Analysis Overview
Threat Level: Known bad
The file https://github.com/Da2dalus/The-MALWARE-Repo was found to be: Known bad.
Malicious Activity Summary
Lokibot
Credentials from Password Stores: Credentials from Web Browsers
Downloads MZ/PE file
Reads user/profile data of web browsers
Credentials from Password Stores: Windows Credential Manager
Obfuscated with Agile.Net obfuscator
Executes dropped EXE
Drops startup file
Legitimate hosting services abused for malware hosting/C2
Drops desktop.ini file(s)
Accesses Microsoft Outlook profiles
Adds Run key to start application
Checks installed software on the system
Drops file in System32 directory
Suspicious use of SetThreadContext
Drops autorun.inf file
Drops file in Windows directory
Drops file in Program Files directory
Subvert Trust Controls: Mark-of-the-Web Bypass
Program crash
System Location Discovery: System Language Discovery
Enumerates physical storage devices
Browser Information Discovery
Suspicious use of SendNotifyMessage
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious use of SetWindowsHookEx
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of AdjustPrivilegeToken
NTFS ADS
Enumerates system info in registry
outlook_office_path
outlook_win_path
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-09-20 04:07
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-09-20 04:07
Reported
2024-09-20 04:14
Platform
win11-20240802-en
Max time kernel
446s
Max time network
447s
Command Line
Signatures
Lokibot
Credentials from Password Stores: Credentials from Web Browsers
Downloads MZ/PE file
Credentials from Password Stores: Windows Credential Manager
Drops startup file
| Description | Indicator | Process | Target |
| File opened for modification | \??\c:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\Lokibot.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\FreeYoutubeDownloader.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Lokibot.exe | N/A |
| N/A | N/A | C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Gas.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Gas.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\MEMZ.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\LoveYou.exe | N/A |
| N/A | N/A | C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\LoveYou.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\TaskILL.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\PCToaster.exe | N/A |
| N/A | N/A | C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe | N/A |
Obfuscated with Agile.Net obfuscator
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Reads user/profile data of web browsers
Accesses Microsoft Outlook profiles
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook | C:\Users\Admin\Downloads\Lokibot.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook | C:\Users\Admin\Downloads\Lokibot.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook | C:\Users\Admin\Downloads\Lokibot.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000\Software\Microsoft\Windows\CurrentVersion\Run\Free Youtube Downloader = "C:\\Windows\\Free Youtube Downloader\\Free Youtube Downloader\\Free YouTube Downloader.exe" | C:\Users\Admin\Downloads\FreeYoutubeDownloader.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Whistler = "C:\\Windows\\system32\\whismng.exe -next" | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
Checks installed software on the system
Drops desktop.ini file(s)
| Description | Indicator | Process | Target |
| File opened for modification | \??\c:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\desktop.ini | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File opened for modification | \??\c:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File opened for modification | \??\c:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\desktop.ini | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File opened for modification | \??\c:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\desktop.ini | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File opened for modification | \??\c:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\desktop.ini | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File opened for modification | \??\c:\$Recycle.Bin\S-1-5-21-3761892313-3378554128-2287991803-1000\desktop.ini | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File opened for modification | \??\c:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\desktop.ini | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File opened for modification | \??\c:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File opened for modification | \??\c:\Users\Admin\AppData\Local\Microsoft\Windows\Application Shortcuts\desktop.ini | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File opened for modification | \??\c:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File opened for modification | \??\c:\Users\Admin\AppData\Roaming\Microsoft\Windows\AccountPictures\desktop.ini | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File opened for modification | \??\c:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File created | \??\c:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-s..opini-accessibility_31bf3856ad364e35_10.0.22000.348_none_d5c2f424027f1f86\f\Desktop.ini | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File opened for modification | \??\c:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility\Desktop.ini | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File opened for modification | \??\c:\Users\Admin\AppData\Local\Microsoft\Windows\History\desktop.ini | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File opened for modification | \??\c:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\desktop.ini | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File opened for modification | \??\c:\Windows\Downloaded Program Files\desktop.ini | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File opened for modification | \??\c:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group3\desktop.ini | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File opened for modification | \??\c:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File opened for modification | \??\c:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File opened for modification | \??\c:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\desktop.ini | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File opened for modification | \??\c:\Users\Admin\AppData\Local\Microsoft\Windows\Burn\Burn2\desktop.ini | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File opened for modification | \??\c:\Users\Admin\AppData\Roaming\Microsoft\Windows\Libraries\desktop.ini | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File opened for modification | \??\c:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\desktop.ini | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File opened for modification | \??\c:\Windows\Media\Desktop.ini | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File opened for modification | \??\c:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File opened for modification | \??\c:\Users\Admin\Videos\desktop.ini | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File opened for modification | \??\c:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\desktop.ini | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File opened for modification | \??\c:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File opened for modification | \??\c:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File opened for modification | \??\c:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\desktop.ini | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File opened for modification | \??\c:\Users\Admin\AppData\Roaming\Microsoft\Windows\SendTo\desktop.ini | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File opened for modification | \??\c:\Users\Admin\Links\desktop.ini | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File opened for modification | \??\c:\Users\Admin\Searches\desktop.ini | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File opened for modification | \??\c:\Users\Public\Desktop\desktop.ini | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File opened for modification | \??\c:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File opened for modification | \??\c:\Users\Admin\AppData\Local\Microsoft\Windows\Burn\Burn\desktop.ini | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File opened for modification | \??\c:\Users\Admin\Contacts\desktop.ini | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File opened for modification | \??\c:\Users\Admin\Pictures\desktop.ini | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File opened for modification | \??\c:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\desktop.ini | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File opened for modification | \??\c:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group2\desktop.ini | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File opened for modification | \??\c:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\desktop.ini | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File opened for modification | \??\c:\Users\Admin\AppData\Local\Microsoft\Windows\WinX\Group1\desktop.ini | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File opened for modification | \??\c:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\desktop.ini | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File opened for modification | \??\c:\Users\Admin\Desktop\desktop.ini | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File opened for modification | \??\c:\Users\Public\Libraries\desktop.ini | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File opened for modification | \??\c:\Users\Public\Pictures\desktop.ini | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File opened for modification | \??\c:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File opened for modification | \??\c:\Users\Public\Videos\desktop.ini | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File opened for modification | \??\c:\Windows\Offline Web Pages\desktop.ini | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File opened for modification | \??\c:\Program Files\desktop.ini | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File opened for modification | \??\c:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File opened for modification | \??\c:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File opened for modification | \??\c:\Users\Admin\Music\desktop.ini | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File opened for modification | \??\c:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group1\desktop.ini | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File opened for modification | \??\c:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\desktop.ini | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File opened for modification | \??\c:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WinX\Group1\desktop.ini | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File opened for modification | C:\Users\Admin\Documents\desktop.ini | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\desktop.ini | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File opened for modification | \??\c:\Users\Admin\Saved Games\desktop.ini | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File opened for modification | \??\c:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File opened for modification | \??\c:\Users\Public\Downloads\desktop.ini | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File opened for modification | \??\c:\Windows\Fonts\desktop.ini | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File opened for modification | \??\c:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Drops autorun.inf file
| Description | Indicator | Process | Target |
| File opened for modification | \??\c:\Windows\BitLockerDiscoveryVolumeContents\autorun.inf | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File created | \??\c:\Windows\BitLockerDiscoveryVolumeContents\autorun.inf | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\whismng.exe | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\whismng.exe | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File created | C:\Windows\SysWOW64\whismng.exe:SmartScreen:$DATA | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File created | C:\Windows\SysWOW64\whismng.exe:Zone.Identifier:$DATA | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File created | \??\c:\Windows\SysWOW64\regedit.exe | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 2156 set thread context of 2260 | N/A | C:\Users\Admin\Downloads\Lokibot.exe | C:\Users\Admin\Downloads\Lokibot.exe |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | \??\c:\Program Files\Common Files\microsoft shared\ink\Content.xml | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File opened for modification | \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Handles.dll | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File opened for modification | \??\c:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Excel.Common.FrontEnd.XmlSerializers.dll | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File opened for modification | \??\c:\Program Files\Microsoft Office\root\Office16\PersonaSpy\notice.txt | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File created | \??\c:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12827.20400.0_x64__8wekyb3d8bbwe\images\contrast-white\HxCalendarAppList.scale-125.png | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File created | \??\c:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.21012.10511.0_x64__8wekyb3d8bbwe\Assets\music_welcome_page.jpg | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File opened for modification | \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Text.Encoding.Extensions.dll | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File opened for modification | \??\c:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest2-ppd.xrm-ms | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File opened for modification | \??\c:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\QUAD\QUAD.INF | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File opened for modification | \??\c:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-convert-l1-1-0.dll | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File created | \??\c:\Program Files\WindowsApps\Microsoft.Getstarted_10.2.41172.0_x64__8wekyb3d8bbwe\Assets\TipsAppList.targetsize-96_contrast-white.png | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File created | \??\c:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.6.3102.0_x64__8wekyb3d8bbwe\Win10\contrast-black\MicrosoftSolitaireSplashScreen.scale-100_contrast-black.png | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\upsell.png | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File opened for modification | \??\c:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_OEM_Perp-pl.xrm-ms | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File created | \??\c:\Program Files\WindowsApps\Microsoft.BingWeather_1.0.6.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\WeatherAppList.targetsize-32_contrast-black.png | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File created | \??\c:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_1.0.38.0_x64__8wekyb3d8bbwe\VoiceRecorderStub.winmd | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File created | \??\c:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_321.14700.0.9_x64__cw5n1h2txyewy\Dashboard\WebContent\node_modules\@fluentui\theme\lib\types\index.js | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File created | \??\c:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.Aero.dll | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File opened for modification | \??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\ReachFramework.resources.dll | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File created | \??\c:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.DesktopAppInstaller_1.0.42251.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-white\AppPackageStoreLogo.scale-125_contrast-white.png | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File created | \??\c:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.ScreenSketch_11.2104.2.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SnipSketchMedTile.scale-125.png | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File created | \??\c:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_321.14700.0.9_x64__cw5n1h2txyewy\Dashboard\WebContent\node_modules\@fluentui\react\lib-amd\Dropdown.js | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\ko-kr\ui-strings.js | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File opened for modification | \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.Algorithms.dll | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File opened for modification | \??\c:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp2-ppd.xrm-ms | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File created | \??\c:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_321.14700.0.9_x64__cw5n1h2txyewy\Dashboard\WebContent\node_modules\@fluentui\theme\node_modules\@uifabric\utilities\lib-amd\IRenderFunction.js | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\hr-hr\ui-strings.js | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File created | \??\c:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12827.20400.0_x64__8wekyb3d8bbwe\images\contrast-white\ExchangeMediumTile.scale-150.png | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File created | \??\c:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_321.14700.0.9_x64__cw5n1h2txyewy\Dashboard\WebContent\node_modules\@fluentui\theme\node_modules\@uifabric\utilities\lib-commonjs\test\setRenderSpy.js | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\it-it\PlayStore_icon.svg | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\da_get.svg | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\sl-si\ui-strings.js | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File opened for modification | \??\c:\Program Files\VideoLAN\VLC\plugins\access\libaccess_realrtsp_plugin.dll | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File created | \??\c:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12827.20400.0_x64__8wekyb3d8bbwe\images\HxMailWideTile.scale-100.png | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File created | \??\c:\Program Files\WindowsApps\Microsoft.WindowsNotepad_10.2102.13.0_x64__8wekyb3d8bbwe\Assets\NotepadMedTile.scale-200.png | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File created | \??\c:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.21012.10511.0_x64__8wekyb3d8bbwe\PointerIndicatorVertexShader.cso | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File opened for modification | \??\c:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_MAKC2R-pl.xrm-ms | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File opened for modification | \??\c:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\OLicenseHeartbeat.exe | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\js\nls\root\ui-strings.js | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\sl-si\ui-strings.js | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File opened for modification | \??\c:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail-ul-oob.xrm-ms | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File opened for modification | \??\c:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN044.XML | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File created | \??\c:\Program Files\WindowsApps\Microsoft.Paint_10.2104.17.0_x64__8wekyb3d8bbwe\Assets\contrast-white\PaintAppList.targetsize-60_altform-lightunplated.png | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File created | \??\c:\Program Files\WindowsApps\Microsoft.PowerAutomateDesktop_1.0.65.0_x64__8wekyb3d8bbwe\Images\contrast-white\PowerAutomateAppIcon.targetsize-32.png | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File created | \??\c:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12827.20400.0_x64__8wekyb3d8bbwe\images\contrast-black\HxA-Advanced-Light.scale-250.png | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File created | \??\c:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_321.14700.0.9_x64__cw5n1h2txyewy\Dashboard\WebContent\node_modules\@fluentui\theme\node_modules\@uifabric\utilities\lib-amd\dom\getDocument.js | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\S_IlluEmptyFolder_160.svg | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File opened for modification | \??\c:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_KMS_Client_AE-ppd.xrm-ms | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File created | \??\c:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCamera_2020.503.58.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-black\CameraWideTile.scale-125.png | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File created | \??\c:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.6.3102.0_x64__8wekyb3d8bbwe\Win10\MicrosoftSolitaireAppList.targetsize-30_altform-unplated.png | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Microsoft\EdgeCore\90.0.818.66\ResiliencyLinks\Locales\kok.pak.DATA | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\Locales\kk.pak | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File opened for modification | \??\c:\Program Files\Microsoft Office\root\Licenses16\ProfessionalPipcR_OEM_Perp-pl.xrm-ms | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File opened for modification | \??\c:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\api-ms-win-crt-locale-l1-1-0.dll | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File created | \??\c:\Program Files\WindowsApps\Microsoft.BingWeather_1.0.6.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherAppList.targetsize-16_altform-lightunplated.png | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ccme_base_non_fips.dll | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File opened for modification | \??\c:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\Locales\nl.pak | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File opened for modification | \??\c:\Program Files\Java\jdk-1.8\jre\bin\fxplugins.dll | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File created | \??\c:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.32731.0_x64__8wekyb3d8bbwe\Assets\contrast-white\SplashScreen.scale-100_contrast-white.png | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File opened for modification | \??\c:\Program Files\Java\jre-1.8\bin\api-ms-win-core-profile-l1-1-0.dll | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File created | \??\c:\Program Files\WindowsApps\Microsoft.Getstarted_10.2.41172.0_x64__8wekyb3d8bbwe\Assets\TipsAppList.targetsize-20_altform-lightunplated.png | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File created | \??\c:\Program Files\WindowsApps\Microsoft.WindowsMaps_1.0.22.0_x64__8wekyb3d8bbwe\Assets\AppTiles\MapsSplashScreen.scale-200.png | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File created | \??\c:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_321.14700.0.9_x64__cw5n1h2txyewy\Dashboard\WebContent\node_modules\@fluentui\react\lib-commonjs\components\DocumentCard\DocumentCardPreview.types.js | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File created | \??\c:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.4.0\Functions\PesterState.ps1 | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | \??\c:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-t..i-pcshell.resources_31bf3856ad364e35_10.0.22000.184_cs-cz_8de2a0103a534963\f\twinui.pcshell.dll.mui | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File created | \??\c:\Windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File created | \??\c:\Windows\diagnostics\system\Audio\RS_HDAudioDriver.ps1 | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File created | \??\c:\Windows\servicing\InboxFodMetadataCache\metadata\Language.Basic~he-il~1.0.mum | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File created | \??\c:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-mlang.resources_31bf3856ad364e35_10.0.22000.348_lv-lv_f86cf9673961ff91\f\mlang.dll.mui | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File created | \??\c:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-p..iagnostic.resources_31bf3856ad364e35_10.0.22000.120_sr-..-rs_b4bff97a14c69a0a\f\RS_ResetIdleSleepsetting.psd1 | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File created | \??\c:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-syncsettings_31bf3856ad364e35_10.0.22000.65_none_6d8541844631a95c.manifest | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File created | \??\c:\Windows\Cursors\move.svg | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File opened for modification | \??\c:\Windows\Installer\$PatchCache$\Managed\00006109E70000000100000000F01FEC\16.0.12527\vcruntime140.dll_x64 | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File created | \??\c:\Windows\PolicyDefinitions\en-US\Search.adml | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File created | \??\c:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-l..essionaln.resources_31bf3856ad364e35_10.0.22000.493_da-dk_80e1618fe8b9822a\f\license.rtf | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File created | \??\c:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-l..terprises.resources_31bf3856ad364e35_10.0.22000.493_sr-..-rs_4992dddb236e687f.manifest | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File created | \??\c:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-mlang.resources_31bf3856ad364e35_10.0.22000.348_nb-no_3c66e0171fe11ec0\f\mlang.dll.mui | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File created | \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\System.IO.MemoryMappedFiles.dll | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File created | \??\c:\Windows\Microsoft.NET\Framework64\v2.0.50727\CLR.mof | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File created | \??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Data.SqlXml.dll | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File created | \??\c:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-l..essionaln.resources_31bf3856ad364e35_10.0.22000.493_fr-fr_c9809fa7cc66ea90.manifest | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File created | \??\c:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-s..edia-base.resources_31bf3856ad364e35_10.0.22000.318_nl-nl_92d17560390c550c\f\SetupPrep.exe.mui | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File created | \??\c:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-s..lers-maps.resources_31bf3856ad364e35_10.0.22000.120_uk-ua_773d1cc220d6f357\f\SettingsHandlers_Maps.dll.mui | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File created | \??\c:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-s..terysaver.resources_31bf3856ad364e35_10.0.22000.132_hu-hu_8244d0cc703c0fa3.manifest | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File created | \??\c:\Windows\Fonts\georgiaz.ttf | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File created | \??\c:\Windows\INF\iastorav.inf | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File created | \??\c:\Windows\Microsoft.NET\Framework64\v2.0.50727\prcp.nlp | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File created | \??\c:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Linq.Queryable.dll | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File created | \??\c:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-s..component.resources_31bf3856ad364e35_10.0.22000.120_he-il_63830294183c6c31\f\W32UIRes.dll.mui | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File created | \??\c:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-s..ies-indonesian-main_31bf3856ad364e35_10.0.22000.348_none_a6f3fc49e08056fa.manifest | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File created | \??\c:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-u..n-desktop.resources_31bf3856ad364e35_10.0.22000.160_ja-jp_63f3d1e81929f0ae.manifest | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File created | \??\c:\Windows\Microsoft.NET\Framework\v4.0.30319\Microsoft.VisualC.Dll | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File created | \??\c:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-lpksetup.resources_31bf3856ad364e35_10.0.22000.348_lv-lv_481e47e51633dbd8\f\lpksetup.exe.mui | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File created | \??\c:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-u..ehandlers.resources_31bf3856ad364e35_10.0.22000.282_et-ee_5e5ceea83d18be9d.manifest | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File created | \??\c:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-m..oolsclient.appxmain_31bf3856ad364e35_10.0.22000.120_none_bb415867ae85d51c\f\domTree.css | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File created | \??\c:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-p..ntmanager.resources_31bf3856ad364e35_10.0.22000.120_hu-hu_ffd5dd45e506c896.manifest | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File created | \??\c:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-taskbar-dll.resources_31bf3856ad364e35_10.0.22000.184_da-dk_7a1ffec88fceed05.manifest | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File created | \??\c:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-photoacquire_31bf3856ad364e35_10.0.22000.51_none_1675e8832893effb.manifest | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File opened for modification | \??\c:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Abf69f55a#\ebfef15acc18d1c8127e5620c268096a\Microsoft.ApplicationId.Framework.ni.dll | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File opened for modification | \??\c:\Windows\INF\oem0.inf | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File created | \??\c:\Windows\servicing\InboxFodMetadataCache\metadata\Language.Speech~en-gb~1.0.mum | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File created | \??\c:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-l..erprisesn.resources_31bf3856ad364e35_10.0.22000.493_fr-ca_127e4315594cebb4\f\license.rtf | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File created | \??\c:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-m..c-drivermanager-dll_31bf3856ad364e35_10.0.22000.469_none_0b75abb46f3eeede.manifest | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File created | \??\c:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-o..documents.resources_31bf3856ad364e35_10.0.22000.184_en-us_0d9a8e06b06f1225\f\OOBE_HELP_Opt_in_Details.htm | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File created | \??\c:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-l..me-ppipro.resources_31bf3856ad364e35_10.0.22000.493_de-de_ae72dfb96c6c8850\f\license.rtf | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File created | \??\c:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-l..skcleanup.resources_31bf3856ad364e35_10.0.22000.348_pt-br_eddb1256694a02f4.manifest | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File created | \??\c:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-s..component.resources_31bf3856ad364e35_10.0.22000.120_zh-cn_dc66f27d25f63d4e\f\winsetup.dll.mui | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File created | \??\c:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-s..dminflows.resources_31bf3856ad364e35_10.0.22000.184_ca-es_b7818d964e9aa3de\f\SystemSettingsAdminFlows.exe.mui | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File created | \??\c:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-u..n-library.resources_31bf3856ad364e35_10.0.22000.160_de-de_6629a75770a21712.manifest | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File created | \??\c:\Windows\INF\rtucx21x64.inf | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File created | \??\c:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-l..essionaln.resources_31bf3856ad364e35_10.0.22000.493_es-mx_ba12eefbbfc1bd2a.manifest | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File created | \??\c:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-lpksetup.resources_31bf3856ad364e35_10.0.22000.348_he-il_b7ee02f94e3f11ca\f\lpksetup.exe.mui | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File created | \??\c:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-mccs-syncres.resources_31bf3856ad364e35_10.0.22000.348_id-id_a58e32250e0b7cce\f\SyncRes.dll.mui | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File created | \??\c:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-quickassist-deployment_31bf3856ad364e35_10.0.22000.282_none_74184c53c9414a1b.manifest | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File created | \??\c:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_10.0.22000.132_zh-cn_7de34b86d6ab1ad6\f\CloudContent.adml | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File created | \??\c:\Windows\PLA\Rules\Rules.System.Summary.xml | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File created | \??\c:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-l..essionaln.resources_31bf3856ad364e35_10.0.22000.493_nb-no_72dd4a9248e2da0c\f\license.rtf | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File created | \??\c:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-l..essionaln.resources_31bf3856ad364e35_10.0.22000.493_nb-no_72dd4a9248e2da0c.manifest | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File created | \??\c:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-u..eexplorer.resources_31bf3856ad364e35_10.0.22000.184_da-dk_64408662650011da\f\Windows.UI.FileExplorer.dll.mui | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File created | \??\c:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-printing-adm.resources_31bf3856ad364e35_10.0.22000.282_ko-kr_eec259e527a195a8.manifest | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File created | \??\c:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-s..stack-msg.resources_31bf3856ad364e35_10.0.22000.469_fr-fr_000b5ae90b923532.manifest | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File created | \??\c:\Windows\Cursors\lnodrop.cur | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File created | \??\c:\Windows\INF\netl1c63x64.inf | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File opened for modification | \??\c:\Windows\INF\umbus.PNF | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File created | \??\c:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\System.ServiceModel.Install.dll | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File created | \??\c:\Windows\PolicyDefinitions\en-US\ShapeCollector.adml | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File created | \??\c:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-mapi.resources_31bf3856ad364e35_10.0.22000.184_el-gr_2548ca4a6fca13d1\f\mapi32.dll.mui | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| File created | \??\c:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~22000.493.1.3\amd64_microsoft-windows-twinui-pcshell_31bf3856ad364e35_10.0.22000.469_none_ed8c9509a5dc025c\f\twinui.pcshell.dll | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
Subvert Trust Controls: Mark-of-the-Web Bypass
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\TaskILL.exe:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Whiter.a.exe:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\PCToaster.exe:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Lokibot.exe:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\FreeYoutubeDownloader.exe:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Gas.exe:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\MEMZ.exe:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\LoveYou.exe:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\Downloads\Whiter.a.exe |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\FreeYoutubeDownloader.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Lokibot.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\MEMZ.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Lokibot.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Gas.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\LoveYou.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Whiter.a.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\PCToaster.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\Local Settings\MuiCache | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Lokibot.exe:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\FreeYoutubeDownloader.exe:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 616087.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\PCToaster.exe:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 324395.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 621811.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\TaskILL.exe:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 569728.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 469908.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 201080.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 70781.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Gas.exe:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 179067.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 905331.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 756224.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\MEMZ.exe:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\LoveYou.exe:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 582823.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Whiter.a.exe:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 650870.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 45735.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Downloads\Lokibot.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Downloads\Lokibot.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Downloads\TaskILL.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\FreeYoutubeDownloader.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\MEMZ.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe | N/A |
Suspicious use of WriteProcessMemory
outlook_office_path
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook | C:\Users\Admin\Downloads\Lokibot.exe | N/A |
outlook_win_path
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook | C:\Users\Admin\Downloads\Lokibot.exe | N/A |
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/Da2dalus/The-MALWARE-Repo
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffbec733cb8,0x7ffbec733cc8,0x7ffbec733cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1880,3438303833235677297,5471326324201291188,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1876 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1880,3438303833235677297,5471326324201291188,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1880,3438303833235677297,5471326324201291188,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2576 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,3438303833235677297,5471326324201291188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,3438303833235677297,5471326324201291188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,3438303833235677297,5471326324201291188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,3438303833235677297,5471326324201291188,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1880,3438303833235677297,5471326324201291188,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4904 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,3438303833235677297,5471326324201291188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,3438303833235677297,5471326324201291188,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1880,3438303833235677297,5471326324201291188,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5312 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,3438303833235677297,5471326324201291188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1644 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1880,3438303833235677297,5471326324201291188,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6064 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1880,3438303833235677297,5471326324201291188,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5904 /prefetch:8
C:\Users\Admin\Downloads\Lokibot.exe
"C:\Users\Admin\Downloads\Lokibot.exe"
C:\Users\Admin\Downloads\Lokibot.exe
"C:\Users\Admin\Downloads\Lokibot.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,3438303833235677297,5471326324201291188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6240 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1880,3438303833235677297,5471326324201291188,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6572 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1880,3438303833235677297,5471326324201291188,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6488 /prefetch:8
C:\Users\Admin\Downloads\FreeYoutubeDownloader.exe
"C:\Users\Admin\Downloads\FreeYoutubeDownloader.exe"
C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe
"C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,3438303833235677297,5471326324201291188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1880,3438303833235677297,5471326324201291188,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5828 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1880,3438303833235677297,5471326324201291188,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6388 /prefetch:8
C:\Users\Admin\Downloads\Gas.exe
"C:\Users\Admin\Downloads\Gas.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1880,3438303833235677297,5471326324201291188,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4824 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,3438303833235677297,5471326324201291188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6680 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1880,3438303833235677297,5471326324201291188,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6536 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1880,3438303833235677297,5471326324201291188,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5172 /prefetch:8
C:\Users\Admin\Downloads\Gas.exe
"C:\Users\Admin\Downloads\Gas.exe"
C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,3438303833235677297,5471326324201291188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6600 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1880,3438303833235677297,5471326324201291188,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6488 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1880,3438303833235677297,5471326324201291188,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6776 /prefetch:8
C:\Users\Admin\Downloads\LoveYou.exe
"C:\Users\Admin\Downloads\LoveYou.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,3438303833235677297,5471326324201291188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2976 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1880,3438303833235677297,5471326324201291188,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2292 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,3438303833235677297,5471326324201291188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6160 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1880,3438303833235677297,5471326324201291188,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2912 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1880,3438303833235677297,5471326324201291188,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6864 /prefetch:8
C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe
"C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1880,3438303833235677297,5471326324201291188,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6272 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,3438303833235677297,5471326324201291188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4828 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1880,3438303833235677297,5471326324201291188,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5136 /prefetch:8
C:\Users\Admin\Downloads\LoveYou.exe
"C:\Users\Admin\Downloads\LoveYou.exe"
C:\Users\Admin\Downloads\TaskILL.exe
"C:\Users\Admin\Downloads\TaskILL.exe"
C:\Users\Admin\Downloads\Whiter.a.exe
"C:\Users\Admin\Downloads\Whiter.a.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,3438303833235677297,5471326324201291188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6744 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1880,3438303833235677297,5471326324201291188,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4936 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,3438303833235677297,5471326324201291188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1524 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1880,3438303833235677297,5471326324201291188,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6372 /prefetch:8
C:\Users\Admin\Downloads\PCToaster.exe
"C:\Users\Admin\Downloads\PCToaster.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://java.com/download
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffbec733cb8,0x7ffbec733cc8,0x7ffbec733cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,3438303833235677297,5471326324201291188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6496 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,3438303833235677297,5471326324201291188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2812 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,3438303833235677297,5471326324201291188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6652 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,3438303833235677297,5471326324201291188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6828 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,3438303833235677297,5471326324201291188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,3438303833235677297,5471326324201291188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:1
C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe
"C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 5152 -ip 5152
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5152 -s 864
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 356 -p 3064 -ip 3064
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 600
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,3438303833235677297,5471326324201291188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6928 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,3438303833235677297,5471326324201291188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1844 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,3438303833235677297,5471326324201291188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,3438303833235677297,5471326324201291188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,3438303833235677297,5471326324201291188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,3438303833235677297,5471326324201291188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6272 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,3438303833235677297,5471326324201291188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,3438303833235677297,5471326324201291188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6588 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,3438303833235677297,5471326324201291188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6884 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,3438303833235677297,5471326324201291188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,3438303833235677297,5471326324201291188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,3438303833235677297,5471326324201291188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,3438303833235677297,5471326324201291188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6872 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,3438303833235677297,5471326324201291188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,3438303833235677297,5471326324201291188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6296 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,3438303833235677297,5471326324201291188,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2800 /prefetch:1
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 140.82.113.21:443 | collector.github.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 18.208.156.248:80 | blesblochem.com | tcp |
| US | 18.208.156.248:80 | blesblochem.com | tcp |
| US | 18.208.156.248:80 | blesblochem.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 18.208.156.248:80 | blesblochem.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 18.208.156.248:80 | blesblochem.com | tcp |
| US | 18.208.156.248:80 | blesblochem.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 88.221.135.48:80 | java.com | tcp |
| GB | 88.221.135.48:80 | java.com | tcp |
| GB | 88.221.135.48:80 | java.com | tcp |
| GB | 88.221.135.48:443 | java.com | tcp |
| US | 8.8.8.8:53 | static.ocecdn.oraclecloud.com | udp |
| GB | 95.101.143.193:443 | c.oracleinfinity.io | tcp |
| GB | 95.100.246.138:443 | www.oracle.com | tcp |
| GB | 147.154.230.206:443 | dc.oracleinfinity.io | tcp |
| GB | 2.22.132.94:443 | static.ocecdn.oraclecloud.com | tcp |
| GB | 95.100.244.132:443 | s.go-mpulse.net | tcp |
| GB | 95.100.246.138:443 | www.oracle.com | tcp |
| GB | 95.100.246.138:443 | www.oracle.com | tcp |
| GB | 95.101.143.193:443 | c.oracleinfinity.io | tcp |
| US | 8.8.8.8:53 | 132.244.100.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | consent.trustarc.com | udp |
| GB | 18.165.242.40:443 | consent.trustarc.com | tcp |
| GB | 18.165.242.40:443 | consent.trustarc.com | tcp |
| GB | 18.165.227.97:443 | consent-pref.trustarc.com | tcp |
| GB | 18.244.179.88:443 | consent-st.trustarc.com | tcp |
| GB | 2.22.96.153:443 | javadl.oracle.com | tcp |
| GB | 2.22.96.153:443 | javadl.oracle.com | tcp |
| GB | 95.100.244.78:443 | sdlc-esd.oracle.com | tcp |
| US | 18.208.156.248:80 | blesblochem.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 18.208.156.248:80 | blesblochem.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 104.86.110.121:443 | tcp | |
| GB | 104.86.110.121:443 | tcp | |
| GB | 88.221.135.33:443 | r.bing.com | tcp |
| GB | 88.221.135.33:443 | r.bing.com | tcp |
| GB | 88.221.135.33:443 | r.bing.com | tcp |
| GB | 88.221.135.33:443 | r.bing.com | tcp |
| GB | 88.221.135.33:443 | r.bing.com | tcp |
| GB | 88.221.135.33:443 | r.bing.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 04aa3f476e468ef3c0866e8dedd8f6e4 |
| SHA1 | 1e9fa8fd586c03447a4c5b4cee261900e9f464ae |
| SHA256 | 87b74207d65f6745b38a19dce13336ee839fb4d7929fce446c3d1177aa80c42a |
| SHA512 | 7d860bbe9c847ea0b60f210860d865f1e936aa2210a6f9aa87e9fd72f992a022ecb9a1827212eb9b97dd7798540770f55c67362714d90d0bfd080ad1e5e7aaa8 |
\??\pipe\LOCAL\crashpad_784_JDTJXDHAGBEDXIFZ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | db1dacae9540e883ae83489b18cfc326 |
| SHA1 | ec3b68e635d8ce3bdafe258bca5187536d43065b |
| SHA256 | 3427a8a3b4868bd25a231ee8fe0ebada0b3474f2d8dc0fdd01a8931a8700a37f |
| SHA512 | 2e40df3bd1a045c69173f1a169b7080163de8f62a44d41d46c28f1643943657c532caa72f65b44a2175f976fdfd3d8328d989e011730aa851aecbcf02dde4a95 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 74d2b2cbd276faa1d14b3ab3ba0ad60a |
| SHA1 | 0d4c2884142afe66ace150abb8dde73f57eec1a2 |
| SHA256 | b46883dc089777b6376e1164238cf56f786e93705259007d28e82d8843c5e79e |
| SHA512 | 66ae676b57ac7c7c7abbb8e90c5a89863c82721ce0d0f4f211776b41df72f7651bf1b0c6f0b9a17615e546854afdd8534b72a9116e258d5c3f6cf87ecda15e5f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 89289af085bc2d8e502db32cb34d89bb |
| SHA1 | 99f2906b7f1117846dae29a8af364b320928bacf |
| SHA256 | 945d70e2e6a26f0c8b3c369ff68bd0a8265ddb5046c7ef0fb5e97de882f7a6df |
| SHA512 | 8531697d9572b896147c822f9a5381809179d30be10bb447eff6184d120853995e10309f9678eadb7db20fc9ba420073d4cbf1059582c80da685a7d2f34920f0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ea7a490bab339c476e4cf9a500ee0977 |
| SHA1 | b56438612bac1907d90c6be20ec7e8e51160924a |
| SHA256 | 4c791df7effa575d4727544f702f00b49b035a2e86fde4feec72b833223da4b0 |
| SHA512 | de9308063094e56c5f5d43474d860dc6f15980db2be1e2c4bd6515978a9ce9de7f3416d58661a0fae79915c91053802248894297e985ac9d39bb47d533149903 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | a34680f8b1266e2832acacdd5974cb48 |
| SHA1 | 8ed0a05cd9bb03b4990ba77cc79662cacb1e9700 |
| SHA256 | cebd372ccf5372c18ce3b746cd8dff2d0e01ec59542d1b3079887f9a8d1d1c21 |
| SHA512 | 6e4739b7489525c9979dd92f7c480d9574b4215aa92f65edee6e5db9aaf555d9c0ba578d6b6ad92c839648060157967e97a16fdb9d66ce173db6f7c82dd8562d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 70e096cbe91485f3bd9e9fea6b92926d |
| SHA1 | 4768ad19391b79720083f4aae098ce655de4e011 |
| SHA256 | 4deba3032aeb06cc8e4626acdcf75ad8d4e2f9b72425b3c6822a3f58780be7c0 |
| SHA512 | 97e15ed22d6e8fcc392afa7b3665efa2ecce959de48edb0c28e3b09b1bb9a87d4ba5efc2f1463e70c2900aee90bbfc03cc09c9cef5c46c74c7d981de99601c41 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f453.TMP
| MD5 | a28f56d8ea99d315e950d01c35dd6839 |
| SHA1 | d0cf50886ed7ad0e29b8e1b98ae17e99d807be2a |
| SHA256 | ecf8b0b9dc312e2efeedf500b2b3d668c24b68616d5d224e19f73607567b5309 |
| SHA512 | 14f9d8126995beb7476d32e1d627f783b03850107159b73237d218d89defda977bf761cfedcf839252f8bd097b664753cacf3c771d15bb21555aef6d024e99cb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 68ef1b3a1ad6084ca5d1019e207a0e96 |
| SHA1 | 011e84b2571ee32120c69e13e337feb8a229dea6 |
| SHA256 | d0c0deba0917eb005ed51f1a197bf230acac47cc128a489262cba9417e95c554 |
| SHA512 | c74cbec3750adc54bdacb85f5804a37a19eaedbab752ad67388fd69ce824027ae75e097795bb5a4f7b58034872ee6062519d71666cb987c43fe3866a1b02a8e1 |
C:\Users\Admin\Downloads\Unconfirmed 201080.crdownload
| MD5 | f52fbb02ac0666cae74fc389b1844e98 |
| SHA1 | f7721d590770e2076e64f148a4ba1241404996b8 |
| SHA256 | a885b1f5377c2a1cead4e2d7261fab6199f83610ffdd35d20c653d52279d4683 |
| SHA512 | 78b4bf4d048bda5e4e109d4dd9dafaa250eac1c5a3558c2faecf88ef0ee5dd4f2c82a791756e2f5aa42f7890efcc0c420156308689a27e0ad9fb90156b8dc1c0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2bd2bb655e761ef39433901806721744 |
| SHA1 | 9f1e6cfb3e9582201af5fcadd240cf9003747ca6 |
| SHA256 | ac1a83d0e4e3844919feea62b959622a635d91628cd81383e8c3abb0ddfef180 |
| SHA512 | 804029213b4f8a0d92ea20b46d703d6c03650bfb45486d97e4acfd5ef37434b27fa07f13bac0c56efa95cac4a0ff8feec0a1e98c822979e68bb91c2e822aa0fa |
C:\Users\Admin\Downloads\Lokibot.exe:Zone.Identifier
| MD5 | fbccf14d504b7b2dbcb5a5bda75bd93b |
| SHA1 | d59fc84cdd5217c6cf74785703655f78da6b582b |
| SHA256 | eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913 |
| SHA512 | aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 90fa385e3ee294264b0e1c204e7b34ee |
| SHA1 | e8b11decb0459a3dcbc152b21dd7e85156fc207e |
| SHA256 | 84423dddce39c10c2d4aa7aebc2baa67083078bcc3f3a95f38e0ad1ce19eb336 |
| SHA512 | af117944968499b1849fcd6102c6484efab415746e589e4d9048fe5e5386a4cec64c6b07d7769e0891fa02526ce86227201d4b40a2fbccf7995c90645e5ea87c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 560277c1f1e7d9ed0ab0af26b3b2b31f |
| SHA1 | 6c061c3d1173cfc7c79d4bac032c17267f0a7bae |
| SHA256 | ddf5c4354074c16395e2731a6cb7c225236275bd5ee358f3a5e362df057a08f6 |
| SHA512 | d6b797377a5f604a0f0548931cd75a15e328f04033aa26f8f0e1346d0453b607bf7fdb6c0f9eca7435cbd663fc898cb3a355fc1c2b3f2bbb97aad203845d6220 |
memory/2156-313-0x0000000000950000-0x00000000009A2000-memory.dmp
memory/2156-314-0x0000000002CC0000-0x0000000002CD4000-memory.dmp
memory/2156-315-0x0000000005A30000-0x0000000005FD6000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1d3e88e0f7105bb7862d48b7999175be |
| SHA1 | 5ba0dde1ff61651f313e52f67a0e2d85b3a6e8fd |
| SHA256 | c5f08036f9215f06413dfddc4ce7834338a8444b0803e90eb82064dba0776f23 |
| SHA512 | 9d72a3018bb75efd9df88c8a646c7a291377d833b25244266f668acba21943f76511427283982c5044772baee30f0481a17b02553ec25529cdc55b360202b34e |
memory/2156-336-0x00000000055B0000-0x00000000055B8000-memory.dmp
memory/2156-337-0x00000000061C0000-0x0000000006252000-memory.dmp
memory/2156-338-0x0000000006290000-0x0000000006298000-memory.dmp
memory/2156-339-0x0000000006650000-0x0000000006694000-memory.dmp
memory/2156-346-0x0000000006620000-0x0000000006642000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 54fee8d38f2e5ec846ff8ee0d3b5b786 |
| SHA1 | a2deceb1968a9df221efdc110069fefd57f8cee9 |
| SHA256 | 85df410b7ceb7aa1f5528682cd4a9839fb688d5cf626aa8e55cea9a86c13919f |
| SHA512 | 4e1c93157619bf869aa7d1397bffff288cbdb682dbfba619066b814e95c1af0e5b8a4ef59d071dac85d825074c3818523aab1c184a8441c9239d1f0f31e95c24 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0e3742b9f33dc03857129b173f32c03b |
| SHA1 | 81f7e45cf3619ad3057cca7104af8243b289759a |
| SHA256 | f6294aacb532b10183b2b82cf6fcbf142363775c91b0d150ac4d367ee8134f22 |
| SHA512 | 7921ff0dcb6aa648213abc530e21ea03de07d23c97264bfa3792dc759c23842b1722c8092656dc3d30d879899be86dec4385e9c3f5bd52e02038369bc9a39ca1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 8d2e35ef5e680209262a2ac011f22a63 |
| SHA1 | 3da604fe13d647f45c5236949de0a1cc3d3006dc |
| SHA256 | 9a51cbfc34a99cd5e8540827f9796364cbf35b01e6b535b7e06e51bd9778dcd8 |
| SHA512 | 4eb414626c9fd3c013cf1dc2cc3303d25002505f97eb1f1f1420653277333b96710946b9b9bfde5dc3889b2259df5259fc23e23df29dbfd5df94c51b41fe8aa1 |
C:\Users\Admin\Downloads\Unconfirmed 70781.crdownload
| MD5 | 13f4b868603cf0dd6c32702d1bd858c9 |
| SHA1 | a595ab75e134f5616679be5f11deefdfaae1de15 |
| SHA256 | cae57a60c4d269cd1ca43ef143aedb8bfc4c09a7e4a689544883d05ce89406e7 |
| SHA512 | e0d7a81c9cdd15a4ef7c8a9492fffb2c520b28cebc54a139e1bffa5c523cf17dfb9ffe57188cf8843d74479df402306f4f0ce9fc09d87c7cca92aea287e5ff24 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 14754c476dca14170f600f75f49cf386 |
| SHA1 | e5916d39949c71572709d289c0e10f2393a07736 |
| SHA256 | ce09b715237208d81608ab1b500f669c879a4cf61e17ac3fc58e40112149be58 |
| SHA512 | 4b6c232ebcfbb97faa4189ba28ab0c33543ac98aabe052d778a54d2ac1f3838a7a35ec14be2d9f60338709e20d43cedcd4e99331d5903333e032f0c9024a7904 |
C:\Users\Admin\Downloads\FreeYoutubeDownloader.exe:Zone.Identifier
| MD5 | 0f98a5550abe0fb880568b1480c96a1c |
| SHA1 | d2ce9f7057b201d31f79f3aee2225d89f36be07d |
| SHA256 | 2dfb5f4b33e4cf8237b732c02b1f2b1192ffe4b83114bcf821f489bbf48c6aa1 |
| SHA512 | dbc1150d831950684ab37407defac0177b7583da0fe13ee8f8eeb65e8b05d23b357722246888189b4681b97507a4262ece96a1c458c4427a9a41d8ea8d11a2f6 |
memory/2260-413-0x0000000000400000-0x00000000004A2000-memory.dmp
memory/2260-417-0x0000000000400000-0x00000000004A2000-memory.dmp
C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe
| MD5 | f33a4e991a11baf336a2324f700d874d |
| SHA1 | 9da1891a164f2fc0a88d0de1ba397585b455b0f4 |
| SHA256 | a87524035509ff7aa277788e1a9485618665b7da35044d70c41ec0f118f3dfd7 |
| SHA512 | edf066968f31451e21c7c21d3f54b03fd5827a8526940c1e449aad7f99624577cbc6432deba49bb86e96ac275f5900dcef8d7623855eb3c808e084601ee1df20 |
memory/3224-450-0x0000000000400000-0x000000000043C000-memory.dmp
memory/552-451-0x000001E362DB0000-0x000001E362DDE000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3761892313-3378554128-2287991803-1000\0f5007522459c86e95ffcc62f32308f1_1a4dc33f-c784-4d28-8db2-389663d94aeb
| MD5 | c07225d4e7d01d31042965f048728a0a |
| SHA1 | 69d70b340fd9f44c89adb9a2278df84faa9906b7 |
| SHA256 | 8c136c7ae08020ad16fd1928e36ad335ddef8b85906d66b712fff049aa57dc9a |
| SHA512 | 23d3cea738e1abf561320847c39dadc8b5794d7bd8761b0457956f827a17ad2556118b909a3e6929db79980ccf156a6f58ac823cf88329e62417d2807b34b64b |
C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3761892313-3378554128-2287991803-1000\0f5007522459c86e95ffcc62f32308f1_1a4dc33f-c784-4d28-8db2-389663d94aeb
| MD5 | d898504a722bff1524134c6ab6a5eaa5 |
| SHA1 | e0fdc90c2ca2a0219c99d2758e68c18875a3e11e |
| SHA256 | 878f32f76b159494f5a39f9321616c6068cdb82e88df89bcc739bbc1ea78e1f9 |
| SHA512 | 26a4398bffb0c0aef9a6ec53cd3367a2d0abf2f70097f711bbbf1e9e32fd9f1a72121691bb6a39eeb55d596edd527934e541b4defb3b1426b1d1a6429804dc61 |
memory/2260-469-0x0000000000400000-0x00000000004A2000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e95bba89e63ad42fc3cd596e7e39811e |
| SHA1 | a453298a5ab4b5bd179426386113f4a868e49425 |
| SHA256 | 62ceedbe7dab140cbae79f0ede75b283b53c464fadd8ea33894c0f871a0094ef |
| SHA512 | 01f70b835135e6729287b19de4e1be05031bfaf90c3b9f0fa2fcc1a41acb136a16be109d2dceb579134049a6216093484eb438a6d676fda85be5978b523ff6fe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 94f768ec0cdd50df59d5554eefeda4cb |
| SHA1 | 3594281e96c51dabec448e3c49663e3c7c213029 |
| SHA256 | bb1a61f6429c5dfc6caa7b0eaf7c85bbff7c89eb368079e428cf30eb7b0b7cc0 |
| SHA512 | c20515cdd0e6a47b4cacff784801296e72a0dd797c4edf2f8ec9e51d2107248f43d04d1f17802adab1b11cc05aeff67b60becd3ce731acc0f8ea922c63546047 |
C:\Users\Admin\Downloads\Unconfirmed 756224.crdownload
| MD5 | e7af185503236e623705368a443a17d9 |
| SHA1 | 863084d6e7f3ed1ba6cc43f0746445b9ad218474 |
| SHA256 | da3f40b66cc657ea33dbf547eb05d8d4fb5fb5cf753689d0222039a3292c937a |
| SHA512 | 8db51d9029dfb0a1a112899ca1f1dacfd37ae9dec4d07594900c5725bc0f60212ab69395f560b30b20f6e1dffba84d585ef5ae2b43f77c3d5373fe481a8b8fc3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | c8cbd9765df476fd545b7dde187d2d13 |
| SHA1 | c11656bfc705c01b81692088a10db9e69b0c10c8 |
| SHA256 | eda761185f72fe6a77d052b20af7493258a1d65c2b45f2b8a16ead084a37ae6f |
| SHA512 | a7d157642cf9461ecb44f273704cd5ac32e46c0a34671e3c9a8db5983653e8668859e45115959cb67469dce94605aa1a6fafec5e8a8bfd56133c0df2c12b1207 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2182025fff3502139744206cd9734c20 |
| SHA1 | 27f390220fc21024b9374a6fd6131ac1605e298c |
| SHA256 | d34508af19047796edbc9e9684616f2d1e806cf04b4cf047a841ec831101c2f7 |
| SHA512 | 731155a68384cedfab6d36e56c4fb8a87a2d8a115b7ed7047e8c03d48baaef3722823f3aaebf7a806f38d39600a29de8d60b9c5d8a10740be7e4831ef601d733 |
C:\Users\Admin\Downloads\MEMZ.exe
| MD5 | 19dbec50735b5f2a72d4199c4e184960 |
| SHA1 | 6fed7732f7cb6f59743795b2ab154a3676f4c822 |
| SHA256 | a3d5715a81f2fbeb5f76c88c9c21eeee87142909716472f911ff6950c790c24d |
| SHA512 | aa8a6bbb1ec516d5d5acf8be6863a4c6c5d754cee12b3d374c3a6acb393376806edc422f0ffb661c210e5b9485da88521e4a0956a4b7b08a5467cfaacd90591d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 0d79f497eb878ee1e55f5c9c41fc4ac6 |
| SHA1 | e1cfe8493b7da6e79fb7183bb0be95c9d7a6eb58 |
| SHA256 | 4810cb3e9dae145b64a316d9019b688aecc01303979d0178ea29a893e4aae38e |
| SHA512 | 58eb7f0f1c99c586e985af29f44d1b6e660bb675a166be53cf79e78436001a78a2cab3c54d5377f4cb77dc9b508d8ef8687f526332ceeba68bb3e91e82fa6b75 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 3fd1d6852344393911ff4ef508d9c06f |
| SHA1 | e1238b2dfd12ae7595421079356035e11c757be0 |
| SHA256 | 8df153bce790883c1292101c3fa019953666f965d7cbfd7558419d9a84b062c5 |
| SHA512 | f27e966f40f220bcfb13c599f5f0af972d417064a60cf55eff4993ee7153b44770d29298570be833f6e74f72b8df5b0f5ecb7a82250d6a5cb1e53e7375f8036e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8ceecdab7d03cd353f8b880b6275182b |
| SHA1 | 45acfdc1e5c24751e4cd99315585fe5b34cc309e |
| SHA256 | 900a5056dd935990f90da941afec34fe0cbf83416293dc152f7377573ac76273 |
| SHA512 | b572e748cb429c53e51e87ddced1064fe8d9785b8b1c753cc14d414eb317fceb487db6f89f62272036ee7393b9f0f14caea89b422250abf41790875853301ca6 |
memory/2260-600-0x0000000000400000-0x00000000004A2000-memory.dmp
C:\Users\Admin\Downloads\Unconfirmed 616087.crdownload
| MD5 | 31420227141ade98a5a5228bf8e6a97d |
| SHA1 | 19329845635ebbc5c4026e111650d3ef42ab05ac |
| SHA256 | 1edc8771e2a1a70023fc9ddeb5a6bc950380224b75e8306eb70da8eb80cb5b71 |
| SHA512 | cbb18a6667b377eb68395cfd8df52b7d93c4554c3b5ab32c70e73b86e3dedb7949122fe8eea9530cd53944b45a1b699380bf1e9e5254af04d8409c594a52c0e7 |
C:\Users\Admin\Downloads\Unconfirmed 616087.crdownload:SmartScreen
| MD5 | 4047530ecbc0170039e76fe1657bdb01 |
| SHA1 | 32db7d5e662ebccdd1d71de285f907e3a1c68ac5 |
| SHA256 | 82254025d1b98d60044d3aeb7c56eed7c61c07c3e30534d6e05dab9d6c326750 |
| SHA512 | 8f002af3f4ed2b3dfb4ed8273318d160152da50ee4842c9f5d9915f50a3e643952494699c4258e6af993dc6e1695d0dc3db6d23f4d93c26b0bc6a20f4b4f336e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 57863c6d8b99d5af9918a1e8b8a6c47e |
| SHA1 | fec3c4a2067869227096f23868c757d4d9def362 |
| SHA256 | 02e1d58a74e7854984f7808e49627797437f37c8aa1cfb884aeabb474b90e397 |
| SHA512 | edca426827dff8f8d8e7ba5e480a75dab4c1b6c638b351d1541f6e42a749f2b90da7831afa49cbe97b79d2243d936fbbeff41e92fba664675589489b6111aefa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3286fc60cb973015a5224eb9dd908406 |
| SHA1 | 61660b5377677519fe6e23b346f036a721401312 |
| SHA256 | c8a7f86abadfcd7b254522bfc80e2ad865b6030326627f5fd8513b3fc9c1498e |
| SHA512 | 303f1765b7469852be98f45e5de1e9386c623d4682bd048f01817391873b0208bca85ce64cfde69afcbc3d45a55de4ea3a2ec84698e55cb1ee1a7b66104ea1ec |
C:\Users\Admin\Downloads\Unconfirmed 582823.crdownload
| MD5 | c261c6e3332d0d515c910bbf3b93aab3 |
| SHA1 | ff730b6b2726240df4b2f0db96c424c464c65c17 |
| SHA256 | 4663715548c70eec7e9cbf272171493d47a75d2652e38cca870412ea9e749fe9 |
| SHA512 | a93bd7b1d809493917e0999d4030cb53ab7789c65f6b87e1bbac27bd8b3ad2aeb92dec0a69369c04541f5572a78f04d8dfba900624cf5bd82d7558f24d0a8e26 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 3e507714d7a8b2cb197b7bfc4cc394d8 |
| SHA1 | 924748f5a7cc01e9125495acc3e1822a38d8aa0d |
| SHA256 | 9298abfa1c9a3cb3efc278df871e498fc71261f996618769c631098214094746 |
| SHA512 | 3daef6a7122ce351de1fea0eed592a545493cdf95d977daf3dd678cb6b3a753f25f4783b5e95512883607b22e9115e6969b6d06f903c964723e6dcf30a4c5bac |
C:\Users\Admin\Downloads\Unconfirmed 621811.crdownload
| MD5 | 799b57227561238a7d7a284c5568c1ad |
| SHA1 | f62ddd138ab15b67a2207438b38414fd236d5278 |
| SHA256 | fe974c995cfb27e8c91123081986847f6d3d4252b6a8d1e1385c558f2aeb7057 |
| SHA512 | 2a6de3d751f9b74227bfd7069b989175ebd81548af6e1f4bf87f63cf9e0a69ec6cbbac5b837dd80e7effdf7f648c2c768124257d347f1a0d394a0dd9a5552f12 |
C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe
| MD5 | 1bb4dd43a8aebc8f3b53acd05e31d5b5 |
| SHA1 | 54cd1a4a505b301df636903b2293d995d560887e |
| SHA256 | a2380a5f503bc6f5fcfd4c72e5b807df0740a60a298e8686bf6454f92e5d3c02 |
| SHA512 | 94c70d592e806bb426760f61122b8321e8dc5cff7f793d51f9d5650821c502c43096f41d3e61207ca6989df5bfdbff57bc23328de16e99dd56e85efc90affdce |
memory/3416-716-0x0000000000900000-0x0000000000974000-memory.dmp
memory/3416-717-0x0000000005490000-0x000000000549A000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 445a540120b5d5c8ecc46e10f12dc8c2 |
| SHA1 | f29a70f2c9288ba261ca03c8525f1726f8c253cc |
| SHA256 | 45a26cad036fb0a5307227917c077e447715c0c643e45eb0dc545d93229c5a80 |
| SHA512 | aeb9fa4d4de6879afdc7f289284fc5ea53a9dcf583386a9d80324bc4f9b43122e3ccf5504b9b10acfc035c8b1d8302751dce1c334bcf3eb1a31296300b7415be |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6432368329d776871a1502f87f6e3acc |
| SHA1 | 3f373c1f413b51d3b53c7b2d8246bd992790e06b |
| SHA256 | 07f67ae497d5ceb013ac72c37c8225c4bf1d2f23c97a052827c82394c0d8d2ec |
| SHA512 | 73d71ebfcd4b09c20297ce50c8b667147e622a022f6bed4ab762f30c8101ec69b95d0e37f5c3d2f1586f503e29bd578c04ffd11920f164ca94f6ae55d8aeeb97 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | d5e07653bded3bd1c2656ef0bede1214 |
| SHA1 | 479646251a97461a927dcc146f7819309e184eb0 |
| SHA256 | a2facca29eed26065928f299a949a5f762ecc190e29b7d8694e0f3fc63b12e29 |
| SHA512 | 2d205f41864a451c4dfbcfa03915f55079cf1f4d5d5cc6786cdd96ecad166b68b8b3646ed7aee15b8795f7c95a4bc50d5f3bb1e3d37048d5b7ce7d8a36315406 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 7b04af7fab64abc25495149b103cf440 |
| SHA1 | fb10577e0cb3f890f8744e958217d8cd6a8aa81d |
| SHA256 | d773b0e0a71cbdc09cd9a8762b00281c72902598349734e2f3e5f01dd9d589bc |
| SHA512 | f072f8bb01803c5d382dafc29e800caa666571de45095b6bdb5d9b69b159aa00214c262a18af8a84eee28b5b71d135eddd98e3c70dffeaa27c384e6acff9a28a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8797c0b7f0581dacec5b2cc85544ea7b |
| SHA1 | 40101b98522ea9b383cba71a4a947ffafb1279cb |
| SHA256 | 9e0e658972d9c3fa1d76b9d18b7a2e5babaa158143194d6e17c790c2785dd1fa |
| SHA512 | 4c3c515af920a8995b0a4e9a04f20953d00ba677985272cecd6e3696c3812f29b2fb0b2f9f2dfe816ea1a0ef1694c6220748d5b8234b288747ba904cd04c463e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 088b27a66eb59ff9e3fa4806021e5c6e |
| SHA1 | 1a479977615a5c5527e64ab254be9b96ba5185d9 |
| SHA256 | 25cd5f03e2de728bff161be736dcfc5264d4995d5f5ed7ba0fc6105de031d3cf |
| SHA512 | 4e8ee03d2facfab3714e2743bc832e5b15e34c95def38f044d6c8047a903bdc3aad9b1911178345a409bcb81c3fd9039c84894c00b5d1f862aca8b5fb8b0394d |
memory/4276-810-0x00000000007F0000-0x00000000007FE000-memory.dmp
C:\wxp
| MD5 | 3d2160fe4bcdc7b6c8686fec1e63a291 |
| SHA1 | 8b979d773a5ee770824c2c6d19ebd3b233e5c1a6 |
| SHA256 | 10d6ee17b9c86468fbb9a04d819eafdd88f87e81264ef215ec62b1194a024533 |
| SHA512 | fcbb81d44ff241f8cf0d81bc06e2d1641ea3f55c6d21f119590775a7734c80e9c6ab56a34d598d8c197b931d4cd3188010c4a5e36ad229ebe14c714cf4047c8f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 15b8eb4e94699280b31fedf6b9a153bc |
| SHA1 | 2581680ba592db6f58e37a3bd3163d562cfabcd6 |
| SHA256 | f7b33fd3bddca03022a8eaf6f195b66c9cfddf4bb0ba6916023d994b819081ce |
| SHA512 | 109520a26697f3c21c02049145f7285a698ecbecc1b5155e4605cde4919c5c9b0f3717d8def8c4e2578a00a1924ce4c882caf913d9f9938af7462285cdbf41e8 |
C:\Users\Admin\Downloads\Unconfirmed 45735.crdownload
| MD5 | 04251a49a240dbf60975ac262fc6aeb7 |
| SHA1 | e211ca63af2ab85ffab1e5fbbdf28a4ef8f77de0 |
| SHA256 | 85a58aa96dccd94316a34608ba996656a22c8158d5156b6e454d9d69e6ff38c3 |
| SHA512 | 3422a231e1dadb68d3567a99d46791392ecf5883fd3bbc2cae19a595364dac46e4b2712db70b61b488937d906413d39411554034ffd3058389700a93c17568d2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | eac35b6639b9dbbb6ee719180bb08b96 |
| SHA1 | 7beae34650d84a6cd5797ece433ba8c64f4e55ac |
| SHA256 | 422f200a9338bee009d4dc0ee5992cb20eccce51571e3b95d243399c6ee4209f |
| SHA512 | 90d1aaa662d7cbdfedecd29f1e921dcbd1cd7cf3f5d5b845f107b39ab35f2fc222480a735c5957c43cfef7fb20d5b6dad4029b1a662b8c63d6d00aa97db67747 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b01fa2f79a33b02090692b2260cb3f06 |
| SHA1 | 5df70eb0031738324b2a35a761a213679415a96c |
| SHA256 | a77c2fc518f9584cbb9e0c19ce81c9c455dc4baa5acbf3fc9ebafe0b04e97750 |
| SHA512 | 1cc88c74d1c9872f893578fefaef336287201c9a016d350ea300289c79c9541ff05a2b4d15911f9838fe143f467030753115f305cfa58014334bd0bb842573f2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 2dc6bf9f02dc70aba32427195681b0af |
| SHA1 | 9c55ea8c03544b08fed8bebcffed5f17dd2df2ec |
| SHA256 | 4a11fc17eaece926e3da909b1ad9a42369ac66023e0a0fe53c4cb872fb4a6f50 |
| SHA512 | 659427772de7b658119d1bd43939ba74fd250d8ac6b483932653e8245f61b38fd0faaa81202d019b459aad1da96af8f330d85e20c1bb5eb530ee8a2de565ee5d |
memory/3692-37322-0x0000000000400000-0x000000000046E000-memory.dmp
memory/5152-82815-0x00000000053D0000-0x000000000593C000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 1fedabaa038552f159f6e64d4e5a04ea |
| SHA1 | 73d3a815a26c3b3cca3d81298809700e83acaa98 |
| SHA256 | e05d6c0ad729ac3be82fd6132790cc62c7e9b874a1bb0334d5c48e96df7d6ac1 |
| SHA512 | 554a5758467afe7e00f73a2f804cc308962b52795a73627c2eb7a34d9607dac1d12a5d495f8b7ac08ba205ffb47aca789e8c0198915f856617091c4c8f1af53d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5cbc24.TMP
| MD5 | fd82352025c832e2a697520438cb41fe |
| SHA1 | c5bf8634ee766702ce12319de9e6c812cf044531 |
| SHA256 | 1d78a2da1e43ea755d254726e7acd062a461f37641806f719a392e91c6489abf |
| SHA512 | f842799885742c6d1e06835f7def57bb1397031256457bdda37d8c15150079952421c07d21645ea79c6d2283fbf015d692b66d9fc14bb28ee8aec193d2608b31 |
C:\Users\Admin\Downloads\Unconfirmed 179067.crdownload
| MD5 | 20fa439e1f64c8234d21c4bc102d25f8 |
| SHA1 | ba6fc1d9ba968c8328a567db74ef03eee9da97d8 |
| SHA256 | 2f10f1384f3513f573a88e1771c740a973a5a304387e23aa4bf310794532fa8e |
| SHA512 | 19e9d62a852293ffa99a412ba8fa5dd0336a7753af4975e06cd53c02ee6f0058485160f8f8a64a8bca19d88eb426a4a2785885c02a494f33f2b6e383204a7f39 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 50befc5d426ea6757b3d0fd60ee95bac |
| SHA1 | ebc167afa2b6f58ed010120a23b2bddd7dd9b67d |
| SHA256 | e8922f6a4ef82a32420e0b8df1054f4ef00c6c285a1349d3c27a8e99256a0f3f |
| SHA512 | e79e72f1024369971e88c40e43d2897762ab78ea366948ca876ca8c78e14a90f508f724a03f3b35dbb33fbba7942f02395a8721f30a936912afaa66a0289ae18 |
C:\Users\Admin\Downloads\Unconfirmed 469908.crdownload
| MD5 | 7ad8c84dea7bd1e9cbb888734db28961 |
| SHA1 | 58e047c7abecdd31d4e3c937b0ee89c98ab06c6a |
| SHA256 | a4b6e53453d1874a6f78f0d7aa14dfafba778062f4b85b42b4c1001e1fc17095 |
| SHA512 | d34b087f7c6dd224e9bfe7a24364f878fc55c5368ce7395349ca063a7fd9ac555baed8431bfa13c331d7e58108b34e0f9d84482ce2e133f623dd086f14345adb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 229c70a6f82510b5f37c67db2375f1df |
| SHA1 | 07ea090d105abc2cdfbfbdb5d3e89b12409496a2 |
| SHA256 | be9abfc0c05525f04b6c211737f35df3090d6831550557391887549f307a387c |
| SHA512 | 60217e71efbbd333c929a7d7a9b2255e0d8a63b57b9691701d04ac1d7891044c67fcd57d68e044371d5d40bcbe2214ad4e1aec300dd33a9a97664f9dc0ef7069 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | fd2eb735ba789d48750bc06b7ab73591 |
| SHA1 | ad38eb08a4b13bbf7c78e9dbe5648e0b3b9b30c1 |
| SHA256 | 1146f7a857cafecabc9a960bb09653a161d5d7c1ae0cabe60ad56efa79880886 |
| SHA512 | 7ba4f4d7a73854c7f311c5f993195f1c1653951c07025a608eec32bb0b1f86cfcdad71802a4d615dd745fa070bf1c6aa9efcda62b624d17ccfbbb5115e81fe85 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RFe5d9afa.TMP
| MD5 | d299d8269eda6335fa161325617c70d1 |
| SHA1 | 428688afa5d9ffafbc8c993a2e0f8347e6c88d08 |
| SHA256 | 59cfbf2f29fd7488132cdf34612338ea12ce78f09ef2ec75ced6ee252e402bc9 |
| SHA512 | fbbc94a2e8b0efb9cd5d00f2cf0760d618238346691b9f92780c1406c15c0ea467ad1d5f80c94cfbf02e9965912938e7f8605e269d43de6c53b51aabf0fd655f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | cf312b68f69d11f3d0f3262a7f3ed186 |
| SHA1 | 4ae0308f7d2a1d3881843465edbfd2297c802af7 |
| SHA256 | e5cb6c00e40d0a9344a87dee94ad643e00427672ae44743b383162dac0eed934 |
| SHA512 | 4f955a0ef6081c11192d9779578b72c9ec2076d6cf42229a899693691f9fccc781ba1e6e88e4ead45fb4117564b9c5ea4dd9f56fd04f099ad895f82d13eb60fc |
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
| MD5 | d12e797f18cb79137ad12b5e5139e1b8 |
| SHA1 | f15fb437b1be86b714e278ce927b315fa0e16ea3 |
| SHA256 | afb0f4a0229174f8118ab512b569fdb9eb3ebb0389cb11c9f4a0a2aa88ec258b |
| SHA512 | f6e8f99bcd0ecff7683c8e56fa2ffa3fdff16d6c17a2066b36bc3d78e2838130b5b23059a239b29a7ebdd0b5ca36b3f9cf388945bf1aad50a3f91cb8091223cd |
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SettingsCache.txt
| MD5 | 766f5efd9efca73b6dfd0fb3d648639f |
| SHA1 | 71928a29c3affb9715d92542ef4cf3472e7931fe |
| SHA256 | 9111e9a5093f97e15510bf3d3dc36fd4a736981215f79540454ce86893993fdc |
| SHA512 | 1d4bb423d9cc9037f6974a389ff304e5b9fbd4bfd013a09d4ceeff3fd2a87ad81fe84b2ee880023984978391daf11540f353d391f35a4236b241ccced13a3434 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 4b83cc435e1be6c4df0be1c82a1541e7 |
| SHA1 | 2e0be5c1212fdae6f088b7aa666c97efadd9166a |
| SHA256 | 6dcb2e57caf20af584a61561c9eb32adc6f04459a3961e0d3a0aa97ec114e443 |
| SHA512 | 6ef7bce836e9cea4b9164e180510aff61786d13e8ad693fc3e8b4650c9e381ba311c193a032632883869982d068791208cbd8562fe751627858b1e64fad3f1e5 |