Malware Analysis Report

2024-11-30 19:24

Sample ID 240920-epqb9sybmq
Target https://github.com/Da2dalus/The-MALWARE-Repo
Tags
lokibot agilenet collection credential_access defense_evasion discovery persistence spyware stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://github.com/Da2dalus/The-MALWARE-Repo was found to be: Known bad.

Malicious Activity Summary

lokibot agilenet collection credential_access defense_evasion discovery persistence spyware stealer trojan

Lokibot

Credentials from Password Stores: Credentials from Web Browsers

Downloads MZ/PE file

Reads user/profile data of web browsers

Credentials from Password Stores: Windows Credential Manager

Obfuscated with Agile.Net obfuscator

Executes dropped EXE

Drops startup file

Legitimate hosting services abused for malware hosting/C2

Drops desktop.ini file(s)

Accesses Microsoft Outlook profiles

Adds Run key to start application

Checks installed software on the system

Drops file in System32 directory

Suspicious use of SetThreadContext

Drops autorun.inf file

Drops file in Windows directory

Drops file in Program Files directory

Subvert Trust Controls: Mark-of-the-Web Bypass

Program crash

System Location Discovery: System Language Discovery

Enumerates physical storage devices

Browser Information Discovery

Suspicious use of SendNotifyMessage

Modifies registry class

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Suspicious use of SetWindowsHookEx

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Suspicious use of AdjustPrivilegeToken

NTFS ADS

Enumerates system info in registry

outlook_office_path

outlook_win_path

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-09-20 04:07

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-09-20 04:07

Reported

2024-09-20 04:14

Platform

win11-20240802-en

Max time kernel

446s

Max time network

447s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/Da2dalus/The-MALWARE-Repo

Signatures

Lokibot

trojan spyware stealer lokibot

Credentials from Password Stores: Credentials from Web Browsers

credential_access stealer

Downloads MZ/PE file

Credentials from Password Stores: Windows Credential Manager

credential_access stealer

Drops startup file

Description Indicator Process Target
File opened for modification \??\c:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini C:\Users\Admin\Downloads\Whiter.a.exe N/A

Obfuscated with Agile.Net obfuscator

agilenet
Description Indicator Process Target
N/A N/A N/A N/A

Reads user/profile data of web browsers

spyware stealer

Accesses Microsoft Outlook profiles

collection
Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook C:\Users\Admin\Downloads\Lokibot.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook C:\Users\Admin\Downloads\Lokibot.exe N/A
Key opened \REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook C:\Users\Admin\Downloads\Lokibot.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000\Software\Microsoft\Windows\CurrentVersion\Run\Free Youtube Downloader = "C:\\Windows\\Free Youtube Downloader\\Free Youtube Downloader\\Free YouTube Downloader.exe" C:\Users\Admin\Downloads\FreeYoutubeDownloader.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Whistler = "C:\\Windows\\system32\\whismng.exe -next" C:\Users\Admin\Downloads\Whiter.a.exe N/A

Checks installed software on the system

discovery

Drops desktop.ini file(s)

Description Indicator Process Target
File opened for modification \??\c:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\desktop.ini C:\Users\Admin\Downloads\Whiter.a.exe N/A
File opened for modification \??\c:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini C:\Users\Admin\Downloads\Whiter.a.exe N/A
File opened for modification \??\c:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\desktop.ini C:\Users\Admin\Downloads\Whiter.a.exe N/A
File opened for modification \??\c:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\desktop.ini C:\Users\Admin\Downloads\Whiter.a.exe N/A
File opened for modification \??\c:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\desktop.ini C:\Users\Admin\Downloads\Whiter.a.exe N/A
File opened for modification \??\c:\$Recycle.Bin\S-1-5-21-3761892313-3378554128-2287991803-1000\desktop.ini C:\Users\Admin\Downloads\Whiter.a.exe N/A
File opened for modification \??\c:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\desktop.ini C:\Users\Admin\Downloads\Whiter.a.exe N/A
File opened for modification \??\c:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini C:\Users\Admin\Downloads\Whiter.a.exe N/A
File opened for modification \??\c:\Users\Admin\AppData\Local\Microsoft\Windows\Application Shortcuts\desktop.ini C:\Users\Admin\Downloads\Whiter.a.exe N/A
File opened for modification \??\c:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini C:\Users\Admin\Downloads\Whiter.a.exe N/A
File opened for modification \??\c:\Users\Admin\AppData\Roaming\Microsoft\Windows\AccountPictures\desktop.ini C:\Users\Admin\Downloads\Whiter.a.exe N/A
File opened for modification \??\c:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini C:\Users\Admin\Downloads\Whiter.a.exe N/A
File created \??\c:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-s..opini-accessibility_31bf3856ad364e35_10.0.22000.348_none_d5c2f424027f1f86\f\Desktop.ini C:\Users\Admin\Downloads\Whiter.a.exe N/A
File opened for modification \??\c:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility\Desktop.ini C:\Users\Admin\Downloads\Whiter.a.exe N/A
File opened for modification \??\c:\Users\Admin\AppData\Local\Microsoft\Windows\History\desktop.ini C:\Users\Admin\Downloads\Whiter.a.exe N/A
File opened for modification \??\c:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\desktop.ini C:\Users\Admin\Downloads\Whiter.a.exe N/A
File opened for modification \??\c:\Windows\Downloaded Program Files\desktop.ini C:\Users\Admin\Downloads\Whiter.a.exe N/A
File opened for modification \??\c:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\desktop.ini C:\Users\Admin\Downloads\Whiter.a.exe N/A
File opened for modification \??\c:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini C:\Users\Admin\Downloads\Whiter.a.exe N/A
File opened for modification \??\c:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini C:\Users\Admin\Downloads\Whiter.a.exe N/A
File opened for modification \??\c:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\desktop.ini C:\Users\Admin\Downloads\Whiter.a.exe N/A
File opened for modification \??\c:\Users\Admin\AppData\Local\Microsoft\Windows\Burn\Burn2\desktop.ini C:\Users\Admin\Downloads\Whiter.a.exe N/A
File opened for modification \??\c:\Users\Admin\AppData\Roaming\Microsoft\Windows\Libraries\desktop.ini C:\Users\Admin\Downloads\Whiter.a.exe N/A
File opened for modification \??\c:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\desktop.ini C:\Users\Admin\Downloads\Whiter.a.exe N/A
File opened for modification \??\c:\Windows\Media\Desktop.ini C:\Users\Admin\Downloads\Whiter.a.exe N/A
File opened for modification \??\c:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini C:\Users\Admin\Downloads\Whiter.a.exe N/A
File opened for modification \??\c:\Users\Admin\Videos\desktop.ini C:\Users\Admin\Downloads\Whiter.a.exe N/A
File opened for modification \??\c:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\desktop.ini C:\Users\Admin\Downloads\Whiter.a.exe N/A
File opened for modification \??\c:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI C:\Users\Admin\Downloads\Whiter.a.exe N/A
File opened for modification \??\c:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini C:\Users\Admin\Downloads\Whiter.a.exe N/A
File opened for modification \??\c:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\desktop.ini C:\Users\Admin\Downloads\Whiter.a.exe N/A
File opened for modification \??\c:\Users\Admin\AppData\Roaming\Microsoft\Windows\SendTo\desktop.ini C:\Users\Admin\Downloads\Whiter.a.exe N/A
File opened for modification \??\c:\Users\Admin\Links\desktop.ini C:\Users\Admin\Downloads\Whiter.a.exe N/A
File opened for modification \??\c:\Users\Admin\Searches\desktop.ini C:\Users\Admin\Downloads\Whiter.a.exe N/A
File opened for modification \??\c:\Users\Public\Desktop\desktop.ini C:\Users\Admin\Downloads\Whiter.a.exe N/A
File opened for modification \??\c:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini C:\Users\Admin\Downloads\Whiter.a.exe N/A
File opened for modification \??\c:\Users\Admin\AppData\Local\Microsoft\Windows\Burn\Burn\desktop.ini C:\Users\Admin\Downloads\Whiter.a.exe N/A
File opened for modification \??\c:\Users\Admin\Contacts\desktop.ini C:\Users\Admin\Downloads\Whiter.a.exe N/A
File opened for modification \??\c:\Users\Admin\Pictures\desktop.ini C:\Users\Admin\Downloads\Whiter.a.exe N/A
File opened for modification \??\c:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\desktop.ini C:\Users\Admin\Downloads\Whiter.a.exe N/A
File opened for modification \??\c:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\desktop.ini C:\Users\Admin\Downloads\Whiter.a.exe N/A
File opened for modification \??\c:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\desktop.ini C:\Users\Admin\Downloads\Whiter.a.exe N/A
File opened for modification \??\c:\Users\Admin\AppData\Local\Microsoft\Windows\WinX\Group1\desktop.ini C:\Users\Admin\Downloads\Whiter.a.exe N/A
File opened for modification \??\c:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\desktop.ini C:\Users\Admin\Downloads\Whiter.a.exe N/A
File opened for modification \??\c:\Users\Admin\Desktop\desktop.ini C:\Users\Admin\Downloads\Whiter.a.exe N/A
File opened for modification \??\c:\Users\Public\Libraries\desktop.ini C:\Users\Admin\Downloads\Whiter.a.exe N/A
File opened for modification \??\c:\Users\Public\Pictures\desktop.ini C:\Users\Admin\Downloads\Whiter.a.exe N/A
File opened for modification \??\c:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini C:\Users\Admin\Downloads\Whiter.a.exe N/A
File opened for modification \??\c:\Users\Public\Videos\desktop.ini C:\Users\Admin\Downloads\Whiter.a.exe N/A
File opened for modification \??\c:\Windows\Offline Web Pages\desktop.ini C:\Users\Admin\Downloads\Whiter.a.exe N/A
File opened for modification \??\c:\Program Files\desktop.ini C:\Users\Admin\Downloads\Whiter.a.exe N/A
File opened for modification \??\c:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini C:\Users\Admin\Downloads\Whiter.a.exe N/A
File opened for modification \??\c:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini C:\Users\Admin\Downloads\Whiter.a.exe N/A
File opened for modification \??\c:\Users\Admin\Music\desktop.ini C:\Users\Admin\Downloads\Whiter.a.exe N/A
File opened for modification \??\c:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group1\desktop.ini C:\Users\Admin\Downloads\Whiter.a.exe N/A
File opened for modification \??\c:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\desktop.ini C:\Users\Admin\Downloads\Whiter.a.exe N/A
File opened for modification \??\c:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\desktop.ini C:\Users\Admin\Downloads\Whiter.a.exe N/A
File opened for modification C:\Users\Admin\Documents\desktop.ini C:\Users\Admin\Downloads\Whiter.a.exe N/A
File opened for modification \??\c:\Program Files (x86)\desktop.ini C:\Users\Admin\Downloads\Whiter.a.exe N/A
File opened for modification \??\c:\Users\Admin\Saved Games\desktop.ini C:\Users\Admin\Downloads\Whiter.a.exe N/A
File opened for modification \??\c:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini C:\Users\Admin\Downloads\Whiter.a.exe N/A
File opened for modification \??\c:\Users\Public\Downloads\desktop.ini C:\Users\Admin\Downloads\Whiter.a.exe N/A
File opened for modification \??\c:\Windows\Fonts\desktop.ini C:\Users\Admin\Downloads\Whiter.a.exe N/A
File opened for modification \??\c:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini C:\Users\Admin\Downloads\Whiter.a.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Drops autorun.inf file

Description Indicator Process Target
File opened for modification \??\c:\Windows\BitLockerDiscoveryVolumeContents\autorun.inf C:\Users\Admin\Downloads\Whiter.a.exe N/A
File created \??\c:\Windows\BitLockerDiscoveryVolumeContents\autorun.inf C:\Users\Admin\Downloads\Whiter.a.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\whismng.exe C:\Users\Admin\Downloads\Whiter.a.exe N/A
File opened for modification C:\Windows\SysWOW64\whismng.exe C:\Users\Admin\Downloads\Whiter.a.exe N/A
File created C:\Windows\SysWOW64\whismng.exe:SmartScreen:$DATA C:\Users\Admin\Downloads\Whiter.a.exe N/A
File created C:\Windows\SysWOW64\whismng.exe:Zone.Identifier:$DATA C:\Users\Admin\Downloads\Whiter.a.exe N/A
File created \??\c:\Windows\SysWOW64\regedit.exe C:\Users\Admin\Downloads\Whiter.a.exe N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 2156 set thread context of 2260 N/A C:\Users\Admin\Downloads\Lokibot.exe C:\Users\Admin\Downloads\Lokibot.exe

Drops file in Program Files directory

Description Indicator Process Target
File created \??\c:\Program Files\Common Files\microsoft shared\ink\Content.xml C:\Users\Admin\Downloads\Whiter.a.exe N/A
File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Handles.dll C:\Users\Admin\Downloads\Whiter.a.exe N/A
File opened for modification \??\c:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Excel.Common.FrontEnd.XmlSerializers.dll C:\Users\Admin\Downloads\Whiter.a.exe N/A
File opened for modification \??\c:\Program Files\Microsoft Office\root\Office16\PersonaSpy\notice.txt C:\Users\Admin\Downloads\Whiter.a.exe N/A
File created \??\c:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12827.20400.0_x64__8wekyb3d8bbwe\images\contrast-white\HxCalendarAppList.scale-125.png C:\Users\Admin\Downloads\Whiter.a.exe N/A
File created \??\c:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.21012.10511.0_x64__8wekyb3d8bbwe\Assets\music_welcome_page.jpg C:\Users\Admin\Downloads\Whiter.a.exe N/A
File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Text.Encoding.Extensions.dll C:\Users\Admin\Downloads\Whiter.a.exe N/A
File opened for modification \??\c:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest2-ppd.xrm-ms C:\Users\Admin\Downloads\Whiter.a.exe N/A
File opened for modification \??\c:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\QUAD\QUAD.INF C:\Users\Admin\Downloads\Whiter.a.exe N/A
File opened for modification \??\c:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-convert-l1-1-0.dll C:\Users\Admin\Downloads\Whiter.a.exe N/A
File created \??\c:\Program Files\WindowsApps\Microsoft.Getstarted_10.2.41172.0_x64__8wekyb3d8bbwe\Assets\TipsAppList.targetsize-96_contrast-white.png C:\Users\Admin\Downloads\Whiter.a.exe N/A
File created \??\c:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.6.3102.0_x64__8wekyb3d8bbwe\Win10\contrast-black\MicrosoftSolitaireSplashScreen.scale-100_contrast-black.png C:\Users\Admin\Downloads\Whiter.a.exe N/A
File opened for modification \??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\upsell.png C:\Users\Admin\Downloads\Whiter.a.exe N/A
File opened for modification \??\c:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_OEM_Perp-pl.xrm-ms C:\Users\Admin\Downloads\Whiter.a.exe N/A
File created \??\c:\Program Files\WindowsApps\Microsoft.BingWeather_1.0.6.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\WeatherAppList.targetsize-32_contrast-black.png C:\Users\Admin\Downloads\Whiter.a.exe N/A
File created \??\c:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_1.0.38.0_x64__8wekyb3d8bbwe\VoiceRecorderStub.winmd C:\Users\Admin\Downloads\Whiter.a.exe N/A
File created \??\c:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_321.14700.0.9_x64__cw5n1h2txyewy\Dashboard\WebContent\node_modules\@fluentui\theme\lib\types\index.js C:\Users\Admin\Downloads\Whiter.a.exe N/A
File created \??\c:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.Aero.dll C:\Users\Admin\Downloads\Whiter.a.exe N/A
File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\ReachFramework.resources.dll C:\Users\Admin\Downloads\Whiter.a.exe N/A
File created \??\c:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.DesktopAppInstaller_1.0.42251.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-white\AppPackageStoreLogo.scale-125_contrast-white.png C:\Users\Admin\Downloads\Whiter.a.exe N/A
File created \??\c:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.ScreenSketch_11.2104.2.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SnipSketchMedTile.scale-125.png C:\Users\Admin\Downloads\Whiter.a.exe N/A
File created \??\c:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_321.14700.0.9_x64__cw5n1h2txyewy\Dashboard\WebContent\node_modules\@fluentui\react\lib-amd\Dropdown.js C:\Users\Admin\Downloads\Whiter.a.exe N/A
File opened for modification \??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\ko-kr\ui-strings.js C:\Users\Admin\Downloads\Whiter.a.exe N/A
File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.Algorithms.dll C:\Users\Admin\Downloads\Whiter.a.exe N/A
File opened for modification \??\c:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp2-ppd.xrm-ms C:\Users\Admin\Downloads\Whiter.a.exe N/A
File created \??\c:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_321.14700.0.9_x64__cw5n1h2txyewy\Dashboard\WebContent\node_modules\@fluentui\theme\node_modules\@uifabric\utilities\lib-amd\IRenderFunction.js C:\Users\Admin\Downloads\Whiter.a.exe N/A
File opened for modification \??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\hr-hr\ui-strings.js C:\Users\Admin\Downloads\Whiter.a.exe N/A
File created \??\c:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12827.20400.0_x64__8wekyb3d8bbwe\images\contrast-white\ExchangeMediumTile.scale-150.png C:\Users\Admin\Downloads\Whiter.a.exe N/A
File created \??\c:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_321.14700.0.9_x64__cw5n1h2txyewy\Dashboard\WebContent\node_modules\@fluentui\theme\node_modules\@uifabric\utilities\lib-commonjs\test\setRenderSpy.js C:\Users\Admin\Downloads\Whiter.a.exe N/A
File opened for modification \??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\it-it\PlayStore_icon.svg C:\Users\Admin\Downloads\Whiter.a.exe N/A
File opened for modification \??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\da_get.svg C:\Users\Admin\Downloads\Whiter.a.exe N/A
File opened for modification \??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\sl-si\ui-strings.js C:\Users\Admin\Downloads\Whiter.a.exe N/A
File opened for modification \??\c:\Program Files\VideoLAN\VLC\plugins\access\libaccess_realrtsp_plugin.dll C:\Users\Admin\Downloads\Whiter.a.exe N/A
File created \??\c:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12827.20400.0_x64__8wekyb3d8bbwe\images\HxMailWideTile.scale-100.png C:\Users\Admin\Downloads\Whiter.a.exe N/A
File created \??\c:\Program Files\WindowsApps\Microsoft.WindowsNotepad_10.2102.13.0_x64__8wekyb3d8bbwe\Assets\NotepadMedTile.scale-200.png C:\Users\Admin\Downloads\Whiter.a.exe N/A
File created \??\c:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.21012.10511.0_x64__8wekyb3d8bbwe\PointerIndicatorVertexShader.cso C:\Users\Admin\Downloads\Whiter.a.exe N/A
File opened for modification \??\c:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_MAKC2R-pl.xrm-ms C:\Users\Admin\Downloads\Whiter.a.exe N/A
File opened for modification \??\c:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\OLicenseHeartbeat.exe C:\Users\Admin\Downloads\Whiter.a.exe N/A
File opened for modification \??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\js\nls\root\ui-strings.js C:\Users\Admin\Downloads\Whiter.a.exe N/A
File opened for modification \??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\sl-si\ui-strings.js C:\Users\Admin\Downloads\Whiter.a.exe N/A
File opened for modification \??\c:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail-ul-oob.xrm-ms C:\Users\Admin\Downloads\Whiter.a.exe N/A
File opened for modification \??\c:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN044.XML C:\Users\Admin\Downloads\Whiter.a.exe N/A
File created \??\c:\Program Files\WindowsApps\Microsoft.Paint_10.2104.17.0_x64__8wekyb3d8bbwe\Assets\contrast-white\PaintAppList.targetsize-60_altform-lightunplated.png C:\Users\Admin\Downloads\Whiter.a.exe N/A
File created \??\c:\Program Files\WindowsApps\Microsoft.PowerAutomateDesktop_1.0.65.0_x64__8wekyb3d8bbwe\Images\contrast-white\PowerAutomateAppIcon.targetsize-32.png C:\Users\Admin\Downloads\Whiter.a.exe N/A
File created \??\c:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12827.20400.0_x64__8wekyb3d8bbwe\images\contrast-black\HxA-Advanced-Light.scale-250.png C:\Users\Admin\Downloads\Whiter.a.exe N/A
File created \??\c:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_321.14700.0.9_x64__cw5n1h2txyewy\Dashboard\WebContent\node_modules\@fluentui\theme\node_modules\@uifabric\utilities\lib-amd\dom\getDocument.js C:\Users\Admin\Downloads\Whiter.a.exe N/A
File opened for modification \??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\S_IlluEmptyFolder_160.svg C:\Users\Admin\Downloads\Whiter.a.exe N/A
File opened for modification \??\c:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_KMS_Client_AE-ppd.xrm-ms C:\Users\Admin\Downloads\Whiter.a.exe N/A
File created \??\c:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCamera_2020.503.58.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-black\CameraWideTile.scale-125.png C:\Users\Admin\Downloads\Whiter.a.exe N/A
File created \??\c:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.6.3102.0_x64__8wekyb3d8bbwe\Win10\MicrosoftSolitaireAppList.targetsize-30_altform-unplated.png C:\Users\Admin\Downloads\Whiter.a.exe N/A
File opened for modification \??\c:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\ResiliencyLinks\Locales\kok.pak.DATA C:\Users\Admin\Downloads\Whiter.a.exe N/A
File opened for modification \??\c:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\Locales\kk.pak C:\Users\Admin\Downloads\Whiter.a.exe N/A
File opened for modification \??\c:\Program Files\Microsoft Office\root\Licenses16\ProfessionalPipcR_OEM_Perp-pl.xrm-ms C:\Users\Admin\Downloads\Whiter.a.exe N/A
File opened for modification \??\c:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\api-ms-win-crt-locale-l1-1-0.dll C:\Users\Admin\Downloads\Whiter.a.exe N/A
File created \??\c:\Program Files\WindowsApps\Microsoft.BingWeather_1.0.6.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherAppList.targetsize-16_altform-lightunplated.png C:\Users\Admin\Downloads\Whiter.a.exe N/A
File opened for modification \??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ccme_base_non_fips.dll C:\Users\Admin\Downloads\Whiter.a.exe N/A
File opened for modification \??\c:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\Locales\nl.pak C:\Users\Admin\Downloads\Whiter.a.exe N/A
File opened for modification \??\c:\Program Files\Java\jdk-1.8\jre\bin\fxplugins.dll C:\Users\Admin\Downloads\Whiter.a.exe N/A
File created \??\c:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.32731.0_x64__8wekyb3d8bbwe\Assets\contrast-white\SplashScreen.scale-100_contrast-white.png C:\Users\Admin\Downloads\Whiter.a.exe N/A
File opened for modification \??\c:\Program Files\Java\jre-1.8\bin\api-ms-win-core-profile-l1-1-0.dll C:\Users\Admin\Downloads\Whiter.a.exe N/A
File created \??\c:\Program Files\WindowsApps\Microsoft.Getstarted_10.2.41172.0_x64__8wekyb3d8bbwe\Assets\TipsAppList.targetsize-20_altform-lightunplated.png C:\Users\Admin\Downloads\Whiter.a.exe N/A
File created \??\c:\Program Files\WindowsApps\Microsoft.WindowsMaps_1.0.22.0_x64__8wekyb3d8bbwe\Assets\AppTiles\MapsSplashScreen.scale-200.png C:\Users\Admin\Downloads\Whiter.a.exe N/A
File created \??\c:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_321.14700.0.9_x64__cw5n1h2txyewy\Dashboard\WebContent\node_modules\@fluentui\react\lib-commonjs\components\DocumentCard\DocumentCardPreview.types.js C:\Users\Admin\Downloads\Whiter.a.exe N/A
File created \??\c:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.4.0\Functions\PesterState.ps1 C:\Users\Admin\Downloads\Whiter.a.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created \??\c:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-t..i-pcshell.resources_31bf3856ad364e35_10.0.22000.184_cs-cz_8de2a0103a534963\f\twinui.pcshell.dll.mui C:\Users\Admin\Downloads\Whiter.a.exe N/A
File created \??\c:\Windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll C:\Users\Admin\Downloads\Whiter.a.exe N/A
File created \??\c:\Windows\diagnostics\system\Audio\RS_HDAudioDriver.ps1 C:\Users\Admin\Downloads\Whiter.a.exe N/A
File created \??\c:\Windows\servicing\InboxFodMetadataCache\metadata\Language.Basic~he-il~1.0.mum C:\Users\Admin\Downloads\Whiter.a.exe N/A
File created \??\c:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-mlang.resources_31bf3856ad364e35_10.0.22000.348_lv-lv_f86cf9673961ff91\f\mlang.dll.mui C:\Users\Admin\Downloads\Whiter.a.exe N/A
File created \??\c:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-p..iagnostic.resources_31bf3856ad364e35_10.0.22000.120_sr-..-rs_b4bff97a14c69a0a\f\RS_ResetIdleSleepsetting.psd1 C:\Users\Admin\Downloads\Whiter.a.exe N/A
File created \??\c:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-syncsettings_31bf3856ad364e35_10.0.22000.65_none_6d8541844631a95c.manifest C:\Users\Admin\Downloads\Whiter.a.exe N/A
File created \??\c:\Windows\Cursors\move.svg C:\Users\Admin\Downloads\Whiter.a.exe N/A
File opened for modification \??\c:\Windows\Installer\$PatchCache$\Managed\00006109E70000000100000000F01FEC\16.0.12527\vcruntime140.dll_x64 C:\Users\Admin\Downloads\Whiter.a.exe N/A
File created \??\c:\Windows\PolicyDefinitions\en-US\Search.adml C:\Users\Admin\Downloads\Whiter.a.exe N/A
File created \??\c:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-l..essionaln.resources_31bf3856ad364e35_10.0.22000.493_da-dk_80e1618fe8b9822a\f\license.rtf C:\Users\Admin\Downloads\Whiter.a.exe N/A
File created \??\c:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-l..terprises.resources_31bf3856ad364e35_10.0.22000.493_sr-..-rs_4992dddb236e687f.manifest C:\Users\Admin\Downloads\Whiter.a.exe N/A
File created \??\c:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-mlang.resources_31bf3856ad364e35_10.0.22000.348_nb-no_3c66e0171fe11ec0\f\mlang.dll.mui C:\Users\Admin\Downloads\Whiter.a.exe N/A
File created \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\System.IO.MemoryMappedFiles.dll C:\Users\Admin\Downloads\Whiter.a.exe N/A
File created \??\c:\Windows\Microsoft.NET\Framework64\v2.0.50727\CLR.mof C:\Users\Admin\Downloads\Whiter.a.exe N/A
File created \??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Data.SqlXml.dll C:\Users\Admin\Downloads\Whiter.a.exe N/A
File created \??\c:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-l..essionaln.resources_31bf3856ad364e35_10.0.22000.493_fr-fr_c9809fa7cc66ea90.manifest C:\Users\Admin\Downloads\Whiter.a.exe N/A
File created \??\c:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-s..edia-base.resources_31bf3856ad364e35_10.0.22000.318_nl-nl_92d17560390c550c\f\SetupPrep.exe.mui C:\Users\Admin\Downloads\Whiter.a.exe N/A
File created \??\c:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-s..lers-maps.resources_31bf3856ad364e35_10.0.22000.120_uk-ua_773d1cc220d6f357\f\SettingsHandlers_Maps.dll.mui C:\Users\Admin\Downloads\Whiter.a.exe N/A
File created \??\c:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-s..terysaver.resources_31bf3856ad364e35_10.0.22000.132_hu-hu_8244d0cc703c0fa3.manifest C:\Users\Admin\Downloads\Whiter.a.exe N/A
File created \??\c:\Windows\Fonts\georgiaz.ttf C:\Users\Admin\Downloads\Whiter.a.exe N/A
File created \??\c:\Windows\INF\iastorav.inf C:\Users\Admin\Downloads\Whiter.a.exe N/A
File created \??\c:\Windows\Microsoft.NET\Framework64\v2.0.50727\prcp.nlp C:\Users\Admin\Downloads\Whiter.a.exe N/A
File created \??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Linq.Queryable.dll C:\Users\Admin\Downloads\Whiter.a.exe N/A
File created \??\c:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-s..component.resources_31bf3856ad364e35_10.0.22000.120_he-il_63830294183c6c31\f\W32UIRes.dll.mui C:\Users\Admin\Downloads\Whiter.a.exe N/A
File created \??\c:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-s..ies-indonesian-main_31bf3856ad364e35_10.0.22000.348_none_a6f3fc49e08056fa.manifest C:\Users\Admin\Downloads\Whiter.a.exe N/A
File created \??\c:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-u..n-desktop.resources_31bf3856ad364e35_10.0.22000.160_ja-jp_63f3d1e81929f0ae.manifest C:\Users\Admin\Downloads\Whiter.a.exe N/A
File created \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.VisualC.Dll C:\Users\Admin\Downloads\Whiter.a.exe N/A
File created \??\c:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-lpksetup.resources_31bf3856ad364e35_10.0.22000.348_lv-lv_481e47e51633dbd8\f\lpksetup.exe.mui C:\Users\Admin\Downloads\Whiter.a.exe N/A
File created \??\c:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-u..ehandlers.resources_31bf3856ad364e35_10.0.22000.282_et-ee_5e5ceea83d18be9d.manifest C:\Users\Admin\Downloads\Whiter.a.exe N/A
File created \??\c:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.22000.120_none_bb415867ae85d51c\f\domTree.css C:\Users\Admin\Downloads\Whiter.a.exe N/A
File created \??\c:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-p..ntmanager.resources_31bf3856ad364e35_10.0.22000.120_hu-hu_ffd5dd45e506c896.manifest C:\Users\Admin\Downloads\Whiter.a.exe N/A
File created \??\c:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-taskbar-dll.resources_31bf3856ad364e35_10.0.22000.184_da-dk_7a1ffec88fceed05.manifest C:\Users\Admin\Downloads\Whiter.a.exe N/A
File created \??\c:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-photoacquire_31bf3856ad364e35_10.0.22000.51_none_1675e8832893effb.manifest C:\Users\Admin\Downloads\Whiter.a.exe N/A
File opened for modification \??\c:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Abf69f55a#\ebfef15acc18d1c8127e5620c268096a\Microsoft.ApplicationId.Framework.ni.dll C:\Users\Admin\Downloads\Whiter.a.exe N/A
File opened for modification \??\c:\Windows\INF\oem0.inf C:\Users\Admin\Downloads\Whiter.a.exe N/A
File created \??\c:\Windows\servicing\InboxFodMetadataCache\metadata\Language.Speech~en-gb~1.0.mum C:\Users\Admin\Downloads\Whiter.a.exe N/A
File created \??\c:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-l..erprisesn.resources_31bf3856ad364e35_10.0.22000.493_fr-ca_127e4315594cebb4\f\license.rtf C:\Users\Admin\Downloads\Whiter.a.exe N/A
File created \??\c:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-m..c-drivermanager-dll_31bf3856ad364e35_10.0.22000.469_none_0b75abb46f3eeede.manifest C:\Users\Admin\Downloads\Whiter.a.exe N/A
File created \??\c:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-o..documents.resources_31bf3856ad364e35_10.0.22000.184_en-us_0d9a8e06b06f1225\f\OOBE_HELP_Opt_in_Details.htm C:\Users\Admin\Downloads\Whiter.a.exe N/A
File created \??\c:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-l..me-ppipro.resources_31bf3856ad364e35_10.0.22000.493_de-de_ae72dfb96c6c8850\f\license.rtf C:\Users\Admin\Downloads\Whiter.a.exe N/A
File created \??\c:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-l..skcleanup.resources_31bf3856ad364e35_10.0.22000.348_pt-br_eddb1256694a02f4.manifest C:\Users\Admin\Downloads\Whiter.a.exe N/A
File created \??\c:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-s..component.resources_31bf3856ad364e35_10.0.22000.120_zh-cn_dc66f27d25f63d4e\f\winsetup.dll.mui C:\Users\Admin\Downloads\Whiter.a.exe N/A
File created \??\c:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-s..dminflows.resources_31bf3856ad364e35_10.0.22000.184_ca-es_b7818d964e9aa3de\f\SystemSettingsAdminFlows.exe.mui C:\Users\Admin\Downloads\Whiter.a.exe N/A
File created \??\c:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-u..n-library.resources_31bf3856ad364e35_10.0.22000.160_de-de_6629a75770a21712.manifest C:\Users\Admin\Downloads\Whiter.a.exe N/A
File created \??\c:\Windows\INF\rtucx21x64.inf C:\Users\Admin\Downloads\Whiter.a.exe N/A
File created \??\c:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-l..essionaln.resources_31bf3856ad364e35_10.0.22000.493_es-mx_ba12eefbbfc1bd2a.manifest C:\Users\Admin\Downloads\Whiter.a.exe N/A
File created \??\c:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-lpksetup.resources_31bf3856ad364e35_10.0.22000.348_he-il_b7ee02f94e3f11ca\f\lpksetup.exe.mui C:\Users\Admin\Downloads\Whiter.a.exe N/A
File created \??\c:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-mccs-syncres.resources_31bf3856ad364e35_10.0.22000.348_id-id_a58e32250e0b7cce\f\SyncRes.dll.mui C:\Users\Admin\Downloads\Whiter.a.exe N/A
File created \??\c:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-quickassist-deployment_31bf3856ad364e35_10.0.22000.282_none_74184c53c9414a1b.manifest C:\Users\Admin\Downloads\Whiter.a.exe N/A
File created \??\c:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_10.0.22000.132_zh-cn_7de34b86d6ab1ad6\f\CloudContent.adml C:\Users\Admin\Downloads\Whiter.a.exe N/A
File created \??\c:\Windows\PLA\Rules\Rules.System.Summary.xml C:\Users\Admin\Downloads\Whiter.a.exe N/A
File created \??\c:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-l..essionaln.resources_31bf3856ad364e35_10.0.22000.493_nb-no_72dd4a9248e2da0c\f\license.rtf C:\Users\Admin\Downloads\Whiter.a.exe N/A
File created \??\c:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-l..essionaln.resources_31bf3856ad364e35_10.0.22000.493_nb-no_72dd4a9248e2da0c.manifest C:\Users\Admin\Downloads\Whiter.a.exe N/A
File created \??\c:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-u..eexplorer.resources_31bf3856ad364e35_10.0.22000.184_da-dk_64408662650011da\f\Windows.UI.FileExplorer.dll.mui C:\Users\Admin\Downloads\Whiter.a.exe N/A
File created \??\c:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-printing-adm.resources_31bf3856ad364e35_10.0.22000.282_ko-kr_eec259e527a195a8.manifest C:\Users\Admin\Downloads\Whiter.a.exe N/A
File created \??\c:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-s..stack-msg.resources_31bf3856ad364e35_10.0.22000.469_fr-fr_000b5ae90b923532.manifest C:\Users\Admin\Downloads\Whiter.a.exe N/A
File created \??\c:\Windows\Cursors\lnodrop.cur C:\Users\Admin\Downloads\Whiter.a.exe N/A
File created \??\c:\Windows\INF\netl1c63x64.inf C:\Users\Admin\Downloads\Whiter.a.exe N/A
File opened for modification \??\c:\Windows\INF\umbus.PNF C:\Users\Admin\Downloads\Whiter.a.exe N/A
File created \??\c:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\System.ServiceModel.Install.dll C:\Users\Admin\Downloads\Whiter.a.exe N/A
File created \??\c:\Windows\PolicyDefinitions\en-US\ShapeCollector.adml C:\Users\Admin\Downloads\Whiter.a.exe N/A
File created \??\c:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-mapi.resources_31bf3856ad364e35_10.0.22000.184_el-gr_2548ca4a6fca13d1\f\mapi32.dll.mui C:\Users\Admin\Downloads\Whiter.a.exe N/A
File created \??\c:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-twinui-pcshell_31bf3856ad364e35_10.0.22000.469_none_ed8c9509a5dc025c\f\twinui.pcshell.dll C:\Users\Admin\Downloads\Whiter.a.exe N/A

Subvert Trust Controls: Mark-of-the-Web Bypass

defense_evasion
Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\TaskILL.exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Whiter.a.exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\PCToaster.exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Lokibot.exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\FreeYoutubeDownloader.exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Gas.exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\MEMZ.exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\LoveYou.exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\FreeYoutubeDownloader.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Lokibot.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\MEMZ.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Lokibot.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Gas.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\LoveYou.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\Whiter.a.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\PCToaster.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\Local Settings\MuiCache C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Lokibot.exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\FreeYoutubeDownloader.exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 616087.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\PCToaster.exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 324395.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 621811.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\TaskILL.exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 569728.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 469908.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 201080.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 70781.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Gas.exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 179067.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 905331.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 756224.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\MEMZ.exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\LoveYou.exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 582823.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Whiter.a.exe:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 650870.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 45735.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\Downloads\Lokibot.exe N/A
N/A N/A C:\Users\Admin\Downloads\Lokibot.exe N/A
N/A N/A C:\Users\Admin\Downloads\Lokibot.exe N/A
N/A N/A C:\Users\Admin\Downloads\Lokibot.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Users\Admin\Downloads\TaskILL.exe N/A
N/A N/A C:\Users\Admin\Downloads\TaskILL.exe N/A
N/A N/A C:\Users\Admin\Downloads\TaskILL.exe N/A
N/A N/A C:\Users\Admin\Downloads\TaskILL.exe N/A
N/A N/A C:\Users\Admin\Downloads\TaskILL.exe N/A
N/A N/A C:\Users\Admin\Downloads\TaskILL.exe N/A
N/A N/A C:\Users\Admin\Downloads\TaskILL.exe N/A
N/A N/A C:\Users\Admin\Downloads\TaskILL.exe N/A
N/A N/A C:\Users\Admin\Downloads\TaskILL.exe N/A
N/A N/A C:\Users\Admin\Downloads\TaskILL.exe N/A
N/A N/A C:\Users\Admin\Downloads\TaskILL.exe N/A
N/A N/A C:\Users\Admin\Downloads\TaskILL.exe N/A
N/A N/A C:\Users\Admin\Downloads\TaskILL.exe N/A
N/A N/A C:\Users\Admin\Downloads\TaskILL.exe N/A
N/A N/A C:\Users\Admin\Downloads\TaskILL.exe N/A
N/A N/A C:\Users\Admin\Downloads\TaskILL.exe N/A
N/A N/A C:\Users\Admin\Downloads\TaskILL.exe N/A
N/A N/A C:\Users\Admin\Downloads\TaskILL.exe N/A
N/A N/A C:\Users\Admin\Downloads\TaskILL.exe N/A
N/A N/A C:\Users\Admin\Downloads\TaskILL.exe N/A
N/A N/A C:\Users\Admin\Downloads\TaskILL.exe N/A
N/A N/A C:\Users\Admin\Downloads\TaskILL.exe N/A
N/A N/A C:\Users\Admin\Downloads\TaskILL.exe N/A
N/A N/A C:\Users\Admin\Downloads\TaskILL.exe N/A
N/A N/A C:\Users\Admin\Downloads\TaskILL.exe N/A
N/A N/A C:\Users\Admin\Downloads\TaskILL.exe N/A
N/A N/A C:\Users\Admin\Downloads\TaskILL.exe N/A
N/A N/A C:\Users\Admin\Downloads\TaskILL.exe N/A
N/A N/A C:\Users\Admin\Downloads\TaskILL.exe N/A
N/A N/A C:\Users\Admin\Downloads\TaskILL.exe N/A
N/A N/A C:\Users\Admin\Downloads\TaskILL.exe N/A
N/A N/A C:\Users\Admin\Downloads\TaskILL.exe N/A
N/A N/A C:\Users\Admin\Downloads\TaskILL.exe N/A
N/A N/A C:\Users\Admin\Downloads\TaskILL.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\Lokibot.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\Lokibot.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\TaskILL.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 784 wrote to memory of 1604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 784 wrote to memory of 1604 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 784 wrote to memory of 4924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 784 wrote to memory of 4924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 784 wrote to memory of 4924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 784 wrote to memory of 4924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 784 wrote to memory of 4924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 784 wrote to memory of 4924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 784 wrote to memory of 4924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 784 wrote to memory of 4924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 784 wrote to memory of 4924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 784 wrote to memory of 4924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 784 wrote to memory of 4924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 784 wrote to memory of 4924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 784 wrote to memory of 4924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 784 wrote to memory of 4924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 784 wrote to memory of 4924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 784 wrote to memory of 4924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 784 wrote to memory of 4924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 784 wrote to memory of 4924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 784 wrote to memory of 4924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 784 wrote to memory of 4924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 784 wrote to memory of 4924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 784 wrote to memory of 4924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 784 wrote to memory of 4924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 784 wrote to memory of 4924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 784 wrote to memory of 4924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 784 wrote to memory of 4924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 784 wrote to memory of 4924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 784 wrote to memory of 4924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 784 wrote to memory of 4924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 784 wrote to memory of 4924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 784 wrote to memory of 4924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 784 wrote to memory of 4924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 784 wrote to memory of 4924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 784 wrote to memory of 4924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 784 wrote to memory of 4924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 784 wrote to memory of 4924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 784 wrote to memory of 4924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 784 wrote to memory of 4924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 784 wrote to memory of 4924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 784 wrote to memory of 4924 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 784 wrote to memory of 2412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 784 wrote to memory of 2412 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 784 wrote to memory of 4960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 784 wrote to memory of 4960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 784 wrote to memory of 4960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 784 wrote to memory of 4960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 784 wrote to memory of 4960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 784 wrote to memory of 4960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 784 wrote to memory of 4960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 784 wrote to memory of 4960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 784 wrote to memory of 4960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 784 wrote to memory of 4960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 784 wrote to memory of 4960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 784 wrote to memory of 4960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 784 wrote to memory of 4960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 784 wrote to memory of 4960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 784 wrote to memory of 4960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 784 wrote to memory of 4960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 784 wrote to memory of 4960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 784 wrote to memory of 4960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 784 wrote to memory of 4960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 784 wrote to memory of 4960 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

outlook_office_path

Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook C:\Users\Admin\Downloads\Lokibot.exe N/A

outlook_win_path

Description Indicator Process Target
Key opened \REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook C:\Users\Admin\Downloads\Lokibot.exe N/A

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/Da2dalus/The-MALWARE-Repo

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffbec733cb8,0x7ffbec733cc8,0x7ffbec733cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1880,3438303833235677297,5471326324201291188,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1876 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1880,3438303833235677297,5471326324201291188,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1880,3438303833235677297,5471326324201291188,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2576 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,3438303833235677297,5471326324201291188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,3438303833235677297,5471326324201291188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,3438303833235677297,5471326324201291188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,3438303833235677297,5471326324201291188,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1880,3438303833235677297,5471326324201291188,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4904 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,3438303833235677297,5471326324201291188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,3438303833235677297,5471326324201291188,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1880,3438303833235677297,5471326324201291188,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5312 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,3438303833235677297,5471326324201291188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1644 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1880,3438303833235677297,5471326324201291188,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6064 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1880,3438303833235677297,5471326324201291188,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5904 /prefetch:8

C:\Users\Admin\Downloads\Lokibot.exe

"C:\Users\Admin\Downloads\Lokibot.exe"

C:\Users\Admin\Downloads\Lokibot.exe

"C:\Users\Admin\Downloads\Lokibot.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,3438303833235677297,5471326324201291188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6240 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1880,3438303833235677297,5471326324201291188,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6572 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1880,3438303833235677297,5471326324201291188,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6488 /prefetch:8

C:\Users\Admin\Downloads\FreeYoutubeDownloader.exe

"C:\Users\Admin\Downloads\FreeYoutubeDownloader.exe"

C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe

"C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,3438303833235677297,5471326324201291188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1880,3438303833235677297,5471326324201291188,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5828 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1880,3438303833235677297,5471326324201291188,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6388 /prefetch:8

C:\Users\Admin\Downloads\Gas.exe

"C:\Users\Admin\Downloads\Gas.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1880,3438303833235677297,5471326324201291188,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4824 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,3438303833235677297,5471326324201291188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6680 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1880,3438303833235677297,5471326324201291188,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6536 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1880,3438303833235677297,5471326324201291188,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5172 /prefetch:8

C:\Users\Admin\Downloads\Gas.exe

"C:\Users\Admin\Downloads\Gas.exe"

C:\Users\Admin\Downloads\MEMZ.exe

"C:\Users\Admin\Downloads\MEMZ.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,3438303833235677297,5471326324201291188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6600 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1880,3438303833235677297,5471326324201291188,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6488 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1880,3438303833235677297,5471326324201291188,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6776 /prefetch:8

C:\Users\Admin\Downloads\LoveYou.exe

"C:\Users\Admin\Downloads\LoveYou.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,3438303833235677297,5471326324201291188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2976 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1880,3438303833235677297,5471326324201291188,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2292 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,3438303833235677297,5471326324201291188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6160 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1880,3438303833235677297,5471326324201291188,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2912 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1880,3438303833235677297,5471326324201291188,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6864 /prefetch:8

C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe

"C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1880,3438303833235677297,5471326324201291188,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6272 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,3438303833235677297,5471326324201291188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4828 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1880,3438303833235677297,5471326324201291188,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5136 /prefetch:8

C:\Users\Admin\Downloads\LoveYou.exe

"C:\Users\Admin\Downloads\LoveYou.exe"

C:\Users\Admin\Downloads\TaskILL.exe

"C:\Users\Admin\Downloads\TaskILL.exe"

C:\Users\Admin\Downloads\Whiter.a.exe

"C:\Users\Admin\Downloads\Whiter.a.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,3438303833235677297,5471326324201291188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6744 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1880,3438303833235677297,5471326324201291188,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4936 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,3438303833235677297,5471326324201291188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1524 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1880,3438303833235677297,5471326324201291188,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6372 /prefetch:8

C:\Users\Admin\Downloads\PCToaster.exe

"C:\Users\Admin\Downloads\PCToaster.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://java.com/download

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffbec733cb8,0x7ffbec733cc8,0x7ffbec733cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,3438303833235677297,5471326324201291188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6496 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,3438303833235677297,5471326324201291188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2812 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,3438303833235677297,5471326324201291188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6652 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,3438303833235677297,5471326324201291188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6828 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,3438303833235677297,5471326324201291188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,3438303833235677297,5471326324201291188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:1

C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe

"C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 5152 -ip 5152

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 5152 -s 864

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 356 -p 3064 -ip 3064

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 600

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,3438303833235677297,5471326324201291188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6928 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,3438303833235677297,5471326324201291188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1844 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,3438303833235677297,5471326324201291188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,3438303833235677297,5471326324201291188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,3438303833235677297,5471326324201291188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,3438303833235677297,5471326324201291188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6272 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,3438303833235677297,5471326324201291188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,3438303833235677297,5471326324201291188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6588 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,3438303833235677297,5471326324201291188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6884 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,3438303833235677297,5471326324201291188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,3438303833235677297,5471326324201291188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,3438303833235677297,5471326324201291188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,3438303833235677297,5471326324201291188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6872 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,3438303833235677297,5471326324201291188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,3438303833235677297,5471326324201291188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6296 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,3438303833235677297,5471326324201291188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2800 /prefetch:1

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe

"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca

Network

Country Destination Domain Proto
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 140.82.113.21:443 collector.github.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
GB 20.26.156.210:443 api.github.com tcp
N/A 224.0.0.251:5353 udp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 18.208.156.248:80 blesblochem.com tcp
US 18.208.156.248:80 blesblochem.com tcp
US 18.208.156.248:80 blesblochem.com tcp
GB 20.26.156.210:443 api.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 18.208.156.248:80 blesblochem.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 18.208.156.248:80 blesblochem.com tcp
US 18.208.156.248:80 blesblochem.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.210:443 api.github.com tcp
GB 88.221.135.48:80 java.com tcp
GB 88.221.135.48:80 java.com tcp
GB 88.221.135.48:80 java.com tcp
GB 88.221.135.48:443 java.com tcp
US 8.8.8.8:53 static.ocecdn.oraclecloud.com udp
GB 95.101.143.193:443 c.oracleinfinity.io tcp
GB 95.100.246.138:443 www.oracle.com tcp
GB 147.154.230.206:443 dc.oracleinfinity.io tcp
GB 2.22.132.94:443 static.ocecdn.oraclecloud.com tcp
GB 95.100.244.132:443 s.go-mpulse.net tcp
GB 95.100.246.138:443 www.oracle.com tcp
GB 95.100.246.138:443 www.oracle.com tcp
GB 95.101.143.193:443 c.oracleinfinity.io tcp
US 8.8.8.8:53 132.244.100.95.in-addr.arpa udp
US 8.8.8.8:53 consent.trustarc.com udp
GB 18.165.242.40:443 consent.trustarc.com tcp
GB 18.165.242.40:443 consent.trustarc.com tcp
GB 18.165.227.97:443 consent-pref.trustarc.com tcp
GB 18.244.179.88:443 consent-st.trustarc.com tcp
GB 2.22.96.153:443 javadl.oracle.com tcp
GB 2.22.96.153:443 javadl.oracle.com tcp
GB 95.100.244.78:443 sdlc-esd.oracle.com tcp
US 18.208.156.248:80 blesblochem.com tcp
GB 20.26.156.215:443 github.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 18.208.156.248:80 blesblochem.com tcp
GB 20.26.156.210:443 api.github.com tcp
GB 20.26.156.215:443 github.com tcp
GB 104.86.110.121:443 tcp
GB 104.86.110.121:443 tcp
GB 88.221.135.33:443 r.bing.com tcp
GB 88.221.135.33:443 r.bing.com tcp
GB 88.221.135.33:443 r.bing.com tcp
GB 88.221.135.33:443 r.bing.com tcp
GB 88.221.135.33:443 r.bing.com tcp
GB 88.221.135.33:443 r.bing.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 04aa3f476e468ef3c0866e8dedd8f6e4
SHA1 1e9fa8fd586c03447a4c5b4cee261900e9f464ae
SHA256 87b74207d65f6745b38a19dce13336ee839fb4d7929fce446c3d1177aa80c42a
SHA512 7d860bbe9c847ea0b60f210860d865f1e936aa2210a6f9aa87e9fd72f992a022ecb9a1827212eb9b97dd7798540770f55c67362714d90d0bfd080ad1e5e7aaa8

\??\pipe\LOCAL\crashpad_784_JDTJXDHAGBEDXIFZ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 db1dacae9540e883ae83489b18cfc326
SHA1 ec3b68e635d8ce3bdafe258bca5187536d43065b
SHA256 3427a8a3b4868bd25a231ee8fe0ebada0b3474f2d8dc0fdd01a8931a8700a37f
SHA512 2e40df3bd1a045c69173f1a169b7080163de8f62a44d41d46c28f1643943657c532caa72f65b44a2175f976fdfd3d8328d989e011730aa851aecbcf02dde4a95

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 74d2b2cbd276faa1d14b3ab3ba0ad60a
SHA1 0d4c2884142afe66ace150abb8dde73f57eec1a2
SHA256 b46883dc089777b6376e1164238cf56f786e93705259007d28e82d8843c5e79e
SHA512 66ae676b57ac7c7c7abbb8e90c5a89863c82721ce0d0f4f211776b41df72f7651bf1b0c6f0b9a17615e546854afdd8534b72a9116e258d5c3f6cf87ecda15e5f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 89289af085bc2d8e502db32cb34d89bb
SHA1 99f2906b7f1117846dae29a8af364b320928bacf
SHA256 945d70e2e6a26f0c8b3c369ff68bd0a8265ddb5046c7ef0fb5e97de882f7a6df
SHA512 8531697d9572b896147c822f9a5381809179d30be10bb447eff6184d120853995e10309f9678eadb7db20fc9ba420073d4cbf1059582c80da685a7d2f34920f0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ea7a490bab339c476e4cf9a500ee0977
SHA1 b56438612bac1907d90c6be20ec7e8e51160924a
SHA256 4c791df7effa575d4727544f702f00b49b035a2e86fde4feec72b833223da4b0
SHA512 de9308063094e56c5f5d43474d860dc6f15980db2be1e2c4bd6515978a9ce9de7f3416d58661a0fae79915c91053802248894297e985ac9d39bb47d533149903

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5 a34680f8b1266e2832acacdd5974cb48
SHA1 8ed0a05cd9bb03b4990ba77cc79662cacb1e9700
SHA256 cebd372ccf5372c18ce3b746cd8dff2d0e01ec59542d1b3079887f9a8d1d1c21
SHA512 6e4739b7489525c9979dd92f7c480d9574b4215aa92f65edee6e5db9aaf555d9c0ba578d6b6ad92c839648060157967e97a16fdb9d66ce173db6f7c82dd8562d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 70e096cbe91485f3bd9e9fea6b92926d
SHA1 4768ad19391b79720083f4aae098ce655de4e011
SHA256 4deba3032aeb06cc8e4626acdcf75ad8d4e2f9b72425b3c6822a3f58780be7c0
SHA512 97e15ed22d6e8fcc392afa7b3665efa2ecce959de48edb0c28e3b09b1bb9a87d4ba5efc2f1463e70c2900aee90bbfc03cc09c9cef5c46c74c7d981de99601c41

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f453.TMP

MD5 a28f56d8ea99d315e950d01c35dd6839
SHA1 d0cf50886ed7ad0e29b8e1b98ae17e99d807be2a
SHA256 ecf8b0b9dc312e2efeedf500b2b3d668c24b68616d5d224e19f73607567b5309
SHA512 14f9d8126995beb7476d32e1d627f783b03850107159b73237d218d89defda977bf761cfedcf839252f8bd097b664753cacf3c771d15bb21555aef6d024e99cb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 68ef1b3a1ad6084ca5d1019e207a0e96
SHA1 011e84b2571ee32120c69e13e337feb8a229dea6
SHA256 d0c0deba0917eb005ed51f1a197bf230acac47cc128a489262cba9417e95c554
SHA512 c74cbec3750adc54bdacb85f5804a37a19eaedbab752ad67388fd69ce824027ae75e097795bb5a4f7b58034872ee6062519d71666cb987c43fe3866a1b02a8e1

C:\Users\Admin\Downloads\Unconfirmed 201080.crdownload

MD5 f52fbb02ac0666cae74fc389b1844e98
SHA1 f7721d590770e2076e64f148a4ba1241404996b8
SHA256 a885b1f5377c2a1cead4e2d7261fab6199f83610ffdd35d20c653d52279d4683
SHA512 78b4bf4d048bda5e4e109d4dd9dafaa250eac1c5a3558c2faecf88ef0ee5dd4f2c82a791756e2f5aa42f7890efcc0c420156308689a27e0ad9fb90156b8dc1c0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2bd2bb655e761ef39433901806721744
SHA1 9f1e6cfb3e9582201af5fcadd240cf9003747ca6
SHA256 ac1a83d0e4e3844919feea62b959622a635d91628cd81383e8c3abb0ddfef180
SHA512 804029213b4f8a0d92ea20b46d703d6c03650bfb45486d97e4acfd5ef37434b27fa07f13bac0c56efa95cac4a0ff8feec0a1e98c822979e68bb91c2e822aa0fa

C:\Users\Admin\Downloads\Lokibot.exe:Zone.Identifier

MD5 fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1 d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256 eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512 aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 90fa385e3ee294264b0e1c204e7b34ee
SHA1 e8b11decb0459a3dcbc152b21dd7e85156fc207e
SHA256 84423dddce39c10c2d4aa7aebc2baa67083078bcc3f3a95f38e0ad1ce19eb336
SHA512 af117944968499b1849fcd6102c6484efab415746e589e4d9048fe5e5386a4cec64c6b07d7769e0891fa02526ce86227201d4b40a2fbccf7995c90645e5ea87c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 560277c1f1e7d9ed0ab0af26b3b2b31f
SHA1 6c061c3d1173cfc7c79d4bac032c17267f0a7bae
SHA256 ddf5c4354074c16395e2731a6cb7c225236275bd5ee358f3a5e362df057a08f6
SHA512 d6b797377a5f604a0f0548931cd75a15e328f04033aa26f8f0e1346d0453b607bf7fdb6c0f9eca7435cbd663fc898cb3a355fc1c2b3f2bbb97aad203845d6220

memory/2156-313-0x0000000000950000-0x00000000009A2000-memory.dmp

memory/2156-314-0x0000000002CC0000-0x0000000002CD4000-memory.dmp

memory/2156-315-0x0000000005A30000-0x0000000005FD6000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 1d3e88e0f7105bb7862d48b7999175be
SHA1 5ba0dde1ff61651f313e52f67a0e2d85b3a6e8fd
SHA256 c5f08036f9215f06413dfddc4ce7834338a8444b0803e90eb82064dba0776f23
SHA512 9d72a3018bb75efd9df88c8a646c7a291377d833b25244266f668acba21943f76511427283982c5044772baee30f0481a17b02553ec25529cdc55b360202b34e

memory/2156-336-0x00000000055B0000-0x00000000055B8000-memory.dmp

memory/2156-337-0x00000000061C0000-0x0000000006252000-memory.dmp

memory/2156-338-0x0000000006290000-0x0000000006298000-memory.dmp

memory/2156-339-0x0000000006650000-0x0000000006694000-memory.dmp

memory/2156-346-0x0000000006620000-0x0000000006642000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 54fee8d38f2e5ec846ff8ee0d3b5b786
SHA1 a2deceb1968a9df221efdc110069fefd57f8cee9
SHA256 85df410b7ceb7aa1f5528682cd4a9839fb688d5cf626aa8e55cea9a86c13919f
SHA512 4e1c93157619bf869aa7d1397bffff288cbdb682dbfba619066b814e95c1af0e5b8a4ef59d071dac85d825074c3818523aab1c184a8441c9239d1f0f31e95c24

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0e3742b9f33dc03857129b173f32c03b
SHA1 81f7e45cf3619ad3057cca7104af8243b289759a
SHA256 f6294aacb532b10183b2b82cf6fcbf142363775c91b0d150ac4d367ee8134f22
SHA512 7921ff0dcb6aa648213abc530e21ea03de07d23c97264bfa3792dc759c23842b1722c8092656dc3d30d879899be86dec4385e9c3f5bd52e02038369bc9a39ca1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 8d2e35ef5e680209262a2ac011f22a63
SHA1 3da604fe13d647f45c5236949de0a1cc3d3006dc
SHA256 9a51cbfc34a99cd5e8540827f9796364cbf35b01e6b535b7e06e51bd9778dcd8
SHA512 4eb414626c9fd3c013cf1dc2cc3303d25002505f97eb1f1f1420653277333b96710946b9b9bfde5dc3889b2259df5259fc23e23df29dbfd5df94c51b41fe8aa1

C:\Users\Admin\Downloads\Unconfirmed 70781.crdownload

MD5 13f4b868603cf0dd6c32702d1bd858c9
SHA1 a595ab75e134f5616679be5f11deefdfaae1de15
SHA256 cae57a60c4d269cd1ca43ef143aedb8bfc4c09a7e4a689544883d05ce89406e7
SHA512 e0d7a81c9cdd15a4ef7c8a9492fffb2c520b28cebc54a139e1bffa5c523cf17dfb9ffe57188cf8843d74479df402306f4f0ce9fc09d87c7cca92aea287e5ff24

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 14754c476dca14170f600f75f49cf386
SHA1 e5916d39949c71572709d289c0e10f2393a07736
SHA256 ce09b715237208d81608ab1b500f669c879a4cf61e17ac3fc58e40112149be58
SHA512 4b6c232ebcfbb97faa4189ba28ab0c33543ac98aabe052d778a54d2ac1f3838a7a35ec14be2d9f60338709e20d43cedcd4e99331d5903333e032f0c9024a7904

C:\Users\Admin\Downloads\FreeYoutubeDownloader.exe:Zone.Identifier

MD5 0f98a5550abe0fb880568b1480c96a1c
SHA1 d2ce9f7057b201d31f79f3aee2225d89f36be07d
SHA256 2dfb5f4b33e4cf8237b732c02b1f2b1192ffe4b83114bcf821f489bbf48c6aa1
SHA512 dbc1150d831950684ab37407defac0177b7583da0fe13ee8f8eeb65e8b05d23b357722246888189b4681b97507a4262ece96a1c458c4427a9a41d8ea8d11a2f6

memory/2260-413-0x0000000000400000-0x00000000004A2000-memory.dmp

memory/2260-417-0x0000000000400000-0x00000000004A2000-memory.dmp

C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe

MD5 f33a4e991a11baf336a2324f700d874d
SHA1 9da1891a164f2fc0a88d0de1ba397585b455b0f4
SHA256 a87524035509ff7aa277788e1a9485618665b7da35044d70c41ec0f118f3dfd7
SHA512 edf066968f31451e21c7c21d3f54b03fd5827a8526940c1e449aad7f99624577cbc6432deba49bb86e96ac275f5900dcef8d7623855eb3c808e084601ee1df20

memory/3224-450-0x0000000000400000-0x000000000043C000-memory.dmp

memory/552-451-0x000001E362DB0000-0x000001E362DDE000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3761892313-3378554128-2287991803-1000\0f5007522459c86e95ffcc62f32308f1_1a4dc33f-c784-4d28-8db2-389663d94aeb

MD5 c07225d4e7d01d31042965f048728a0a
SHA1 69d70b340fd9f44c89adb9a2278df84faa9906b7
SHA256 8c136c7ae08020ad16fd1928e36ad335ddef8b85906d66b712fff049aa57dc9a
SHA512 23d3cea738e1abf561320847c39dadc8b5794d7bd8761b0457956f827a17ad2556118b909a3e6929db79980ccf156a6f58ac823cf88329e62417d2807b34b64b

C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3761892313-3378554128-2287991803-1000\0f5007522459c86e95ffcc62f32308f1_1a4dc33f-c784-4d28-8db2-389663d94aeb

MD5 d898504a722bff1524134c6ab6a5eaa5
SHA1 e0fdc90c2ca2a0219c99d2758e68c18875a3e11e
SHA256 878f32f76b159494f5a39f9321616c6068cdb82e88df89bcc739bbc1ea78e1f9
SHA512 26a4398bffb0c0aef9a6ec53cd3367a2d0abf2f70097f711bbbf1e9e32fd9f1a72121691bb6a39eeb55d596edd527934e541b4defb3b1426b1d1a6429804dc61

memory/2260-469-0x0000000000400000-0x00000000004A2000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e95bba89e63ad42fc3cd596e7e39811e
SHA1 a453298a5ab4b5bd179426386113f4a868e49425
SHA256 62ceedbe7dab140cbae79f0ede75b283b53c464fadd8ea33894c0f871a0094ef
SHA512 01f70b835135e6729287b19de4e1be05031bfaf90c3b9f0fa2fcc1a41acb136a16be109d2dceb579134049a6216093484eb438a6d676fda85be5978b523ff6fe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 94f768ec0cdd50df59d5554eefeda4cb
SHA1 3594281e96c51dabec448e3c49663e3c7c213029
SHA256 bb1a61f6429c5dfc6caa7b0eaf7c85bbff7c89eb368079e428cf30eb7b0b7cc0
SHA512 c20515cdd0e6a47b4cacff784801296e72a0dd797c4edf2f8ec9e51d2107248f43d04d1f17802adab1b11cc05aeff67b60becd3ce731acc0f8ea922c63546047

C:\Users\Admin\Downloads\Unconfirmed 756224.crdownload

MD5 e7af185503236e623705368a443a17d9
SHA1 863084d6e7f3ed1ba6cc43f0746445b9ad218474
SHA256 da3f40b66cc657ea33dbf547eb05d8d4fb5fb5cf753689d0222039a3292c937a
SHA512 8db51d9029dfb0a1a112899ca1f1dacfd37ae9dec4d07594900c5725bc0f60212ab69395f560b30b20f6e1dffba84d585ef5ae2b43f77c3d5373fe481a8b8fc3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 c8cbd9765df476fd545b7dde187d2d13
SHA1 c11656bfc705c01b81692088a10db9e69b0c10c8
SHA256 eda761185f72fe6a77d052b20af7493258a1d65c2b45f2b8a16ead084a37ae6f
SHA512 a7d157642cf9461ecb44f273704cd5ac32e46c0a34671e3c9a8db5983653e8668859e45115959cb67469dce94605aa1a6fafec5e8a8bfd56133c0df2c12b1207

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2182025fff3502139744206cd9734c20
SHA1 27f390220fc21024b9374a6fd6131ac1605e298c
SHA256 d34508af19047796edbc9e9684616f2d1e806cf04b4cf047a841ec831101c2f7
SHA512 731155a68384cedfab6d36e56c4fb8a87a2d8a115b7ed7047e8c03d48baaef3722823f3aaebf7a806f38d39600a29de8d60b9c5d8a10740be7e4831ef601d733

C:\Users\Admin\Downloads\MEMZ.exe

MD5 19dbec50735b5f2a72d4199c4e184960
SHA1 6fed7732f7cb6f59743795b2ab154a3676f4c822
SHA256 a3d5715a81f2fbeb5f76c88c9c21eeee87142909716472f911ff6950c790c24d
SHA512 aa8a6bbb1ec516d5d5acf8be6863a4c6c5d754cee12b3d374c3a6acb393376806edc422f0ffb661c210e5b9485da88521e4a0956a4b7b08a5467cfaacd90591d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 0d79f497eb878ee1e55f5c9c41fc4ac6
SHA1 e1cfe8493b7da6e79fb7183bb0be95c9d7a6eb58
SHA256 4810cb3e9dae145b64a316d9019b688aecc01303979d0178ea29a893e4aae38e
SHA512 58eb7f0f1c99c586e985af29f44d1b6e660bb675a166be53cf79e78436001a78a2cab3c54d5377f4cb77dc9b508d8ef8687f526332ceeba68bb3e91e82fa6b75

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 3fd1d6852344393911ff4ef508d9c06f
SHA1 e1238b2dfd12ae7595421079356035e11c757be0
SHA256 8df153bce790883c1292101c3fa019953666f965d7cbfd7558419d9a84b062c5
SHA512 f27e966f40f220bcfb13c599f5f0af972d417064a60cf55eff4993ee7153b44770d29298570be833f6e74f72b8df5b0f5ecb7a82250d6a5cb1e53e7375f8036e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8ceecdab7d03cd353f8b880b6275182b
SHA1 45acfdc1e5c24751e4cd99315585fe5b34cc309e
SHA256 900a5056dd935990f90da941afec34fe0cbf83416293dc152f7377573ac76273
SHA512 b572e748cb429c53e51e87ddced1064fe8d9785b8b1c753cc14d414eb317fceb487db6f89f62272036ee7393b9f0f14caea89b422250abf41790875853301ca6

memory/2260-600-0x0000000000400000-0x00000000004A2000-memory.dmp

C:\Users\Admin\Downloads\Unconfirmed 616087.crdownload

MD5 31420227141ade98a5a5228bf8e6a97d
SHA1 19329845635ebbc5c4026e111650d3ef42ab05ac
SHA256 1edc8771e2a1a70023fc9ddeb5a6bc950380224b75e8306eb70da8eb80cb5b71
SHA512 cbb18a6667b377eb68395cfd8df52b7d93c4554c3b5ab32c70e73b86e3dedb7949122fe8eea9530cd53944b45a1b699380bf1e9e5254af04d8409c594a52c0e7

C:\Users\Admin\Downloads\Unconfirmed 616087.crdownload:SmartScreen

MD5 4047530ecbc0170039e76fe1657bdb01
SHA1 32db7d5e662ebccdd1d71de285f907e3a1c68ac5
SHA256 82254025d1b98d60044d3aeb7c56eed7c61c07c3e30534d6e05dab9d6c326750
SHA512 8f002af3f4ed2b3dfb4ed8273318d160152da50ee4842c9f5d9915f50a3e643952494699c4258e6af993dc6e1695d0dc3db6d23f4d93c26b0bc6a20f4b4f336e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 57863c6d8b99d5af9918a1e8b8a6c47e
SHA1 fec3c4a2067869227096f23868c757d4d9def362
SHA256 02e1d58a74e7854984f7808e49627797437f37c8aa1cfb884aeabb474b90e397
SHA512 edca426827dff8f8d8e7ba5e480a75dab4c1b6c638b351d1541f6e42a749f2b90da7831afa49cbe97b79d2243d936fbbeff41e92fba664675589489b6111aefa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3286fc60cb973015a5224eb9dd908406
SHA1 61660b5377677519fe6e23b346f036a721401312
SHA256 c8a7f86abadfcd7b254522bfc80e2ad865b6030326627f5fd8513b3fc9c1498e
SHA512 303f1765b7469852be98f45e5de1e9386c623d4682bd048f01817391873b0208bca85ce64cfde69afcbc3d45a55de4ea3a2ec84698e55cb1ee1a7b66104ea1ec

C:\Users\Admin\Downloads\Unconfirmed 582823.crdownload

MD5 c261c6e3332d0d515c910bbf3b93aab3
SHA1 ff730b6b2726240df4b2f0db96c424c464c65c17
SHA256 4663715548c70eec7e9cbf272171493d47a75d2652e38cca870412ea9e749fe9
SHA512 a93bd7b1d809493917e0999d4030cb53ab7789c65f6b87e1bbac27bd8b3ad2aeb92dec0a69369c04541f5572a78f04d8dfba900624cf5bd82d7558f24d0a8e26

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 3e507714d7a8b2cb197b7bfc4cc394d8
SHA1 924748f5a7cc01e9125495acc3e1822a38d8aa0d
SHA256 9298abfa1c9a3cb3efc278df871e498fc71261f996618769c631098214094746
SHA512 3daef6a7122ce351de1fea0eed592a545493cdf95d977daf3dd678cb6b3a753f25f4783b5e95512883607b22e9115e6969b6d06f903c964723e6dcf30a4c5bac

C:\Users\Admin\Downloads\Unconfirmed 621811.crdownload

MD5 799b57227561238a7d7a284c5568c1ad
SHA1 f62ddd138ab15b67a2207438b38414fd236d5278
SHA256 fe974c995cfb27e8c91123081986847f6d3d4252b6a8d1e1385c558f2aeb7057
SHA512 2a6de3d751f9b74227bfd7069b989175ebd81548af6e1f4bf87f63cf9e0a69ec6cbbac5b837dd80e7effdf7f648c2c768124257d347f1a0d394a0dd9a5552f12

C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe

MD5 1bb4dd43a8aebc8f3b53acd05e31d5b5
SHA1 54cd1a4a505b301df636903b2293d995d560887e
SHA256 a2380a5f503bc6f5fcfd4c72e5b807df0740a60a298e8686bf6454f92e5d3c02
SHA512 94c70d592e806bb426760f61122b8321e8dc5cff7f793d51f9d5650821c502c43096f41d3e61207ca6989df5bfdbff57bc23328de16e99dd56e85efc90affdce

memory/3416-716-0x0000000000900000-0x0000000000974000-memory.dmp

memory/3416-717-0x0000000005490000-0x000000000549A000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 445a540120b5d5c8ecc46e10f12dc8c2
SHA1 f29a70f2c9288ba261ca03c8525f1726f8c253cc
SHA256 45a26cad036fb0a5307227917c077e447715c0c643e45eb0dc545d93229c5a80
SHA512 aeb9fa4d4de6879afdc7f289284fc5ea53a9dcf583386a9d80324bc4f9b43122e3ccf5504b9b10acfc035c8b1d8302751dce1c334bcf3eb1a31296300b7415be

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6432368329d776871a1502f87f6e3acc
SHA1 3f373c1f413b51d3b53c7b2d8246bd992790e06b
SHA256 07f67ae497d5ceb013ac72c37c8225c4bf1d2f23c97a052827c82394c0d8d2ec
SHA512 73d71ebfcd4b09c20297ce50c8b667147e622a022f6bed4ab762f30c8101ec69b95d0e37f5c3d2f1586f503e29bd578c04ffd11920f164ca94f6ae55d8aeeb97

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 d5e07653bded3bd1c2656ef0bede1214
SHA1 479646251a97461a927dcc146f7819309e184eb0
SHA256 a2facca29eed26065928f299a949a5f762ecc190e29b7d8694e0f3fc63b12e29
SHA512 2d205f41864a451c4dfbcfa03915f55079cf1f4d5d5cc6786cdd96ecad166b68b8b3646ed7aee15b8795f7c95a4bc50d5f3bb1e3d37048d5b7ce7d8a36315406

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 7b04af7fab64abc25495149b103cf440
SHA1 fb10577e0cb3f890f8744e958217d8cd6a8aa81d
SHA256 d773b0e0a71cbdc09cd9a8762b00281c72902598349734e2f3e5f01dd9d589bc
SHA512 f072f8bb01803c5d382dafc29e800caa666571de45095b6bdb5d9b69b159aa00214c262a18af8a84eee28b5b71d135eddd98e3c70dffeaa27c384e6acff9a28a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8797c0b7f0581dacec5b2cc85544ea7b
SHA1 40101b98522ea9b383cba71a4a947ffafb1279cb
SHA256 9e0e658972d9c3fa1d76b9d18b7a2e5babaa158143194d6e17c790c2785dd1fa
SHA512 4c3c515af920a8995b0a4e9a04f20953d00ba677985272cecd6e3696c3812f29b2fb0b2f9f2dfe816ea1a0ef1694c6220748d5b8234b288747ba904cd04c463e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 088b27a66eb59ff9e3fa4806021e5c6e
SHA1 1a479977615a5c5527e64ab254be9b96ba5185d9
SHA256 25cd5f03e2de728bff161be736dcfc5264d4995d5f5ed7ba0fc6105de031d3cf
SHA512 4e8ee03d2facfab3714e2743bc832e5b15e34c95def38f044d6c8047a903bdc3aad9b1911178345a409bcb81c3fd9039c84894c00b5d1f862aca8b5fb8b0394d

memory/4276-810-0x00000000007F0000-0x00000000007FE000-memory.dmp

C:\wxp

MD5 3d2160fe4bcdc7b6c8686fec1e63a291
SHA1 8b979d773a5ee770824c2c6d19ebd3b233e5c1a6
SHA256 10d6ee17b9c86468fbb9a04d819eafdd88f87e81264ef215ec62b1194a024533
SHA512 fcbb81d44ff241f8cf0d81bc06e2d1641ea3f55c6d21f119590775a7734c80e9c6ab56a34d598d8c197b931d4cd3188010c4a5e36ad229ebe14c714cf4047c8f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 15b8eb4e94699280b31fedf6b9a153bc
SHA1 2581680ba592db6f58e37a3bd3163d562cfabcd6
SHA256 f7b33fd3bddca03022a8eaf6f195b66c9cfddf4bb0ba6916023d994b819081ce
SHA512 109520a26697f3c21c02049145f7285a698ecbecc1b5155e4605cde4919c5c9b0f3717d8def8c4e2578a00a1924ce4c882caf913d9f9938af7462285cdbf41e8

C:\Users\Admin\Downloads\Unconfirmed 45735.crdownload

MD5 04251a49a240dbf60975ac262fc6aeb7
SHA1 e211ca63af2ab85ffab1e5fbbdf28a4ef8f77de0
SHA256 85a58aa96dccd94316a34608ba996656a22c8158d5156b6e454d9d69e6ff38c3
SHA512 3422a231e1dadb68d3567a99d46791392ecf5883fd3bbc2cae19a595364dac46e4b2712db70b61b488937d906413d39411554034ffd3058389700a93c17568d2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 eac35b6639b9dbbb6ee719180bb08b96
SHA1 7beae34650d84a6cd5797ece433ba8c64f4e55ac
SHA256 422f200a9338bee009d4dc0ee5992cb20eccce51571e3b95d243399c6ee4209f
SHA512 90d1aaa662d7cbdfedecd29f1e921dcbd1cd7cf3f5d5b845f107b39ab35f2fc222480a735c5957c43cfef7fb20d5b6dad4029b1a662b8c63d6d00aa97db67747

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b01fa2f79a33b02090692b2260cb3f06
SHA1 5df70eb0031738324b2a35a761a213679415a96c
SHA256 a77c2fc518f9584cbb9e0c19ce81c9c455dc4baa5acbf3fc9ebafe0b04e97750
SHA512 1cc88c74d1c9872f893578fefaef336287201c9a016d350ea300289c79c9541ff05a2b4d15911f9838fe143f467030753115f305cfa58014334bd0bb842573f2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 2dc6bf9f02dc70aba32427195681b0af
SHA1 9c55ea8c03544b08fed8bebcffed5f17dd2df2ec
SHA256 4a11fc17eaece926e3da909b1ad9a42369ac66023e0a0fe53c4cb872fb4a6f50
SHA512 659427772de7b658119d1bd43939ba74fd250d8ac6b483932653e8245f61b38fd0faaa81202d019b459aad1da96af8f330d85e20c1bb5eb530ee8a2de565ee5d

memory/3692-37322-0x0000000000400000-0x000000000046E000-memory.dmp

memory/5152-82815-0x00000000053D0000-0x000000000593C000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 1fedabaa038552f159f6e64d4e5a04ea
SHA1 73d3a815a26c3b3cca3d81298809700e83acaa98
SHA256 e05d6c0ad729ac3be82fd6132790cc62c7e9b874a1bb0334d5c48e96df7d6ac1
SHA512 554a5758467afe7e00f73a2f804cc308962b52795a73627c2eb7a34d9607dac1d12a5d495f8b7ac08ba205ffb47aca789e8c0198915f856617091c4c8f1af53d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5cbc24.TMP

MD5 fd82352025c832e2a697520438cb41fe
SHA1 c5bf8634ee766702ce12319de9e6c812cf044531
SHA256 1d78a2da1e43ea755d254726e7acd062a461f37641806f719a392e91c6489abf
SHA512 f842799885742c6d1e06835f7def57bb1397031256457bdda37d8c15150079952421c07d21645ea79c6d2283fbf015d692b66d9fc14bb28ee8aec193d2608b31

C:\Users\Admin\Downloads\Unconfirmed 179067.crdownload

MD5 20fa439e1f64c8234d21c4bc102d25f8
SHA1 ba6fc1d9ba968c8328a567db74ef03eee9da97d8
SHA256 2f10f1384f3513f573a88e1771c740a973a5a304387e23aa4bf310794532fa8e
SHA512 19e9d62a852293ffa99a412ba8fa5dd0336a7753af4975e06cd53c02ee6f0058485160f8f8a64a8bca19d88eb426a4a2785885c02a494f33f2b6e383204a7f39

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 50befc5d426ea6757b3d0fd60ee95bac
SHA1 ebc167afa2b6f58ed010120a23b2bddd7dd9b67d
SHA256 e8922f6a4ef82a32420e0b8df1054f4ef00c6c285a1349d3c27a8e99256a0f3f
SHA512 e79e72f1024369971e88c40e43d2897762ab78ea366948ca876ca8c78e14a90f508f724a03f3b35dbb33fbba7942f02395a8721f30a936912afaa66a0289ae18

C:\Users\Admin\Downloads\Unconfirmed 469908.crdownload

MD5 7ad8c84dea7bd1e9cbb888734db28961
SHA1 58e047c7abecdd31d4e3c937b0ee89c98ab06c6a
SHA256 a4b6e53453d1874a6f78f0d7aa14dfafba778062f4b85b42b4c1001e1fc17095
SHA512 d34b087f7c6dd224e9bfe7a24364f878fc55c5368ce7395349ca063a7fd9ac555baed8431bfa13c331d7e58108b34e0f9d84482ce2e133f623dd086f14345adb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 229c70a6f82510b5f37c67db2375f1df
SHA1 07ea090d105abc2cdfbfbdb5d3e89b12409496a2
SHA256 be9abfc0c05525f04b6c211737f35df3090d6831550557391887549f307a387c
SHA512 60217e71efbbd333c929a7d7a9b2255e0d8a63b57b9691701d04ac1d7891044c67fcd57d68e044371d5d40bcbe2214ad4e1aec300dd33a9a97664f9dc0ef7069

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 fd2eb735ba789d48750bc06b7ab73591
SHA1 ad38eb08a4b13bbf7c78e9dbe5648e0b3b9b30c1
SHA256 1146f7a857cafecabc9a960bb09653a161d5d7c1ae0cabe60ad56efa79880886
SHA512 7ba4f4d7a73854c7f311c5f993195f1c1653951c07025a608eec32bb0b1f86cfcdad71802a4d615dd745fa070bf1c6aa9efcda62b624d17ccfbbb5115e81fe85

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RFe5d9afa.TMP

MD5 d299d8269eda6335fa161325617c70d1
SHA1 428688afa5d9ffafbc8c993a2e0f8347e6c88d08
SHA256 59cfbf2f29fd7488132cdf34612338ea12ce78f09ef2ec75ced6ee252e402bc9
SHA512 fbbc94a2e8b0efb9cd5d00f2cf0760d618238346691b9f92780c1406c15c0ea467ad1d5f80c94cfbf02e9965912938e7f8605e269d43de6c53b51aabf0fd655f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 cf312b68f69d11f3d0f3262a7f3ed186
SHA1 4ae0308f7d2a1d3881843465edbfd2297c802af7
SHA256 e5cb6c00e40d0a9344a87dee94ad643e00427672ae44743b383162dac0eed934
SHA512 4f955a0ef6081c11192d9779578b72c9ec2076d6cf42229a899693691f9fccc781ba1e6e88e4ead45fb4117564b9c5ea4dd9f56fd04f099ad895f82d13eb60fc

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

MD5 d12e797f18cb79137ad12b5e5139e1b8
SHA1 f15fb437b1be86b714e278ce927b315fa0e16ea3
SHA256 afb0f4a0229174f8118ab512b569fdb9eb3ebb0389cb11c9f4a0a2aa88ec258b
SHA512 f6e8f99bcd0ecff7683c8e56fa2ffa3fdff16d6c17a2066b36bc3d78e2838130b5b23059a239b29a7ebdd0b5ca36b3f9cf388945bf1aad50a3f91cb8091223cd

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SettingsCache.txt

MD5 766f5efd9efca73b6dfd0fb3d648639f
SHA1 71928a29c3affb9715d92542ef4cf3472e7931fe
SHA256 9111e9a5093f97e15510bf3d3dc36fd4a736981215f79540454ce86893993fdc
SHA512 1d4bb423d9cc9037f6974a389ff304e5b9fbd4bfd013a09d4ceeff3fd2a87ad81fe84b2ee880023984978391daf11540f353d391f35a4236b241ccced13a3434

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 4b83cc435e1be6c4df0be1c82a1541e7
SHA1 2e0be5c1212fdae6f088b7aa666c97efadd9166a
SHA256 6dcb2e57caf20af584a61561c9eb32adc6f04459a3961e0d3a0aa97ec114e443
SHA512 6ef7bce836e9cea4b9164e180510aff61786d13e8ad693fc3e8b4650c9e381ba311c193a032632883869982d068791208cbd8562fe751627858b1e64fad3f1e5