Analysis Overview
Threat Level: Known bad
The file http://scam.com was found to be: Known bad.
Malicious Activity Summary
UAC bypass
Disables Task Manager via registry modification
Downloads MZ/PE file
Loads dropped DLL
Executes dropped EXE
Obfuscated with Agile.Net obfuscator
Enumerates connected drives
Legitimate hosting services abused for malware hosting/C2
Adds Run key to start application
Checks installed software on the system
Subvert Trust Controls: Mark-of-the-Web Bypass
Drops file in Windows directory
System Location Discovery: System Language Discovery
Browser Information Discovery
Enumerates physical storage devices
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Kills process with taskkill
Suspicious behavior: GetForegroundWindowSpam
Modifies registry class
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
System policy modification
Suspicious behavior: EnumeratesProcesses
NTFS ADS
Suspicious use of WriteProcessMemory
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-12-27 13:13
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-12-27 13:13
Reported
2024-12-27 13:23
Platform
win11-20241007-en
Max time kernel
577s
Max time network
581s
Command Line
Signatures
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Windows\system32\wscript.exe | N/A |
Disables Task Manager via registry modification
Downloads MZ/PE file
Executes dropped EXE
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\D27.tmp\eulascr.exe | N/A |
Obfuscated with Agile.Net obfuscator
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000\Software\Microsoft\Windows\CurrentVersion\Run\Free Youtube Downloader = "C:\\Windows\\Free Youtube Downloader\\Free Youtube Downloader\\Free YouTube Downloader.exe" | C:\Users\Admin\Downloads\FreeYoutubeDownloader.exe | N/A |
Checks installed software on the system
Enumerates connected drives
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | drive.google.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | drive.google.com | N/A | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe | C:\Users\Admin\Downloads\FreeYoutubeDownloader.exe | N/A |
| File opened for modification | C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe | C:\Users\Admin\Downloads\FreeYoutubeDownloader.exe | N/A |
| File opened for modification | C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Uninstall.exe | C:\Users\Admin\Downloads\FreeYoutubeDownloader.exe | N/A |
| File created | C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Uninstall.ini | C:\Users\Admin\Downloads\FreeYoutubeDownloader.exe | N/A |
Subvert Trust Controls: Mark-of-the-Web Bypass
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Trololo.exe:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Hydra.exe:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\WinNuke.98.exe:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\FreeYoutubeDownloader.exe:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\ChilledWindows.exe:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\MrsMajor3.0.exe:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\rickroll.exe:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\WindowsUpdate.exe:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\WinNuke.98.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Hydra.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\FreeYoutubeDownloader.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\WindowsUpdate.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SYSTEM32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\taskkill.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3587106988-279496464-3440778474-1000\{318F2E3F-72DE-45A5-B546-A2C242E5015D} | C:\Users\Admin\Downloads\ChilledWindows.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\MuiCache | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 276134.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\MrsMajor3.0.exe:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 255854.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\WindowsUpdate.exe:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 961054.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\FreeYoutubeDownloader.exe:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Frankenstein.doc:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\MrsMajor2.0.7z:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 102845.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 17272.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 906933.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 797733.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\rickroll.exe:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Trololo.exe:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Hydra.exe:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 904187.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\WinNuke.98.exe:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\ChilledWindows.exe:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\MrsMajor2.0 (1).7z:Zone.Identifier | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | C:\Users\Admin\Downloads\ChilledWindows.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Users\Admin\Downloads\ChilledWindows.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Users\Admin\Downloads\ChilledWindows.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Users\Admin\Downloads\ChilledWindows.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Users\Admin\Downloads\ChilledWindows.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Users\Admin\Downloads\ChilledWindows.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\D27.tmp\eulascr.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SYSTEM32\taskkill.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SYSTEM32\taskkill.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\FreeYoutubeDownloader.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\MrsMajor3.0.exe | N/A |
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | C:\Windows\system32\wscript.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Windows\system32\wscript.exe | N/A |
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://scam.com
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe87503cb8,0x7ffe87503cc8,0x7ffe87503cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1920,11897128914733250863,8051274563785813674,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1948 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1920,11897128914733250863,8051274563785813674,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2380 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1920,11897128914733250863,8051274563785813674,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2800 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11897128914733250863,8051274563785813674,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11897128914733250863,8051274563785813674,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11897128914733250863,8051274563785813674,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11897128914733250863,8051274563785813674,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11897128914733250863,8051274563785813674,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11897128914733250863,8051274563785813674,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4916 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11897128914733250863,8051274563785813674,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1920,11897128914733250863,8051274563785813674,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4684 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1920,11897128914733250863,8051274563785813674,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5932 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11897128914733250863,8051274563785813674,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11897128914733250863,8051274563785813674,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5964 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11897128914733250863,8051274563785813674,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11897128914733250863,8051274563785813674,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11897128914733250863,8051274563785813674,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11897128914733250863,8051274563785813674,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11897128914733250863,8051274563785813674,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11897128914733250863,8051274563785813674,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11897128914733250863,8051274563785813674,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1920,11897128914733250863,8051274563785813674,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6300 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1920,11897128914733250863,8051274563785813674,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6576 /prefetch:8
C:\Users\Admin\Downloads\WinNuke.98.exe
"C:\Users\Admin\Downloads\WinNuke.98.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11897128914733250863,8051274563785813674,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5952 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1920,11897128914733250863,8051274563785813674,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7120 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1920,11897128914733250863,8051274563785813674,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7024 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1920,11897128914733250863,8051274563785813674,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6168 /prefetch:2
C:\Users\Admin\Downloads\FreeYoutubeDownloader.exe
"C:\Users\Admin\Downloads\FreeYoutubeDownloader.exe"
C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe
"C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11897128914733250863,8051274563785813674,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7028 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1920,11897128914733250863,8051274563785813674,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=900 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11897128914733250863,8051274563785813674,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5932 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1920,11897128914733250863,8051274563785813674,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4720 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1920,11897128914733250863,8051274563785813674,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2744 /prefetch:8
C:\Users\Admin\Downloads\ChilledWindows.exe
"C:\Users\Admin\Downloads\ChilledWindows.exe"
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004DC 0x00000000000004E8
C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe
"C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11897128914733250863,8051274563785813674,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6688 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1920,11897128914733250863,8051274563785813674,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6468 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1920,11897128914733250863,8051274563785813674,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5056 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11897128914733250863,8051274563785813674,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7064 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1920,11897128914733250863,8051274563785813674,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2576 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1920,11897128914733250863,8051274563785813674,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7144 /prefetch:8
C:\Users\Admin\Downloads\MrsMajor3.0.exe
"C:\Users\Admin\Downloads\MrsMajor3.0.exe"
C:\Windows\system32\wscript.exe
"C:\Windows\system32\wscript.exe" C:\Users\Admin\AppData\Local\Temp\D27.tmp\D28.tmp\D29.vbs //Nologo
C:\Users\Admin\AppData\Local\Temp\D27.tmp\eulascr.exe
"C:\Users\Admin\AppData\Local\Temp\D27.tmp\eulascr.exe"
C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe
"C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe"
C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe
"C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe"
C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe
"C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe"
C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe
"C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe"
C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe
"C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11897128914733250863,8051274563785813674,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4796 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1920,11897128914733250863,8051274563785813674,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5036 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1920,11897128914733250863,8051274563785813674,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1124 /prefetch:8
C:\Users\Admin\Downloads\rickroll.exe
"C:\Users\Admin\Downloads\rickroll.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11897128914733250863,8051274563785813674,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1920,11897128914733250863,8051274563785813674,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1124 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1920,11897128914733250863,8051274563785813674,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5488 /prefetch:8
C:\Users\Admin\Downloads\WindowsUpdate.exe
"C:\Users\Admin\Downloads\WindowsUpdate.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11897128914733250863,8051274563785813674,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1920,11897128914733250863,8051274563785813674,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6196 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11897128914733250863,8051274563785813674,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6188 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1920,11897128914733250863,8051274563785813674,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3716 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1920,11897128914733250863,8051274563785813674,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4968 /prefetch:8
C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe
"C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"
C:\Users\Admin\Downloads\Trololo.exe
"C:\Users\Admin\Downloads\Trololo.exe"
C:\Windows\SYSTEM32\taskkill.exe
taskkill.exe /f /im explorer.exe
C:\Windows\SYSTEM32\taskkill.exe
taskkill.exe /f /im taskmgr.exe
C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe
"C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"
C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe
"C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1920,11897128914733250863,8051274563785813674,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4968 /prefetch:8
C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe
"C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"
C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe
"C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe"
C:\Users\Admin\Downloads\Hydra.exe
"C:\Users\Admin\Downloads\Hydra.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | scam.com | udp |
| US | 104.21.23.216:80 | scam.com | tcp |
| US | 104.21.23.216:80 | scam.com | tcp |
| US | 104.21.23.216:443 | scam.com | tcp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.201.250.142.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 2.18.27.76:443 | www.bing.com | tcp |
| GB | 2.18.27.76:443 | www.bing.com | tcp |
| GB | 2.18.27.82:443 | www.bing.com | tcp |
| GB | 2.18.27.82:443 | www.bing.com | tcp |
| GB | 2.18.27.82:443 | www.bing.com | tcp |
| GB | 2.18.27.82:443 | www.bing.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.133:443 | user-images.githubusercontent.com | tcp |
| US | 185.199.110.133:443 | user-images.githubusercontent.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 140.82.114.22:443 | collector.github.com | tcp |
| US | 140.82.114.22:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 185.199.111.133:443 | user-images.githubusercontent.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| FR | 142.250.75.238:443 | drive.google.com | tcp |
| FR | 142.250.74.225:443 | drive.usercontent.google.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 46e6ad711a84b5dc7b30b75297d64875 |
| SHA1 | 8ca343bfab1e2c04e67b9b16b8e06ba463b4f485 |
| SHA256 | 77b51492a40a511e57e7a7ecf76715a2fd46533c0f0d0d5a758f0224e201c77f |
| SHA512 | 8472710b638b0aeee4678f41ed2dff72b39b929b2802716c0c9f96db24c63096b94c9969575e4698f16e412f82668b5c9b5cb747e8a2219429dbb476a31d297e |
\??\pipe\LOCAL\crashpad_3652_UBDSGJLWCMIFMFGH
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | fdee96b970080ef7f5bfa5964075575e |
| SHA1 | 2c821998dc2674d291bfa83a4df46814f0c29ab4 |
| SHA256 | a241023f360b300e56b2b0e1205b651e1244b222e1f55245ca2d06d3162a62f0 |
| SHA512 | 20875c3002323f5a9b1b71917d6bd4e4c718c9ca325c90335bd475ddcb25eac94cb3f29795fa6476d6d6e757622b8b0577f008eec2c739c2eec71d2e8b372cff |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f09384d1790ef825b8082c57244dbf24 |
| SHA1 | 575fc41db0086604281bdfb96343844ead85d2ea |
| SHA256 | 7d90ff2f82f4aa34d6b1630f6a1416fac0e65db8074cb9289e27666c197cc907 |
| SHA512 | 3e0383da1a3af69e49c6034a746acc391d030a039f5f9a52a9e1ac65d57f63e88b8c6f1b6e2c9e78f0abf0e5ccb047bb6c8dad8c174c9d87b291d5e55a8bd057 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | ea1ce3fecee7af0e4bf7ca390116400f |
| SHA1 | 60cf814bd53584536e0cd66228efd1734fc8edfa |
| SHA256 | 86d02b3ca54866e7f090fd2724380755f6fb4c45bb1260b1da63b5bd03ac23b2 |
| SHA512 | 103db0b7a58b1f9fe6269743784a15cb39e9c6bab36dd0fa87d0fe0e158f7f09f89fab0f14bff3da97b9fb3e64b68db528b339279795abd799b7e8ef5f7a7507 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | cff987c9c3ea357906a1224ab5b4b81d |
| SHA1 | bdbd4b07105cda923264f289687409e14c5e7150 |
| SHA256 | c80b31e7f01f9111f98db23c0bba6d72feda10be71edbbd8f82d99c87fec6612 |
| SHA512 | ca195f6c14697a2fb3141b395f939f3469e549fc347f6f8c83d383242c08f4d1b90ef90727d4176d9598a5c5ce8f905b8ffc3d34baeb986ee6a4d998c34e0f3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | db32ad4e0cd5280fe62e439b7f6465c7 |
| SHA1 | 08a64ab8fbd201bfb843d59123b7385be230ec0a |
| SHA256 | 11231432e8a320355a11641a44872ff94ab7b4ac5d8065c022d297af112c3016 |
| SHA512 | e0110c241c82993c1cadabde9f20d291d05dc1e7413b050a5de9d03c02c25350301d0b505ac12fe52ee6a46f469b35fcff6779bb3c5b606d48517013f728efb1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 9ea623b2eadff4eff7166974dacde3a8 |
| SHA1 | e5ab24ecff273e8d49665cceb5152f53ef6f9bb7 |
| SHA256 | 03cf34080de0dda355340ba9e2bb040605060bc0778271eee3cb0e74a732cc58 |
| SHA512 | b2c179c9693ef9695b7be4eddae3c82da2374052d19144d376330aab75c4b174920bda126ee72bdb3cee96fb687cbf5d75539a24341b42f0aee1f6598a9a71e8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | a04eb0b89c9df3a39818552ac5eac9ad |
| SHA1 | 6b7f1a55d60534298c49f440353e05ab2ccada00 |
| SHA256 | 393df91a03f484f86bba922196cedaecaebc292f0cdcb3b2e7b05103f80d12b6 |
| SHA512 | 694d405401c4e89f7952d8b5805438061289f3a73ee2e59dd39bdb4696849bc4129ff795bf9492e2b08ea885c11c3f56b5338da56a253321c02f9ddde5762f81 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 413728cd135de783a3a501b210da608f |
| SHA1 | 1ef401dd5c521e25c53eed6a377b94c9d583929c |
| SHA256 | b852a48b87698130d62edbc860f04ec38fc10360df51401e64707b5e80560266 |
| SHA512 | 53367d89af9a3fa20acce150abca18fc1aa4ce68acdb2babf5ecbe9e152dc9da00161f53e2987642e4ffc02c81ba1d8f4730b40e2476d652245c84857a3be54b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | a9fb77a1ea90617c13ded4a4b2f39ff7 |
| SHA1 | f959c7c7a1c0001e8b514374be3ec4f613720fdb |
| SHA256 | 195d78f0e1bd6ddbf3379e13e288e60427ea30119f655a698e5efa714a509f37 |
| SHA512 | fca51b29c17db9d42537d87eb710c05c0566b8f1ac893db056d606389a86e52d9fed259ad5cb7d5878ac0ee051cbb25348b1e51e13155175c63ef687ae58e303 |
C:\Users\Admin\Downloads\Unconfirmed 904187.crdownload
| MD5 | eb9324121994e5e41f1738b5af8944b1 |
| SHA1 | aa63c521b64602fa9c3a73dadd412fdaf181b690 |
| SHA256 | 2f1f93ede80502d153e301baf9b7f68e7c7a9344cfa90cfae396aac17e81ce5a |
| SHA512 | 7f7a702ddec8d94cb2177b4736d94ec53e575be3dd2d610410cb3154ba9ad2936c98e0e72ed7ab5ebbcbe0329be0d9b20a3bcd84670a6d1c8d7e0a9a3056edd2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | a16ad33878fb987b0226199f46def2f5 |
| SHA1 | 27778a13a1a76dc1f0ae0b2879601d22887ad3f2 |
| SHA256 | 3a881fb85e2d9e74e78f373caca954b5e3a8b08a3d387362f3f431099455d6c0 |
| SHA512 | 37542a512fc6906149730cdaccbf1fc7c556eaa522fda492ed0dbbf2868cc9236d13e587405f01bab769769cbcd5d7f150c5ac1aa5caf889eb86e4b2c9a9fa98 |
C:\Users\Admin\Downloads\WinNuke.98.exe:Zone.Identifier
| MD5 | 0f98a5550abe0fb880568b1480c96a1c |
| SHA1 | d2ce9f7057b201d31f79f3aee2225d89f36be07d |
| SHA256 | 2dfb5f4b33e4cf8237b732c02b1f2b1192ffe4b83114bcf821f489bbf48c6aa1 |
| SHA512 | dbc1150d831950684ab37407defac0177b7583da0fe13ee8f8eeb65e8b05d23b357722246888189b4681b97507a4262ece96a1c458c4427a9a41d8ea8d11a2f6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | a2eef0fcb137e5c4eb1b64b5d0aa2845 |
| SHA1 | a4af54c55b213776cec2f84e67731fdf6611c989 |
| SHA256 | d53c64378a5ad2d36a080874b5e88142267cc71ef6577e968e509ba7132a7471 |
| SHA512 | a7c21acf700a69d659e54366afc7674f7ca6beb59385abb115a64581126c2c4f0c234cc97ab3ccb8c4f90b1cc87e4bcdf39a55593b462f057e1e67cbc79e47b5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 2e23e254f3f01e2415c19b02733d5dda |
| SHA1 | 535c407293badfc5c511487f57f5f6bd63cdb456 |
| SHA256 | 16f4950b6aab48555a29e903fb957e8bf47a40df64cae6837e423f19a48dbfc4 |
| SHA512 | e95d56a75cf4e73598b025fcb27d2c12f76306abae03f5bb0243eea86aa82ecaf1fe237059676f088dfdd2c2dbcb3fe62621a45bef26dd691f3bad8cdb1b1b1e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | adfaa8f29d14a970a5353a8bf53dcfb2 |
| SHA1 | 586089cf1538005f1eda8e0fd63fd977261dee2f |
| SHA256 | a58beb325e6224e2b893918fa5f3ff76fa1998fd9712172aec30715f7f6a0838 |
| SHA512 | f752321c0339c17c982d2153e06e929d3dfaa4630cea57b7d44eb4338353ef362935fb0c006a532419197f0ebb49cb4646ec1e0fda4145427ddae0832772a7c6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | d1bf451f2a73c5cc286744c93d64dccd |
| SHA1 | 0c038b10387f25cc817393b8d3a93a8a420293e3 |
| SHA256 | 85091ff2eb4ecd473b9c225dc0375e368a47a96849abdfa8a1eb90df5eac783d |
| SHA512 | d1e659461a74154babbdf196803730cfecf478af74dec277fa428313c0b4bc31737c3a9c70f90e22986be8f8b86c54cd0ecfd30d3555c8548e4ea1f2400cd310 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 96ff02f848b62f3c55f47784d258e338 |
| SHA1 | 5aa251db7095788f1f76d18a77ecaf28146cdfcd |
| SHA256 | abbace93cb6466e6dba01d6893b44df5652a754cd161e9c270b1dc94c172b6dd |
| SHA512 | e0e4a624ff2275a941323b2ba0ee89f610a75e61cced4e3e0f405a220b393f1d929f10a23a187501aa1bce831d29fb346630e0dc3a366f5a226a380ea74775e6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\b8789bb4-fa78-49b7-ab21-5ada81b5efe3.tmp
| MD5 | f7eb42684c337902df3e54d4f0c3e85d |
| SHA1 | a8bc380c410652ab1e4d1d3a8ed43769aba850c4 |
| SHA256 | 3baa548b1f61e82c0083a359a01b6d8c79d6fa2cf80ebfed3d617c4c30c2e07d |
| SHA512 | 1a52b2b999592b2b1d47cb6542b9c422e08d1d802f7d8ba0dad69aab53910556d2999981d68c584f0c2319442afcdfb3b658a2739bc9e3a3b6b55627e89fd097 |
C:\Users\Admin\Downloads\Unconfirmed 17272.crdownload
| MD5 | 13f4b868603cf0dd6c32702d1bd858c9 |
| SHA1 | a595ab75e134f5616679be5f11deefdfaae1de15 |
| SHA256 | cae57a60c4d269cd1ca43ef143aedb8bfc4c09a7e4a689544883d05ce89406e7 |
| SHA512 | e0d7a81c9cdd15a4ef7c8a9492fffb2c520b28cebc54a139e1bffa5c523cf17dfb9ffe57188cf8843d74479df402306f4f0ce9fc09d87c7cca92aea287e5ff24 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | ff2e221d5970712f1eb41386142ef14e |
| SHA1 | f92cbde08723603c3cf0ba12990d4084c1ae4333 |
| SHA256 | f6c31d1cae57bd2306d7c711dacf4f3aaf67d37044e40a86e2535781f6356771 |
| SHA512 | c87d08bb64debc8dadd2cf7a79a18cd31aa2ab11d3e74f19aba379b54333b15aa518052356371855f83bec8652eac05a5ebc0e6f83552fe2213a89da3b91a10a |
C:\Users\Admin\Downloads\FreeYoutubeDownloader.exe:Zone.Identifier
| MD5 | fbccf14d504b7b2dbcb5a5bda75bd93b |
| SHA1 | d59fc84cdd5217c6cf74785703655f78da6b582b |
| SHA256 | eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913 |
| SHA512 | aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98 |
C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe
| MD5 | f33a4e991a11baf336a2324f700d874d |
| SHA1 | 9da1891a164f2fc0a88d0de1ba397585b455b0f4 |
| SHA256 | a87524035509ff7aa277788e1a9485618665b7da35044d70c41ec0f118f3dfd7 |
| SHA512 | edf066968f31451e21c7c21d3f54b03fd5827a8526940c1e449aad7f99624577cbc6432deba49bb86e96ac275f5900dcef8d7623855eb3c808e084601ee1df20 |
memory/1692-528-0x0000000000400000-0x000000000043C000-memory.dmp
memory/1828-529-0x0000023CA7910000-0x0000023CA793E000-memory.dmp
C:\Users\Admin\Downloads\Frankenstein.doc
| MD5 | 692815cce754b02fe5085375cab1f7b2 |
| SHA1 | 732284173858d6b671c2fec0456e3c0fdfc063ce |
| SHA256 | 6be18e3afeec482c79c9dea119d11d9c1598f59a260156ee54f12c4d914aed8f |
| SHA512 | cecd35f28f862980f89797861bf1e6f1a15556a5575af5fc60623ede0480c027d1525ea6d10516b266e2d9434858f7c0a63dbcca2b8c2778dc5f6623568d4646 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 28185e287bc6f26826cf483d1a287f3f |
| SHA1 | 4cbc12ba941dab7cc1d25d09caec05d9f7ba9b13 |
| SHA256 | b104a6e509561c9fbf26a6b9a10c2024001688228a552c9b42a5a22fa491625f |
| SHA512 | cbca66d43b00b6e6add7e812d17e477ef5afe5bad114015393c65748e72d5a96742fa2d8854ec6c21255e9ec372036d3f238512b5164aaafc93173f68d8688fa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 5e9bda11da57ffced4fcd7a151896ba3 |
| SHA1 | 69bc1ba82c1fe9c2c2e26d7dd016b8ff65b2cdcd |
| SHA256 | d4ff21e2cfe8ce8e07cf8682968a664c9b34a97e52beab263268e841feb6d98d |
| SHA512 | d7cd18707551783d95994666313c1e20ab3c7023335f15a403e5751a31f4bd39eb5a010fc934364874d9ad20e1a6e5f37d1c15d8331806dbc49adab207cbd74a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | ecd2472fcefbfb5176b940003b9290e6 |
| SHA1 | 87f507bbc5a61ffa93a1d441beb72ca729e4e0f9 |
| SHA256 | 185269485b3a1c3529537fedd64591514717fb21997afefebb2f58e582392073 |
| SHA512 | 56c3f9761da6537512b9dafde2ed8ae886b59b1624e22fe0fc407b22a280206f11e002b6e733cf7b028f1100b26905d3581e9a7f9d5a2c3b98ca15c893187ace |
C:\Users\Admin\Downloads\Unconfirmed 276134.crdownload
| MD5 | 6a4853cd0584dc90067e15afb43c4962 |
| SHA1 | ae59bbb123e98dc8379d08887f83d7e52b1b47fc |
| SHA256 | ccb9502bf8ba5becf8b758ca04a5625c30b79e2d10d2677cc43ae4253e1288ec |
| SHA512 | feb223e0de9bd64e32dc4f3227e175b58196b5e614bca8c2df0bbca2442a564e39d66bcd465154149dc7ebbd3e1ca644ed09d9a9174b52236c76e7388cb9d996 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | e42b2f1cf1142d1e2e9d1ed879a1401e |
| SHA1 | 9c8b7bbec69d18da5349560c1986c0f05e007f60 |
| SHA256 | a9103a56045db55decc3cad151bad1fda93db9e4fc291d8aa3f184135457c8a4 |
| SHA512 | c4c2c0255bb08ac63c6b82c34466157b61ab7786eba862da6adccb03e76b1475f821d6975928a8cfdd3e3f5c96ac6833da36646f376bd9e34262d6ab8a6b757b |
memory/1524-646-0x0000000000A20000-0x0000000000E84000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML
| MD5 | 7050d5ae8acfbe560fa11073fef8185d |
| SHA1 | 5bc38e77ff06785fe0aec5a345c4ccd15752560e |
| SHA256 | cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b |
| SHA512 | a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b |
memory/1524-658-0x000000001C390000-0x000000001C398000-memory.dmp
memory/1524-660-0x000000001CA10000-0x000000001CA1E000-memory.dmp
memory/1524-659-0x000000001F3C0000-0x000000001F3F8000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb
| MD5 | 06a09c02e2d203b3caa0c075e687a0c4 |
| SHA1 | 8d59caa9db8f11e93774fb19392e2192b98dcefb |
| SHA256 | 78c6ce168b5c5dcf30951aafdb973ba3cffdeee05ef414f762283f5f19e3e9ef |
| SHA512 | 6810c8af4a8db23baab88f3d46af936cb70feaae6637caff20e170c29791d3279d691e0d7e00fea796762f5dc4ca600bf9fdf2c9568367cf2f5cb25c36ed687b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 53656ce510c3b7ee9d80916db25a2f92 |
| SHA1 | 5359619e6f2274371d7deaf2c8b9a27e9c7e40a4 |
| SHA256 | a2282d34c85d0d8e468ce6193b7fd91f65973063b4c943d4347d74fcc0783053 |
| SHA512 | d76e5e02d3dc57edbe3be28619df157045a21b4e1050bd3be46cdff1d8202908e3c101ca55532e4d8b1a92447e2537bfb6384a321e9c1153ca31294d83d01301 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 2e56d0d3d133c321962549767ada488d |
| SHA1 | f0b9b5cd3a67642b9227b3abee802266d54a0adf |
| SHA256 | ad8f57c24bd56fa62fba376458ba74c388ff7b3d21787725849aa062c90662d6 |
| SHA512 | 42a16b7a800f6ce376ef7926f43d8434f53fec54e9d2004cb01db765ff318234099efbea44df5c7d993880de76a83483d5d8911b19c4c52833dd4df4b78f0c16 |
C:\Users\Admin\Downloads\chilledwindows.mp4
| MD5 | 698ddcaec1edcf1245807627884edf9c |
| SHA1 | c7fcbeaa2aadffaf807c096c51fb14c47003ac20 |
| SHA256 | cde975f975d21edb2e5faa505205ab8a2c5a565ba1ff8585d1f0e372b2a1d78b |
| SHA512 | a2c326f0c653edcd613a3cefc8d82006e843e69afc787c870aa1b9686a20d79e5ab4e9e60b04d1970f07d88318588c1305117810e73ac620afd1fb6511394155 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | cdf85756d2e53d5ed123d1e860ded71e |
| SHA1 | e0eddc611763da41ce5eb573fcaef8a4a8a5b77b |
| SHA256 | 64a99ff0ac125c8bb3d5cf322464c67df4cea9f99084b253e215e64b922fbacd |
| SHA512 | 1f673ae64966a7ec79b285ec3840cc864f856d87ee23676610a466b45fa2b07555d791b706e1c3d916017c2574e2f80d1d84be3fa604958d41138b1d2680ffa9 |
C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exe
| MD5 | 1bb4dd43a8aebc8f3b53acd05e31d5b5 |
| SHA1 | 54cd1a4a505b301df636903b2293d995d560887e |
| SHA256 | a2380a5f503bc6f5fcfd4c72e5b807df0740a60a298e8686bf6454f92e5d3c02 |
| SHA512 | 94c70d592e806bb426760f61122b8321e8dc5cff7f793d51f9d5650821c502c43096f41d3e61207ca6989df5bfdbff57bc23328de16e99dd56e85efc90affdce |
memory/2640-707-0x0000000000860000-0x00000000008D4000-memory.dmp
memory/2640-708-0x00000000059E0000-0x0000000005F86000-memory.dmp
memory/2640-709-0x0000000005430000-0x00000000054C2000-memory.dmp
memory/2640-710-0x0000000005530000-0x000000000553A000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
| MD5 | 069c37bf9e39b121efb7a28ece933aee |
| SHA1 | eaef2e55b66e543a14a6780c23bb83fe60f2f04d |
| SHA256 | 485db8db6b497d31d428aceea416da20d88f7bde88dbfd6d59e3e7eee0a75ae8 |
| SHA512 | f4562071143c2ebc259a20cbb45b133c863f127a5750672b7a2af47783c7cdc56dcf1064ae83f54e5fc0bb4e93826bf2ab4ef6e604f955bf594f2cbd641db796 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | a9a17731e354b714e5e26a94be0d3a94 |
| SHA1 | bb7db8810af8cc856552790b99ffa6b8057e7a16 |
| SHA256 | e0a354736433f8c1e0749a858146fa943e23822caf5d992e16783e019a32b2f2 |
| SHA512 | 87fffa498f5b329a592e47210750a4c8385dd27882f242749cfba20a208fc3d8b3626c6be8cbf7c67e1a3ffe1223681c8c20fe340f8815a2161456fea211aa9e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\blob_storage\ed14bbda-09b2-40c2-9f03-d598797476e7\0
| MD5 | 1073e757fc71b26db6ab725bb7d2498c |
| SHA1 | caec5dfc64b5826042bdedba20adc228bfa5b657 |
| SHA256 | 2b2fbdc7cec2c59c3e7c512a76e827e6121bdea176488d44a9783d90d0d444de |
| SHA512 | cd2e5868004a7aa44b202104face31910a0629d89146b779826957e716775e638defcdb2da21ed3fd2a83b88f08d8db28086888f97388f969c11b27fe972f69f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021
| MD5 | 81041a562190fe49c0fac248638b2d04 |
| SHA1 | 755d8426f18e3f0ad8e28d4655468d8cfdac67bf |
| SHA256 | 0d64e4fe519291c901b67944d9215f6254552c7ea5d12cc4fc930ab58c7ca268 |
| SHA512 | e482702b08e401de88c67a703cb1612831f0cbc9365eb2e634602712bed6ad6cfae30dd820d96001c49100420bc457af083e7c09d79d825e87fe231cc0646eb2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | d27b44c1f9c56ba54676c2f62aa130a0 |
| SHA1 | 733f1f5d4fdd83741f43038038bd51e229442633 |
| SHA256 | e53c9d94e26b84f1dbb967c0fbbef1810e22b39c0a98f833c31ff534a3fe8600 |
| SHA512 | e8c56649fee64515b0cb43dbc3d0e2c704fde008fc782253b5f839181329485265eb19aef03d3360b52ea5c64716f23dad3b32ab85d9d499bb3ccec7c6bbcc14 |
C:\Users\Admin\Downloads\Unconfirmed 906933.crdownload
| MD5 | 35a27d088cd5be278629fae37d464182 |
| SHA1 | d5a291fadead1f2a0cf35082012fe6f4bf22a3ab |
| SHA256 | 4a75f2db1dbd3c1218bb9994b7e1c690c4edd4e0c1a675de8d2a127611173e69 |
| SHA512 | eb0be3026321864bd5bcf53b88dc951711d8c0b4bcbd46800b90ca5116a56dba22452530e29f3ccbbcc43d943bdefc8ed8ca2d31ba2e7e5f0e594f74adba4ab5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 8ebfd6f872a3178c436f41bde52f1c35 |
| SHA1 | d073b9cb09f9bdf6835245c1560b6a7797ef5802 |
| SHA256 | f452be5eff05e4638f19f1699d46e25756b224954641bf03515917f774e5d071 |
| SHA512 | 15716e1eca18193341f5bed6ab281b66e9556feb0646931e1144e8cf720ee712675abaae5293adf7f442813301157219fa1db9281b24a5b91582f995a42fc780 |
C:\Users\Admin\AppData\Local\Temp\D27.tmp\D28.tmp\D29.vbs
| MD5 | 3b8696ecbb737aad2a763c4eaf62c247 |
| SHA1 | 4a2d7a2d61d3f4c414b4e5d2933cd404b8f126e5 |
| SHA256 | ce95f7eea8b303bc23cfd6e41748ad4e7b5e0f0f1d3bdf390eadb1e354915569 |
| SHA512 | 713d9697b892b9dd892537e8a01eab8d0265ebf64867c8beecf7a744321257c2a5c11d4de18fcb486bb69f199422ce3cab8b6afdbe880481c47b06ba8f335beb |
C:\Users\Admin\AppData\Local\Temp\D27.tmp\eulascr.exe
| MD5 | 8b1c352450e480d9320fce5e6f2c8713 |
| SHA1 | d6bd88bf33de7c5d4e68b233c37cc1540c97bd3a |
| SHA256 | 2c343174231b55e463ca044d19d47bd5842793c15954583eb340bfd95628516e |
| SHA512 | 2d8e43b1021da08ed1bf5aff110159e6bc10478102c024371302ccfce595e77fd76794658617b5b52f9a50190db250c1ba486d247d9cd69e4732a768edbb4cbc |
memory/2156-847-0x0000000000100000-0x000000000012A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\5a530dfd-bc51-4992-a05d-f09d41a331d4\AgileDotNetRT64.dll
| MD5 | 42b2c266e49a3acd346b91e3b0e638c0 |
| SHA1 | 2bc52134f03fcc51cb4e0f6c7cf70646b4df7dd1 |
| SHA256 | adeed015f06efa363d504a18acb671b1db4b20b23664a55c9bc28aef3283ca29 |
| SHA512 | 770822fd681a1d98afe03f6fbe5f116321b54c8e2989fb07491811fd29fca5b666f1adf4c6900823af1271e342cacc9293e9db307c4eef852d1a253b00347a81 |
memory/2156-854-0x00007FFE70600000-0x00007FFE7074F000-memory.dmp
memory/2156-855-0x000000001CAD0000-0x000000001CC92000-memory.dmp
memory/2156-856-0x000000001D1D0000-0x000000001D6F8000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 779aac290cf30d10bddad3deca11af01 |
| SHA1 | 9aed9c5914b744425cfa3f786e49851833b602d8 |
| SHA256 | 188fcc3fc78eca8dc2d4792c2ad5da8f9e0f0d8ea05dcd495f250bf336cf35ea |
| SHA512 | e3aedb07a69871ffc9def665b38bb71d2ead7fd7872f18dbc0b75aec0de31f34709520ae90d5d27ad790d7607e8d2b315c9f2b92bcf75dfb42304254d2057f3a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 686bcee9fb92f84e7f824e9880cf936f |
| SHA1 | 47ef109c70e7448c190d1858d53156cad60ec1fe |
| SHA256 | 825db148fd3d0ec51eb4787bcd5fbf0f2ad4a62b1823f0c707f63c2a1714fe4a |
| SHA512 | 8dde15cd5d966eafb4cef0335c56a253ddf6fa389768bd772415f298ee05347c375f9afa55851fc5eeffb708517804e3c7b7464ab7ea21d572a14ce98345a110 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 4197cd57b56bca6465819a76b935e962 |
| SHA1 | 7afb20b7ba0c4668dd8e4697a0c6aaaddd319a69 |
| SHA256 | 4656b2d7a66337dc06bd5e2680e9b74962ca646197a9d14be38a617759f02f21 |
| SHA512 | c497590ecece43ae965c96ebf15199f47c15ff0240778158840cf812fcc5155b428b842d213364dd1760d6b498f148a4f3d03dbe7718dc27ec0091c36c0be61f |
C:\Users\Admin\Downloads\Unconfirmed 102845.crdownload
| MD5 | 0ec108e32c12ca7648254cf9718ad8d5 |
| SHA1 | 78e07f54eeb6af5191c744ebb8da83dad895eca1 |
| SHA256 | 48b08ea78124ca010784d9f0faae751fc4a0c72c0e7149ded81fc03819f5d723 |
| SHA512 | 1129e685f5dd0cb2fa22ef4fe5da3f1e2632e890333ce17d3d06d04a4097b4d9f4ca7d242611ffc9e26079900945cf04ab6565a1c322e88e161f1929d18a2072 |
C:\Users\Admin\Downloads\Unconfirmed 102845.crdownload:SmartScreen
| MD5 | 4047530ecbc0170039e76fe1657bdb01 |
| SHA1 | 32db7d5e662ebccdd1d71de285f907e3a1c68ac5 |
| SHA256 | 82254025d1b98d60044d3aeb7c56eed7c61c07c3e30534d6e05dab9d6c326750 |
| SHA512 | 8f002af3f4ed2b3dfb4ed8273318d160152da50ee4842c9f5d9915f50a3e643952494699c4258e6af993dc6e1695d0dc3db6d23f4d93c26b0bc6a20f4b4f336e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | d5e0a3f44143d189ec143584bed92dac |
| SHA1 | 9e50fbe37f0ce53a78abe473ea1a301409255a1b |
| SHA256 | bb9c27c971e6441620cb4fb3037d5fcb2f1da538804cb7c293bf74995c07e7d1 |
| SHA512 | 2aefc1a330cdfe7d34a757319cfe596d6434b1460e7ef38ff680489dda5f97890c541f3a8f10bd528685c7a79765751c7efb9c67df21f5a35d81ca6b37720b02 |
memory/1292-983-0x0000000000400000-0x0000000000422000-memory.dmp
C:\Users\Admin\Downloads\Unconfirmed 255854.crdownload
| MD5 | 515198a8dfa7825f746d5921a4bc4db9 |
| SHA1 | e1da0b7f046886c1c4ff6993f7f98ee9a1bc90ae |
| SHA256 | 0fda176b199295f72fafc3bc25cefa27fa44ed7712c3a24ca2409217e430436d |
| SHA512 | 9e47037fe40b79ebf056a9c6279e318d85da9cd7e633230129d77a1b8637ecbafc60be38dd21ca9077ebfcb9260d87ff7fcc85b8699b3135148fe956972de3e8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | ad4691b0755d76e469970a018f2d0319 |
| SHA1 | 002f6499486e04a51bcd1a9333d36bec3b38163d |
| SHA256 | 799d027f7d6ef58f4591be315175f643ebc0a25a1ad6b3a638f33db636d2fc12 |
| SHA512 | c500c17a28889b114a0fd70db3575941527f9f3fe2236210d28d0e83c04b92c022cc1203cc90015154d787062dab3b010190209826e703809bad7ac994483df8 |
memory/3732-1013-0x0000000000400000-0x00000000006BC000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 04a520ce8d2d807bfa69bf0e3b6b5827 |
| SHA1 | 9c8ab1efccdae3259f0ada3b8e3726e236c6df94 |
| SHA256 | 3c5d6ffad1414621d72c1e36bc6e81cd2256783aab9a0b2b06d8bf347064ffc6 |
| SHA512 | ca1db6c4bd1db783532e59a4bd3132db22bba3ce81b9e42599914f302b33e1f07e76d06fa8f871203cf3b1b893359ebf300b1c09addffb930015565463fdae39 |
memory/3732-1036-0x0000000000400000-0x00000000006BC000-memory.dmp
C:\Users\Admin\Downloads\Unconfirmed 797733.crdownload
| MD5 | b6d61b516d41e209b207b41d91e3b90d |
| SHA1 | e50d4b7bf005075cb63d6bd9ad48c92a00ee9444 |
| SHA256 | 3d0efd55bde5fb7a73817940bac2a901d934b496738b7c5cab7ea0f6228e28fe |
| SHA512 | 3217fc904e4c71b399dd273786634a6a6c19064a9bf96960df9b3357001c12b9547813412173149f6185eb5d300492d290342ec955a8347c6f9dcac338c136da |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | c9a5fe8c6b791d53c90eeb1f25a06f5a |
| SHA1 | ea53cc6438c26d39958d9ddbbfa4f0117dd6a5dd |
| SHA256 | ce66f9f89e8493a09fec270cc7f55ba668d9171b4b1e269ef6f113168eb72876 |
| SHA512 | 92dd9500d3a3b03a6e2f1397da1f99c3446c247347982b78fa02332b289443c7fcee6668c0380db6332c4fbf4095900dd7dc5c5c3d699856f3f5f7a5006dad46 |
C:\Users\Admin\Downloads\Unconfirmed 961054.crdownload
| MD5 | b2eca909a91e1946457a0b36eaf90930 |
| SHA1 | 3200c4e4d0d4ece2b2aadb6939be59b91954bcfa |
| SHA256 | 0b6c0af51cde971b3e5f8aa204f8205418ab8c180b79a5ac1c11a6e0676f0f7c |
| SHA512 | 607d20e4a46932c7f4d9609ef9451e2303cd79e7c4778fe03f444e7dc800d6de7537fd2648c7c476b9f098588dc447e8c39d8b21cd528d002dfa513a19c6ebbf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | dd645d78f4b5ee3547922d9728ac9f24 |
| SHA1 | 16fdb600f0e0423f708120eaa8c42c49f0a4dc14 |
| SHA256 | a5afec05276e3777bef3676ece53343a7473379f1a9534865b2b2dc9d8851887 |
| SHA512 | a2907412d9dca90c8ebcef5ab07a8332b5a3c509c3be5dae675ee268cfe93718bdb4e013bcced9f71f98d46c7a4be5a635866bce51511f27a620d6982f69031b |
memory/2012-1114-0x000000001B510000-0x000000001B5B6000-memory.dmp
memory/2012-1116-0x000000001BA90000-0x000000001BF5E000-memory.dmp
memory/2012-1117-0x000000001C080000-0x000000001C11C000-memory.dmp
memory/2012-1118-0x0000000000E40000-0x0000000000E48000-memory.dmp
memory/2012-1119-0x000000001C2E0000-0x000000001C32C000-memory.dmp
memory/964-1136-0x0000000000980000-0x0000000000990000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 7c1a65e3f8644fd1ffb19abfef8cc7a1 |
| SHA1 | bcc39c2df4a1360a5b482fcaf1366f94e92e79a5 |
| SHA256 | 27efcab2bd252c4d39c341489395661346e0d8d5c8ac523f9b1e7d36f1fbb575 |
| SHA512 | e6924fa19d458ba10817739e23416336a62445e2190b48a6bbb1c76d896ef9f38a814850d88ff637a068f0b3c3ea19c552461ee8bb643dd860aca2160e59525d |