Malware Analysis Report

2025-08-10 16:40

Sample ID 241030-rbm17svdlh
Target CCSetup.exe
SHA256 5b013598ac866e3bbd6f94e9427b9d932a73742f41c93d5deb8c3be775ca81ab
Tags
defense_evasion discovery
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

5b013598ac866e3bbd6f94e9427b9d932a73742f41c93d5deb8c3be775ca81ab

Threat Level: Shows suspicious behavior

The file CCSetup.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary

defense_evasion discovery

Loads dropped DLL

Executes dropped EXE

Enumerates connected drives

Legitimate hosting services abused for malware hosting/C2

Indicator Removal: File Deletion

System Location Discovery: System Language Discovery

Browser Information Discovery

Suspicious use of AdjustPrivilegeToken

Suspicious use of SendNotifyMessage

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

NTFS ADS

Suspicious use of WriteProcessMemory

Modifies registry class

Suspicious use of SetWindowsHookEx

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious use of FindShellTrayWindow

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-30 14:01

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-30 14:01

Reported

2024-10-30 14:03

Platform

win11-20241007-en

Max time kernel

147s

Max time network

152s

Command Line

"C:\Users\Admin\AppData\Local\Temp\CCSetup.exe"

Signatures

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\{8EB95A46-0D1B-45CF-9A44-98E48923E416}\CCSetup.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\{8EB95A46-0D1B-45CF-9A44-98E48923E416}\CCSetup.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\{8EB95A46-0D1B-45CF-9A44-98E48923E416}\CCSetup.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\{8EB95A46-0D1B-45CF-9A44-98E48923E416}\CCSetup.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\{8EB95A46-0D1B-45CF-9A44-98E48923E416}\CCSetup.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\{8EB95A46-0D1B-45CF-9A44-98E48923E416}\CCSetup.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\{8EB95A46-0D1B-45CF-9A44-98E48923E416}\CCSetup.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\{8EB95A46-0D1B-45CF-9A44-98E48923E416}\CCSetup.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\{8EB95A46-0D1B-45CF-9A44-98E48923E416}\CCSetup.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\{8EB95A46-0D1B-45CF-9A44-98E48923E416}\CCSetup.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\{8EB95A46-0D1B-45CF-9A44-98E48923E416}\CCSetup.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\{8EB95A46-0D1B-45CF-9A44-98E48923E416}\CCSetup.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\{8EB95A46-0D1B-45CF-9A44-98E48923E416}\CCSetup.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\{8EB95A46-0D1B-45CF-9A44-98E48923E416}\CCSetup.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\{8EB95A46-0D1B-45CF-9A44-98E48923E416}\CCSetup.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\{8EB95A46-0D1B-45CF-9A44-98E48923E416}\CCSetup.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\{8EB95A46-0D1B-45CF-9A44-98E48923E416}\CCSetup.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\{8EB95A46-0D1B-45CF-9A44-98E48923E416}\CCSetup.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\{8EB95A46-0D1B-45CF-9A44-98E48923E416}\CCSetup.exe N/A
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\{8EB95A46-0D1B-45CF-9A44-98E48923E416}\CCSetup.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\{8EB95A46-0D1B-45CF-9A44-98E48923E416}\CCSetup.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\{8EB95A46-0D1B-45CF-9A44-98E48923E416}\CCSetup.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\{8EB95A46-0D1B-45CF-9A44-98E48923E416}\CCSetup.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A

Indicator Removal: File Deletion

defense_evasion

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A discord.com N/A N/A
N/A discord.com N/A N/A

Browser Information Discovery

discovery

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\CCSetup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\{8EB95A46-0D1B-45CF-9A44-98E48923E416}\CCSetup.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4018527317-446799424-2810249686-1000\{43D0E1FA-CCF4-438D-A44E-5E4D36E1A02B} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\media_images_ptakwspodniach.jpg:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\media_images_ptakwspodniach (1).jpg:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\media_images_jaczup.jpg:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\media_images_ptok.jpg:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\media_images_kichajacyptoszek.jpg:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
File opened for modification C:\Users\Admin\Downloads\media_images_kichajacyptoszek (1).jpg:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\{8EB95A46-0D1B-45CF-9A44-98E48923E416}\CCSetup.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\{8EB95A46-0D1B-45CF-9A44-98E48923E416}\CCSetup.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\{8EB95A46-0D1B-45CF-9A44-98E48923E416}\CCSetup.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\{8EB95A46-0D1B-45CF-9A44-98E48923E416}\CCSetup.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Users\Admin\AppData\Local\Temp\{8EB95A46-0D1B-45CF-9A44-98E48923E416}\CCSetup.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\{8EB95A46-0D1B-45CF-9A44-98E48923E416}\CCSetup.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\{8EB95A46-0D1B-45CF-9A44-98E48923E416}\CCSetup.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\{8EB95A46-0D1B-45CF-9A44-98E48923E416}\CCSetup.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\{8EB95A46-0D1B-45CF-9A44-98E48923E416}\CCSetup.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\{8EB95A46-0D1B-45CF-9A44-98E48923E416}\CCSetup.exe N/A
Token: SeSystemtimePrivilege N/A C:\Users\Admin\AppData\Local\Temp\{8EB95A46-0D1B-45CF-9A44-98E48923E416}\CCSetup.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Users\Admin\AppData\Local\Temp\{8EB95A46-0D1B-45CF-9A44-98E48923E416}\CCSetup.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\{8EB95A46-0D1B-45CF-9A44-98E48923E416}\CCSetup.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\{8EB95A46-0D1B-45CF-9A44-98E48923E416}\CCSetup.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\{8EB95A46-0D1B-45CF-9A44-98E48923E416}\CCSetup.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\{8EB95A46-0D1B-45CF-9A44-98E48923E416}\CCSetup.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\{8EB95A46-0D1B-45CF-9A44-98E48923E416}\CCSetup.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\{8EB95A46-0D1B-45CF-9A44-98E48923E416}\CCSetup.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\{8EB95A46-0D1B-45CF-9A44-98E48923E416}\CCSetup.exe N/A
Token: SeAuditPrivilege N/A C:\Users\Admin\AppData\Local\Temp\{8EB95A46-0D1B-45CF-9A44-98E48923E416}\CCSetup.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\{8EB95A46-0D1B-45CF-9A44-98E48923E416}\CCSetup.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Users\Admin\AppData\Local\Temp\{8EB95A46-0D1B-45CF-9A44-98E48923E416}\CCSetup.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\{8EB95A46-0D1B-45CF-9A44-98E48923E416}\CCSetup.exe N/A
Token: SeUndockPrivilege N/A C:\Users\Admin\AppData\Local\Temp\{8EB95A46-0D1B-45CF-9A44-98E48923E416}\CCSetup.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\{8EB95A46-0D1B-45CF-9A44-98E48923E416}\CCSetup.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Users\Admin\AppData\Local\Temp\{8EB95A46-0D1B-45CF-9A44-98E48923E416}\CCSetup.exe N/A
Token: SeManageVolumePrivilege N/A C:\Users\Admin\AppData\Local\Temp\{8EB95A46-0D1B-45CF-9A44-98E48923E416}\CCSetup.exe N/A
Token: SeImpersonatePrivilege N/A C:\Users\Admin\AppData\Local\Temp\{8EB95A46-0D1B-45CF-9A44-98E48923E416}\CCSetup.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Users\Admin\AppData\Local\Temp\{8EB95A46-0D1B-45CF-9A44-98E48923E416}\CCSetup.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\{8EB95A46-0D1B-45CF-9A44-98E48923E416}\CCSetup.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\{8EB95A46-0D1B-45CF-9A44-98E48923E416}\CCSetup.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\{8EB95A46-0D1B-45CF-9A44-98E48923E416}\CCSetup.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\{8EB95A46-0D1B-45CF-9A44-98E48923E416}\CCSetup.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Users\Admin\AppData\Local\Temp\{8EB95A46-0D1B-45CF-9A44-98E48923E416}\CCSetup.exe N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\{8EB95A46-0D1B-45CF-9A44-98E48923E416}\CCSetup.exe N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\{8EB95A46-0D1B-45CF-9A44-98E48923E416}\CCSetup.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\{8EB95A46-0D1B-45CF-9A44-98E48923E416}\CCSetup.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\{8EB95A46-0D1B-45CF-9A44-98E48923E416}\CCSetup.exe N/A
Token: SeSystemProfilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\{8EB95A46-0D1B-45CF-9A44-98E48923E416}\CCSetup.exe N/A
Token: SeSystemtimePrivilege N/A C:\Users\Admin\AppData\Local\Temp\{8EB95A46-0D1B-45CF-9A44-98E48923E416}\CCSetup.exe N/A
Token: SeProfSingleProcessPrivilege N/A C:\Users\Admin\AppData\Local\Temp\{8EB95A46-0D1B-45CF-9A44-98E48923E416}\CCSetup.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\{8EB95A46-0D1B-45CF-9A44-98E48923E416}\CCSetup.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\{8EB95A46-0D1B-45CF-9A44-98E48923E416}\CCSetup.exe N/A
Token: SeCreatePermanentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\{8EB95A46-0D1B-45CF-9A44-98E48923E416}\CCSetup.exe N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\{8EB95A46-0D1B-45CF-9A44-98E48923E416}\CCSetup.exe N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\{8EB95A46-0D1B-45CF-9A44-98E48923E416}\CCSetup.exe N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\{8EB95A46-0D1B-45CF-9A44-98E48923E416}\CCSetup.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\{8EB95A46-0D1B-45CF-9A44-98E48923E416}\CCSetup.exe N/A
Token: SeAuditPrivilege N/A C:\Users\Admin\AppData\Local\Temp\{8EB95A46-0D1B-45CF-9A44-98E48923E416}\CCSetup.exe N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\{8EB95A46-0D1B-45CF-9A44-98E48923E416}\CCSetup.exe N/A
Token: SeChangeNotifyPrivilege N/A C:\Users\Admin\AppData\Local\Temp\{8EB95A46-0D1B-45CF-9A44-98E48923E416}\CCSetup.exe N/A
Token: SeRemoteShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\{8EB95A46-0D1B-45CF-9A44-98E48923E416}\CCSetup.exe N/A
Token: SeUndockPrivilege N/A C:\Users\Admin\AppData\Local\Temp\{8EB95A46-0D1B-45CF-9A44-98E48923E416}\CCSetup.exe N/A
Token: SeSyncAgentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\{8EB95A46-0D1B-45CF-9A44-98E48923E416}\CCSetup.exe N/A
Token: SeEnableDelegationPrivilege N/A C:\Users\Admin\AppData\Local\Temp\{8EB95A46-0D1B-45CF-9A44-98E48923E416}\CCSetup.exe N/A
Token: SeManageVolumePrivilege N/A C:\Users\Admin\AppData\Local\Temp\{8EB95A46-0D1B-45CF-9A44-98E48923E416}\CCSetup.exe N/A
Token: SeImpersonatePrivilege N/A C:\Users\Admin\AppData\Local\Temp\{8EB95A46-0D1B-45CF-9A44-98E48923E416}\CCSetup.exe N/A
Token: SeCreateGlobalPrivilege N/A C:\Users\Admin\AppData\Local\Temp\{8EB95A46-0D1B-45CF-9A44-98E48923E416}\CCSetup.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\{8EB95A46-0D1B-45CF-9A44-98E48923E416}\CCSetup.exe N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\{8EB95A46-0D1B-45CF-9A44-98E48923E416}\CCSetup.exe N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\{8EB95A46-0D1B-45CF-9A44-98E48923E416}\CCSetup.exe N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\{8EB95A46-0D1B-45CF-9A44-98E48923E416}\CCSetup.exe N/A
Token: SeMachineAccountPrivilege N/A C:\Users\Admin\AppData\Local\Temp\{8EB95A46-0D1B-45CF-9A44-98E48923E416}\CCSetup.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\System32\CredentialUIBroker.exe N/A
N/A N/A C:\Windows\System32\CredentialUIBroker.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2892 wrote to memory of 3716 N/A C:\Users\Admin\AppData\Local\Temp\CCSetup.exe C:\Users\Admin\AppData\Local\Temp\{8EB95A46-0D1B-45CF-9A44-98E48923E416}\CCSetup.exe
PID 2892 wrote to memory of 3716 N/A C:\Users\Admin\AppData\Local\Temp\CCSetup.exe C:\Users\Admin\AppData\Local\Temp\{8EB95A46-0D1B-45CF-9A44-98E48923E416}\CCSetup.exe
PID 2892 wrote to memory of 3716 N/A C:\Users\Admin\AppData\Local\Temp\CCSetup.exe C:\Users\Admin\AppData\Local\Temp\{8EB95A46-0D1B-45CF-9A44-98E48923E416}\CCSetup.exe
PID 3096 wrote to memory of 1040 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 3096 wrote to memory of 1040 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 3096 wrote to memory of 1040 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 3716 wrote to memory of 3164 N/A C:\Users\Admin\AppData\Local\Temp\{8EB95A46-0D1B-45CF-9A44-98E48923E416}\CCSetup.exe C:\Users\Admin\AppData\Local\Temp\{652B97CC-9CA8-479F-91EA-76DE51425974}\ISBEW64.exe
PID 3716 wrote to memory of 3164 N/A C:\Users\Admin\AppData\Local\Temp\{8EB95A46-0D1B-45CF-9A44-98E48923E416}\CCSetup.exe C:\Users\Admin\AppData\Local\Temp\{652B97CC-9CA8-479F-91EA-76DE51425974}\ISBEW64.exe
PID 3716 wrote to memory of 1992 N/A C:\Users\Admin\AppData\Local\Temp\{8EB95A46-0D1B-45CF-9A44-98E48923E416}\CCSetup.exe C:\Users\Admin\AppData\Local\Temp\{652B97CC-9CA8-479F-91EA-76DE51425974}\ISBEW64.exe
PID 3716 wrote to memory of 1992 N/A C:\Users\Admin\AppData\Local\Temp\{8EB95A46-0D1B-45CF-9A44-98E48923E416}\CCSetup.exe C:\Users\Admin\AppData\Local\Temp\{652B97CC-9CA8-479F-91EA-76DE51425974}\ISBEW64.exe
PID 3716 wrote to memory of 5056 N/A C:\Users\Admin\AppData\Local\Temp\{8EB95A46-0D1B-45CF-9A44-98E48923E416}\CCSetup.exe C:\Users\Admin\AppData\Local\Temp\{652B97CC-9CA8-479F-91EA-76DE51425974}\ISBEW64.exe
PID 3716 wrote to memory of 5056 N/A C:\Users\Admin\AppData\Local\Temp\{8EB95A46-0D1B-45CF-9A44-98E48923E416}\CCSetup.exe C:\Users\Admin\AppData\Local\Temp\{652B97CC-9CA8-479F-91EA-76DE51425974}\ISBEW64.exe
PID 3716 wrote to memory of 1372 N/A C:\Users\Admin\AppData\Local\Temp\{8EB95A46-0D1B-45CF-9A44-98E48923E416}\CCSetup.exe C:\Users\Admin\AppData\Local\Temp\{652B97CC-9CA8-479F-91EA-76DE51425974}\ISBEW64.exe
PID 3716 wrote to memory of 1372 N/A C:\Users\Admin\AppData\Local\Temp\{8EB95A46-0D1B-45CF-9A44-98E48923E416}\CCSetup.exe C:\Users\Admin\AppData\Local\Temp\{652B97CC-9CA8-479F-91EA-76DE51425974}\ISBEW64.exe
PID 3716 wrote to memory of 3612 N/A C:\Users\Admin\AppData\Local\Temp\{8EB95A46-0D1B-45CF-9A44-98E48923E416}\CCSetup.exe C:\Users\Admin\AppData\Local\Temp\{652B97CC-9CA8-479F-91EA-76DE51425974}\ISBEW64.exe
PID 3716 wrote to memory of 3612 N/A C:\Users\Admin\AppData\Local\Temp\{8EB95A46-0D1B-45CF-9A44-98E48923E416}\CCSetup.exe C:\Users\Admin\AppData\Local\Temp\{652B97CC-9CA8-479F-91EA-76DE51425974}\ISBEW64.exe
PID 3716 wrote to memory of 3792 N/A C:\Users\Admin\AppData\Local\Temp\{8EB95A46-0D1B-45CF-9A44-98E48923E416}\CCSetup.exe C:\Users\Admin\AppData\Local\Temp\{652B97CC-9CA8-479F-91EA-76DE51425974}\ISBEW64.exe
PID 3716 wrote to memory of 3792 N/A C:\Users\Admin\AppData\Local\Temp\{8EB95A46-0D1B-45CF-9A44-98E48923E416}\CCSetup.exe C:\Users\Admin\AppData\Local\Temp\{652B97CC-9CA8-479F-91EA-76DE51425974}\ISBEW64.exe
PID 3716 wrote to memory of 412 N/A C:\Users\Admin\AppData\Local\Temp\{8EB95A46-0D1B-45CF-9A44-98E48923E416}\CCSetup.exe C:\Users\Admin\AppData\Local\Temp\{652B97CC-9CA8-479F-91EA-76DE51425974}\ISBEW64.exe
PID 3716 wrote to memory of 412 N/A C:\Users\Admin\AppData\Local\Temp\{8EB95A46-0D1B-45CF-9A44-98E48923E416}\CCSetup.exe C:\Users\Admin\AppData\Local\Temp\{652B97CC-9CA8-479F-91EA-76DE51425974}\ISBEW64.exe
PID 3716 wrote to memory of 2460 N/A C:\Users\Admin\AppData\Local\Temp\{8EB95A46-0D1B-45CF-9A44-98E48923E416}\CCSetup.exe C:\Users\Admin\AppData\Local\Temp\{652B97CC-9CA8-479F-91EA-76DE51425974}\ISBEW64.exe
PID 3716 wrote to memory of 2460 N/A C:\Users\Admin\AppData\Local\Temp\{8EB95A46-0D1B-45CF-9A44-98E48923E416}\CCSetup.exe C:\Users\Admin\AppData\Local\Temp\{652B97CC-9CA8-479F-91EA-76DE51425974}\ISBEW64.exe
PID 3716 wrote to memory of 2780 N/A C:\Users\Admin\AppData\Local\Temp\{8EB95A46-0D1B-45CF-9A44-98E48923E416}\CCSetup.exe C:\Users\Admin\AppData\Local\Temp\{652B97CC-9CA8-479F-91EA-76DE51425974}\ISBEW64.exe
PID 3716 wrote to memory of 2780 N/A C:\Users\Admin\AppData\Local\Temp\{8EB95A46-0D1B-45CF-9A44-98E48923E416}\CCSetup.exe C:\Users\Admin\AppData\Local\Temp\{652B97CC-9CA8-479F-91EA-76DE51425974}\ISBEW64.exe
PID 3716 wrote to memory of 3112 N/A C:\Users\Admin\AppData\Local\Temp\{8EB95A46-0D1B-45CF-9A44-98E48923E416}\CCSetup.exe C:\Users\Admin\AppData\Local\Temp\{652B97CC-9CA8-479F-91EA-76DE51425974}\ISBEW64.exe
PID 3716 wrote to memory of 3112 N/A C:\Users\Admin\AppData\Local\Temp\{8EB95A46-0D1B-45CF-9A44-98E48923E416}\CCSetup.exe C:\Users\Admin\AppData\Local\Temp\{652B97CC-9CA8-479F-91EA-76DE51425974}\ISBEW64.exe
PID 3716 wrote to memory of 2140 N/A C:\Users\Admin\AppData\Local\Temp\{8EB95A46-0D1B-45CF-9A44-98E48923E416}\CCSetup.exe C:\Windows\SysWOW64\cmd.exe
PID 3716 wrote to memory of 2140 N/A C:\Users\Admin\AppData\Local\Temp\{8EB95A46-0D1B-45CF-9A44-98E48923E416}\CCSetup.exe C:\Windows\SysWOW64\cmd.exe
PID 3716 wrote to memory of 2140 N/A C:\Users\Admin\AppData\Local\Temp\{8EB95A46-0D1B-45CF-9A44-98E48923E416}\CCSetup.exe C:\Windows\SysWOW64\cmd.exe
PID 2212 wrote to memory of 1072 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2212 wrote to memory of 1072 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2212 wrote to memory of 4572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2212 wrote to memory of 4572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2212 wrote to memory of 4572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2212 wrote to memory of 4572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2212 wrote to memory of 4572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2212 wrote to memory of 4572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2212 wrote to memory of 4572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2212 wrote to memory of 4572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2212 wrote to memory of 4572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2212 wrote to memory of 4572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2212 wrote to memory of 4572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2212 wrote to memory of 4572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2212 wrote to memory of 4572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2212 wrote to memory of 4572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2212 wrote to memory of 4572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2212 wrote to memory of 4572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2212 wrote to memory of 4572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2212 wrote to memory of 4572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2212 wrote to memory of 4572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2212 wrote to memory of 4572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2212 wrote to memory of 4572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2212 wrote to memory of 4572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2212 wrote to memory of 4572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2212 wrote to memory of 4572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2212 wrote to memory of 4572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2212 wrote to memory of 4572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2212 wrote to memory of 4572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2212 wrote to memory of 4572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2212 wrote to memory of 4572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2212 wrote to memory of 4572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2212 wrote to memory of 4572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2212 wrote to memory of 4572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2212 wrote to memory of 4572 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\CCSetup.exe

"C:\Users\Admin\AppData\Local\Temp\CCSetup.exe"

C:\Users\Admin\AppData\Local\Temp\{8EB95A46-0D1B-45CF-9A44-98E48923E416}\CCSetup.exe

C:\Users\Admin\AppData\Local\Temp\{8EB95A46-0D1B-45CF-9A44-98E48923E416}\CCSetup.exe /q"C:\Users\Admin\AppData\Local\Temp\CCSetup.exe" /tempdisk1folder"C:\Users\Admin\AppData\Local\Temp\{8EB95A46-0D1B-45CF-9A44-98E48923E416}" /IS_temp

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 334ABA8098E661752B7E72EE1D88F18F C

C:\Users\Admin\AppData\Local\Temp\{652B97CC-9CA8-479F-91EA-76DE51425974}\ISBEW64.exe

C:\Users\Admin\AppData\Local\Temp\{652B97CC-9CA8-479F-91EA-76DE51425974}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{AEDE2982-847F-43C5-9F1C-D997B785E044}

C:\Users\Admin\AppData\Local\Temp\{652B97CC-9CA8-479F-91EA-76DE51425974}\ISBEW64.exe

C:\Users\Admin\AppData\Local\Temp\{652B97CC-9CA8-479F-91EA-76DE51425974}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{14ECDCF9-CA49-4013-A3F6-90DEC1ADCC4F}

C:\Users\Admin\AppData\Local\Temp\{652B97CC-9CA8-479F-91EA-76DE51425974}\ISBEW64.exe

C:\Users\Admin\AppData\Local\Temp\{652B97CC-9CA8-479F-91EA-76DE51425974}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{0169C28E-EF7D-4358-AA7E-8298A5619C59}

C:\Users\Admin\AppData\Local\Temp\{652B97CC-9CA8-479F-91EA-76DE51425974}\ISBEW64.exe

C:\Users\Admin\AppData\Local\Temp\{652B97CC-9CA8-479F-91EA-76DE51425974}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{BBDB5A0D-2E36-46EC-ACD4-E1CAD56F8343}

C:\Users\Admin\AppData\Local\Temp\{652B97CC-9CA8-479F-91EA-76DE51425974}\ISBEW64.exe

C:\Users\Admin\AppData\Local\Temp\{652B97CC-9CA8-479F-91EA-76DE51425974}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{39E26656-D789-496F-9098-10A679795B70}

C:\Users\Admin\AppData\Local\Temp\{652B97CC-9CA8-479F-91EA-76DE51425974}\ISBEW64.exe

C:\Users\Admin\AppData\Local\Temp\{652B97CC-9CA8-479F-91EA-76DE51425974}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{1A643B7D-6659-4F08-80A8-650954174A0F}

C:\Users\Admin\AppData\Local\Temp\{652B97CC-9CA8-479F-91EA-76DE51425974}\ISBEW64.exe

C:\Users\Admin\AppData\Local\Temp\{652B97CC-9CA8-479F-91EA-76DE51425974}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{523C6C2D-00A9-48D3-B586-53B1A6670354}

C:\Users\Admin\AppData\Local\Temp\{652B97CC-9CA8-479F-91EA-76DE51425974}\ISBEW64.exe

C:\Users\Admin\AppData\Local\Temp\{652B97CC-9CA8-479F-91EA-76DE51425974}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{2CBD0626-A870-456B-B61E-D6C90F45B8B4}

C:\Users\Admin\AppData\Local\Temp\{652B97CC-9CA8-479F-91EA-76DE51425974}\ISBEW64.exe

C:\Users\Admin\AppData\Local\Temp\{652B97CC-9CA8-479F-91EA-76DE51425974}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{184D4416-6325-4714-A219-7F33D9C20647}

C:\Users\Admin\AppData\Local\Temp\{652B97CC-9CA8-479F-91EA-76DE51425974}\ISBEW64.exe

C:\Users\Admin\AppData\Local\Temp\{652B97CC-9CA8-479F-91EA-76DE51425974}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{0646BD83-14FF-46D0-96A2-E29DEFEB7DE2}

C:\Windows\SysWOW64\cmd.exe

"C:\Windows\system32\cmd.exe" /c rmdir /s /q "C:\Users\Admin\AppData\Local\Temp\{8EB95A46-0D1B-45CF-9A44-98E48923E416}"

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Desktop\MoveSearch.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffde3283cb8,0x7ffde3283cc8,0x7ffde3283cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1880,16221900028589532333,397624888446857126,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1892 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1880,16221900028589532333,397624888446857126,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1880,16221900028589532333,397624888446857126,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2560 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,16221900028589532333,397624888446857126,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3100 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,16221900028589532333,397624888446857126,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3136 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1880,16221900028589532333,397624888446857126,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5064 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1880,16221900028589532333,397624888446857126,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5368 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,16221900028589532333,397624888446857126,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,16221900028589532333,397624888446857126,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3940 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,16221900028589532333,397624888446857126,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,16221900028589532333,397624888446857126,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,16221900028589532333,397624888446857126,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,16221900028589532333,397624888446857126,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4072 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,16221900028589532333,397624888446857126,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1880,16221900028589532333,397624888446857126,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3308 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x00000000000004C4 0x00000000000004D4

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,16221900028589532333,397624888446857126,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6300 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1880,16221900028589532333,397624888446857126,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6392 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,16221900028589532333,397624888446857126,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6728 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,16221900028589532333,397624888446857126,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6956 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,16221900028589532333,397624888446857126,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7212 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,16221900028589532333,397624888446857126,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7240 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,16221900028589532333,397624888446857126,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7504 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,16221900028589532333,397624888446857126,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8216 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1880,16221900028589532333,397624888446857126,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8256 /prefetch:8

C:\Windows\System32\CredentialUIBroker.exe

"C:\Windows\System32\CredentialUIBroker.exe" NonAppContainer -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1880,16221900028589532333,397624888446857126,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8896 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,16221900028589532333,397624888446857126,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8064 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,16221900028589532333,397624888446857126,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7692 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,16221900028589532333,397624888446857126,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9044 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1880,16221900028589532333,397624888446857126,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5584 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,16221900028589532333,397624888446857126,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7520 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,16221900028589532333,397624888446857126,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7536 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,16221900028589532333,397624888446857126,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1880,16221900028589532333,397624888446857126,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8840 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,16221900028589532333,397624888446857126,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7700 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1880,16221900028589532333,397624888446857126,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8332 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1880,16221900028589532333,397624888446857126,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1020 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,16221900028589532333,397624888446857126,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7896 /prefetch:1

C:\Windows\System32\CredentialUIBroker.exe

"C:\Windows\System32\CredentialUIBroker.exe" NonAppContainer -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1880,16221900028589532333,397624888446857126,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7468 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 services.combocleaner.com udp
US 104.25.185.50:443 services.combocleaner.com tcp
US 104.25.185.50:443 services.combocleaner.com tcp
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 125.21.192.23.in-addr.arpa udp
US 95.100.195.45:443 www.bing.com tcp
US 95.100.195.45:443 www.bing.com tcp
N/A 224.0.0.251:5353 udp
PL 212.85.111.79:80 proszek.pl tcp
PL 212.85.111.79:80 proszek.pl tcp
PL 212.85.111.79:80 proszek.pl tcp
US 185.199.111.153:80 ptoszek.pl tcp
US 185.199.111.153:80 ptoszek.pl tcp
US 185.199.111.153:443 ptoszek.pl tcp
US 216.239.32.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 auth.roblox.com udp
US 8.8.8.8:53 www.guilded.gg udp
US 216.239.32.36:443 region1.google-analytics.com udp
US 8.8.8.8:53 mail.google.com udp
US 8.8.8.8:53 www.dropbox.com udp
US 8.8.8.8:53 signin.ebay.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 secure.skype.com udp
GB 172.217.169.78:443 www.youtube.com tcp
NL 18.239.50.63:443 www.deviantart.com tcp
NL 18.239.70.223:443 www.amazon.com tcp
NL 162.125.65.18:443 www.dropbox.com tcp
IE 52.178.182.128:443 secure.skype.com tcp
NL 108.156.60.97:443 www.guilded.gg tcp
GB 104.103.202.217:443 signin.ebay.com tcp
GB 172.217.169.36:443 www.google.com tcp
GB 128.116.119.4:443 auth.roblox.com tcp
GB 20.26.156.215:443 github.com tcp
GB 172.217.169.69:443 mail.google.com tcp
NL 18.239.50.63:443 www.deviantart.com tcp
GB 172.217.169.78:443 www.youtube.com tcp
GB 128.116.119.4:443 auth.roblox.com tcp
NL 18.239.70.223:443 www.amazon.com tcp
NL 108.156.60.97:443 www.guilded.gg tcp
NL 162.125.65.18:443 www.dropbox.com tcp
GB 104.103.202.217:443 signin.ebay.com tcp
GB 20.26.156.215:443 github.com tcp
GB 172.217.169.69:443 mail.google.com tcp
GB 172.217.169.36:443 www.google.com tcp
IE 52.178.182.128:443 secure.skype.com tcp
US 95.100.195.6:443 secure.hulu.com tcp
NL 18.238.243.62:443 soundcloud.com tcp
US 162.159.136.232:443 discord.com tcp
IE 54.170.196.176:443 www.netflix.com tcp
US 8.8.8.8:53 128.182.178.52.in-addr.arpa udp
NL 18.239.36.123:80 crt.rootg2.amazontrust.com tcp
NL 18.239.36.123:80 crt.rootg2.amazontrust.com tcp
GB 23.214.143.155:443 steamcommunity.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com tcp
NL 51.105.176.200:443 login.skype.com tcp
GB 74.125.71.84:443 accounts.google.com tcp
GB 74.125.71.84:443 accounts.google.com tcp
GB 23.214.143.155:443 steamcommunity.com tcp
US 35.190.80.1:443 a.nel.cloudflare.com udp
GB 74.125.71.84:443 accounts.google.com udp
NL 185.15.59.224:443 en.wikipedia.org tcp
GB 184.25.193.136:443 store.steampowered.com tcp
US 95.100.195.6:443 secure.hulu.com tcp
NL 185.15.59.224:443 en.wikipedia.org tcp
US 95.100.195.6:443 secure.hulu.com tcp
IE 212.82.100.140:443 login.yahoo.com tcp
US 192.0.78.17:443 wordpress.com tcp
US 192.0.78.17:443 wordpress.com tcp
US 76.223.32.228:443 authorisation.grupaonet.pl tcp
US 8.8.8.8:53 69.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 224.59.15.185.in-addr.arpa udp
US 8.8.8.8:53 140.100.82.212.in-addr.arpa udp
US 8.8.8.8:53 17.78.0.192.in-addr.arpa udp
PL 217.74.64.236:443 poczta.interia.pl tcp
NL 18.239.94.9:443 konto.onet.pl tcp
GB 87.248.114.11:443 uk.yahoo.com tcp
US 3.165.148.95:443 www.olx.pl tcp
US 104.18.32.47:443 chatgpt.com tcp
PL 217.74.72.58:443 www.interia.pl tcp
US 192.0.77.40:443 www.tumblr.com tcp
PL 185.31.27.160:443 allegro.pl tcp
US 104.21.13.212:443 jshop.partners tcp
US 162.159.128.61:443 vimeo.com tcp
GB 18.172.88.120:443 pl.login.olx.com tcp
GB 172.217.169.36:443 www.google.com udp
GB 142.250.200.1:443 lh5.googleusercontent.com tcp
GB 142.250.200.10:443 ogads-pa.googleapis.com tcp
GB 142.250.200.10:443 ogads-pa.googleapis.com udp
GB 142.250.187.206:443 play.google.com tcp
GB 142.250.187.206:443 play.google.com udp
US 216.239.32.36:443 region1.google-analytics.com udp
GB 95.101.143.193:443 tcp
GB 95.101.143.193:443 tcp
US 95.100.195.59:443 r.bing.com tcp
US 95.100.195.59:443 r.bing.com tcp
US 95.100.195.59:443 r.bing.com tcp
US 95.100.195.59:443 r.bing.com tcp
US 95.100.195.59:443 r.bing.com tcp
US 95.100.195.59:443 r.bing.com tcp
US 52.182.143.213:443 browser.pipe.aria.microsoft.com tcp

Files

C:\Users\Admin\AppData\Local\Temp\~7F73.tmp

MD5 2cb76e7429c233c3473730ebf8077b16
SHA1 1aba6ecff796bfd31a62c34ec4ba52aecdfd1c56
SHA256 670cd9bf35ff2f5fb16d5c379eb1682f0922b2a4348ea492968bbb5e383e716c
SHA512 b6a309f0d03c6044a58776c3e035ad1cbe31cee4cece237a8a9b3f2f41d9a9e6c961c4c7d69653542d6f4ceae3277505d119d716e390fc28f13f78a511f4e5fa

C:\Users\Admin\AppData\Local\Temp\{8EB95A46-0D1B-45CF-9A44-98E48923E416}\CCSetup.exe

MD5 bcd0504ffd77167a4faf57fc824838d7
SHA1 aad13886b1e07cf2663b303fa4ccb75478825ca7
SHA256 5b013598ac866e3bbd6f94e9427b9d932a73742f41c93d5deb8c3be775ca81ab
SHA512 908ad6e2ba87933897b8d1990cca52a6dacfa2dc6d33e5be1cb0d36e240456671adda81e6f4f6088732fba5b27d850127acc5e21fd1459a9e48c5338b7e507aa

C:\Users\Admin\AppData\Local\Temp\{8EB95A46-0D1B-45CF-9A44-98E48923E416}\_ISMSIDEL.INI

MD5 cde7d9495fe38c2157f1a267d3954a8f
SHA1 70af756e075fc9e1c239803ed66f58374cb5241f
SHA256 1e28e23dbf487f8923a063c582cc8103e145481e1ae7cccaec064adec125873d
SHA512 1b90046b1cab911b20aa89b314af2dd9b41c8669e3f6cfb9fe4389840d72dd93a51b353339062ed26c3e7d35df4a74a986c38639ff1481d6df4f5ff5a6e015e6

C:\Users\Admin\AppData\Local\Temp\{8EB95A46-0D1B-45CF-9A44-98E48923E416}\0x0409.ini

MD5 a108f0030a2cda00405281014f897241
SHA1 d112325fa45664272b08ef5e8ff8c85382ebb991
SHA256 8b76df0ffc9a226b532b60936765b852b89780c6e475c152f7c320e085e43948
SHA512 d83894b039316c38915a789920758664257680dcb549a9b740cf5361addbee4d4a96a3ff2999b5d8acfb1d9336da055ec20012d29a9f83ee5459f103fbeec298

C:\Users\Admin\AppData\Local\Temp\{8EB95A46-0D1B-45CF-9A44-98E48923E416}\CCSetup.msi

MD5 5a78defab6baad26cb48f758db0d6690
SHA1 051ab465e8c5b57a797cd4257a2f62468519b0a9
SHA256 2f5bbc221e419bb591c0cd42fb83100a0a95da7fa37b34ec51552d5b280991bf
SHA512 a0a8b35576e339cc977ee693b44d96f0acb9a89ea2960664ad9e1481aac4ae4358d6187b51db048abbe1aecb634b07677b434c9bd8d6c8de3d85d898c2ab4f64

C:\Users\Admin\AppData\Local\Temp\{8EB95A46-0D1B-45CF-9A44-98E48923E416}\ISSetup.dll

MD5 01a010443535bba0b69c9eb41b8b4c4d
SHA1 c2b114f760050d325425311ffd7260edbdbbb39b
SHA256 fee85f668bf25cf836d6d46e20545930f2db549bfbf9b514d8efa8eb372fa301
SHA512 de91e77c54b3ffccdfc7df64cdc10dabdf450ed79f9d1d4682694b7be8a3b8113da3d947bd24b1de4b70064ea32e98acea46a18b8f78c98b843c91ee20a1f689

C:\Users\Admin\AppData\Local\Temp\MSI8BB7.tmp

MD5 caab36876c8757cb23ceb224c583903a
SHA1 41872dced001b6898309a5dc005e162c9d450d7c
SHA256 fb6fd34e42619110bdd4e7410e6cf5792d48da3579d451a4ca8853cdaa681ff4
SHA512 ac3ae007dd3ae3fc29fabb0cb694e174339f78ce7e11b0ab624ae9316adcd6d3f86a701c045074c3eb1a7a34060528cce4cb86a457c11a39f7338b0c0f25483b

C:\Users\Admin\AppData\Local\Temp\{652B97CC-9CA8-479F-91EA-76DE51425974}\ISBEW64.exe

MD5 aa9eb5317eac5401d5eb0b96a19af711
SHA1 87e0d072d1212f6f696a2750162fd1d57394652f
SHA256 1360a6ec6d8a575780b7740e2dd56fcfcf2db997dc1c908f7e7e381ee4f12a1b
SHA512 f17f84344a1ffd094bdb5ac52698c1abfa8ad9013e64915c2edba301504bc8cf765a82d57897655163a86fcd2939d97068a321849cf98937d4a1a305656355e8

C:\Users\Admin\AppData\Local\Temp\{652B97CC-9CA8-479F-91EA-76DE51425974}\ISRT.dll

MD5 b4171921e8339f2c5712b3c58cd86965
SHA1 146ac8f91f65780269b9aa12ff90079159578275
SHA256 d72c678d0265d44898f6f85ae0a65ad5429a10564ee5070de93a75511f438f2a
SHA512 8d009c6863e782ceeeabeb8f1a39cf594e916fb94eac4a215e4cf9e82174170fa5eead12312801f3e787c7e7ad9badd20f5a03c7302cc63a2d33dbd0d77f4536

memory/3716-138-0x0000000010000000-0x0000000010114000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\{652B97CC-9CA8-479F-91EA-76DE51425974}\_isres_0x0409.dll

MD5 cbf32e9e7482eda0ed5490cbfcf42fd5
SHA1 3c411155e102f44003da3a981e833073243fcad5
SHA256 6b458dcf8e27154328f5ba1c6496a6ec480a3af6fd85aa2ac438dac822a1f128
SHA512 c4ba46040f346308975fff55704f435f7cd5bd9c21b50bce2e750364017a0639390e5b7e6588100b903f8eeafca74144429e28136e53cbe49fc7101952a201e1

C:\Users\Admin\AppData\Local\Temp\{652B97CC-9CA8-479F-91EA-76DE51425974}\_isuser_0x0409.dll

MD5 d1c2b7656b3ecd86251e5bf61a98d5e3
SHA1 9ba4b76dbaadae23f4f842a83a59b0a3411541ed
SHA256 ec147235c984b0f0e566969fed01717fa9189123171e95a8a50c3f54e53ec645
SHA512 b5ee35b9f8293ef22e43fd5b7392bb5288e49954a24049b1e8b5380ce8c4fb72544dfbdc03215bbd2a206678f27fcba02cb24dee90e1848e0401a776188f5d4b

C:\Users\Admin\AppData\Local\Temp\{652B97CC-9CA8-479F-91EA-76DE51425974}\skin8e55.rra

MD5 7568981428a026c5597569e15c918764
SHA1 61b70714f95713c7d48bea3e815801713a1a2254
SHA256 60296347d78f52d5ccd20a8cfc426719f4821ecab61463c59ed32362d63d7646
SHA512 e498ad274dc6c317e007df03379e92edb1741fad641b4aefacbbea267abdb2e09fbf54e990c1330ea96a7b2a92583cfc18f6c1eb3618e773cc7e8375916c1111

C:\Users\Admin\AppData\Local\Temp\{8EB95A46-0D1B-45CF-9A44-98E48923E416}\setup.isn

MD5 158b74e43cb4ee3467e9db23afdbd32c
SHA1 37cabfa89afd4ef71dc1ecb67976ec4d63895769
SHA256 ae7e9458770cda907ac9205730d3ee1315bc0c14a5f143247e97c03294eb5560
SHA512 a65dc8a3c521d9ebec742af065adbb0b57b24b2d00998895001b90a6809c8739084cf043562e450c9bfced0f22f277e510b8da492bd2524c4bc10fd4ff3ed063

C:\Users\Admin\AppData\Local\Temp\{8EB95A46-0D1B-45CF-9A44-98E48923E416}\_ISMSIDEL.INI

MD5 db9af7503f195df96593ac42d5519075
SHA1 1b487531bad10f77750b8a50aca48593379e5f56
SHA256 0a33c5dffabcf31a1f6802026e9e2eef4b285e57fd79d52fdcd98d6502d14b13
SHA512 6839264e14576fe190260a4b82afc11c88e50593a20113483851bf4abfdb7cca9986bef83f4c6b8f98ef4d426f07024cf869e8ab393df6d2b743b9b8e2544e1b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 051a939f60dced99602add88b5b71f58
SHA1 a71acd61be911ff6ff7e5a9e5965597c8c7c0765
SHA256 2cff121889a0a77f49cdc4564bdd1320cf588c9dcd36012dbc3669cf73015d10
SHA512 a9c72ed43b895089a9e036aba6da96213fedd2f05f0a69ae8d1fa07851ac8263e58af86c7103ce4b4f9cfe92f9c9d0a46085c066a54ce825ef53505fdb988d1f

\??\pipe\LOCAL\crashpad_2212_TKNXUVJJDWVYLZXV

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 003b92b33b2eb97e6c1a0929121829b8
SHA1 6f18e96c7a2e07fb5a80acb3c9916748fd48827a
SHA256 8001f251d5932a62bfe17b0ba3686ce255ecf9adb95a06ecb954faa096be3e54
SHA512 18005c6c07475e6dd1ec310fe511353381cf0f15d086cf20dc6ed8825c872944185c767f80306e56fec9380804933aa37a8f12c720398b4b3b42cb216b41cf77

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9ceb705d1683e8f1a2a4b194aed1859b
SHA1 e833956cdea31c77a098819915858f8649b5fb68
SHA256 74de1f02d83bd27a8c70a50231fa628bd476a44f0aec3c8997f9b0c94f0bffb0
SHA512 66ca3913e99f70cfeaae1676bb2ba91a06d47086707070160ee5ca23ae72b729ad1334cb462e5d43f36e4a16944bd77dd54f6df419b3e99f491a1557d5372c47

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 6c48ddcdb413fe217c16bc7e726dc742
SHA1 6628f87ecc237a5fbd2a409264e256500558c4fb
SHA256 c4a39412d6bfc7ec0411b84cb73d63b63a521b96966b19157990765369c8eb93
SHA512 b5c74cf901e6fa24a5f95b75a4d2bcbd09b538fea0c041c3aeb8b8795534618ca66a99d1eeec7eea240ac2426b204e07a019747091989f98d3ff2054a43df668

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 bde8fc98f9a81d02db659602173f1671
SHA1 81be833c3453121c1ea320e8b8be974fa228676e
SHA256 fc0fea96310bc3e2fd60b996a813040c5834463cc66f7054a9500953dd351e97
SHA512 bb302566c54d04f3cfc0a0a60babb120636847016fb760c719b6004a2c43d4f5ce194027d4015f093d857249be3598f25f9045e0ed0d729c38fe34bac32b7b65

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 4b013bc6babf9363baf1266800329dfa
SHA1 bae8d48637c529a7aa846c4bdf304ea2368c4f40
SHA256 c3ac929241a9af951910db470188c15b23bd57e309877bdc3faeb59858e636f7
SHA512 176d0bb27453c78ac1950955da914feec141eef2e93f52607d3f508c83489dd5901fa609aba53feb37d16cb974df30389b90a1290b9d2a2030da1033205e74eb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 19c2058eb9aa89374c572d210ce2a89e
SHA1 50b5adf8faaadcaeb51a3d3c7b200b24ff442052
SHA256 befbf7b3121875ecce7d33828968db822015fa5c00c9fc88913f1349d9205dcb
SHA512 9c0b63d83091bcfc32c693651541595605c4ee7e55f572d54e8d86fe626b4b99beb216f85fe93dffaf9b58fd4958b0f93f0f2fb058c817bb41073d00495f37e0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 90f05dba5e6681c351c7e9b11baef83e
SHA1 520c26a52f813ae4c7cab0bfd8a9112846be0157
SHA256 242ce4866265bd84b8868bd30511c237eba6df75c0e9e29e46ccb9b7353ef1d3
SHA512 857c712bbdfbb6ae7011a01798e5d0d8b6137f61c4e6c93636e0755158b70b47945c52a69a162e4b75f428b49df2aedf2fa90fe2b404e9c67e6fe42a5421aae3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751

MD5 8db810cba14c00416eb79480a21075e6
SHA1 b0e64a4d159bf8db91b5bc7cb7d82ef0c2f3c467
SHA256 4d53b04ebabf781541fbeb06a82c50991d6abea63d745352e7c5340272eb5956
SHA512 5eb33db1d70fb9230c18d3a1010894a6b3dd5be45547a446cd56c20ca588be5b8d622af48911a70199d1baefb38c71b669b97e543cdc3b5acde2ecacf2bf0d37

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751

MD5 822467b728b7a66b081c91795373789a
SHA1 d8f2f02e1eef62485a9feffd59ce837511749865
SHA256 af2343382b88335eea72251ad84949e244ff54b6995063e24459a7216e9576b9
SHA512 bacea07d92c32078ca6a0161549b4e18edab745dd44947e5f181d28cc24468e07769d6835816cdfb944fd3d0099bde5e21b48f4966824c5c16c1801712303eb6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

MD5 036b302f73d6226d565f17430184cbe3
SHA1 d946c0dbcf63d8a7d9a60b288a92822c2af5adeb
SHA256 586e1508f02854d3204ae77d021d98bcdbdf54746af3c0a4c3e95d20bc2b7edc
SHA512 27a185df75c7cab2eb16f318d39053d11891dca4d1513546fabde4f52d2493d227709163b7bc34609000c3484505b19f61a4f29999189b4458966f603e339084

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\DABA17F5E36CBE65640DD2FE24F104E7

MD5 ff40e6900d615de9a362a8d94687ef7f
SHA1 9d41648240cd08f4358088fe658f87859a95f238
SHA256 76054f56ce2fdc22ee2644ba62f4c5879897ec83c31528aaf10be4f09bbfc07a
SHA512 ab60b15e39128a5ed841ffb586500a6f42d30956ee6c8014b0f397b9e32605af35994d938693e38847ab09a545a25da0b03adbecccf8451e5ff8dd9f84c9913e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\DABA17F5E36CBE65640DD2FE24F104E7

MD5 c6150925cfea5941ddc7ff2a0a506692
SHA1 9e99a48a9960b14926bb7f3b02e22da2b0ab7280
SHA256 28689b30e4c306aab53b027b29e36ad6dd1dcf4b953994482ca84bdc1ecac996
SHA512 b3bd41385d72148e03f453e76a45fcd2111a22eff3c7f1e78e41f6744735444e058144ed68af88654ee62b0f117949f35739daad6ad765b8cde1cff92ed2d00c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

MD5 3680d862474f5af9bbcd440e0bef94c1
SHA1 d7efa5887f139c3aa633bcc759092d1abe01028d
SHA256 aff07fd0d757945ed27cf0b9fd6d006e8f6eecb2de4d1cf5f9b568579f7b53c0
SHA512 29f5b80014f81a29f1d908d0b7d514cd739c20d1502bb536fb3e859893d43a3856b1b61a2944035289d766e4d64c82b3ae3a0ba2c583bc72eab889a8dd7c57dd

C:\Users\Admin\Downloads\media_images_ptakwspodniach.jpg:Zone.Identifier

MD5 4d4936a88b6225eb19934d05d16da72e
SHA1 c67459bd706a0aed6c25e548dabad9283de3a136
SHA256 a609395e07b725332ddb02bd428564d60dcc6fcf7df0d84c02baecbe14078840
SHA512 37b8a9de6786e86ae4bfd463abe5531229acaa6756df180b256b69375a4d724aac52aa0b748ddcc5e0e1cb9e34b4542860f2063c441f3fbc87a1363605322cea

C:\Users\Admin\Downloads\Unconfirmed 226189.crdownload

MD5 9987455160273726f5894678429d5abe
SHA1 5291675ba62eb06953ea2543d139eb8d8ba1dd4f
SHA256 1480e09300dde94453bbf45950edbd2bcee237629c59c4930ae3dffa675ca75b
SHA512 75086a0cd7c6768c1a004871ce73e2da80a4b8b55134a881729b81067610e5fc61b5db5d9f4c1840a55f7fa74a782a8d3e33df10cb37c3d50eb6d6a560e1ae1d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

MD5 828bf6f53afdef6ffe9ce088927b202f
SHA1 6171839f04ffe84e94ca72a8159a04fa9649852f
SHA256 dd98a213fa9c23f41cc5cc0ffe262a5891729bcca0727bbae37362449800ed95
SHA512 a782f142925df0de3145fefd5dc674cf14af6179b88b62b83de34b4aef608c4f0874f782a305db89c358e03b9314b10b1a5a2b0172e47e198225a2c4e230d721

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2b183c7277dd28ec2dce28f100e7b255
SHA1 b214f7cbf1bb2ceee2e7c2c993b62345edc605d8
SHA256 27e8905d8fde0a7421594764f62524935db2c003958b37690df963513bc8bc5f
SHA512 ed34df4884ba573aad7bb508c40b54a46f117db83f32a97f838232cc1cf10936b1c065b88e2d38670f57c4dee3f74f2f5015fff66d3267ee4aae367964881b34

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 5ed0484a99d08b13f1b4ca2eb10612a0
SHA1 3384693ed07a135056128df78d3bc238214e46d5
SHA256 f50421018ab207e70f0f4b00a014b593f93280147da30840763a8d377b9dc3fe
SHA512 be0540e90eb037f1fe65e188d911340ba493c1a076e1f8cc9df5b7f034abcd9fce487b0dc8e01b0c7ecb94df8800ae5a5fb0165188f88ce6b73471612632fd6e

C:\Users\Admin\Downloads\media_images_jaczup.jpg:Zone.Identifier

MD5 a5f9318ca5713e5904d78b2f4b2411af
SHA1 df9c6fb21f4c095e0c459ffc0ccf7d08c32311a7
SHA256 01bbbd4867729279dc54e0ac5cc1f132d99de609333c44b1860575f23cd1fbb3
SHA512 2ee9bb12ed95b64a110597db02236b63969370479c02672be49354d2381a61c3e5013abd5452d9df38b3c6ac016342a105bf86e5a3c51300286141d6d1465f74

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 b525ed5bd39d99c47038db6479bf4149
SHA1 9263fc995e41108e3b64eb1d8b96f7fac8a33f8a
SHA256 5a8995dc3dda92b02ae1d13d3d3a6854f4e234d8f4103b0fb3c4da005fcb36da
SHA512 3ba8dffd5a159583df3985a9706fb5d18e99ea065713a33d5b7bad3934f3aca56f06b9612d8175d6f7a7b0a58bb52b9c6882086f00a2efb6ea996ffd550da2ef

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5903af.TMP

MD5 095cb36f2bfd44f5b029fa748e2bb1cf
SHA1 705db08d5ad20c0e66ffb90a249f9b4a97cf91c4
SHA256 f59b1f5392c07bbc1c81bc5a1ea3b8c1a674a2b80c8f68bce7bc14ba7880ce01
SHA512 a3a87d836170c48429cfc4c6650cd097f8656929d604768880125652d9cc021fc98c095e55c3fe169c9391e06dfa050d9b1ca8ce5a5b24bb5ff267b5a294773a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 1af09ee21120b2bb71f2f507bb10c280
SHA1 86efb76d5ac798d6f496b252fee601eba70a4a35
SHA256 ab50862fb245a74db2ab74a9be92e2abf50d3c70d7b37dabee04bbe4d25e89f5
SHA512 58163c682139a5b8b1b4ee95a44f8ed64dc15a10ff1b0e8d763900ce8528df6012765e2aab82e82dcd8442bcd0918dd6d89c77ba0252b103d1068724031aa8e0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6a7b11fcd6844018939cfdd5a38307b2
SHA1 426ae17b50c16f55a231cdbd4c3897ead5d6d57b
SHA256 3445504ccc7533a14b7f9d9bb8fa9aae0aca22bda738dd39106f7e38a4cfd0d1
SHA512 74cad4b045cc9508f6b4d29d1ae0ab69693144e52793d274035cb306fd6b31bf63b5160cbd9872c99be57e87919477052996455ea6c724afee948430866424e3

C:\Users\Admin\Downloads\media_images_ptok.jpg:Zone.Identifier

MD5 eca53f46ab97e08c2c45cf5f9048fbcf
SHA1 58e570b56f1507753dd3934ca3e1c2a610047787
SHA256 fe14924f13474c2cbe3079af6eef4991d2332238a9f80ef25ae1a514fe3758d1
SHA512 88459dce1a4128b8781aae7f936bbc3320e408bbf99e52fec83c145433e790cea5b10136e56d345f9c0c89270f52078802cc49d063fc4bec6f6d82992d304bf1

C:\Users\Admin\Downloads\media_images_kichajacyptoszek.jpg:Zone.Identifier

MD5 3aa9c8441ac42fa1aab3ea574568b5c5
SHA1 779724b3ad1a216db98602eefb4cc0512d628f2e
SHA256 9c1e7146ee59ec1d563283d31ad893c4190c8339ed020f0553afd685e7401747
SHA512 78759786ae3076751fe5359e596750e3d1996836152a802577eeb8f13d7a6bf29d27430d3196bae75c806fb4ad0397d4016488062b234374f9cae58cff419b2d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f561ae7615fb488813f5383b56b5a893
SHA1 c23239ad03976c604661aa59309a9df032238f52
SHA256 19390f4049747ceaf96af377b7d4a47aff4693cad558c9088f2404f3187a03c8
SHA512 2b3094f359f612d6b5e736132b5c33d615f1c6668d2d9b1a1ae650498b777e3a87e9552264b5f16aee2d2114376428b2b8b317165192b20f2b8d1efeabadd84a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 128e2bd0213b88c602af3008954c30e6
SHA1 5ba1fd0611cd8924980e5baec96aa58f65dd4761
SHA256 0bed5f5ab8b8cb8d58133627ae2804762e2125677d8dc7cacc88ba304be06056
SHA512 d379cf568c962042f32f70717b41fea23f617e4b375e631e93ab7571a42b20a83cf46d3e974536b60e1dc58db9e77797f639cb1287a1447d2e1f4b4521221369

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 2b652b347524e83ebe08102e45882710
SHA1 21205ebb0aad71e627f7370e0b4e00ae471c5913
SHA256 dfe0057290e8db5997b137abdc9cd9b354f704d0d840083dbc70c4d0d83e85a5
SHA512 3f9c54fb31b7a2dc8070af9290b071f2f842989436a1141d2387a8de6ef1b750c98ed29d72af0476bf210b28a6feb6db182fdba37dd94c1461962f97b3e31e85

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 83b9316fc282a05d4998a36393d6e6ff
SHA1 67b490777494beab82e08058fcc46254124c2087
SHA256 e6e6bfe9f1790bcff6c49f3a4d005a3b9759a0f60213b8a04ee8a18654bc5a73
SHA512 1591f40733542c057f93936d35c10e3b3ea87be5b071421025a03da128200cd611d4b9689b2cc0dc122dbd791fa67dc9b34a8660a8bf04438a28d7fc2a5b04de

C:\Users\Admin\Downloads\Unconfirmed 261370.crdownload

MD5 c29bd8b386bba1a7e8ed0da79f102dbe
SHA1 136679532c19ca2214caf7e9a47d50333da89f76
SHA256 de9cb9fb63a1639aac155c472ebdbdf4be2adc405624390759f621ecceb71d24
SHA512 219261fb1b5ff29c559e12fb7a21174474cb0db35f954dd5bc87aa3303c9627ad29c63be38081883a696b4e00cbbebf14aedaf9a035717a5559380bdd1794b39

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 1091327cdd9a770f61be8fa4127aaf76
SHA1 ee67c55db4ffc8c5124a793309f4ddad673d0ef2
SHA256 9bdeac232bc820d4aebc4395e757c089f706ce3395073b37d5feef907309b3d6
SHA512 2d39996b24e006299f99691c4d5d5c024ad210b6c1f88ecdcb6942c7afc7d0ff793ed07467d1eec6f532e8e1d8dcecb49a409e5daf00fd9fcb46aabcba23746b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c4f9e08cad8bd417a6183e24365f24c3
SHA1 9480a63aa959fc4746e2e070b05e4c4e20ccf190
SHA256 a0a7fab33613d1022a9fbfccbe23d92068f8e1ba285c097fdddc78663d0a443b
SHA512 6c3ea0ae0adf88ab3a1e792949e60eb71f068ee649b0bda324ad335b09a57b3d9872732d888e1560ab229db8baa9d24e180812503f0c52b8134e733971a3d278

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 29845ddb98e9d6d5c7f30d1980e377ef
SHA1 22c7ae63ef8f90c913f371a2c495b2db0f59f7d3
SHA256 a16eb09ea8b7459840536d8b6b8a3ac84c723ab1387b7d0730c8e74906d85a17
SHA512 2aa3f27fc44482487aeca408bf3198bf48ced918dd3d955401f9f1fe273b21c9aff014c43e54506589ee48d87959e5c97f7f3edeb6af9cba2a5dd4eadfd285e0