Malware Analysis Report

2025-06-15 23:34

Sample ID 241031-s3kktsyph1
Target http://piratebay.com
Tags
bootkit discovery persistence
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

Threat Level: Shows suspicious behavior

The file http://piratebay.com was found to be: Shows suspicious behavior.

Malicious Activity Summary

bootkit discovery persistence

Loads dropped DLL

Enumerates connected drives

Writes to the Master Boot Record (MBR)

Drops file in Program Files directory

Browser Information Discovery

System Location Discovery: System Language Discovery

Suspicious use of FindShellTrayWindow

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious behavior: GetForegroundWindowSpam

Suspicious behavior: EnumeratesProcesses

Modifies registry class

Enumerates system info in registry

Suspicious behavior: AddClipboardFormatListener

Suspicious use of SendNotifyMessage

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Checks processor information in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-31 15:38

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-31 15:38

Reported

2024-10-31 16:11

Platform

win10v2004-20241007-en

Max time kernel

1729s

Max time network

1684s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://piratebay.com

Signatures

Loads dropped DLL

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\x: C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\Xpaj\xpaj.exe N/A
File opened (read-only) \??\y: C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\Xpaj\xpaj.exe N/A
File opened (read-only) \??\e: C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\Xpaj\xpaj.exe N/A
File opened (read-only) \??\i: C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\Xpaj\xpaj.exe N/A
File opened (read-only) \??\k: C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\Xpaj\xpaj.exe N/A
File opened (read-only) \??\q: C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\Xpaj\xpaj.exe N/A
File opened (read-only) \??\w: C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\Xpaj\xpaj.exe N/A
File opened (read-only) \??\t: C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\Xpaj\xpaj.exe N/A
File opened (read-only) \??\g: C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\Xpaj\xpaj.exe N/A
File opened (read-only) \??\m: C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\Xpaj\xpaj.exe N/A
File opened (read-only) \??\o: C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\Xpaj\xpaj.exe N/A
File opened (read-only) \??\r: C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\Xpaj\xpaj.exe N/A
File opened (read-only) \??\s: C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\Xpaj\xpaj.exe N/A
File opened (read-only) \??\j: C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\Xpaj\xpaj.exe N/A
File opened (read-only) \??\n: C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\Xpaj\xpaj.exe N/A
File opened (read-only) \??\u: C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\Xpaj\xpaj.exe N/A
File opened (read-only) \??\h: C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\Xpaj\xpaj.exe N/A
File opened (read-only) \??\l: C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\Xpaj\xpaj.exe N/A
File opened (read-only) \??\p: C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\Xpaj\xpaj.exe N/A
File opened (read-only) \??\v: C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\Xpaj\xpaj.exe N/A

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PHYSICALDRIVE0 C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\Xpaj\xpaj.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification \??\c:\Program Files\Microsoft Office\root\Client\mfc140u.dll C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\Xpaj\xpaj.exe N/A
File opened for modification \??\c:\Program Files\Common Files\System\ado\msadox.dll C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\Xpaj\xpaj.exe N/A
File opened for modification C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\System.IdentityModel.Selectors.dll C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\Xpaj\xpaj.exe N/A
File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.371\goopdateres_sr.dll C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\Xpaj\xpaj.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Document.XmlSerializers.dll C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\Xpaj\xpaj.exe N/A
File opened for modification \??\c:\Program Files (x86)\Google\Update\1.3.36.371\goopdateres_zh-CN.dll C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\Xpaj\xpaj.exe N/A
File opened for modification C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\en\Microsoft.PackageManagement.MsiProvider.resources.dll C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\Xpaj\xpaj.exe N/A
File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\mscordaccore.dll C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\Xpaj\xpaj.exe N/A
File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.InteropServices.RuntimeInformation.dll C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\Xpaj\xpaj.exe N/A
File opened for modification \??\c:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-runtime-l1-1-0.dll C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\Xpaj\xpaj.exe N/A
File opened for modification \??\c:\Program Files\Windows Media Player\wmlaunch.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\Xpaj\xpaj.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\UCRTBASE.DLL C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\Xpaj\xpaj.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-timezone-l1-1-0.dll C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\Xpaj\xpaj.exe N/A
File opened for modification \??\c:\Program Files\Microsoft Office\root\Office16\ONLNTCOMLIB.DLL C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\Xpaj\xpaj.exe N/A
File opened for modification \??\c:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdate.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\Xpaj\xpaj.exe N/A
File opened for modification \??\c:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\SkypeProxiesAndStubs.dll C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\Xpaj\xpaj.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\plugins\access\libdvdread_plugin.dll C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\Xpaj\xpaj.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\plugins\access\libshm_plugin.dll C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\Xpaj\xpaj.exe N/A
File opened for modification \??\c:\Program Files\Microsoft Office\root\Office16\ONFILTER.DLL C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\Xpaj\xpaj.exe N/A
File opened for modification C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\Xpaj\xpaj.exe N/A
File opened for modification C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\ja\UIAutomationClientsideProviders.resources.dll C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\Xpaj\xpaj.exe N/A
File opened for modification C:\Program Files\Internet Explorer\sqmapi.dll C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\Xpaj\xpaj.exe N/A
File opened for modification \??\c:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\Office.UI.Xaml.Word.dll C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\Xpaj\xpaj.exe N/A
File opened for modification \??\c:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\msproof7imm.dll C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\Xpaj\xpaj.exe N/A
File opened for modification C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\fr\PresentationFramework.resources.dll C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\Xpaj\xpaj.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_delay_plugin.dll C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\Xpaj\xpaj.exe N/A
File opened for modification \??\c:\Program Files\Microsoft Office\root\Office16\FilterModule.dll C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\Xpaj\xpaj.exe N/A
File opened for modification \??\c:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_x64__8wekyb3d8bbwe\Microsoft.Notes.Upgrade.dll C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\Xpaj\xpaj.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Office.Outlook.HostAdapter.v10.0.dll C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\Xpaj\xpaj.exe N/A
File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\mscordaccore_amd64_amd64_8.0.224.6711.dll C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\Xpaj\xpaj.exe N/A
File opened for modification \??\c:\Program Files\Microsoft Office\root\Office16\REFEDIT.DLL C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\Xpaj\xpaj.exe N/A
File opened for modification \??\c:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.147.37\msedgeupdateres_el.dll C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\Xpaj\xpaj.exe N/A
File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hu-hu.dll C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\Xpaj\xpaj.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\plugins\codec\libflac_plugin.dll C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\Xpaj\xpaj.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\plugins\access\libsmb_plugin.dll C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\Xpaj\xpaj.exe N/A
File opened for modification \??\c:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\seqchk10imm.dll C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\Xpaj\xpaj.exe N/A
File opened for modification \??\c:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.147.37\msedgeupdateres_ar.dll C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\Xpaj\xpaj.exe N/A
File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\mshwjpn.dll C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\Xpaj\xpaj.exe N/A
File opened for modification \??\c:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\Xpaj\xpaj.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.147.37\msedgeupdateres_ko.dll C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\Xpaj\xpaj.exe N/A
File opened for modification C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.Services.Client.resources.dll C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\Xpaj\xpajB.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\MSOADFPS.DLL C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\Xpaj\xpaj.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.147.37\msedgeupdateres_fa.dll C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\Xpaj\xpajB.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\plugins\misc\libaudioscrobbler_plugin.dll C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\Xpaj\xpaj.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpeg4video_plugin.dll C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\Xpaj\xpaj.exe N/A
File opened for modification \??\c:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-environment-l1-1-0.dll C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\Xpaj\xpaj.exe N/A
File opened for modification \??\c:\Program Files\Microsoft Office\root\Office16\JitV.dll C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\Xpaj\xpaj.exe N/A
File opened for modification \??\c:\Program Files\Microsoft Office\root\Office16\MSOHTMED.EXE C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\Xpaj\xpaj.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\mozavcodec.dll C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\Xpaj\xpaj.exe N/A
File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Cryptography.Primitives.dll C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\Xpaj\xpaj.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\plugins\spu\libmarq_plugin.dll C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\Xpaj\xpaj.exe N/A
File opened for modification C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Web.Entity.Resources.dll C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\Xpaj\xpaj.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.SapBwProvider.dll C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\Xpaj\xpaj.exe N/A
File opened for modification \??\c:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\x64\msvp9dec_store.dll C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\Xpaj\xpaj.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\pwahelper.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\Xpaj\xpaj.exe N/A
File opened for modification \??\c:\Program Files (x86)\Google\Update\1.3.36.371\goopdateres_is.dll C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\Xpaj\xpaj.exe N/A
File opened for modification \??\c:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-utility-l1-1-0.dll C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\Xpaj\xpaj.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.147.37\msedgeupdateres_uk.dll C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\Xpaj\xpaj.exe N/A
File opened for modification C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\es\Microsoft.Build.Conversion.v3.5.resources.dll C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\Xpaj\xpajB.exe N/A
File opened for modification \??\c:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\Xpaj\xpaj.exe N/A
File opened for modification C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\Microsoft.PackageManagement.MsuProvider.dll C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\Xpaj\xpaj.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\OSF.DLL C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\Xpaj\xpaj.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.reportviewer.winforms.dll C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\Xpaj\xpaj.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\fontmanager.dll C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\Xpaj\xpaj.exe N/A

Browser Information Discovery

discovery

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Virus\WinNuke.98.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\WinNuke.98.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\Xpaj\xpaj.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\Xpaj\xpajB.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A
N/A N/A C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\Xpaj\xpajB.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2968 wrote to memory of 3056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 3056 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 1236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 1236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 1236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 1236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 1236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 1236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 1236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 1236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 1236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 1236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 1236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 1236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 1236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 1236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 1236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 1236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 1236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 1236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 1236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 1236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 1236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 1236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 1236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 1236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 1236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 1236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 1236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 1236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 1236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 1236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 1236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 1236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 1236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 1236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 1236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 1236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 1236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 1236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 1236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 1236 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 2280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 2280 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 836 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 836 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 836 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 836 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 836 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 836 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 836 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 836 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 836 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 836 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 836 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 836 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 836 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 836 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 836 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 836 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 836 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 836 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 836 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2968 wrote to memory of 836 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://piratebay.com

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffabf6646f8,0x7ffabf664708,0x7ffabf664718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,1210832552011350552,16043269135038017713,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,1210832552011350552,16043269135038017713,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2436 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,1210832552011350552,16043269135038017713,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2896 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1210832552011350552,16043269135038017713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1210832552011350552,16043269135038017713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1210832552011350552,16043269135038017713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4764 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2052,1210832552011350552,16043269135038017713,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5144 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1210832552011350552,16043269135038017713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1210832552011350552,16043269135038017713,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,1210832552011350552,16043269135038017713,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4796 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,1210832552011350552,16043269135038017713,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4796 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1210832552011350552,16043269135038017713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4784 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1210832552011350552,16043269135038017713,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2124 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,1210832552011350552,16043269135038017713,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2712 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1210832552011350552,16043269135038017713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5760 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1210832552011350552,16043269135038017713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6004 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1210832552011350552,16043269135038017713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2420 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1210832552011350552,16043269135038017713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4232 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1210832552011350552,16043269135038017713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6024 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1210832552011350552,16043269135038017713,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2140 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1210832552011350552,16043269135038017713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1210832552011350552,16043269135038017713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4712 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1210832552011350552,16043269135038017713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1210832552011350552,16043269135038017713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2612 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2052,1210832552011350552,16043269135038017713,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=1940 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2052,1210832552011350552,16043269135038017713,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3516 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1210832552011350552,16043269135038017713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3936 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1210832552011350552,16043269135038017713,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2092 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1210832552011350552,16043269135038017713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2692 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1210832552011350552,16043269135038017713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3460 /prefetch:1

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Virus\WinNuke.98.exe

"C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Virus\WinNuke.98.exe"

C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\WinNuke.98.exe

"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\WinNuke.98.exe"

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE

"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\Melissa.doc" /o ""

C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\Xpaj\xpaj.exe

"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\Xpaj\xpaj.exe"

C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\Xpaj\xpajB.exe

"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\Xpaj\xpajB.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 piratebay.com udp
US 172.67.159.80:80 piratebay.com tcp
US 172.67.159.80:80 piratebay.com tcp
US 8.8.8.8:53 odysee.com udp
US 172.67.71.33:443 odysee.com tcp
US 8.8.8.8:53 80.159.67.172.in-addr.arpa udp
US 8.8.8.8:53 75.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 33.71.67.172.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 200.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 sentry.odysee.tv udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 region1.analytics.google.com udp
US 8.8.8.8:53 www.google.co.uk udp
US 208.95.0.139:443 sentry.odysee.tv tcp
GB 142.250.178.3:443 www.google.co.uk tcp
US 216.239.32.36:443 region1.analytics.google.com tcp
BE 66.102.1.156:443 stats.g.doubleclick.net tcp
US 216.239.32.36:443 region1.analytics.google.com tcp
US 8.8.8.8:53 api.na-backend.odysee.com udp
US 8.8.8.8:53 cdn.cookielaw.org udp
US 8.8.8.8:53 api.odysee.com udp
US 104.26.4.54:443 api.odysee.com tcp
US 104.18.86.42:443 cdn.cookielaw.org tcp
US 104.26.4.54:443 api.odysee.com tcp
US 104.26.4.54:443 api.odysee.com tcp
US 104.26.4.54:443 api.odysee.com tcp
US 8.8.8.8:53 36.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 156.1.102.66.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 139.0.95.208.in-addr.arpa udp
US 8.8.8.8:53 54.4.26.104.in-addr.arpa udp
US 8.8.8.8:53 42.86.18.104.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 104.18.86.42:443 cdn.cookielaw.org tcp
US 150.171.28.10:443 g.bing.com tcp
US 8.8.8.8:53 geolocation.onetrust.com udp
US 104.18.32.137:443 geolocation.onetrust.com tcp
US 8.8.8.8:53 api.odysee.live udp
US 104.26.5.59:443 api.odysee.live tcp
US 8.8.8.8:53 thumbnails.odycdn.com udp
GB 84.17.50.9:443 thumbnails.odycdn.com tcp
GB 84.17.50.9:443 thumbnails.odycdn.com tcp
GB 84.17.50.9:443 thumbnails.odycdn.com tcp
GB 84.17.50.9:443 thumbnails.odycdn.com tcp
GB 84.17.50.9:443 thumbnails.odycdn.com tcp
GB 84.17.50.9:443 thumbnails.odycdn.com tcp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp
US 8.8.8.8:53 137.32.18.104.in-addr.arpa udp
US 8.8.8.8:53 59.5.26.104.in-addr.arpa udp
US 8.8.8.8:53 9.50.17.84.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 216.239.32.36:443 region1.analytics.google.com udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 107.12.20.2.in-addr.arpa udp
US 8.8.8.8:53 81.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 102.209.201.84.in-addr.arpa udp
GB 2.18.27.82:443 www.bing.com tcp
GB 2.18.27.82:443 www.bing.com tcp
US 8.8.8.8:53 82.27.18.2.in-addr.arpa udp
US 8.8.8.8:53 gmail.com udp
GB 216.58.204.69:80 gmail.com tcp
GB 216.58.204.69:80 gmail.com tcp
US 8.8.8.8:53 odysee-privacy.my.onetrust.com udp
US 8.8.8.8:53 mail.google.com udp
US 172.64.155.119:443 odysee-privacy.my.onetrust.com tcp
GB 142.250.180.5:443 mail.google.com tcp
US 8.8.8.8:53 accounts.google.com udp
BE 108.177.15.84:443 accounts.google.com tcp
BE 108.177.15.84:443 accounts.google.com udp
US 8.8.8.8:53 69.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 119.155.64.172.in-addr.arpa udp
US 8.8.8.8:53 5.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 84.15.177.108.in-addr.arpa udp
US 216.239.32.36:443 region1.analytics.google.com udp
GB 142.250.178.3:443 www.google.co.uk udp
US 8.8.8.8:53 227.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 35.200.250.142.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 172.217.16.238:443 play.google.com tcp
GB 172.217.16.238:443 play.google.com udp
US 8.8.8.8:53 www.google.com udp
GB 142.250.180.4:443 www.google.com tcp
US 8.8.8.8:53 238.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 4.180.250.142.in-addr.arpa udp
US 8.8.8.8:53 accounts.google.co.uk udp
GB 64.233.166.94:443 accounts.google.co.uk tcp
US 8.8.8.8:53 admin.google.com udp
GB 142.250.200.46:443 admin.google.com tcp
US 8.8.8.8:53 94.166.233.64.in-addr.arpa udp
GB 142.250.200.46:443 admin.google.com udp
GB 142.250.180.4:443 www.google.com udp
US 8.8.8.8:53 lh3.googleusercontent.com udp
GB 216.58.213.1:443 lh3.googleusercontent.com tcp
US 8.8.8.8:53 ogads-pa.clients6.google.com udp
US 8.8.8.8:53 apis.google.com udp
GB 216.58.213.10:443 ogads-pa.clients6.google.com tcp
GB 216.58.201.110:443 apis.google.com tcp
GB 216.58.213.10:443 ogads-pa.clients6.google.com udp
US 8.8.8.8:53 10.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 110.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 1.213.58.216.in-addr.arpa udp
US 8.8.8.8:53 ssl.gstatic.com udp
GB 172.217.16.227:443 ssl.gstatic.com tcp
GB 172.217.16.238:443 play.google.com udp
US 8.8.8.8:53 227.16.217.172.in-addr.arpa udp
US 8.8.8.8:53 ogs.google.com udp
GB 142.250.178.14:443 ogs.google.com tcp
GB 172.217.16.227:443 ssl.gstatic.com udp
GB 216.58.213.1:443 lh3.googleusercontent.com udp
US 8.8.8.8:53 14.178.250.142.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:80 github.com tcp
GB 20.26.156.215:80 github.com tcp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 8.8.8.8:53 github.githubassets.com udp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 215.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 154.109.199.185.in-addr.arpa udp
US 8.8.8.8:53 collector.github.com udp
US 140.82.114.21:443 collector.github.com tcp
US 185.199.109.154:443 github.githubassets.com tcp
US 8.8.8.8:53 api.github.com udp
US 140.82.114.21:443 collector.github.com tcp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 210.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 21.114.82.140.in-addr.arpa udp
US 8.8.8.8:53 235.17.178.52.in-addr.arpa udp
US 8.8.8.8:53 collector.github.com udp
US 140.82.113.22:443 collector.github.com tcp
US 8.8.8.8:53 22.113.82.140.in-addr.arpa udp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 codeload.github.com udp
GB 20.26.156.216:443 codeload.github.com tcp
US 8.8.8.8:53 216.156.26.20.in-addr.arpa udp
US 8.8.8.8:53 collector.github.com udp
US 140.82.112.21:443 collector.github.com tcp
US 8.8.8.8:53 21.112.82.140.in-addr.arpa udp
US 8.8.8.8:53 api.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 240.76.109.52.in-addr.arpa udp
US 8.8.8.8:53 roaming.officeapps.live.com udp
FR 52.109.68.129:443 roaming.officeapps.live.com tcp
US 8.8.8.8:53 129.68.109.52.in-addr.arpa udp
US 8.8.8.8:53 213.80.50.20.in-addr.arpa udp
US 8.8.8.8:53 metadata.templates.cdn.office.net udp
GB 2.18.27.153:443 metadata.templates.cdn.office.net tcp
US 8.8.8.8:53 binaries.templates.cdn.office.net udp
GB 2.19.252.143:443 binaries.templates.cdn.office.net tcp
GB 2.19.252.143:443 binaries.templates.cdn.office.net tcp
GB 2.19.252.143:443 binaries.templates.cdn.office.net tcp
GB 2.19.252.143:443 binaries.templates.cdn.office.net tcp
GB 2.19.252.143:443 binaries.templates.cdn.office.net tcp
GB 2.19.252.143:443 binaries.templates.cdn.office.net tcp
GB 2.19.252.143:443 binaries.templates.cdn.office.net tcp
GB 2.19.252.143:443 binaries.templates.cdn.office.net tcp
GB 2.19.252.143:443 binaries.templates.cdn.office.net tcp
GB 2.19.252.143:443 binaries.templates.cdn.office.net tcp
GB 2.19.252.143:443 binaries.templates.cdn.office.net tcp
GB 2.19.252.143:443 binaries.templates.cdn.office.net tcp
GB 2.19.252.143:443 binaries.templates.cdn.office.net tcp
GB 2.19.252.143:443 binaries.templates.cdn.office.net tcp
GB 2.19.252.143:443 binaries.templates.cdn.office.net tcp
GB 2.19.252.143:443 binaries.templates.cdn.office.net tcp
GB 2.19.252.143:443 binaries.templates.cdn.office.net tcp
GB 2.19.252.143:443 binaries.templates.cdn.office.net tcp
GB 2.19.252.143:443 binaries.templates.cdn.office.net tcp
GB 2.19.252.143:443 binaries.templates.cdn.office.net tcp
GB 2.19.252.143:443 binaries.templates.cdn.office.net tcp
GB 2.19.252.143:443 binaries.templates.cdn.office.net tcp
GB 2.19.252.143:443 binaries.templates.cdn.office.net tcp
GB 2.19.252.143:443 binaries.templates.cdn.office.net tcp
GB 2.19.252.143:443 binaries.templates.cdn.office.net tcp
GB 2.19.252.143:443 binaries.templates.cdn.office.net tcp
GB 2.19.252.143:443 binaries.templates.cdn.office.net tcp
GB 2.19.252.143:443 binaries.templates.cdn.office.net tcp
US 8.8.8.8:53 153.27.18.2.in-addr.arpa udp
US 8.8.8.8:53 143.252.19.2.in-addr.arpa udp
US 8.8.8.8:53 nortiniolosto.com udp
US 8.8.8.8:53 infoserv52.com udp
US 8.8.8.8:53 nortiniolosto.com udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 61cef8e38cd95bf003f5fdd1dc37dae1
SHA1 11f2f79ecb349344c143eea9a0fed41891a3467f
SHA256 ae671613623b4477fbd5daf1fd2d148ae2a09ddcc3804b2b6d4ffcb60b317e3e
SHA512 6fb9b333fe0e8fde19fdd0bd01a1990a4e60a87c0a02bc8297da1206e42f8690d06b030308e58c862e9e77714a585eed7cc1627590d99a10aeb77fc0dd3d864d

\??\pipe\LOCAL\crashpad_2968_RRWSITBBCJUYLXQK

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 0a9dc42e4013fc47438e96d24beb8eff
SHA1 806ab26d7eae031a58484188a7eb1adab06457fc
SHA256 58d66151799526b3fa372552cd99b385415d9e9a119302b99aadc34dd51dd151
SHA512 868d6b421ae2501a519595d0c34ddef25b2a98b082c5203da8349035f1f6764ddf183197f1054e7e86a752c71eccbc0649e515b63c55bc18cf5f0592397e258f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c28e609b3a7ac965a58dae889339254c
SHA1 b8147f6ff61394814ffd0699f796fa3811f255cf
SHA256 74a371a43cb34defcfa341132a49cefd4717cf62d93774b23597013d003e6524
SHA512 99ac73126d8482110a205a2c29d75a6d0341a28a341d1fbdc0daac7cd5a53e2820d88cb11347b7fa22dac22a15078d5829e05acfcdcb5bdb0cafcc1d112908e9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 6e83312f2e2ec413589d68341437b38d
SHA1 bdcad27583c7be1fa465748c1d51d91b17a57f9c
SHA256 b6932bfdfe1f48526c98343f19fe0c0b704092571dda8b5662434e2e73ef4103
SHA512 8bce3239a07bce0c36fa46dc3ede7379affecfc80919b14df002e43d5717a2678ffb34b73ff6e9a3b83709491a00f4ac0c7ecc89544b0f5ccdbf6d46e518afda

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9083d09e6ae1f21350ab6c7f0776f92f
SHA1 82e992a9664465799a8228519bca3ceed5e5f2cc
SHA256 df92622337d89ca09e908586f174542fc2487055b8e7d91e869b406eb7472ae4
SHA512 b7b4adeb3f7a2992e8923a54638443ce90ae0c0ff4cb67e29be7dfd52f609603c0050bc2a1a9c06b12b13273b49ce9627990bd0b4af0bd17cca4a7a7da0605de

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57d91a.TMP

MD5 c08ef55160501c9d2757ad84c12a9656
SHA1 9be7c7bab72b5bef053dcba855b2902efbd72ca9
SHA256 7901af794db5f56c98ca947a3eb75bf2d363df0f845e7b283ae6297b99b9daf8
SHA512 1acade82ffa5db04e9e57422c987935d4bcc359308694a343af2f97fa8e0f7e492ad899932cf0357ae463d99e044884f6f7ee1d52838c6e96f32f4d5820b3b67

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 c1b9a47fd9a1b102cdeaa90b6c787d93
SHA1 472528698f9f58483e2fca0f7df04662c297cdf1
SHA256 9ac4e3d957ff0bbb40593e8820d3d413babbc0b90f4899f8daa62dbf546ebe23
SHA512 c5c99b4326a42fbe6aa7e09029688e3f02e8b4becca3d7b65d46a729314cd5e8f5393da5f55aac90f5ee80021ddb95d4cf6a72f8a4b691b7e3bd485f236ceaf1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 7ab6d4e019c1eff24aa6aeb55db1596c
SHA1 6f0a48b7d9132d8530d9dfb4d83df40343f7a590
SHA256 8de93f0424e309c5b2779ab1cb842059ca702d8b0ead532c6bda2c40046ce83e
SHA512 977ab2463b0fd972e6b27ebd26c4697ab7004edf4fa477a127039f137b2d1c9bcf6330508e79592feed4b586c89a4e9861db9b64bdd5f243e2bdadbe98d6eb73

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 d91feeea9e04b6370b630633700c84fe
SHA1 6acc9678ce1e0c7fdaec8ba4321a1dfe2eb91f3b
SHA256 2c284b3a410e68368ded04807073edc729412809054482e769163d4b863b3a88
SHA512 b00ebc6408a2b7694e9754100b5e7fbc25344b92c688b92d8d37971489f80e58ab423673adf5eda021acbf5415d05efffcfccacdce97bc75cf1819b00e6dfca6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 6c597599e5d44086c1943bdfb30c649b
SHA1 ca3febe5660a6c2fe99a8554fd76f0d06b2fb584
SHA256 df3e64919ff841b24cf0d2ad6626b238ec5519a6e7bc8ce29811b0c1697e8cd4
SHA512 bba263e6fee1ce4a8b4bc155efc8d985b768f6859fedf51499eea6ca84f61f407e790a6335bcf0795ecf94095690e56a885d9ec43945c6263b53d4c85a25c399

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d099dc5c1a422004f11f136f02bada3d
SHA1 4c884024274babb2d89893836e7a490fd0cf5904
SHA256 d25ceff949f15deabb24cacfe6d58ca4d09b2868e3a9e9c0ccfdaeea373f813f
SHA512 04e4cc012ac6eed4529fd89f37099d148f2ba556322634e02239e67c3f426dc8292d607904cb400f52531f96b6f28a84d546f017769e64f077021b7e61e8a562

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe599996.TMP

MD5 b3dd9faee3f5bfdc38f52f6b40ad0ef0
SHA1 495f6705babd31ac4423cba19fbf5c024b314bc7
SHA256 4004c49635b32b40f258386c52033f656333146c48863fc1823769fae5710ab4
SHA512 b30db15d00e785062e6de652347ce9c3c95b0c2902fb3ca9f42bdfd5201a4bc2292a18fb226504e89dbf871dfe430278a9e00fb416168c9f441f4c6285df5049

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 a16c66a05a579fb98429d20a80434f34
SHA1 66674db9ee7b76b9793f63fb7cf10992e9e395f8
SHA256 57b5c7dc01843656095736880053b07c90021c55f740d85eff0fde32f2697a64
SHA512 e23e4d25bc85a6a86a3ca7cd0d84bfe0b12368a28873978b39e846a4d89c4e3086c3e9c08e1b296f0fc580cbedec9d39165b13af380bd7aa13be4530ec080451

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b380471fef7ce53838d137647da9f662
SHA1 fbcfdccccbbcf486b7373b6ff2190ac234b72822
SHA256 e11c47cce6c5fdc262faf7bd005b3431b2417c79b2017d0e9254143df434891e
SHA512 a3710ac2aaee40ba8bff89f800f39ed806160e579de4cce59cd8a92bf56e90ce4fec53e3310711a872d8f76987bab6071b10c1cbda57dd6e7e47e3df413bf076

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 8a3da88fa1e6d24451105a614849b45f
SHA1 858e31ac256e18e8ef5009e676407e8455821c96
SHA256 f2dd3a53e195fd040da88d9a13b4afa02789cb1b2a353482bb6f19bbf9f29d5d
SHA512 0212e8f06241bc7c8178079fbccee0d27c1c96fc71d2139d240658181cee8c249814e9a0bff024bd1d65c459eb7b3e3a4ad919c2616f3ba57b954bb8cc632eef

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 56e7408bad7eb254033189403a433287
SHA1 014ff955721aa2064265d671d96d657915338683
SHA256 c1d56f7cc7c1f91fa6b1dd8c94b7a12ebbd5d44c66ed75ab7add04b44122f51e
SHA512 43c277096b71b3350d030104b81bc01af5280cd18e88290e4fb8d005f5e488716375c648822746195b6bc1c4db4cc44d093d167b8b56c29e3cfbba304e3dbf92

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 b6a4306f42ed1c8fe2df6907d3d9f086
SHA1 a45e28af17f9eefe83e2a6704782bb0c1ea0bc75
SHA256 30056024c63eccfde516d81a4b864a20c5b0cd2075dcdc55515b1a5d703d8c4c
SHA512 90f7494fefe72c122f47700bef1c44a37812debdaaaa562e0e6b9466e8d97383277bc2f67ae2c552b70976b6e2124474a73851c3abb1d8b2c3df40c0e1bb14dc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 dc1562b012c33b2433e2094cb657210a
SHA1 3f76addfa907dd7296915ea724d69cd2d6544468
SHA256 a8a9bf223710b442b3af19b87319f81a392bff7c9995dc8060808203e3b02933
SHA512 8943eb1348967d5b8a198ecec2b49142608c01fa9aafd39a406faa78230f8f419f662df96a1ef3df3b3cf09c07557faf9f3ec1f6a76451520110b6792d0fffca

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e3a3514c5a70d5679013e65113cdfd30
SHA1 4aa46a77efa25a54ba46211db91c046e06cf0596
SHA256 33ecfc4039044f2984c7ff899f9c6923e047d1f9085677cfe4715a71efc7c94d
SHA512 807e48ed27e6e3e329527f9dfcd4c0b28e3be941565765b491ee47ba144669da341186af8212c5687c80810dcda746ca71071d0896f3e9fe6dbaa8fd3b45691d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 82477d7f1942cfbe116284dede42d8a7
SHA1 10d1d04423e25c7177bf61032314f5e0e9cb8db8
SHA256 0829c81b2940db6a9eb532a7ece8ae035039c484e00aa6525cb9ae6c8f054ceb
SHA512 f7e4bb4410e78e1f0f90c80cb465e709b1f7773809c376ad510c249b76b936e56b0c73fc0dac5d6cc57e86602545d4fb41cd9fa192391c6e7ac03b7520383bab

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 d5df7e3f94292e4099df786c918b25ee
SHA1 808c30dd860cee2a4c43855de1fa0130a9f49e88
SHA256 e03a176b5827c1b986dfb11b3520aded82859196afaa1be7ce02756f2adbed3d
SHA512 941e49fd530ec690cebd94b1971503743535f1404acbea216644b1fb42eb4a4b3ace8d91a3876b125cd946ee65ad381d211dd7d86604159cb7f223a520b54a63

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f61df0d5c6560c4142713de2f21a8e26
SHA1 d49e4b65fa555b1f6d8fa56ac5bc1da0793dbcdc
SHA256 d3cb0bcf2b9040e1c0cbe9112206722aed2c42ea73d22ae8ff2f3f3bdd378ea2
SHA512 3eb73ec429d99ba356ac30c8cf75fc2dc4918d4e0d7e5f2405eea2cb575233ff85c6f1139c6fc688bc7ca35b8af4fa8d67cada29d794899ae5f2ddc5cf95e905

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 f98b088cc91e19b6ef6bbd49866d0351
SHA1 145df19987404c62215f13e67c1dc1e3194e5c7d
SHA256 0a756625ee68c26043ee9d36c10e97e644ad7461d895b3cf65edc4c051fdf035
SHA512 62041ff8c9f1169cd1a4546b9b71e6e56cd7d638606e66708da0b712cdd75c825dd16d0744419baf103a0f11140985202d696ebf5d1771e7c3cdd2bacd07b270

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9b19735bdc28e71de25fef1949597a41
SHA1 e896005f93e3d8b949962a49abeb6c8b2c395c6a
SHA256 cb850d63e269e0c8fb636226d00fdbdf3bbc6167cbf0ba6c756f2dc25d3e77f0
SHA512 e213258668b343245a5e645385272cf8f3dc408403139878725ca3af4bfdf19963f09032f64d66d8048739495f1d0be0a53f2d0c627d4ee3ea034e09de99c999

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 edf1179d095e25654df12cc732afd3dd
SHA1 72f2a1eab416e15e9becdd3feb6daeb75630e690
SHA256 223ff2e7c4dd4cc8aa434888a29689483007c30e3abb1aefe2a88714eefacd12
SHA512 f73f5fa47fbe974fca9a06a6e7997af338d7ab7e1ef8513b8fb41680cc3d3518f44766cdd60b97047aa936b91e6ff6d8b8f4de599570834e0885c5f6acc7905b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a5794fd782668f80541d27ece75daf2f
SHA1 69e92c76797c18e71ec18cc5d921112b4fc7c446
SHA256 937c6ebe33d551b70efa983a6443e74acd1f6920099c1ad90e10c00de2c9f208
SHA512 f6b6dd812a301b2e51a5f43d6a78c62cf4dd1bc98b9482f6c77cdcdbcb09849866dfaaaab26e7e0ec76e399844f30897b9119e974a3dbe814e370dba8624d02e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 19409cdf00b2617f4df205bc0d5b64ff
SHA1 524c8746475f54bf9d33d3eef70ef7535b743831
SHA256 41910261de7c221aa934e4d728cdec07316b0749cb197b0088aefc0087342228
SHA512 6537b18d3c2c1bf889059a65871c83e837c69e44bdecd55594cf112335473cd82d5a6c7a004442f5778f18e8f44ebe5d4ee49287296de32caf8fe300c3a6249a

memory/3964-777-0x00007FFA8E550000-0x00007FFA8E560000-memory.dmp

memory/3964-779-0x00007FFA8E550000-0x00007FFA8E560000-memory.dmp

memory/3964-778-0x00007FFA8E550000-0x00007FFA8E560000-memory.dmp

memory/3964-780-0x00007FFA8E550000-0x00007FFA8E560000-memory.dmp

memory/3964-781-0x00007FFA8E550000-0x00007FFA8E560000-memory.dmp

memory/3964-782-0x00007FFA8BC50000-0x00007FFA8BC60000-memory.dmp

memory/3964-783-0x00007FFA8BC50000-0x00007FFA8BC60000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat

MD5 88039fa36d3bb14031e4393a8d56144b
SHA1 971b66033cb3c80d3792642ca3e65722a0a46a24
SHA256 1ef87fb6e0a2adfc8e332972ed73fb41ced8489bacebd1a9d63c03a4ec608dd8
SHA512 526c4305d17989f9f4b54ce91a64d71e2754781fbe8124cde156b4291435f12d15bdda87e0dade8ff87b93110c1c307405369e6e81de2cbb6131aa76047fee26

C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

MD5 85bc9ffbf16460866080b7aac62b6bcf
SHA1 36baf9ffa5f06747caa176472444e60fe82568bf
SHA256 65df67ae9caa8b3e9ea48fc9fe00c8b3a63be1e91735e96326eaf8489d508b94
SHA512 9bf3e268e43d38c5d98643ba78fc6276d64a7ad190799f8899d8784692e6f74157aec1c2258784941b8496bb4694726edddff01406724d1cfcbfa081f7985cd5

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms

MD5 859d5358f9c81087e4d4c56d9f842cf3
SHA1 db042637d86dacb22bf8bfa0f0fb366df92232aa
SHA256 9bfcc359cb94922d2495b97f50e8b2af53dc8c4dd66b558e63d5ec138e81b369
SHA512 c3bcbcaad6311b6899f6c1425da94cd5db8d8c35d6fcf8e874026a0516cd33113f73d60a9917c5d89073b3e3e342dc1969a7e46fb330887327ec5fed10e73669

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms

MD5 3f7cb5f5cbad9a5bc28bf53d48fd4ae5
SHA1 f49f0648c5c2bc50902abcf0a5e25039f9a28b4f
SHA256 5161ccf6b53c1e323cc6d0982a59e3bc161476e95e7792b01dafb5f51a0efe7d
SHA512 8c8171bfabdad7071e596c3f26cf1534dbf9863ac1019e3606c68656ae18087eac30754905a2f3e7c698a9e3f9054dd11fac3a6481d65691ec46beb031112bd1

C:\Users\Admin\AppData\Local\Temp\TCDE6FA.tmp\gb.xsl

MD5 51d32ee5bc7ab811041f799652d26e04
SHA1 412193006aa3ef19e0a57e16acf86b830993024a
SHA256 6230814bf5b2d554397580613e20681752240ab87fd354ececf188c1eabe0e97
SHA512 5fc5d889b0c8e5ef464b76f0c4c9e61bda59b2d1205ac9417cc74d6e9f989fb73d78b4eb3044a1a1e1f2c00ce1ca1bd6d4d07eeadc4108c7b124867711c31810

C:\Users\Admin\AppData\Roaming\Microsoft\Templates\~WRD0000.tmp

MD5 e487fe5dee1cb0d667bdf606643811d5
SHA1 b6dd5201212a19b2fe6c1cb723ed953482ab8690
SHA256 52bbb040f29c755edc0fc86403c94908b568fdac34598085df39c66bc2c83329
SHA512 0b7324cafdff79a7b426c50b6c75094a439e9f5cea32208c350f8ba0358e63c551b217bb089a72bf6d5791fd9be9f88eb23d84e0267102daff0b1230c694c9b9

memory/3964-1327-0x00007FFA8E550000-0x00007FFA8E560000-memory.dmp

memory/3964-1330-0x00007FFA8E550000-0x00007FFA8E560000-memory.dmp

memory/3964-1329-0x00007FFA8E550000-0x00007FFA8E560000-memory.dmp

memory/3964-1328-0x00007FFA8E550000-0x00007FFA8E560000-memory.dmp

memory/4796-1331-0x0000000000400000-0x0000000000455000-memory.dmp

memory/4796-1332-0x0000000000400000-0x0000000000455000-memory.dmp

memory/3228-1335-0x0000000000400000-0x0000000000483000-memory.dmp

memory/3228-1336-0x0000000001EA0000-0x0000000001EA5000-memory.dmp

memory/3228-1337-0x0000000001E70000-0x0000000001E94000-memory.dmp

memory/3228-1339-0x0000000001E70000-0x0000000001E94000-memory.dmp

memory/3228-1340-0x0000000000400000-0x0000000000483000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\Melissa.doc.LNK

MD5 0fbb05432823aaceca558ab005e93189
SHA1 45c01e3f5436066268f255996e0eb48c1f85491d
SHA256 86718caf6419b5cf0ca02c2f2ae68d79274471a04992ef1ddaefd6447d56ac2a
SHA512 4c602d9b77d76f6aecaee5aae77a75b61863201cdd45ff983d39af2b9f5df3ad23a004d85e40e3b9598e3168125d64e922c55df9b8ac1a9780af447e6906f226

C:\Program Files\Microsoft Office\root\Office16\msvcp140.dll

MD5 c1b066f9e3e2f3a6785161a8c7e0346a
SHA1 8b3b943e79c40bc81fdac1e038a276d034bbe812
SHA256 99e3e25cda404283fbd96b25b7683a8d213e7954674adefa2279123a8d0701fd
SHA512 36f9e6c86afbd80375295238b67e4f472eb86fcb84a590d8dba928d4e7a502d4f903971827fdc331353e5b3d06616664450759432fdc8d304a56e7dacb84b728

C:\Program Files\Microsoft Office\root\Office16\VISSHE.DLL

MD5 7efcf0111eb7a22aec8410d6a427b328
SHA1 d6828e7c4fb2789da55899e69c6197eaf4017b88
SHA256 7a83319f41c626818556e406b5b664aa4c102cb851269e9becbe3041bde4368a
SHA512 c1526e7bfe3c9f5d9ea9ab0f18d555e01f107ec56123ab83b8677ac24da57e206fb02a0148d2ae08ceba6ec4c10f42a46b0093e2324c0d723f09ec1fd4f43d97