52b19bc9e89b53b291fb1915c
SHA256 e8be4436fcedf9737ea35d21ec0dcc36c30a1f41e02b3d40aa0bfa2be223a4a3
SHA512 076acfd19e4a43538f347ab460aa0b340a2b60d33f8be5f9b0ef939ef4e9f365277c4ff886d62b7edb20a299aacf50976321f9f90baba8ccd97bc5ac24a580bc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

MD5 d6b36c7d4b06f140f860ddc91a4c659c
SHA1 ccf16571637b8d3e4c9423688c5bd06167bfb9e9
SHA256 34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92
SHA512 2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

MD5 56d57bc655526551f217536f19195495
SHA1 28b430886d1220855a805d78dc5d6414aeee6995
SHA256 f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4
SHA512 7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

MD5 74e33b4b54f4d1f3da06ab47c5936a13
SHA1 6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c
SHA256 535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287
SHA512 79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

MD5 bb23576e988ee410c53c6982529308d3
SHA1 9c19397e83f7fe40a07eca22f5e5bbf64974918f
SHA256 1cb59c4d383ffcb876f1f7c279007731b87644e0b17620135639cc9b0186b393
SHA512 fe26c6bd32970627459a5a695de2de7b429099fab9c42f79a5a9df92e3e3d179687d457a356fbefaaedb874461c78182b42744b59e03a3c63cde5230c4bd7e6e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 108957e3cecf9e06d4bf2b2f52fa6232
SHA1 8ad0a1c6796c1c294b9ab0642252df0b50540339
SHA256 b5e7eb4869c93194d0ff9807543b996d6b35f7e5da10a3f68db752b51254adca
SHA512 0fbaa975fe3bf38e342e89bcb04422906d8d70f58d707280d06bc7547fc296a1d9c448b123b9a27f78790339ecd54a3415cbae182380a7b9e860edcc304ff465

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1fbbd96bad5acc64d56de9eaa2dd21e7
SHA1 4019949dd517633b4cfb72bc53dc464db2067e2d
SHA256 d7cf9776f43eb5f214c7744b71b3624df109c67d70b17832ac24d15d720b6003
SHA512 eae9bc1760c2b9afe6e9c17da15e33afaca2343747542cb4866e1017f039cf3726700d7f73dc805cd5ab65b75373a5be1e94498a7b51a1a9034380e9dd853864

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 b778328cfe896f0d4ed5e31408176236
SHA1 ef0f75697418d6b7fa5bada3ace314f46b6ac8b5
SHA256 fccee9ff369dbe6faddf17b3b0ac24e938874ac01860693defe068e8ada89f9f
SHA512 470b9ad243da2bde7748ca7bd5156265154b0ca31f26e3eb30968634af9058afd3544acdbdf33aa3eeed0fe5560dddaa99c55fb48aee9730356d8d3d47636a4c

C:\Users\Admin\Downloads\Unconfirmed 62409.crdownload

MD5 0330d0bd7341a9afe5b6d161b1ff4aa1
SHA1 86918e72f2e43c9c664c246e62b41452d662fbf3
SHA256 67cb9d3452c9dd974b04f4a5fd842dbcba8184f2344ff72e3662d7cdb68b099b
SHA512 850382414d9d33eab134f8bd89dc99759f8d0459b7ad48bd9588405a3705aeb2cd727898529e3f71d9776a42e141c717e844e0b5c358818bbeac01d096907ad1

C:\Users\Admin\Downloads\7z2408-x64.exe:Zone.Identifier

MD5 ecfc262c1fff38d81ae2683695bfa689
SHA1 b19c33459f9d2aaea1541fac7f7a973629198040
SHA256 d2a3d6e15abef23f9c77322ddd6cdbb454d556baa848a9baf861cd516846ff2b
SHA512 0bb4abc8775f5b2e9197aedc5c20ecccda9df40ce884b70201c3e60427bb6aef86d80b2ff2e2e7ef47259cd660e87d482e09893042fac0deb715e5a94ec31dc3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 7c6f08db56f18ca491665674bae19f24
SHA1 055dc2a422f4d5d1d3ccd575c6bb7f76332e5831
SHA256 f36dbb52d9e2ba0f5f654890ef79b2a4088d63acc7c5304fab1f6ca4e9a62fe7
SHA512 739d770e5b153fc81fa64260be89022afa02c4f64bcd1a35f4d853220ba84e822ba2d927cab5147846f8fb23077822a5d887d1b4c4d60eb27f8dac5c9b2ee0bb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 74ac2e4f4e5d65513deef4e8c25e4686
SHA1 5754ac03fe52b409a159b68fd8ca2f5a27894393
SHA256 12ca6f8441caec7fe186a4c92bf436ba53c2ae2743d5d596a21a670ec1106c96
SHA512 4f1d32e1c4fb0586aeccf1f2c25878a0ab500f0daa5c3ae3d69044365eab765443401f2df93441d58e60fc453394ff56856c58f9fd08b207f841c8e76987ee28

C:\Program Files\7-Zip\7-zip.chm

MD5 99b88f4d6d13713053db06b449ed6a9f
SHA1 f718e09a42e9ec49db060589d24135ca6929e8e0
SHA256 f830ddc5280d00e1cb160f9e5dd114292d5efef66c23c3c03c224894250bac2f
SHA512 9f1cb9ad8023b340c82e987bab33cddd817e3ece892aca7350650343396d4dc5d00cfd99c0718a862280c81d7d525c5e870390e1cdfdb4987b6663b1394cf1fc

C:\Program Files\7-Zip\Lang\az.txt

MD5 9cd3a23ca6f66f570607f63be6aa0001
SHA1 912837c29c0e07470e257c21775b7513e9af4475
SHA256 1da941116e20e69f61a4a68481797e302c11fcf462ca7203a565588b26011615
SHA512 c90ead15096009b626b06f9eae1b004f4adba5d18ccdb5c7d92694d36903760541f8aa7352be96466f2b0775c69f850605988fa4ef86f3de4fca34f7b645457e

C:\Program Files\7-Zip\Lang\ba.txt

MD5 387ff78cf5f524fc44640f3025746145
SHA1 8480e549d00003de262b54bc342af66049c43d3b
SHA256 8a85c3fcb5f81157490971ee4f5e6b9e4f80be69a802ebed04e6724ce859713f
SHA512 7851633ee62c00fa2c68f6f59220a836307e6dde37eae5e5dca3ca254d167e305fe1eb342f93112032dadafe9e9608c97036ac489761f7bdc776a98337152344

C:\Program Files\7-Zip\Lang\ast.txt

MD5 1cf6411ff9154a34afb512901ba3ee02
SHA1 958f7ff322475f16ca44728349934bc2f7309423
SHA256 f5f2174daf36e65790c7f0e9a4496b12e14816dad2ee5b1d48a52307076be35f
SHA512 b554c1ab165a6344982533cceed316d7f73b5b94ce483b5dc6fb1f492c6b1914773027d31c35d60ab9408669520ea0785dc0d934d3b2eb4d78570ff7ccbfcf9c

C:\Program Files\7-Zip\Lang\ar.txt

MD5 5747381dc970306051432b18fb2236f2
SHA1 20c65850073308e498b63e5937af68b2e21c66f3
SHA256 85a26c7b59d6d9932f71518ccd03eceeba42043cb1707719b72bfc348c1c1d72
SHA512 3306e15b2c9bb2751b626f6f726de0bcafdc41487ba11fabfcef0a6a798572b29f2ee95384ff347b3b83b310444aaeec23e12bb3ddd7567222a0dd275b0180ff

C:\Program Files\7-Zip\Lang\an.txt

MD5 f16218139e027338a16c3199091d0600
SHA1 da48140a4c033eea217e97118f595394195a15d5
SHA256 3ab9f7aacd38c4cde814f86bc37eec2b9df8d0dddb95fc1d09a5f5bcb11f0eeb
SHA512 b2e99d70d1a7a2a1bfa2ffb61f3ca2d1b18591c4707e4c6c5efb9becdd205d646b3baa0e8cbd28ce297d7830d3dfb8f737266c66e53a83bdbe58b117f8e3ae14

C:\Program Files\7-Zip\Lang\af.txt

MD5 df216fae5b13d3c3afe87e405fd34b97
SHA1 787ccb4e18fc2f12a6528adbb7d428397fc4678a
SHA256 9cf684ea88ea5a479f510750e4089aee60bbb2452aa85285312bafcc02c10a34
SHA512 a6eee3d60b88f9676200b40ca9c44cc4e64cf555d9b8788d4fde05e05b8ca5da1d2c7a72114a18358829858d10f2beff094afd3bc12b370460800040537cff68

C:\Program Files\7-Zip\7-zip.dll.tmp2

MD5 d346530e648e15887ae88ea34c82efc9
SHA1 5644d95910852e50a4b42375bddfef05f6b3490f
SHA256 f972b164d9a90821be0ea2f46da84dd65f85cd0f29cd1abba0c8e9a7d0140902
SHA512 62db21717f79702cbdd805109f30f51a7f7ff5f751dc115f4c95d052c5405eb34d5e8c5a83f426d73875591b7d463f00f686c182ef3850db2e25989ae2d83673

C:\Program Files\7-Zip\7zFM.exe

MD5 004d7851f74f86704152ecaaa147f0ce
SHA1 45a9765c26eb0b1372cb711120d90b5f111123b3
SHA256 028cf2158df45889e9a565c9ce3c6648fb05c286b97f39c33317163e35d6f6be
SHA512 16ebda34803977a324f5592f947b32f5bb2362dd520dc2e97088d12729024498ddfa6800694d37f2e6e5c6fc8d4c6f603414f0c033df9288efc66a2c39b5ec29

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d03d79b3df28c8847e016114af7bc5f9
SHA1 622f8dd848be0cfbb6343ceb99b772c9421ffd96
SHA256 44f4503a4e801d3597408aa0b8a018d5047367a739acd0511e4ad5acc97c0fd5
SHA512 69baa536775514e82091034f9bb3d018deb707cfecfb5336e0988b1cdc8e32dc9af4d7d020eec57bfa618abf93bf9f8d9dfbbfe3e3fe7173d171b4215c228325

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 4ac5cb56dbd62b8b38aa1abc59404f77
SHA1 3ee7044d3163731d6e1a58943ebf8507f8282178
SHA256 cd62723f2561e1a3022dab5c3e605a2611b7cd947fbe71828b94cda3b6a98366
SHA512 fadc81d3fc3b5dc70faeab6edb9e4d13eb6ced07110c7540c3fdc742292d8055d95967e2778b5899c99233525d58b25c15a0a7e270f777b2174095cfcc2468d7

memory/2376-1910-0x00007FF733210000-0x00007FF733678000-memory.dmp

memory/2376-1912-0x00007FF733210000-0x00007FF733678000-memory.dmp

memory/2376-1913-0x00007FF7C9CB0000-0x00007FF7C9CC0000-memory.dmp

memory/2376-1911-0x00007FFFE4400000-0x00007FFFE49B0000-memory.dmp

memory/2376-1914-0x00007FFFE4C90000-0x00007FFFE50ED000-memory.dmp

memory/2376-1917-0x00007FFFE3A20000-0x00007FFFE3C2E000-memory.dmp

memory/2376-1918-0x00007FFFFAD70000-0x00007FFFFAD98000-memory.dmp

memory/2376-1916-0x00007FFFE42D0000-0x00007FFFE435A000-memory.dmp

memory/2376-1915-0x00007FFFDCBB0000-0x00007FFFDF605000-memory.dmp

memory/132-1919-0x00007FF733210000-0x00007FF733678000-memory.dmp

memory/132-1920-0x00007FFFE4550000-0x00007FFFE4B00000-memory.dmp

memory/132-1924-0x00007FFFE36B0000-0x00007FFFE373A000-memory.dmp

memory/132-1926-0x00007FFFE34A0000-0x00007FFFE36AE000-memory.dmp

memory/132-1925-0x00007FFFFAD70000-0x00007FFFFAD98000-memory.dmp

memory/132-1923-0x00007FFFE4C00000-0x00007FFFE505D000-memory.dmp

memory/132-1922-0x00007FFFDCBB0000-0x00007FFFDF605000-memory.dmp

memory/4024-1929-0x0000017BF4630000-0x0000017BF4631000-memory.dmp

memory/4024-1928-0x0000017BF4630000-0x0000017BF4631000-memory.dmp

memory/4024-1927-0x0000017BF4630000-0x0000017BF4631000-memory.dmp

memory/4024-1933-0x0000017BF4630000-0x0000017BF4631000-memory.dmp

memory/4024-1939-0x0000017BF4630000-0x0000017BF4631000-memory.dmp

memory/4024-1938-0x0000017BF4630000-0x0000017BF4631000-memory.dmp

memory/4024-1937-0x0000017BF4630000-0x0000017BF4631000-memory.dmp

memory/4024-1936-0x0000017BF4630000-0x0000017BF4631000-memory.dmp

memory/4024-1935-0x0000017BF4630000-0x0000017BF4631000-memory.dmp

memory/4024-1934-0x0000017BF4630000-0x0000017BF4631000-memory.dmp

memory/5096-1949-0x00007FF733210000-0x00007FF733678000-memory.dmp

memory/5096-1950-0x00007FFFE3E50000-0x00007FFFE4400000-memory.dmp

memory/2960-1952-0x0000000000400000-0x000000000045C000-memory.dmp

memory/2960-1953-0x00000000058B0000-0x0000000005E56000-memory.dmp

memory/2960-1954-0x0000000005300000-0x0000000005392000-memory.dmp

memory/2960-1955-0x00000000053C0000-0x00000000053CA000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Tmp2F7.tmp

MD5 1420d30f964eac2c85b2ccfe968eebce
SHA1 bdf9a6876578a3e38079c4f8cf5d6c79687ad750
SHA256 f3327793e3fd1f3f9a93f58d033ed89ce832443e2695beca9f2b04adba049ed9
SHA512 6fcb6ce148e1e246d6805502d4914595957061946751656567a5013d96033dd1769a22a87c45821e7542cde533450e41182cee898cd2ccf911c91bc4822371a8

memory/2960-1970-0x0000000005F60000-0x0000000005FD6000-memory.dmp

memory/2960-1971-0x00000000065F0000-0x000000000660E000-memory.dmp

memory/2960-1974-0x0000000006C30000-0x0000000007248000-memory.dmp

memory/2960-1975-0x0000000006780000-0x000000000688A000-memory.dmp

memory/2960-1976-0x00000000066C0000-0x00000000066D2000-memory.dmp

memory/2960-1977-0x0000000006720000-0x000000000675C000-memory.dmp

memory/2960-1978-0x0000000006890000-0x00000000068DC000-memory.dmp

memory/5096-1981-0x00007FFFE3720000-0x00007FFFE37AA000-memory.dmp

memory/5096-1983-0x00007FFFE4C00000-0x00007FFFE4C28000-memory.dmp

memory/5096-1982-0x00007FFFE3470000-0x00007FFFE367E000-memory.dmp

memory/5096-1980-0x00007FFFE4400000-0x00007FFFE485D000-memory.dmp

memory/5096-1979-0x00007FFFDCBB0000-0x00007FFFDF605000-memory.dmp

memory/4504-1984-0x00007FF733210000-0x00007FF733678000-memory.dmp

memory/4504-1985-0x00007FFFE3E50000-0x00007FFFE4400000-memory.dmp

memory/2960-2004-0x00000000069E0000-0x0000000006A46000-memory.dmp

memory/2960-2007-0x0000000007650000-0x00000000076A0000-memory.dmp

memory/2960-2008-0x0000000007870000-0x0000000007A32000-memory.dmp

memory/2960-2009-0x0000000007F70000-0x000000000849C000-memory.dmp

memory/4504-2012-0x00007FFFE4400000-0x00007FFFE485D000-memory.dmp

memory/4504-2014-0x00007FFFE4C00000-0x00007FFFE4C8A000-memory.dmp

memory/4504-2016-0x00007FFFEE240000-0x00007FFFEE268000-memory.dmp

memory/4504-2015-0x00007FFFE3500000-0x00007FFFE370E000-memory.dmp

memory/4504-2013-0x00007FFFDCBB0000-0x00007FFFDF605000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 b83e76c5ced0c9f6726f235c9efa6f0b
SHA1 628a8af1f293ee38d9b9d7ced4f0811746fbc3dd
SHA256 533dd25b39137a6646a363d659b1f3dfcf07542e3b85d13c3ac3fe2002d47738
SHA512 6a44e7241bde4ab3c70f26a9da9ee64dd5a46da88a494b7c6b31fae3c51ac8c6863ef243cd3cc6206f0cb8270370dc43cbdeb32579a60c701e3ddd454a10b6b6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 d1ddb64d6b54f8f652e92b2d51b5705e
SHA1 03776a7a2dcbac10427518f0e08d18b2ec9f505e
SHA256 c56f093665eb08ebe2c8e6940dee81996735c3e0fa8aa4e0c8878a2385dadb4b
SHA512 cf7560162342a059b7170d96c7a86cf4a3c93c40bc2339f06e1dad1cd304e68fe3f93b7cb483a2fe0f07fbd9625892cd1a73a3e68e9f7b7535358d49416bd7c2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 93dfd8157f324adbfc76df69ea17838e
SHA1 2b3a7dc69abe1534e9aef0482479f646d7967ffd
SHA256 8cf124ecac0d2b82a1233dde9cc874f000c0da63c696131a7273d44336190f47
SHA512 f4f4716f5fa3cc13ad28ce0008810f864e0128c9ec1693222b5ac0bb4f23540660c64892a3178d6296f1424ac2e4ae062b1c30df662f27be85dbd9ef5905aa8c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3c9e69ed9445f53750d126fb34c5875b
SHA1 1529d219ff1ce8988113e27d45dd96ef8f58cde4
SHA256 90f1a5e9b501a00e2b65446fb14ef017114907a7ffd1e3d710047bf8f0817097
SHA512 4045e171e1582f8e5a2e771dbdaba4df4269319ca16c11e0bec3c4c501c8a309fcac1afb07c2601be668e3a12753c1cb8ce06659c599801b01f03f6938a64139

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c94822011ba0370ab90ea243ad66d7e3
SHA1 a44051d36f8cdf81c3d112b85f78178ebf32dff4
SHA256 416bfe392c6a03234546c9fbc9301c441937276f81cb2338da09437188f3b4f8
SHA512 7aac25052e94981b20411ec8a182d70cd36e71a8439fd7994ebeeedd901a0af71c401734c9a7be4602b5bb0f2489da4863706ee97b0d96cd6485539b3489bf2c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1dac630b03ba0b65e6395f3fb435f96f
SHA1 23349e51163ecb347660635465ab2a089e28f590
SHA256 173861f7945b0bdbbff273fc6e8bd30acef2e9071f398d30331099a989d4b681
SHA512 5e1b10e679882565275fd88b94086753e62635a5b0f9955323aa19ed0b64ec4cd29b919d1d3d6f8b24d3cd630daaec6252058a85411d6f11cfc34a33e45fe1d4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 effe04daf9c88917b1093ae6acc790b6
SHA1 80675a49d45063aa4d8265dd5c619d6067019156
SHA256 19cf9185f81dd8cdb1542999e210df79b4170522a6e71c89597678da1ea75872
SHA512 b9ea775c1696e75a952d56d74942488d569cdf9c186aa3252ef53cfb22f0a9bb7781d522036a3f1fcd5776553a095ec992a5719527ab2a5aea17a006503c900f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 30f8df28b83476caf5bfb441b8832001
SHA1 1070a0e526acd1346c185ca1b740888ba7885d4e
SHA256 fe30535cf2112c2d3521003235e87bfc1dcacffe77bd5dcaca37b3b00fbac9d5
SHA512 4029053582f25092560ef1c16eef61e30b447e8d8107525b720790b013e528e987ff73d4d5c6479d4404546a4ceacb773995f1a026ac42583709039e6fac4b2f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 572f0dd5af38a2f82018bbd560122e89
SHA1 18986312b14fd33ac83079c58f0ea96041de9387
SHA256 6307da711dd27917048a566e776c24991d50cd73acba1a0e30ca21e070d9a82e
SHA512 4b4cf215ef40fcc3b310f179e7774bd2b222893c16b866ec55fd51305782544956a9052d578c5b2ec78db4e5b443521c71edc242ce67be3d9fc424085cdce17c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030

MD5 1d454c43afa493accde04613f4617429
SHA1 7eb2f71ff9dc895697f73b54a7e69fd3bf0dca03
SHA256 fc41d2a7fbe260f33c8edc0d761f82a3b82766e8f0efc606228e76f61d3405fd
SHA512 dcb9b282dce0d9a4ea5b3039c341ab9d64993eb6c6cefa77098984a037e8c2ced348077dab6e9a9cac65032f168a6868b18bc4f91fa4329d6e699de0f8fb93ea

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 70e17cdd24e66fce8c553829c04bf0a3
SHA1 640c55e07979d93703d16cef9f6a1d6a12ef775c
SHA256 30c13b61d02c09baa06e3873c1d4a305e46f9a2e64e240d5bc477e011dc6336f
SHA512 b51c3ccaca0a319cb1be43a5b3d8f47d75d37f29d841cd67fca13cd93e9b995561d2913f3415c24fba03b82340104c26f6a48059f890e61117d9b3026b39c0c6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f878aeaff723a4dede2749c735a0841b
SHA1 2782f4af474161235c7d7cc6558d8874c9612b65
SHA256 c5de9e2ac756266a8ed06e89f496147f9e7fb8e8785ee4f50ef623ac83837adc
SHA512 a3a7a5d6009a5f6257e8a9256498bb7a65461124c1e1a6b53e0bc2af6c9094d2a317d3c4487274224711e4502312656453d85399db6198d57d78902cd4cf9bfa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b67072eb7479d1f9c2fdfad3a62f33d6
SHA1 5a63c924a433ff5efab9419333d5b36ce907922e
SHA256 252ca1b2c4ec21268269f134681e40663b98127e26708070688802da85df7d0e
SHA512 a47daf6960dce60964f4348f1c1fa76ab5fb17ace78b4221f5525950697c93310b212dd51dd5f5541c1f6dd9cd85a3df999547ab44ae4d5a60b8fccc2df9f5b5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 be332fbab1356c57342bfec08e853063
SHA1 2eab09c98913be52f9fea542aa8b3136c8483da9
SHA256 f3b11293064085d660a4dbcbe9f33d2106c5174872deb93dd7f6f8cd5fb68dd3
SHA512 255b972d0b94b3f9ea152d67fae4336b76d9e48391572e4a3aede8afb44301d54a8a46e0860be19bb9e08965c508f54f3a6bdac4c729476704f6795063305cbe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 170d784bcc00e12da2e2badcfd3170af
SHA1 5b0b803675694ac9bfd62abb75a2541fc83a8b62
SHA256 18972d91d45bbc378b5ddaee2b90024de35cd219c47d8f3baf611dbc6b1f3833
SHA512 d6307611e0e4d6be22bdd236ede32efba8e2b9c1a5339970a3fe92627db88dec1df52b88af5208d8af1cc88e5fecd106cead662d0f308cd53f4ebfdf1eb079b0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ca68fbef682ff1f18169b97b3cd4fb04
SHA1 3bfbfa7ee4b232594a2b2167c274bbc335226ac4
SHA256 9975822c3277592446ebd1c7a7f80738584b748ffc42fcee21f7d10abd67096f
SHA512 b742615f27c15bd9d08be8be6962189fb89828b37391714f4ef13364caa07304a0b324262bb0100a808be2d4d0012c97066b72e27e2785675d3465dcd6845817

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 310af89337ad02033ce447f1f31ab414
SHA1 fab88f5986b6dc39a9ddc081a9b90d6efe2e7032
SHA256 6bafe46cfb740cf1c9d9bbe0f2c651e5e711ec1284d496049aa096ff7ea58809
SHA512 b387e7bd1b1ca21e8262123ed895fb828178ae3650f6ecdfd099f14a643eda90840652df3a5db3af22a74210265fc101b43e9504bfdf1934c409fcce689340d7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 a126081ca229a7bdc10a6c94d3755a6c
SHA1 77e8faec26499cf50d7f1df46e430811ffdbf62e
SHA256 396cb79cfc1f35407611d38606e11465d77d0d0b3c4732fdc5a4ed5fc359d3dc
SHA512 84a795f1add9f0a9a729532014fc787d15bc76c6652270878ef0036eb0277a249bb1e59aa46f1fa51eaf15f1697d1602d816278e7d33ca1aac9c0316e4adb49d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 08cb86e6c38ea015bf0774b1acdf1b6a
SHA1 dab9e6c34e947749733dee9b7ae45b67795a1590
SHA256 5cd1602c7b32b86b8faed681c8d3b0f85c765d154adb47a830ca983df045c3e4
SHA512 396745d2c894a9bed959cbbbfe4cb5a94aaa67a573ac75916a047e58690f530451b3221f265356f9fd10926eb6115cde8b8cdc88134dc6ae26799cf4303738aa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 f30f69cec6d89199fb554203aedaa3b4
SHA1 00de151abdc7fbdd6ee6a0a3d0289397341b2926
SHA256 314f86565adba8593cbeb1903818bc118de497c0be1b98588d05f4dcff564b1b
SHA512 91b60b6c8d22eedadaac591b94685eeadd8bf2f9ddbe97b7b383b25fc807e32652762f95a4f9f14bf63e3da068e5787da2333fa3ee251f4d37b137814a17ea19

memory/4344-2576-0x000001627DDE0000-0x000001627DE02000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_rxzhno1i.hrw.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/2660-2602-0x000001E8EE2E0000-0x000001E8EE2FC000-memory.dmp

memory/2660-2603-0x000001E8EE300000-0x000001E8EE3B3000-memory.dmp

memory/2660-2604-0x000001E8EE3C0000-0x000001E8EE3CA000-memory.dmp

memory/2660-2605-0x000001E8EE3F0000-0x000001E8EE40C000-memory.dmp

memory/2660-2606-0x000001E8EE3D0000-0x000001E8EE3DA000-memory.dmp

memory/2660-2607-0x000001E8EE530000-0x000001E8EE54A000-memory.dmp

memory/2660-2608-0x000001E8EE3E0000-0x000001E8EE3E8000-memory.dmp

memory/2660-2609-0x000001E8EE510000-0x000001E8EE516000-memory.dmp

memory/2660-2610-0x000001E8EE520000-0x000001E8EE52A000-memory.dmp

memory/968-2617-0x0000000140000000-0x000000014000E000-memory.dmp

memory/968-2616-0x0000000140000000-0x000000014000E000-memory.dmp

memory/968-2615-0x0000000140000000-0x000000014000E000-memory.dmp

memory/968-2614-0x0000000140000000-0x000000014000E000-memory.dmp

memory/968-2613-0x0000000140000000-0x000000014000E000-memory.dmp

memory/968-2620-0x0000000140000000-0x000000014000E000-memory.dmp

memory/4092-2622-0x0000000140000000-0x0000000140848000-memory.dmp

memory/4092-2623-0x0000000140000000-0x0000000140848000-memory.dmp

memory/4092-2621-0x0000000140000000-0x0000000140848000-memory.dmp

memory/4092-2624-0x0000000140000000-0x0000000140848000-memory.dmp

memory/4092-2625-0x0000000140000000-0x0000000140848000-memory.dmp

memory/4092-2628-0x00000232D35B0000-0x00000232D35D0000-memory.dmp

memory/4092-2632-0x0000000140000000-0x0000000140848000-memory.dmp

memory/4092-2631-0x0000000140000000-0x0000000140848000-memory.dmp

memory/4092-2629-0x0000000140000000-0x0000000140848000-memory.dmp

memory/4092-2630-0x0000000140000000-0x0000000140848000-memory.dmp

memory/4092-2627-0x0000000140000000-0x0000000140848000-memory.dmp

memory/4092-2626-0x0000000140000000-0x0000000140848000-memory.dmp

memory/2300-2671-0x000001AFDBFA0000-0x000001AFDC053000-memory.dmp

memory/5084-2680-0x0000000000CF0000-0x0000000000D0E000-memory.dmp

memory/5084-2681-0x00000000056D0000-0x000000000571C000-memory.dmp