Malware Analysis Report

2025-03-14 21:44

Sample ID 250116-x6v8yswlap
Target showcaptcha
SHA256 279e876e8458798854e2e7184f4bbd87aa15f026ac5f6468ff010ae176a1709a
Tags
google discovery phishing
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

279e876e8458798854e2e7184f4bbd87aa15f026ac5f6468ff010ae176a1709a

Threat Level: Known bad

The file showcaptcha was found to be: Known bad.

Malicious Activity Summary

google discovery phishing

Detected google phishing page

Executes dropped EXE

Enumerates physical storage devices

Browser Information Discovery

Enumerates system info in registry

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Modifies registry class

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: GetForegroundWindowSpam

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of SetWindowsHookEx

NTFS ADS

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-01-16 19:28

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-01-16 19:28

Reported

2025-01-16 19:31

Platform

win11-20241023-en

Max time kernel

141s

Max time network

132s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\showcaptcha.html

Signatures

Detected google phishing page

phishing google

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\fatalka\Fatality.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Fatality.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Fatality.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Fatality.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Fatality.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Fatality.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Fatality.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Fatality.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Fatality.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Fatality.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Fatality.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Fatality.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Fatality.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Client.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Fatality.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Client.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" C:\Windows\system32\BackgroundTransferHost.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox" C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings C:\Windows\system32\OpenWith.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix C:\Windows\system32\BackgroundTransferHost.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:" C:\Windows\system32\BackgroundTransferHost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\MuiCache C:\Windows\system32\BackgroundTransferHost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\Users\Admin\Downloads\fatalka.rar:Zone.Identifier C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A
N/A N/A C:\Windows\system32\OpenWith.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2784 wrote to memory of 4008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2784 wrote to memory of 4008 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2784 wrote to memory of 4860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2784 wrote to memory of 4860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2784 wrote to memory of 4860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2784 wrote to memory of 4860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2784 wrote to memory of 4860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2784 wrote to memory of 4860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2784 wrote to memory of 4860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2784 wrote to memory of 4860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2784 wrote to memory of 4860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2784 wrote to memory of 4860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2784 wrote to memory of 4860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2784 wrote to memory of 4860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2784 wrote to memory of 4860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2784 wrote to memory of 4860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2784 wrote to memory of 4860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2784 wrote to memory of 4860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2784 wrote to memory of 4860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2784 wrote to memory of 4860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2784 wrote to memory of 4860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2784 wrote to memory of 4860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2784 wrote to memory of 4860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2784 wrote to memory of 4860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2784 wrote to memory of 4860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2784 wrote to memory of 4860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2784 wrote to memory of 4860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2784 wrote to memory of 4860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2784 wrote to memory of 4860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2784 wrote to memory of 4860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2784 wrote to memory of 4860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2784 wrote to memory of 4860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2784 wrote to memory of 4860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2784 wrote to memory of 4860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2784 wrote to memory of 4860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2784 wrote to memory of 4860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2784 wrote to memory of 4860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2784 wrote to memory of 4860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2784 wrote to memory of 4860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2784 wrote to memory of 4860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2784 wrote to memory of 4860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2784 wrote to memory of 4860 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2784 wrote to memory of 4852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2784 wrote to memory of 4852 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2784 wrote to memory of 3160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2784 wrote to memory of 3160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2784 wrote to memory of 3160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2784 wrote to memory of 3160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2784 wrote to memory of 3160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2784 wrote to memory of 3160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2784 wrote to memory of 3160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2784 wrote to memory of 3160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2784 wrote to memory of 3160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2784 wrote to memory of 3160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2784 wrote to memory of 3160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2784 wrote to memory of 3160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2784 wrote to memory of 3160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2784 wrote to memory of 3160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2784 wrote to memory of 3160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2784 wrote to memory of 3160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2784 wrote to memory of 3160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2784 wrote to memory of 3160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2784 wrote to memory of 3160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2784 wrote to memory of 3160 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\showcaptcha.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff90903cb8,0x7fff90903cc8,0x7fff90903cd8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1920,13938520885826952270,8012095879657140963,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1952 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1920,13938520885826952270,8012095879657140963,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1920,13938520885826952270,8012095879657140963,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2640 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13938520885826952270,8012095879657140963,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3144 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13938520885826952270,8012095879657140963,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3164 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1920,13938520885826952270,8012095879657140963,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4932 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1920,13938520885826952270,8012095879657140963,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5088 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13938520885826952270,8012095879657140963,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13938520885826952270,8012095879657140963,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13938520885826952270,8012095879657140963,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13938520885826952270,8012095879657140963,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6072 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13938520885826952270,8012095879657140963,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13938520885826952270,8012095879657140963,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5924 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1920,13938520885826952270,8012095879657140963,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6364 /prefetch:8

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x00000000000004E4 0x00000000000004D4

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13938520885826952270,8012095879657140963,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6468 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1920,13938520885826952270,8012095879657140963,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6408 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13938520885826952270,8012095879657140963,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6824 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13938520885826952270,8012095879657140963,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6840 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13938520885826952270,8012095879657140963,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6508 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13938520885826952270,8012095879657140963,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6348 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13938520885826952270,8012095879657140963,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6068 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13938520885826952270,8012095879657140963,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6032 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaService --field-trial-handle=1920,13938520885826952270,8012095879657140963,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=6804 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13938520885826952270,8012095879657140963,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6268 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13938520885826952270,8012095879657140963,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6276 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13938520885826952270,8012095879657140963,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1640 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13938520885826952270,8012095879657140963,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5924 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13938520885826952270,8012095879657140963,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6100 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13938520885826952270,8012095879657140963,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13938520885826952270,8012095879657140963,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7664 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1920,13938520885826952270,8012095879657140963,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7840 /prefetch:8

C:\Windows\system32\OpenWith.exe

C:\Windows\system32\OpenWith.exe -Embedding

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap32124:76:7zEvent191

C:\Users\Admin\Downloads\fatalka\Fatality.exe

"C:\Users\Admin\Downloads\fatalka\Fatality.exe"

C:\Users\Admin\AppData\Local\Temp\Client.exe

"C:\Users\Admin\AppData\Local\Temp\Client.exe"

C:\Users\Admin\AppData\Local\Temp\Fatality.exe

"C:\Users\Admin\AppData\Local\Temp\Fatality.exe"

C:\Users\Admin\AppData\Local\Temp\Fatality.exe

"C:\Users\Admin\AppData\Local\Temp\Fatality.exe"

C:\Users\Admin\AppData\Local\Temp\Client.exe

"C:\Users\Admin\AppData\Local\Temp\Client.exe"

C:\Users\Admin\AppData\Local\Temp\Fatality.exe

"C:\Users\Admin\AppData\Local\Temp\Fatality.exe"

C:\Users\Admin\AppData\Local\Temp\Client.exe

"C:\Users\Admin\AppData\Local\Temp\Client.exe"

C:\Users\Admin\AppData\Local\Temp\Fatality.exe

"C:\Users\Admin\AppData\Local\Temp\Fatality.exe"

C:\Users\Admin\AppData\Local\Temp\Client.exe

"C:\Users\Admin\AppData\Local\Temp\Client.exe"

C:\Users\Admin\AppData\Local\Temp\Fatality.exe

"C:\Users\Admin\AppData\Local\Temp\Fatality.exe"

C:\Users\Admin\AppData\Local\Temp\Client.exe

"C:\Users\Admin\AppData\Local\Temp\Client.exe"

C:\Users\Admin\AppData\Local\Temp\Fatality.exe

"C:\Users\Admin\AppData\Local\Temp\Fatality.exe"

C:\Users\Admin\AppData\Local\Temp\Client.exe

"C:\Users\Admin\AppData\Local\Temp\Client.exe"

C:\Windows\system32\BackgroundTransferHost.exe

"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13

C:\Users\Admin\AppData\Local\Temp\Fatality.exe

"C:\Users\Admin\AppData\Local\Temp\Fatality.exe"

C:\Users\Admin\AppData\Local\Temp\Client.exe

"C:\Users\Admin\AppData\Local\Temp\Client.exe"

C:\Users\Admin\AppData\Local\Temp\Fatality.exe

"C:\Users\Admin\AppData\Local\Temp\Fatality.exe"

C:\Users\Admin\AppData\Local\Temp\Client.exe

"C:\Users\Admin\AppData\Local\Temp\Client.exe"

C:\Users\Admin\AppData\Local\Temp\Fatality.exe

"C:\Users\Admin\AppData\Local\Temp\Fatality.exe"

C:\Users\Admin\AppData\Local\Temp\Client.exe

"C:\Users\Admin\AppData\Local\Temp\Client.exe"

C:\Users\Admin\AppData\Local\Temp\Fatality.exe

"C:\Users\Admin\AppData\Local\Temp\Fatality.exe"

C:\Users\Admin\AppData\Local\Temp\Client.exe

"C:\Users\Admin\AppData\Local\Temp\Client.exe"

C:\Users\Admin\AppData\Local\Temp\Fatality.exe

"C:\Users\Admin\AppData\Local\Temp\Fatality.exe"

C:\Users\Admin\AppData\Local\Temp\Client.exe

"C:\Users\Admin\AppData\Local\Temp\Client.exe"

C:\Users\Admin\AppData\Local\Temp\Fatality.exe

"C:\Users\Admin\AppData\Local\Temp\Fatality.exe"

C:\Users\Admin\AppData\Local\Temp\Client.exe

"C:\Users\Admin\AppData\Local\Temp\Client.exe"

C:\Users\Admin\AppData\Local\Temp\Fatality.exe

"C:\Users\Admin\AppData\Local\Temp\Fatality.exe"

C:\Users\Admin\AppData\Local\Temp\Client.exe

"C:\Users\Admin\AppData\Local\Temp\Client.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 cdnrhkgfkkpupuotntfj.svc.cdn.yandex.net udp
US 8.8.8.8:53 mc.yandex.ru udp
RU 93.158.134.158:443 captcha-backgrounds.s3.yandex.net tcp
RU 87.250.250.119:443 mc.yandex.com tcp
RU 87.250.250.145:443 adfstat.yandex.ru tcp
RU 37.9.64.225:443 cdnrhkgfkkpupuotntfj.svc.cdn.yandex.net tcp
US 8.8.8.8:53 158.134.158.93.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 13.107.21.239:443 edge.microsoft.com tcp
GB 172.165.61.93:443 nav.smartscreen.microsoft.com tcp
GB 51.140.244.186:443 data-edge.smartscreen.microsoft.com tcp
GB 95.101.143.210:443 r.bing.com tcp
GB 95.101.143.210:443 r.bing.com tcp
GB 95.101.143.210:443 r.bing.com tcp
GB 88.221.135.32:443 th.bing.com tcp
GB 88.221.135.32:443 th.bing.com tcp
IE 20.190.159.71:443 login.microsoftonline.com tcp
GB 172.217.16.238:443 www.youtube.com tcp
GB 172.217.16.238:443 www.youtube.com tcp
GB 172.217.16.238:443 www.youtube.com udp
GB 142.250.178.22:443 i.ytimg.com tcp
NL 173.194.69.84:443 accounts.google.com tcp
NL 173.194.69.84:443 accounts.google.com udp
GB 51.11.108.188:443 x.urs.microsoft.com tcp
GB 142.250.187.196:443 www.google.com tcp
GB 216.58.213.14:443 youtube.com tcp
GB 142.250.179.238:443 play.google.com tcp
GB 142.250.179.238:443 play.google.com tcp
GB 142.250.179.238:443 play.google.com udp
GB 172.217.169.42:443 jnn-pa.googleapis.com tcp
GB 172.217.169.42:443 jnn-pa.googleapis.com udp
GB 142.250.200.46:443 consent.youtube.com tcp
GB 142.250.178.22:443 i.ytimg.com udp
GB 142.250.187.194:443 googleads.g.doubleclick.net tcp
NL 74.125.8.202:443 rr5---sn-5hneknes.googlevideo.com tcp
NL 74.125.8.202:443 rr5---sn-5hneknes.googlevideo.com tcp
GB 142.250.187.194:443 googleads.g.doubleclick.net udp
NL 74.125.8.202:443 rr5---sn-5hneknes.googlevideo.com tcp
NL 74.125.8.202:443 rr5---sn-5hneknes.googlevideo.com tcp
NL 74.125.8.202:443 rr5---sn-5hneknes.googlevideo.com tcp
NL 74.125.8.202:443 rr5---sn-5hneknes.googlevideo.com tcp
GB 216.58.204.78:443 suggestqueries-clients6.youtube.com tcp
GB 216.58.213.14:443 youtube.com udp
GB 142.250.187.230:443 static.doubleclick.net tcp
GB 216.58.204.78:443 suggestqueries-clients6.youtube.com udp
GB 172.217.16.225:443 yt3.ggpht.com tcp
GB 172.217.16.225:443 yt3.ggpht.com tcp
GB 172.217.16.225:443 yt3.ggpht.com tcp
GB 74.125.175.41:443 rr4---sn-aigzrnsr.googlevideo.com tcp
GB 74.125.175.41:443 rr4---sn-aigzrnsr.googlevideo.com udp
GB 172.217.16.225:443 yt3.ggpht.com udp
RU 87.250.250.50:443 disk.yandex.ru tcp
RU 87.250.250.50:443 disk.yandex.ru tcp
RU 87.250.250.50:443 disk.yandex.ru tcp
RU 87.250.250.50:443 disk.yandex.ru tcp
RU 87.250.250.145:443 adfstat.yandex.ru tcp
RU 37.9.64.225:443 cdnrhkgfkkpupuotntfj.svc.cdn.yandex.net tcp
RU 178.154.131.217:443 yastatic.net tcp
RU 178.154.131.217:443 yastatic.net tcp
RU 178.154.131.217:443 yastatic.net tcp
RU 87.250.250.119:443 mc.yandex.com tcp
RU 178.154.131.217:443 yastatic.net tcp
RU 87.250.250.50:443 disk.yandex.ru tcp
RU 87.250.250.50:443 disk.yandex.ru tcp
RU 87.250.250.50:443 disk.yandex.ru tcp
RU 87.250.251.153:443 ext.captcha.yandex.net tcp
RU 87.250.250.145:443 adfstat.yandex.ru tcp
GB 142.250.179.238:443 play.google.com udp
RU 77.88.21.148:443 docviewer.yandex.ru tcp
RU 87.250.250.104:443 csp.yandex.net tcp
RU 77.88.55.88:443 yandex.ru tcp
RU 77.88.21.179:443 ads.adfox.ru tcp
RU 87.250.247.183:443 avatars.mds.yandex.net tcp
RU 87.250.250.90:443 an.yandex.ru tcp
RU 87.250.250.90:443 an.yandex.ru tcp
RU 87.250.250.36:443 favicon.yandex.net tcp
RU 87.250.250.36:443 favicon.yandex.net tcp
RU 87.250.250.36:443 favicon.yandex.net tcp
RU 87.250.250.90:443 an.yandex.ru tcp
RU 87.250.250.104:443 csp.yandex.net tcp
RU 77.88.21.127:443 downloader.disk.yandex.ru tcp
RU 5.255.221.92:443 s92klg.storage.yandex.net tcp
RU 93.158.134.242:443 dr.yandex.net tcp
GB 172.217.16.238:443 www.youtube.com udp
GB 92.123.128.172:443 tcp
GB 95.101.143.184:443 r.bing.com tcp
GB 95.101.143.184:443 r.bing.com tcp
GB 95.101.143.184:443 r.bing.com tcp
GB 95.101.143.184:443 r.bing.com tcp
GB 95.101.143.184:443 r.bing.com tcp
GB 95.101.143.184:443 r.bing.com tcp
US 20.42.65.91:443 browser.pipe.aria.microsoft.com tcp
GB 95.101.143.35:443 www.bing.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 7bed1eca5620a49f52232fd55246d09a
SHA1 e429d9d401099a1917a6fb31ab2cf65fcee22030
SHA256 49c484f08c5e22ee6bec6d23681b26b0426ee37b54020f823a2908ab7d0d805e
SHA512 afc8f0b5b95d593f863ad32186d1af4ca333710bcfba86416800e79528616e7b15f8813a20c2cfa9d13688c151bf8c85db454a9eb5c956d6e49db84b4b222ee8

\??\pipe\LOCAL\crashpad_2784_ZCFREYQLWBPRTZJY

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 5431d6602455a6db6e087223dd47f600
SHA1 27255756dfecd4e0afe4f1185e7708a3d07dea6e
SHA256 7502d9453168c86631fb40ec90567bf80404615d387afc7ec2beb7a075bcc763
SHA512 868f6dcf32ef80459f3ea122b0d2c79191193b5885c86934a97bfec7e64250e10c23e4d00f34c6c2387a04a15f3f266af96e571bbe37077fb374d6d30f35b829

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 3a2716317bf5ff9a924e762d9f6d26cd
SHA1 18679e07b9ebcf525619476a4803025db5a61fcc
SHA256 fa1ef9e80be9356af108f2f2b9efff4ae68063396211fc5bcd3ef73baf3327d5
SHA512 954c9407a171d5e6908ed50b4c1fa45db1a4721feacb90b9642f268666b7bfa5e5f996492dd047864f5f172d902188e1467a92e20095aa31ab86a0b4d3300d87

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 ea9a9a564f7baf6dbaa86a023c6f46c3
SHA1 4e061b932394d59f43e7970eb66de0a4f42c2439
SHA256 d5238d21858219a5e25c872d1eaaf2bb8eb707d1836fbc955a5dd4653ac9d735
SHA512 1834baad383bcbf9dd478ac41741acffe9891a040fa611e5fd651b985bee4a60a883c06fc11f97a0dfc0a61d7aba89f86d49eae82ee4805f3d6896df70aaa50c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 542f6936392ee4130a8ce5b5eaf26ba5
SHA1 f622d944bdd405160981a2df00fca717c8f566c8
SHA256 c20a6e0a9735d8a18fc6ea34c1c425fa73f57bdd084746ed111144324fcdadb4
SHA512 c40185b20607b46cdd9e598193d4e8e95129afadedab44c174ac22696fada57ff8d0dac59141507db4190f11a06310a2b28ab1ee189687bcbd0b9e49a1ed96d4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2e6648e3d78b3e63a12dbfddf31172b1
SHA1 973dd0d91dd2db79b660eb3b4e8e6e006f40cc62
SHA256 b76cc3859671d52177e7829321d911100a52ed0e1c89bd77caa31557e14294d8
SHA512 20f3c97f4b6ae56f8a9e6e7194885d411cf8e26ab101ac53219c5420dff39106a3114b7753ea5c06f60a8aea1709539ef24ecf6d29f85a635dc817e7edcc1302

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 127f7a9d9364e10c0d9b6cd987e32f0a
SHA1 7427e09f19e3ac2a17ebdf8636721d06d4e54c1e
SHA256 d4a0d608d3fa83388a78ca3507a520314c1d6f0a841f75f240a2d63118d95d41
SHA512 5606f179c09fccd26b6778898225f8d5b66810f5f88d5b4b95c90975eaff4520284c1984857eec3055c6384dbfe7163bda2e325d78a87a32afc36d81b446d887

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 611356dbd290cedae6cd2f87cd7c1568
SHA1 4244cad7e0c5f9432f8a72ce64919a7a73e45279
SHA256 346ffb32a734478ea1c003a1d98d77c324fde5db5b3700a7b460df92558e7113
SHA512 5e5fa3e2b42924109562dce00b5a96fe53eee3b211b24e78d722b84d763650e8e3ef6291161d5b32ac3b314ed5f2dc28cba3e9393f12661e4114ffe54bd54365

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 75996b8811aa75788daa818f635453a7
SHA1 c470dbcef96f0d47a7d36d41c91d800926d87c7b
SHA256 5d4815157eeae4fe4364b4134e8c24476ce4e84a9de3e5d493270901872bf5f3
SHA512 fcddfc16b29a31489af9066f7ba0d5ffd60082e589d00ea7cfce172210e50baef816189a81fe422efd55919a0cdd5429252b3967f3294b424597bec5fedf1e0c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Platform Notifications\MANIFEST-000001

MD5 5af87dfd673ba2115e2fcf5cfdb727ab
SHA1 d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256 f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512 de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 b3b3f52d0cea06a85b95c1d4cada2c54
SHA1 9d50ba4de34fa89ee3d7627dd057d240fb2672fd
SHA256 be7fa493d91b2414ec30dbc901e2900034a4750919c90901a0bb5ccbdb7004b8
SHA512 ae055d59ccfdbc1533cb5f370482ad9b26fdb98b1a9a8eaf5e7710f21f6d9ea024b11e4c9400946528ac1bceaa6375b85620e2220dbf0db682604ff5d472f537

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe583582.TMP

MD5 35811889b0593699c415ce1fb0736060
SHA1 2a91ad59eb31451bea13ac569084c359a21b744a
SHA256 4560b8930b402c4084769890d0b6e1420975f9439b2e8906d11c0550c36d9dba
SHA512 06034200a46d5f9ec032fef69d8bff75762937f421aea84fb6e0a26ecd62d63f6eeb2c1ddd7ad502603698febc2dfd3823f7bccfb6fc620239fa336024b47beb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\d5a44d49-fb73-4bf7-9e8d-366464860c65\index-dir\the-real-index~RFe584c85.TMP

MD5 c964174310c215e637444401040ed367
SHA1 c6544dad69afd8ef70adeb808669f944a16baa98
SHA256 3cc03f9b48ac3bd6dd7b4d87512796bb216c243146a4df6e00014171c9da5b8f
SHA512 6519b506c74719ffa1dcb881230b0f6e2bdeaa6c861129914c48ed2967245b3ee8ba054ddb213a44442a9bad3ca76260ac7ada20ef572a871abd8396895c47bc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\d5a44d49-fb73-4bf7-9e8d-366464860c65\index-dir\the-real-index

MD5 2c9951ba6bf676d6d62d027be960a2c6
SHA1 6ad0c0be89b5dac9c4910996dc8e566cd63270bb
SHA256 b8f004b8cb3527012aec72c5b15c57d759fe6b5c038c83f4bd9f06d64fc906e5
SHA512 a1070d7e7dc04640d4a27231bd35b0dd382958db5afd9ca7c9542cf5a7506243be96d874047503a68aa339a7f97dbfb031e6141130916f38d48ea99da9ccf47c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 12d6bcd1404744a3940dc6f3e3d35b23
SHA1 6a739bd0ae7fecd4d9cc551bd9eb5fc91ec0a8d0
SHA256 054bc2c5d0887c7f624252d5f47f7756f01d2218132b2b670e646b019c0dbce0
SHA512 e4156596b921fc51cd17848321938720305e7b0da6b6cbd5f99db6a51d3609399017d41d3387c24ae8a67a9194e2dc6163aa5d3214a96cb31189e6d5557b4e04

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\b0cf54b0-eefd-411b-9b70-8044ebe4e4f0\index

MD5 54cb446f628b2ea4a5bce5769910512e
SHA1 c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256 fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA512 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 9ff77cb10246b8fb66d13c5ad617aeee
SHA1 b669b888136bb01e07a423fd07dcf4b7d79ff55d
SHA256 2bcc34c15081566f6db89ffc8a3749a71bc757fc3d0f53a7a0faeb43d6736118
SHA512 345b05d824437e4c09b9fc5f593adfd37001eecf8975b6b7dcd2a5e7728d556b4cbdf48149cd1911df3d5b1757a992b35b26b9b28cf1c553a680ee182d381510

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 ea74814a3f101850d07b11a3e3514722
SHA1 ee6dc5d326d0da9649661f763be9a13977707b8c
SHA256 805ab63677b8d7850a2ae41e7543767d303d75a805e8030965b24fc7695702b4
SHA512 201619498aec31a1898e57d5f60d3c66fa60286503341a29816e2168ad6b7deb44498291fe26edc0f47de270202e3dfd967a203bcab37ef07d3520061ff23247

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

MD5 8197b6abaa409962056e322d13ff4a2a
SHA1 c4f6967bd50cb89e7affb66943de76539d2c422b
SHA256 6cecf20b4deb1f6f623b16c97b29038088251756f7d3676f1ce38eaecda4f076
SHA512 9a861415f70944412dc061649247a821c3fd3899727b16aed42e03c945f61b09bd044521326df5cddad3d02674942bcae0a4006fd6e5cc963176de7d1c722c4c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

MD5 6063256272d8ecfa4fe4421d6c6cac80
SHA1 978c24facdde195388a702cf3d25b765d0111432
SHA256 cd15681f4833ea8133eb8da4c2d45356b5f1eb426cfd3a715afccc83cbc0ed3c
SHA512 1d192b4ff84d58f03dc534f31935c569fbc39af0f6ff9e110219922c2bc2075a0b6498e81d06f83a35123f0f9ca0b63f826d62943a07be631c3ec03c8b428b66

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

MD5 744172b2c526ad323cd32ee244214ee3
SHA1 27434c614392c8666cded0f78eddb2b7a15c04b7
SHA256 b64ee40aac51761ba449cc3a4cab7671461514b0cbd9e05263e3a7704fffa756
SHA512 2eb1b5710b642eed3b908e398af98603de9bdda5449d89dc862e0428d6ee6f94db3895bf70aa562b00b21253a1eb9094d47a9261012fe2002fd3d586d1af2e97

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

MD5 d74b9d94121977b55b511eb72f20b014
SHA1 764c6faec43aa5abd0da58468bf14a22d44dba63
SHA256 aa3247aed53ac3005eb62ea8e51ab5d0e4bba6fb14f0eaade2be834b46bc2677
SHA512 1faf9e03370e7fa9787364f3fdef36a96222217a969ed815c9e37ac8d3f1d6cf7cd6816177ae3d8c9e380f99ff2b4256f43d5482860ae06bee17f21b8245d492

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

MD5 65da8d6932ad74d3b51694b5a28dd0bb
SHA1 aa6e37cdacda153f499c299299a4dacf50c93765
SHA256 309ec80a404d5ba8c9816e0932bff343c8e205fe36819908682289ed7c7ae482
SHA512 bfce7ba0e18dde7d6f833709e565f704701d7a51b14d7c11b06cdce0b057290a334219c9aa4f7ea098c097eb779a2ceca397a9ad1ede0784348f78c81fd55015

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 04a6cf4b80b442ef0ffb4ea0c2325c34
SHA1 6c7fe789c8959863d3fef674a4a276bfd75153ec
SHA256 8bce7fbc479cd3c84c32ae71e065b95d9c1eaa3ea7c13d1aa15ffd76dd9b6435
SHA512 f6cf8d5d2feb20436b33f0072272766848b5cbd912be88530baa593d61ca45dc9fb229c3917d75b25f484a4bc16105b9f0cc5a04fe0587d0a5ca7313b0293328

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 2039dfe4f29660a5df264a6de970b109
SHA1 887c0dd4e49fd35de36e59787fd2d09092a9d942
SHA256 41c178f1079e247abfd20b512f538f3ee46178c318bc29ef3e35c24904162efc
SHA512 c9ca89a0eee4e544ae1239e0f6f14ec0a8f6463f7fadc435bbde416bfd5e8aa9375d2995dfb48b69ad1fa4e97faa5703bdc66d738acc9a7de0b5cf47801809a6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe589fd5.TMP

MD5 c7c869ca348e7e93da58cebf11f7da71
SHA1 0bb59393f8b41e1e95fdd828fddce439ec4a4332
SHA256 0e5dd9fa1a09e19a83047e739b11b36effcc1f30f2173c1b46b0a7b21307266e
SHA512 88a607a3d76c741033e3fb837c4571b8e546d337854f96c8116b3d941ecfa28da05a5e027307bd8b74f145e34d7bdc4da43489eb96aee7fff38211834e545fee

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 df905da542f631f82b507de7ce4c49a5
SHA1 0e85d9216d1abcb08e0f4d53885667aaf39ea3bf
SHA256 8b5b90410956ee01d29941851b30b61ef06b7e967a21639e71cf794c2a5bdcee
SHA512 74aa0ecc6e3b45a7441d023a769e66bc5fc3635a48cae860e0c20aa3cd6d0ab97486ca8a2b209b8bfcc978a4b6dc8765b81e0583671e3cc52e4defbb2effaebe

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\7491040f-11bb-45f0-97ec-3eea95789202\index-dir\the-real-index~RFe58a6ab.TMP

MD5 b92fa2d7be41cd268e2fc0eb8ee57073
SHA1 16fd878a7c6c8425efb02ea5ade4e23f879a45a5
SHA256 7c1cbbe7bc993948d49adbc88807952f1041a6d54e0ee1205949ab550eb7e7ae
SHA512 32f49a4157291fb9609545b5976419f67c25cd3a033ecb9197a459342779b826ad4c3c68d78129adaae326d6aac45194246b2cf5945b84a41b012fd2a1f38c8e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\7491040f-11bb-45f0-97ec-3eea95789202\index-dir\the-real-index

MD5 7ff306ad76529acca79d8ad384246336
SHA1 ba3c0943cc6a2e3b0739fd086e06646696a1108f
SHA256 18e470ed1109e899bc07c21503690592583fd4961300addb53842eccc9c2df57
SHA512 8ca1ec025023ef82a405be7f6ae8ba7db76136eaac77472ee9deb5a8fc80523428e13705c4a166c81ae26efb7dd43c75fa72a506cc9f41bd9e81d5560af43496

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 022c0421cf758f06cc550a9ecfdb3d3f
SHA1 3c297c56d67596a47c50b54862311cea08431d88
SHA256 8b00061927c5521b607d4017e84b1ee7e44e70963b2cdabc89a9b0fcd4877eb1
SHA512 6d58c92228d631cd73b025b84e4a0adfe7a74afe3cae0f37ae7d6c752b3a495f08eadfabb8445688aaa7ad98cb368adf4b07de7c88005f5564ea78f506d7869d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 3ce96b6dedb9bbaa6697de0c4e058ab1
SHA1 be0557b0a76e1e923d73ca79b6e6c2ac05313748
SHA256 1f319582187a057a97ab2eb454e44617b9a1bb1b997804c4a25d4f83c4ae544e
SHA512 ff807f951b1f016efdf440e425e67582812c7fdf45b8bc80465b4b455890e6eea75d12342c187d03698fdca20f17a2a2c04c62b4a5b978c7e67ffb4116b9069c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002e

MD5 7fd074f35631b1ce07588dcc20e2210b
SHA1 c56f755dc64595080c09012f399b700fe630b04d
SHA256 6ac2f9033b70487f080f71eccaeb5b516211bed3912c82dc6460d43512d6dfaf
SHA512 52a0a425db76337cf7217f73fb183c0f270325c20532f3a58cdd7f70defb955ad5dc2b7b83fa1acb309fe5eebc5110240f0bdedec8ada16afcee12163edd70d9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029

MD5 b563a5a12e2af07955f461159cc3bb57
SHA1 363f2e095ded4f620f83d661770f00511fd463a8
SHA256 c6b7b73f5ea8040ad69f5c24a7f57fbfce834efdeb3a3682d084c18cd515111f
SHA512 f94730c95fb1a0359f9860e8e4c2588695b3d919bff331c2c55fdf05097824b43ac9bfd1426bfe234ed017b616f55e47f53c11f151a83b87f7b6f95dfca86ff6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\d5a44d49-fb73-4bf7-9e8d-366464860c65\index-dir\the-real-index

MD5 d7845e18e2d13052d041c478015fee84
SHA1 d0d6bd38385dae1cc666fc2998a2a2aa9db392f3
SHA256 bd6b03b56490288b9c7d21bd8f50d00ff7b16cc81b0be463736228abcf6aea42
SHA512 70bdd462338f8531577c2b170b74881b97b0d82d2e0b46556fa14c98e8da10c8f9709afd93d80ec0a5f3c97761f0b3d6de55b644f83962b2fa6c3ca7668395d0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

MD5 0d95e11bf4d8c601ab65711cf5885ed0
SHA1 ddba161b2cfe477d4c190d06ee7e976e2bea538b
SHA256 4327ce980721623de8717e08bdcc407e27436549696c9291e443b717a198fd3a
SHA512 4055a0a83b07d630e50a2dc744593ff2048cac8054f2cebe384abbbc9a2bad33e3b0881e58112aa9cbb13bd14b32bcf3459ae1c551b030e93ae3ddb80086e858

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 97efc1c5ea87346f3738e2cf20cf7461
SHA1 328b1d6256ccbeb2888cb8ecefa0f8e0c2920456
SHA256 281b0ab4b9bfa0014e8c0d27c970f2afae2dd08fa90b36b52c77f201d77a521e
SHA512 a3236b6aecfa443ee9de8940b5419f0bf983bea818127b3e1cca769e215a0a05eee42b98245f35e59debe333318ac253583e8419119823386693eec65ba57344

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 871aff16ae1ea9a4dd58d884d1e83de9
SHA1 eb04216ab455252bc97420225fd0428fbe103b07
SHA256 31111dce250582f561de7c0792fa1a5dbabb17d8c7fc532146771a109874fa83
SHA512 c0ce5047a11af5b1cc5281d41e1fd382e2772b7caf784655959c6d39a11b532821ee8bb78a834a2c685f77bee5441d6fbb79487efb28d096bfed275b3bc98dc8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 c8a3903ef8e04cdaa26f31af77387efe
SHA1 59552d7e4d64b1449a385cc97b65317a13353a31
SHA256 e0c934eda6eec86dc340e7e4d618cd0c1b837579c1a71169339d0fafc13c1309
SHA512 456dab099aca19bc8f010e16b00819222ecef940b1e5472747966e92ba6caf74ad10b7478d0fe2ba0b80f230b964c91cb303492ea726e06ae994b5702acf3a5d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 da795e8ea1d031a3fcbc53ebb4578c07
SHA1 14a2d256bf3ec7feeaa448a6561ee4b74845520d
SHA256 53d6c5faca1a86bb93e2f6cba282e76a93db12755b48bf02d8bd7b6ec923a04d
SHA512 d7c8416c040d53003316144402e84d785b9820197a6dbb15136f490b330d8456e8a30add03cf52dede5749a1d82a4d71f6167de089d0f529985783e376b4976b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 84d3b86106edb9ff3d9f58f31cc4ae46
SHA1 368000ac6b8f95a957cbd8a7c15fc3c4c93d6ad6
SHA256 b626ee33f72a9bed64277307db04d794fbebdabcde7d5779cc4c13d8aaeb37fa
SHA512 3fac90c8b950db07b0c38c22a0e8c3ec2d1c8526d27d4546d2345e4710accfc57fe1f6acf1980ae7b0cbb61e07f0a67e9ecdf597e23695fee21e7d2dea353fbf

C:\Users\Admin\Downloads\Unconfirmed 668292.crdownload

MD5 63b3750260ab94249197565045c2181e
SHA1 d19447c1bf958601ae27270c13d7d1f357f4e322
SHA256 449a5eee3e3f1314c5cb8c8320efbae850ba9afd83e442dcc0c4ef4510d92b5d
SHA512 a483ecbb793de9bf16865b34aff2d92afd50015e78211fa1269cf43ca855d996d9d7ff392052cb82d5e1e2f1ce7285a54ad8d79261307eca10bbbcf34279aa36

C:\Users\Admin\Downloads\fatalka.rar:Zone.Identifier

MD5 fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1 d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256 eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512 aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db

MD5 c99c887aae86d4fa13a65f28d07ca156
SHA1 d7844d9c91f4ffdbf8726031d808001aabc9a1df
SHA256 2e2998597e8953169cdfa1bd8ad39592b9fb9c0172233b6b4d50b2483ca7dd01
SHA512 4daa8ec859d69c07687df8ffd021d8a04b4260e9878689df19bc1bab5abe063960b047c0a8189f5868865b1521d01c898015e4ce47d028f1e2f0baa0d0e63121

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 37da07ef0fd8007df1b3680a8a032421
SHA1 1336d0c54aa918239a8283d78a3b2af90322f421
SHA256 a2fd9b8e8631ab95d513f98474cf0eb76c478f0d819980665bfc7a54d4bf09cb
SHA512 ff2129fca833ba364e4bf42afcb88a8883d9d423344c210baaa61338695f840e9f1f33c242dd28f2ef82e9efd049e84357799ed17cfab6463373bcd014a0ab0c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f9be4255f44a9f3305dd03b99bebe272
SHA1 79609e7f104883e8e1d62b8458d341fce4a27bde
SHA256 d00e8cba8ec81cd025a5e0cb621f6afe08bb51f10a9dbeaa758823e0deb106b0
SHA512 81fe22090bbae7854c92079ba5a22f6f5e261d6cacef3c6d442241244ffd2a1b4b9b1f8bb7f9873adcb849779c5849a595f09c9b4aeeaf34f7e2759904205da3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 f4c622391d1f39b39a8393905fc87285
SHA1 8a2aeed8b143fa7cf92c0e236bf260f17940407c
SHA256 8adb65626530159b647e0228fc6b9642879ffd02e400fc39adc6f54ddceb6986
SHA512 3c22ce089ca201893c3745f4c462bc3c7261da2ed9096548b81fed38623b31333852790185fc11fc8b3ae8e53a46384e16d639c1adc4c5b5b65f629c771df214

C:\Users\Admin\Downloads\fatalka\Fatality.exe

MD5 2c117145797d54e0cf0635eb8b9b1020
SHA1 539921c8eac095e7c625fae7824b7c737ddb4e29
SHA256 8cbbef7e1d12a91235bdf820d8507cd8e3985f80a1a4191ed15fabff80b560eb
SHA512 2641a273b4104764e28e30fee6b1ea36d4d4fd63f1cb5343a0fcc6374d4933cf2f0c3a46aa62fb398af1a0bfe24377f3aaed96c712a767228d763ed4360baf3d

memory/1900-1173-0x0000000000160000-0x000000000124A000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 18dbeb3cc7a5dc070f99efc2b43f9330
SHA1 7c9c71972ab618cd88c3fe76897a8d1345889f4e
SHA256 6e6a9e71a2486213f4f14e87482c411a09a88958ef9a77103026b743ceb721d6
SHA512 4b3892497d10c20d9b3965b1d32834b5263d86f4a13add77f8174ff24e8dce41734202c851cfc0542909893b1998c773d951cd4d843d9135816dfe0e944a2c8b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7fd983411e04d2ebbb3b6f947608da13
SHA1 52b6d45bf552e6255403607b8cfa80b30174abfd
SHA256 96caa7aafe71eb7584341c94b3b3d96bcf7d4597d88edf908c21baaf6d86b590
SHA512 04dd9ec943a7732ef7c5b0b1e380518499069dfa70facb6733c0d75d55ee4820606da606deeebcae2cb24ee1d43b6e904157a86aeaff4cd26c5b268b2ec6f42e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 d52d82a414f0d9092a1cd32e44b6b813
SHA1 ccd4e49752f59519e2e80653ebc568fd12a19d7c
SHA256 6d31ce55457241e64efb2658ec22e96592d65526675f41cd2d34cd441ab66e10
SHA512 f72256136aa9dda5e2e289bfc5d4041e33079935850bda2033d97e437224c64d7b9ea226bb1f8b20660b8a9df0dd6231607bf60497a9b71ad576326710bc55e0

C:\Users\Admin\AppData\Local\Temp\Client.exe

MD5 fa436eb314a32586a0251397faf2cde2
SHA1 0c9216bae648c6a1c0b95e308f877c05718f911e
SHA256 089d49e818133a7340880facb979b6c9928e877e09cef90af5e2fc21a6e9d8aa
SHA512 7ba419b386a1b2d266eda041bca5dab31d0d872c3ba569e295d70367b2848a009c7f6a70b7b6f1e27342aa95142f5f9fe7b0631d3f11a0c8a1cd018d046a3374

memory/2616-1334-0x00000000002C0000-0x000000000035E000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Fatality.exe

MD5 fcf9a5666182373172a2854982f778d1
SHA1 2260797155281e3244d78cc59e6e556de7474e39
SHA256 1be6d7877f695267587633401c75a3032071bbc7238a830f096eab23731219be
SHA512 966adc2f03a4f379f1271b97ce26acba7c3d0686fbd97945e6660b799b4a9d7e9bd5e1e53ac82a5a003c32a17f5059be8b24f854f5a73b9772fefde34d174d21

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Fatality.exe.log

MD5 2cbbb74b7da1f720b48ed31085cbd5b8
SHA1 79caa9a3ea8abe1b9c4326c3633da64a5f724964
SHA256 e31b18f21621d9983bfdf1ea3e53884a9d58b8ffd79e0e5790da6f3a81a8b9d3
SHA512 ecf02d5240e0c1c005d3ab393aa7eff62bd498c2db5905157e2bf6d29e1b663228a9583950842629d1a4caef404c8941a0c7799b1a3bd1eb890a09fdb7efcff9

memory/4368-1362-0x0000000000590000-0x0000000001630000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Client.exe

MD5 61c5b553ba4b7ac7d24e192b3ef044b6
SHA1 cba8c138b73e8d1158622591b545f16d41ca2d35
SHA256 0a269cf1dcb399ef1e660f595e24297ae275390e41b42685b8a759b7d023bb6d
SHA512 6e44494210368258b137d3f58591e7608bcf3d3365497b7e05d5a22d947e46f12e249b0ba4306ebed95da40f92bc10e49a91ecea1007a5faf8aac6e285b44222

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Client.exe.log

MD5 bc4e798e428bf600621ffa361da29e88
SHA1 60c6bbe3f8dd34346f4b917d540bf23d7e388d0c
SHA256 e581886635b44fab5f83b1267283d3718cfd5b1663c888bd43723d3735d13d61
SHA512 f311add74aea7f96f9face313710328846f49131c97568ee556bd31447036c29c08e6953394fe8dcb0fc072bb19dcb6e72dcf26c0519cec26056da0e869127c9

memory/3824-1376-0x0000000000EA0000-0x0000000000F3C000-memory.dmp

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\b84a6b8e-74df-45c2-8791-dfa79d593d64.down_data

MD5 5683c0028832cae4ef93ca39c8ac5029
SHA1 248755e4e1db552e0b6f8651b04ca6d1b31a86fb
SHA256 855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e
SHA512 aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3