Malware Analysis Report

2024-12-07 14:30

Sample ID 241014-jkfpgswgrn
Target https://github.com/pankoza2-pl/malwaredatabase-old
Tags
bootkit discovery evasion exploit persistence upx
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

Threat Level: Likely malicious

The file https://github.com/pankoza2-pl/malwaredatabase-old was found to be: Likely malicious.

Malicious Activity Summary

bootkit discovery evasion exploit persistence upx

Downloads MZ/PE file

Possible privilege escalation attempt

Disables Task Manager via registry modification

Modifies file permissions

Executes dropped EXE

Modifies boot configuration data using bcdedit

Legitimate hosting services abused for malware hosting/C2

Writes to the Master Boot Record (MBR)

Checks installed software on the system

UPX packed file

Drops file in Program Files directory

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Browser Information Discovery

Delays execution with timeout.exe

Suspicious use of SendNotifyMessage

Kills process with taskkill

Modifies registry class

Enumerates system info in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

NTFS ADS

Modifies registry key

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-14 07:43

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-14 07:43

Reported

2024-10-14 07:46

Platform

win10v2004-20241007-en

Max time kernel

142s

Max time network

140s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/pankoza2-pl/malwaredatabase-old

Signatures

Disables Task Manager via registry modification

evasion

Downloads MZ/PE file

Possible privilege escalation attempt

exploit
Description Indicator Process Target
N/A N/A C:\Windows\system32\takeown.exe N/A
N/A N/A C:\Windows\system32\icacls.exe N/A
N/A N/A C:\Windows\system32\icacls.exe N/A
N/A N/A C:\Windows\system32\takeown.exe N/A
N/A N/A C:\Windows\system32\icacls.exe N/A
N/A N/A C:\Windows\system32\icacls.exe N/A

Modifies file permissions

discovery
Description Indicator Process Target
N/A N/A C:\Windows\system32\takeown.exe N/A
N/A N/A C:\Windows\system32\icacls.exe N/A
N/A N/A C:\Windows\system32\icacls.exe N/A
N/A N/A C:\Windows\system32\takeown.exe N/A
N/A N/A C:\Windows\system32\icacls.exe N/A
N/A N/A C:\Windows\system32\icacls.exe N/A

Checks installed software on the system

discovery

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Modifies boot configuration data using bcdedit

Description Indicator Process Target
N/A N/A C:\Windows\system32\bcdedit.exe N/A

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\2FFF.tmp\TrashMBR.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Ethical Hacking Tools\trojangen.$$A C:\Users\Admin\Downloads\EthicalHackingTools Setup.exe N/A
File opened for modification C:\Program Files (x86)\Ethical Hacking Tools\Uninstal.exe C:\Users\Admin\Downloads\EthicalHackingTools Setup.exe N/A
File created C:\Program Files (x86)\Ethical Hacking Tools\ddostool.$$A C:\Users\Admin\Downloads\EthicalHackingTools Setup.exe N/A
File created C:\Program Files (x86)\Ethical Hacking Tools\EthicalHackingTools.$$A C:\Users\Admin\Downloads\EthicalHackingTools Setup.exe N/A
File created C:\Program Files (x86)\Ethical Hacking Tools\Form1.$$A C:\Users\Admin\Downloads\EthicalHackingTools Setup.exe N/A
File created C:\Program Files (x86)\Ethical Hacking Tools\mbrimage.$$A C:\Users\Admin\Downloads\EthicalHackingTools Setup.exe N/A
File created C:\Program Files (x86)\Ethical Hacking Tools\thematrix.$$A C:\Users\Admin\Downloads\EthicalHackingTools Setup.exe N/A
File created C:\Program Files (x86)\Ethical Hacking Tools\Uninstal.$$A C:\Users\Admin\Downloads\EthicalHackingTools Setup.exe N/A
File created C:\Program Files (x86)\Ethical Hacking Tools\mbrnote.$$A C:\Users\Admin\Downloads\EthicalHackingTools Setup.exe N/A
File created C:\Program Files (x86)\Ethical Hacking Tools\msgspammer.$$A C:\Users\Admin\Downloads\EthicalHackingTools Setup.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\EthicalHackingTools Setup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Temp1_ExtremeDeath (1).zip\ExtremeDeath.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2FFF.tmp\TrashMBR.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2FFF.tmp\MouseError.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2FFF.tmp\MouseWarning.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2FFF.tmp\MouseError.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2FFF.tmp\MouseWarning.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2FFF.tmp\MouseAppIcon.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2FFF.tmp\PlgBlt.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2FFF.tmp\MouseAppIcon.exe N/A

Delays execution with timeout.exe

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\timeout.exe N/A
N/A N/A C:\Windows\system32\timeout.exe N/A
N/A N/A C:\Windows\system32\timeout.exe N/A
N/A N/A C:\Windows\system32\timeout.exe N/A
N/A N/A C:\Windows\system32\timeout.exe N/A
N/A N/A C:\Windows\system32\timeout.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry key

Description Indicator Process Target
N/A N/A C:\Windows\system32\reg.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\Unconfirmed 196939.crdownload:SmartScreen C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\2FFF.tmp\PlgBlt.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 36 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 35 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 36 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\takeown.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskkill.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemtimePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeUndockPrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: SeManageVolumePrivilege N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 33 N/A C:\Windows\System32\Wbem\WMIC.exe N/A
Token: 34 N/A C:\Windows\System32\Wbem\WMIC.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4752 wrote to memory of 4468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4752 wrote to memory of 4468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4752 wrote to memory of 2484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4752 wrote to memory of 2484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4752 wrote to memory of 2484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4752 wrote to memory of 2484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4752 wrote to memory of 2484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4752 wrote to memory of 2484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4752 wrote to memory of 2484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4752 wrote to memory of 2484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4752 wrote to memory of 2484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4752 wrote to memory of 2484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4752 wrote to memory of 2484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4752 wrote to memory of 2484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4752 wrote to memory of 2484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4752 wrote to memory of 2484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4752 wrote to memory of 2484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4752 wrote to memory of 2484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4752 wrote to memory of 2484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4752 wrote to memory of 2484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4752 wrote to memory of 2484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4752 wrote to memory of 2484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4752 wrote to memory of 2484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4752 wrote to memory of 2484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4752 wrote to memory of 2484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4752 wrote to memory of 2484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4752 wrote to memory of 2484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4752 wrote to memory of 2484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4752 wrote to memory of 2484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4752 wrote to memory of 2484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4752 wrote to memory of 2484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4752 wrote to memory of 2484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4752 wrote to memory of 2484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4752 wrote to memory of 2484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4752 wrote to memory of 2484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4752 wrote to memory of 2484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4752 wrote to memory of 2484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4752 wrote to memory of 2484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4752 wrote to memory of 2484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4752 wrote to memory of 2484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4752 wrote to memory of 2484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4752 wrote to memory of 2484 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4752 wrote to memory of 2468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4752 wrote to memory of 2468 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4752 wrote to memory of 980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4752 wrote to memory of 980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4752 wrote to memory of 980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4752 wrote to memory of 980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4752 wrote to memory of 980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4752 wrote to memory of 980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4752 wrote to memory of 980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4752 wrote to memory of 980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4752 wrote to memory of 980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4752 wrote to memory of 980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4752 wrote to memory of 980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4752 wrote to memory of 980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4752 wrote to memory of 980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4752 wrote to memory of 980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4752 wrote to memory of 980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4752 wrote to memory of 980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4752 wrote to memory of 980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4752 wrote to memory of 980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4752 wrote to memory of 980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4752 wrote to memory of 980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/pankoza2-pl/malwaredatabase-old

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaf21a46f8,0x7ffaf21a4708,0x7ffaf21a4718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,16235707784089386709,13879454865161705151,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,16235707784089386709,13879454865161705151,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,16235707784089386709,13879454865161705151,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2700 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,16235707784089386709,13879454865161705151,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,16235707784089386709,13879454865161705151,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,16235707784089386709,13879454865161705151,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5168 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,16235707784089386709,13879454865161705151,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5168 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,16235707784089386709,13879454865161705151,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,16235707784089386709,13879454865161705151,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,16235707784089386709,13879454865161705151,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,16235707784089386709,13879454865161705151,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2156,16235707784089386709,13879454865161705151,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4712 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,16235707784089386709,13879454865161705151,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2156,16235707784089386709,13879454865161705151,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5612 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2156,16235707784089386709,13879454865161705151,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5272 /prefetch:8

C:\Users\Admin\Downloads\EthicalHackingTools Setup.exe

"C:\Users\Admin\Downloads\EthicalHackingTools Setup.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,16235707784089386709,13879454865161705151,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2156,16235707784089386709,13879454865161705151,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6380 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,16235707784089386709,13879454865161705151,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6416 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2156,16235707784089386709,13879454865161705151,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5476 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\AppData\Local\Temp\Temp1_ExtremeDeath (1).zip\ExtremeDeath.exe

"C:\Users\Admin\AppData\Local\Temp\Temp1_ExtremeDeath (1).zip\ExtremeDeath.exe"

C:\Windows\system32\cmd.exe

"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\2FFF.tmp\3000.tmp\3001.bat "C:\Users\Admin\AppData\Local\Temp\Temp1_ExtremeDeath (1).zip\ExtremeDeath.exe""

C:\Windows\system32\cscript.exe

cscript prompt.vbs

C:\Windows\system32\bcdedit.exe

bcdedit /delete {current}

C:\Users\Admin\AppData\Local\Temp\2FFF.tmp\TrashMBR.exe

TrashMBR.exe

C:\Windows\system32\taskkill.exe

taskkill /f /im logonui.exe

C:\Windows\System32\Wbem\WMIC.exe

wmic process where name='logonui.exe' delete /nointeractive

C:\Windows\system32\takeown.exe

takeown /f C:\Windows\system32\logonui.exe

C:\Windows\system32\icacls.exe

icacls C:\Windows\system32\logonui.exe /grant Admin:F

C:\Windows\system32\icacls.exe

icacls C:\Windows\system32\logonui.exe /grant "everyone":F

C:\Windows\system32\taskkill.exe

taskkill /f /im taskmgr.exe

C:\Windows\System32\Wbem\WMIC.exe

wmic process where name='taskmgr.exe' delete /nointeractive

C:\Windows\system32\takeown.exe

takeown /f C:\Windows\system32\taskmgr.exe

C:\Windows\system32\icacls.exe

icacls C:\Windows\system32\taskmgr.exe /grant Admin:F

C:\Windows\system32\icacls.exe

icacls C:\Windows\system32\taskmgr.exe /grant "everyone":F

C:\Windows\system32\reg.exe

reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f

C:\Users\Admin\AppData\Local\Temp\2FFF.tmp\beeper.exe

beeper.exe

C:\Windows\system32\timeout.exe

timeout 1 /nobreak

C:\Users\Admin\AppData\Local\Temp\2FFF.tmp\MouseError.exe

MouseError.exe

C:\Windows\system32\timeout.exe

timeout 5 /nobreak

C:\Users\Admin\AppData\Local\Temp\2FFF.tmp\MouseWarning.exe

MouseWarning.exe

C:\Windows\system32\timeout.exe

timeout 5 /nobreak

C:\Users\Admin\AppData\Local\Temp\2FFF.tmp\MouseAppIcon.exe

MouseAppIcon.exe

C:\Windows\system32\timeout.exe

timeout 10 /nobreak

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,16235707784089386709,13879454865161705151,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1888 /prefetch:2

C:\Users\Admin\AppData\Local\Temp\2FFF.tmp\PlgBlt.exe

PlgBlt.exe

C:\Windows\system32\taskkill.exe

taskkill /f /im MouseError.exe

C:\Windows\system32\taskkill.exe

taskkill /f /im MouseWarning.exe

C:\Windows\system32\taskkill.exe

taskkill /f /im MouseAppIcon.exe

C:\Windows\system32\timeout.exe

timeout 1 /nobreak

C:\Users\Admin\AppData\Local\Temp\2FFF.tmp\MouseError.exe

MouseError.exe

C:\Users\Admin\AppData\Local\Temp\2FFF.tmp\MouseWarning.exe

MouseWarning.exe

C:\Users\Admin\AppData\Local\Temp\2FFF.tmp\MouseAppIcon.exe

MouseAppIcon.exe

C:\Windows\system32\timeout.exe

timeout 15 /nobreak

Network

Country Destination Domain Proto
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.110.133:443 avatars.githubusercontent.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 185.199.111.154:443 github.githubassets.com tcp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 73.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 133.110.199.185.in-addr.arpa udp
US 8.8.8.8:53 154.111.199.185.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 collector.github.com udp
US 185.199.111.154:443 github.githubassets.com tcp
US 8.8.8.8:53 api.github.com udp
US 140.82.114.21:443 collector.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 210.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 21.114.82.140.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
GB 20.26.156.210:443 api.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
GB 20.26.156.210:443 api.github.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 7de1bbdc1f9cf1a58ae1de4951ce8cb9
SHA1 010da169e15457c25bd80ef02d76a940c1210301
SHA256 6e390bbc0d03a652516705775e8e9a7b7936312a8a5bea407f9d7d9fa99d957e
SHA512 e4a33f2128883e71ab41e803e8b55d0ac17cbc51be3bde42bed157df24f10f34ad264f74ef3254dbe30d253aca03158fde21518c2b78aaa05dae8308b1c5f30c

\??\pipe\LOCAL\crashpad_4752_JPCQKRTQGDGAYMJZ

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 85ba073d7015b6ce7da19235a275f6da
SHA1 a23c8c2125e45a0788bac14423ae1f3eab92cf00
SHA256 5ad04b8c19bf43b550ad725202f79086168ecccabe791100fba203d9aa27e617
SHA512 eb4fd72d7030ea1a25af2b59769b671a5760735fb95d18145f036a8d9e6f42c903b34a7e606046c740c644fab0bb9f5b7335c1869b098f121579e71f10f5a9c3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 bd0565ca1bc15c3cdee3f645a43daa82
SHA1 0a556145a464093949dd3a90694b88be88f76950
SHA256 20d21d592b9b7b3382d36d4717c01635ccdb018b579e234a5f4fe61a1468f55c
SHA512 52f6df9abbc9edf225ba6099565467649a9ed2db5ab3a6d2d3e32209a748895cc8754fc0694e2c59a8c7ba3c47b4659680529ef225458e8a97d75f27f3935ca4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 e9b742bdb9b5a3148484d86a94739721
SHA1 a8b69e46de2f7cbfe7ad95f77a123acc33f6f890
SHA256 2f832d05f7e203c0f2c47ae531a07f0e428eddde0e1232d7dbfb8992730c87a0
SHA512 b63907942a4bdaa5881f6f3bd30027977c9c5e7755cb3941a4142f5ad41e54e3132cfef9e881a21daec40098c21c55d12adc6952b0e5d71da8659331e17635f6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9bcb8eceb0869a81a054253b67726477
SHA1 964d51723d017c8cf2fe0f6343ccacb28293f64c
SHA256 2cebbddade6aeedfcf74439ac4656c895169075197e23793653f5a330682c0f9
SHA512 097eff4f4abba15a0c55b294d65258212fd4d209f05fedbae1f8f97e40ba696f42c330abb55d0007f1bd703863ae2ef159d46dc15665d5de16acedb84aee5d82

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 ae283a281d9f20cf5818f913355ceaf1
SHA1 344206680a874edbdeada13c8867d3d038f154a4
SHA256 03026ab67080ebd38a5bcb0f9dfedaa7a32a822950d9efeca9c344a5d479736e
SHA512 b476edc4e0d4135cdb36d835d9ac6e46537c78a4e3638f3a5be478cdd5e9c606abc2931711505ab0cc19f4078a38331c950e76176285906f023d9e0d9064d242

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 fc3b8e7597c574eea5d963881a8b1ec3
SHA1 532d6fab79f944003242bdccdb48a4987aa20382
SHA256 e5a2514f04eafdb94fab1e580db27a88113cf03f3852d205df04bea38a3ea38c
SHA512 8705064bf09275e1dc0cdc32dfaf5b1641c091d91c3e1a5adca28f3a150a4d620718210a0d5484bfffc3aa96538d8b9554e14899bd32228049f26a6d98a1b9a2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5846a9.TMP

MD5 f1ce6deb910909347731e775c0f43fed
SHA1 63b301ff7475181d29bac646cd838f5182465ee9
SHA256 0705fca5ea3aea9b1d827a10ea60de22fd015e9d1e0918032d03a745c27a661e
SHA512 bb0832fc412334d63a0bdb57a4f976c1cb0cdd868d4be55c0d97c536fa734908be1ad753760ca40f217b090d040c0a08a61dbfab1aed7475ee21d41ff2bc0a72

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f7179997b8e39ebf65d205a6c7d04435
SHA1 37be5740594d8970b77d925d17746ff0ab7d8ce7
SHA256 e0b6a05eed858001f45c53f1f76aa9302a262eef06916ebc3ae03e8409e3d419
SHA512 e7e7f175204fc40c1bebbbfe9e4bfd8f636f550bdd17d62d8a901abf0a6b86390fb1b13ba2b6a19fa1923b03a6fb4acc35aa0272712576be38eaa7754ad34359

C:\Users\Admin\Downloads\Unconfirmed 196939.crdownload

MD5 2b4de576cc897dba5c6c9b7bab273bcf
SHA1 53f9cb004413cfc277878efe0c70a261ea7cd502
SHA256 1e2796b060e7c4876df3b648ac7f55a19b0c03369eecc75616755f356753e867
SHA512 d96f721a0edecf38d50c8f4c40009769996d7a51a422c5b5d30469b06f5fa2b8b8d5e1650a15725a86c9d0cbe22e2c3732564d1c0ca2eeddfceb935a9c27df77

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 c3cef868397854b36b2e897ee6af5227
SHA1 a4ef9890ef725d3662e1773aebf779b1d8dd917b
SHA256 780253b01b82523edf6dcbec5147401597d22880512bd8cbeb4f6df9c8b5a921
SHA512 04d60853fe1495ceb55e689a81c8a52274b2604d2c86e75fa297219f1fbcde930cc0c3b5c39d17bc21ac4e611dbdc0ef126b0e7008fc89153b9c6e5dabeb0af8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f93d2fe34122923bb5f3eefc0f6582d4
SHA1 4ac825c0083d390be1c9e3331ca8040cdde9ff99
SHA256 19367a94669b1b8c1d929cb3b316fc7e601c6dd87342c44e4684a59644c099ee
SHA512 b68c04d3ea36d38ab7567a0fbc6b448f92fd2dd200b8a9e69175f9fd790a4c42615331869119c10bf3ae5a6f9cfe8760f45920fa2735755fa804eb98ae0805a7

C:\Program Files (x86)\Ethical Hacking Tools\EthicalHackingTools.exe

MD5 a37dfd1e12de84767e309638157b8510
SHA1 73b74a0c3029d5786abb59fb1b72b526669f2f92
SHA256 0400e0477789cf75be87eb7a7aef28a89d3f67f33381ce58318c273a5b91b5e2
SHA512 5c6d807bde0119d10319fff335a04fb25d0bf5cc76ada410e8599ff0f6de887416e746ae67e4a54f91e148de9d75f5ee6d82a33d040cb2625207fa5caa0103c3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 ed5f4213c17629776cd75510648fc019
SHA1 ebfa685dca9b7c920cd5ad521c03e4ad0ce435b9
SHA256 e969795f0e63ec8a35cdf34d5bc43867ca0825bebfed9734943e69b34ed2ad87
SHA512 71bcc166ae5a48f7a79aa5de7ecc7e10dce22c39240ca9ffe9d0f9340f40fc2a2429529cfee8b2b5d7082efe94921fa7df3454852d5313ff4093bfdffc189627

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 6540120dca9043f4944b1912e082cbc8
SHA1 2ebeab319ac2cbe7705d48236c65273d01b2c2d5
SHA256 cc1fcf891e1c78ac1985a1862c947e549fad25b9f1209b72414d956e31dadc3d
SHA512 208acdf0f9df5c8618b1771ddefca7288412e6e0e21ac394a82f36d1d860a9093eea8baef4ba9b992796f902865fc8aaf42f547c1d857534fdcd35f3bfc6967c

C:\Users\Admin\Downloads\ExtremeDeath.zip

MD5 80bf076cf31615750f7416d3bc7bb87f
SHA1 8b63084e104752100b0bdc9eb4d2ff9864557e90
SHA256 8509174c6b51296ac8a43d08dc773c48fa10b86c9ff7095c4f80bba31966ea1d
SHA512 733374e03c4fe4345c2a6f8de500f62de5c9e5541561dd257d8ef004c3d12ab43797079c043be5896b8e5530735154deba3934dfd36ca9515feaeb4bb651ae34

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 2c5ad6fe24a8b12725323d3268fd6d35
SHA1 7c725fe4e5eb30715b6c391afd530179828ffa12
SHA256 eeee5f721e81facdb91b4e5ef4a164556ec6ee4d4b280aaaafcb447a8fac08ad
SHA512 bfdcd1793116e0ad2bb5a3ade226a73f2bf9b22fd651f946f01981840ff7cd4349c6dd88635372ee77669d530533870d9a855e038c1f6f313fb109b76d99d251

memory/4688-378-0x0000000000400000-0x000000000051D000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\2FFF.tmp\3000.tmp\3001.bat

MD5 8c5dafc8fbd26dd529c25a01ecd5a51d
SHA1 839e962516258049a9e5e358dec7fe352e09d840
SHA256 355785cc786eed7dffecfa7d33872f6de6baa833dce34598adf0d5c8688c00f6
SHA512 fda772a900c542eb59f4a94dc1eadec9677bb117e84a07c4e5c1afbf853704e6be4031383330f0dd88d2b48bbca973484c1e60ab3aa9424158f2c787e63de295

C:\Users\Admin\AppData\Local\Temp\2FFF.tmp\prompt.vbs

MD5 709874d32bd68e69010acdf70cebf063
SHA1 feb94076246fe2fc902ef04d745fa0e60fe1497f
SHA256 1187be0f09aa0f917718064406e4595ac6137dd3a801e91ab2d7a03d98872da1
SHA512 bdb10baa9d02f9fff1b59e718a59c6c5a163d4a9d503fb2fe1767163fd3d746c01a7ca1546ad4febc25685d5a854635bc6170009db851a66853ce66d71d25526

C:\Users\Admin\AppData\Local\Temp\2FFF.tmp\TrashMBR.exe

MD5 42d06436fdc392a4e90d03623119fa87
SHA1 df9f007d438fc17fd47324b74a82d100a0763204
SHA256 82f2e6b2cdad0ef859fe839c97bd7c0a34452638d49094979d7c0c4488b5c2ab
SHA512 52655cd83ab881c93c9076ad0d8a9b8ebeba37d6d2b00ebcf5a45f1e835463898aa22611445ff7505977cb8d8942e2f8b6a60706ec7eee494f7131ecc65e76c4

memory/1432-403-0x0000000000400000-0x00000000004D8000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\2FFF.tmp\beeper.exe

MD5 8d1a9c2e8d53425499f3a1853d2e0910
SHA1 83962bce20d3f84b796486489e2c734afd1d0846
SHA256 1d89bd45a36dd300a250292cacf22a7beff3cfe0dfddab0d7b77c3c260032131
SHA512 81ba0b91f2fd0ba9b198c59ae7cc6115bf9b05c119ea46f37043a1981ef246c617fe6ba5590048b2e1383fb27c686b6eb75fdd6e642ea4433b404d0eaabf3950

memory/5036-407-0x0000000000380000-0x00000000003EA000-memory.dmp

memory/5036-408-0x000000001B0D0000-0x000000001B130000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\2FFF.tmp\MouseError.exe

MD5 cc72818ce44b3506b64b7f9a73d701bf
SHA1 041497924684e41aa671fe64acf6f980e0d9da7c
SHA256 48da69b9dfd600973ffcdba14abd88972ae51a5cae31b41d85ed56977f2b94dc
SHA512 4e3ad05ad99bd8c150ad99c8becca122613e446c678617f0a5a28e780706afe03580ec643956245e5e02d169e4f28bdf4f95b7d095d8e055517508c7dbeb0149

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e2db00e719830b020e30d6ec7c209220
SHA1 1df358c165ab35493bde46b7a5dfc161d8106575
SHA256 36b11265ae652762450fe63d37449652495496535c8e60a89ecfc916cdff6cec
SHA512 35f0a580ce974e63de6824b667801ad1a74add8d403129335553e32bdec5f53b36c5731d8da2b9e036d5be3fe557d66bd13b8f78edd565d6e4d72c6f3ed43638

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 367a1294db66be0840fbff95895dd5dd
SHA1 6ab2e1fea6a6d11a84df83591ceaa5ab1854a118
SHA256 47fc32e02c72fffcf07eda347c578229295fd7c24aa3cfd3b141bc4d181f030e
SHA512 fcb2cc2aea8594b3d49090566ae08a2642acf4b9a7839a6ca5ee63f7c843f3ca59904e808f09bca76a94e9dc0e290e07ca69c94d542cabc4fb0dfdfabe675a24

C:\Users\Admin\AppData\Local\Temp\2FFF.tmp\MouseWarning.exe

MD5 ad241a26c7f536fdb0658d602a86fcdd
SHA1 f862eecbac2d4afe4a437b77c6020b6de38b0671
SHA256 c3c6fe174f474e47b93e7aea1d0d77539d6880c3d84acac6412eff3393366dae
SHA512 5d8f9bd5d17a98b03adb4f0e173f011071708847748395889e7b582a25fc9f4606223415d9b61b3f82274a3addd73d86752bfba0bcb452990347f6b1439d672f

memory/4688-435-0x0000000000400000-0x000000000051D000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\2FFF.tmp\MouseAppIcon.exe

MD5 92af619c1bdabf79c26bddda2556d9d0
SHA1 ac153eb6edd873abf6dcb6a0edbc9922d15e5dd1
SHA256 72a5692d137571317f84287c4f2abb341b95173f9ee43901f6b3272bb1631e95
SHA512 439855a8487f5cdd5ec195c303c85078af69c05ae28a837ff4d74d8e9f922a9556299b02b7bfdbe47f4287772604b21fe017ee49e0668022877a063771a37adb

memory/448-439-0x0000000000400000-0x000000000041D000-memory.dmp

memory/1356-452-0x0000000000400000-0x000000000041D000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\2FFF.tmp\PlgBlt.exe

MD5 5d8ff1dd3662ac09e5bfa682ffdb233e
SHA1 c0ed5cfd5fa76db7087b4f25a806e124e29520af
SHA256 7cd320070e23e6582589d83f01f4da86ce0d1c0fe83d8df2007886c6ea10cc83
SHA512 d2258dda192a6a938989617aa46c33c0eabfae2a2d3284d3ac999b8d482ff2f08ffde836156ff341e51029d946f71ce77892b13a5924996b92a7773f2e123bb9

memory/448-456-0x0000000000400000-0x000000000041D000-memory.dmp

memory/512-457-0x0000000000400000-0x000000000041D000-memory.dmp

memory/1356-458-0x0000000000400000-0x000000000041D000-memory.dmp

memory/512-459-0x0000000000400000-0x000000000041D000-memory.dmp

memory/2820-475-0x0000000000400000-0x000000000041D000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 2f267ac6045ac6faee52d6142b1c1b8d
SHA1 9a58e35b9ee591a6d696a78574de7c9f3b039b74
SHA256 79f97994c424e28da64a3c13f3e871520fcd6daeb4cd8c1cace1c9cf3e493fee
SHA512 678322aa5cd38b3caa52fde403b5c870c1a9fb95dcf39af6cd277695f43c237d116cb2c73496eb410c1c5ab16158e79948c5a61fbe1b8523d9471fc4396c4b70

memory/1908-487-0x0000000000400000-0x000000000041D000-memory.dmp

memory/4624-486-0x0000000000400000-0x000000000041D000-memory.dmp

memory/2516-485-0x0000000000400000-0x000000000041D000-memory.dmp