Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe

Overview

General Information

Sample name:SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe
Analysis ID:1502192
MD5:43b1b2c0a77f854b3da78dcea07dde13
SHA1:3bba28b52b62a793bbfab4a70e086d914534c131
SHA256:1da656b1a5ab3d5fe578eb6bcfd078bf68df4a7ecc570b611686b0213cb54775
Tags:exe
Infos:

Detection

Score:80
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
AI detected suspicious sample
Found direct / indirect Syscall (likely to bypass EDR)
Found strings related to Crypto-Mining
Hides threads from debuggers
Overwrites code with unconditional jumps - possibly settings hooks in foreign process
Query firmware table information (likely to detect VMs)
Tries to detect debuggers (CloseHandle check)
Tries to evade analysis by execution special instruction (VM detection)
Checks if the current process is being debugged
Creates a process in suspended mode (likely to inject code)
Entry point lies outside standard sections
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains sections with non-standard names
Queries keyboard layouts
Queries the volume information (name, serial number etc) of a device
Uses a known web browser user agent for HTTP communication
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Process Tree

  • System is w10x64
  • SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe (PID: 7544 cmdline: "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe" MD5: 43B1B2C0A77F854B3DA78DCEA07DDE13)
    • msedgewebview2.exe (PID: 7704 cmdline: "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe --webview-exe-version=0.1.0 --user-data-dir="C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --edge-webview-custom-scheme --autoplay-policy=no-user-gesture-required --disable-features=msWebOOUI,msPdfOOUI,msSmartScreenProtection --enable-features=MojoIpcz --lang=en-GB --mojo-named-platform-channel-pipe=7544.7668.17675517513217638666 MD5: 9909D978B39FB7369F511D8506C17CA0)
      • msedgewebview2.exe (PID: 7732 cmdline: "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=117.0.5938.132 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=117.0.2045.47 --initial-client-data=0x15c,0x160,0x164,0x138,0x16c,0x7ffdfb1c8e88,0x7ffdfb1c8e98,0x7ffdfb1c8ea8 MD5: 9909D978B39FB7369F511D8506C17CA0)
      • msedgewebview2.exe (PID: 7944 cmdline: "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView" --webview-exe-name=SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe --webview-exe-version=0.1.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --edge-webview-custom-scheme --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1768 --field-trial-handle=1772,i,11401663883599953160,14768806848800428662,262144 --enable-features=MojoIpcz --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI /prefetch:2 MD5: 9909D978B39FB7369F511D8506C17CA0)
      • msedgewebview2.exe (PID: 7988 cmdline: "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView" --webview-exe-name=SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe --webview-exe-version=0.1.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --edge-webview-custom-scheme --mojo-platform-channel-handle=2608 --field-trial-handle=1772,i,11401663883599953160,14768806848800428662,262144 --enable-features=MojoIpcz --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI /prefetch:3 MD5: 9909D978B39FB7369F511D8506C17CA0)
      • msedgewebview2.exe (PID: 8008 cmdline: "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-GB --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView" --webview-exe-name=SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe --webview-exe-version=0.1.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --edge-webview-custom-scheme --mojo-platform-channel-handle=2652 --field-trial-handle=1772,i,11401663883599953160,14768806848800428662,262144 --enable-features=MojoIpcz --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI /prefetch:8 MD5: 9909D978B39FB7369F511D8506C17CA0)
      • msedgewebview2.exe (PID: 8032 cmdline: "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView" --webview-exe-name=SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe --webview-exe-version=0.1.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --edge-webview-custom-scheme --disable-nacl --first-renderer-process --autoplay-policy=no-user-gesture-required --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_CH" --time-ticks-at-unix-epoch=-1725101066859934 --launch-time-ticks=5743702722 --mojo-platform-channel-handle=3400 --field-trial-handle=1772,i,11401663883599953160,14768806848800428662,262144 --enable-features=MojoIpcz --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI /prefetch:1 MD5: 9909D978B39FB7369F511D8506C17CA0)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exeVirustotal: Detection: 18%Perma Link
Source: SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exeReversingLabs: Detection: 15%
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.9% probability

Bitcoin Miner

barindex
Found strings related to Crypto-Mining
Source: msedgewebview2.exe, 00000002.00000002.2945603689.00003C9C00C80000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: jsecoin.com/
Source: msedgewebview2.exe, 00000002.00000002.2945708725.00003C9C00CD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: "coinhive.com
Source: unknownHTTPS traffic detected: 5.42.101.19:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeFile opened: C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Default\Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeFile opened: C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Default\Network\SCT Auditing Pending ReportsJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeFile opened: C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeFile opened: C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Default\Network\d092329e-afca-4715-8e6f-4716b6b57dee.tmpJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeFile opened: C:\Users\user\AppData\Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeFile opened: C:\Users\user\Jump to behavior
Source: global trafficHTTP traffic detected: GET /static/ecosystem/installer/index.nmt HTTP/1.1accept: */*host: nmtsocial.uno
Source: Joe Sandbox ViewIP Address: 162.159.61.3 162.159.61.3
Source: Joe Sandbox ViewIP Address: 13.107.21.239 13.107.21.239
Source: Joe Sandbox ViewIP Address: 172.64.41.3 172.64.41.3
Source: Joe Sandbox ViewJA3 fingerprint: 74954a0c86284d0d6e1c4efefe92b521
Source: global trafficHTTP traffic detected: POST /componentupdater/api/v1/update?cup2key=6:Z9WEj5j7bMokk2oDrtG6tYZnJW9KL-znJhyrhQ6gzCI&cup2hreq=3d2a7c1e263e23ad11d695c9a680e73a61ccc1164e54b0e31b81af7eea4054bf HTTP/1.1Host: edge.microsoft.comConnection: keep-aliveContent-Length: 4921X-Microsoft-Update-AppId: oankkpibpaokgecfckkdkgaoafllipag,fppmbhmldokgmleojlplaaodlkibgikh,ndikpojcjlepofdkaaldkinkjbeeebkl,eeobbhfgfagbclfofmgbdfoicabjdbkn,jbfaflocpnkhbgcijpkiafdpbjkedane,alpjnmnfbgfkmmpcfpejmmoebdndedno,ahmaebgpfccdhgidjaidaoojjcijckba,ohckeflnhegojcjlcpbfpciadgikcohk,fgbafbciocncjfbbonhocjaohoknlaco,kpfehajjjbbcifeehjgfgnabifknmdad,ojblfafjmiikbkepnnolpgbbhejhlcimX-Microsoft-Update-Interactivity: bgX-Microsoft-Update-Service-Cohort: 7331X-Microsoft-Update-Updater: msedge-117.0.2045.47Content-Type: application/jsonSec-Mesh-Client-Edge-Version: 117.0.2045.47Sec-Mesh-Client-Edge-Channel: stableSec-Mesh-Client-OS: WindowsSec-Mesh-Client-OS-Version: 10.0.19045Sec-Mesh-Client-Arch: x86_64Sec-Mesh-Client-WebView: 1X-Client-Data: CIPhygE=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, br
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.21.239
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.21.239
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.21.239
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.21.239
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.21.239
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.21.239
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.21.239
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.21.239
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.21.239
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.21.239
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.21.239
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.21.239
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.21.239
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.21.239
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.21.239
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.21.239
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /static/ecosystem/installer/index.nmt HTTP/1.1accept: */*host: nmtsocial.uno
Source: msedgewebview2.exe, 00000002.00000002.2947724753.00003C9C01478000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: <www.facebook.com equals www.facebook.com (Facebook)
Source: msedgewebview2.exe, 00000002.00000002.2947756958.00003C9C01480000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: ?www.facebook.com equals www.facebook.com (Facebook)
Source: msedgewebview2.exe, 00000002.00000002.2942434137.00003C9C004D4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000008.00000003.1811622919.00007298008C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000008.00000003.1830496606.00007298008B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.facebook.com/* equals www.facebook.com (Facebook)
Source: msedgewebview2.exe, 00000008.00000003.1811622919.00007298008C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000008.00000003.1830496606.00007298008B4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000008.00000003.1831387851.00007298008C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.facebook.com/*translatorserp.bing.combrowserAction.openPopupmanifest:browser_action@ equals www.facebook.com (Facebook)
Source: msedgewebview2.exe, 00000002.00000002.2947756958.00003C9C01480000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2940378680.00003C9C0001C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2947724753.00003C9C01478000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
Source: global trafficDNS traffic detected: DNS query: nmtsocial.uno
Source: global trafficDNS traffic detected: DNS query: chrome.cloudflare-dns.com
Source: unknownHTTP traffic detected: POST /dns-query HTTP/1.1Host: chrome.cloudflare-dns.comConnection: keep-aliveContent-Length: 128Accept: application/dns-messageAccept-Language: *User-Agent: ChromeAccept-Encoding: identityContent-Type: application/dns-message
Source: SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000002.2923480101.0000000140485000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://.css
Source: SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000002.2923480101.0000000140485000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://.jpg
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://129fy.ie.chalai.net
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://360kjedge.dh.softby.cn
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://360kjedge.xrccp.com
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://430360cs.yc.anhuang.net
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://511sllqdkj.yc.anhuang.net
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://511zdqdkj.yc.anhuang.net
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://608hyestn.yc.ceg29.com
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://803hyescs.30bz.com
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://aldkj207.dh.softby.cn
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://aldkj827.xrccp.com
Source: msedgewebview2.exe, 00000002.00000003.1810937194.00003C9C00D30000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2943336648.00003C9C00738000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1810086397.00003C9C00BBC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2930557082.000011080000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1806955389.0000110800144000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2933386202.000011080020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807124666.000011080017C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1806969487.0000110800154000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1806987533.0000110800164000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807017100.0000110800170000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/1423136
Source: msedgewebview2.exe, 00000002.00000003.1810937194.00003C9C00D30000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2940378680.00003C9C0001C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1810086397.00003C9C00BBC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2930557082.000011080000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2933386202.000011080020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807124666.000011080017C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1806987533.0000110800164000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807017100.0000110800170000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2162
Source: msedgewebview2.exe, 00000002.00000002.2945563973.00003C9C00C4C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1810937194.00003C9C00D30000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1809988517.00003C9C00C5C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2941854280.00003C9C002CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1810086397.00003C9C00BBC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2930557082.000011080000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2933386202.000011080020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807124666.000011080017C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1806987533.0000110800164000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807017100.0000110800170000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2517
Source: msedgewebview2.exe, 00000002.00000003.1810937194.00003C9C00D30000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2943336648.00003C9C00738000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1810086397.00003C9C00BBC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2930557082.000011080000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2933386202.000011080020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807124666.000011080017C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1806969487.0000110800154000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1806987533.0000110800164000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807017100.0000110800170000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2970
Source: msedgewebview2.exe, 00000002.00000003.1810937194.00003C9C00D30000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1810086397.00003C9C00BBC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2930557082.000011080000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2933386202.000011080020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807124666.000011080017C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1806987533.0000110800164000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807017100.0000110800170000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3078
Source: msedgewebview2.exe, 00000002.00000003.1810937194.00003C9C00D30000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2942166058.00003C9C0040C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1810086397.00003C9C00BBC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2930557082.000011080000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2933386202.000011080020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807124666.000011080017C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1806969487.0000110800154000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1806987533.0000110800164000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807017100.0000110800170000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3205
Source: msedgewebview2.exe, 00000002.00000003.1810937194.00003C9C00D30000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2944164356.00003C9C008B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1810086397.00003C9C00BBC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2930557082.000011080000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2933386202.000011080020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807124666.000011080017C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3206
Source: msedgewebview2.exe, 00000002.00000003.1810937194.00003C9C00D30000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2940378680.00003C9C0001C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1810086397.00003C9C00BBC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2930557082.000011080000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2933386202.000011080020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807124666.000011080017C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1806987533.0000110800164000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807017100.0000110800170000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3452
Source: msedgewebview2.exe, 00000002.00000003.1810937194.00003C9C00D30000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1810086397.00003C9C00BBC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2942935131.00003C9C00660000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2930557082.000011080000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2933386202.000011080020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807124666.000011080017C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1806969487.0000110800154000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1806987533.0000110800164000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807017100.0000110800170000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3498
Source: msedgewebview2.exe, 00000002.00000003.1810937194.00003C9C00D30000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1810086397.00003C9C00BBC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2930557082.000011080000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2933386202.000011080020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807124666.000011080017C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1806987533.0000110800164000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807017100.0000110800170000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3502
Source: msedgewebview2.exe, 00000002.00000003.1810937194.00003C9C00D30000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1810086397.00003C9C00BBC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2942935131.00003C9C00660000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2930557082.000011080000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2933386202.000011080020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807124666.000011080017C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1806987533.0000110800164000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807017100.0000110800170000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3577
Source: msedgewebview2.exe, 00000002.00000003.1810937194.00003C9C00D30000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2944164356.00003C9C008B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1810086397.00003C9C00BBC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2930557082.000011080000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2933386202.000011080020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807124666.000011080017C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3584
Source: msedgewebview2.exe, 00000002.00000003.1810937194.00003C9C00D30000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1810086397.00003C9C00BBC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2942935131.00003C9C00660000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2930557082.000011080000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2933386202.000011080020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807124666.000011080017C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1806969487.0000110800154000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1806987533.0000110800164000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807017100.0000110800170000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3586
Source: msedgewebview2.exe, 00000002.00000003.1810937194.00003C9C00D30000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1810086397.00003C9C00BBC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2945525182.00003C9C00C2C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2931705134.00001108000AC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807124666.000011080017C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1806987533.0000110800164000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807017100.0000110800170000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3623
Source: msedgewebview2.exe, 00000002.00000003.1810937194.00003C9C00D30000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1810086397.00003C9C00BBC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2945525182.00003C9C00C2C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2931705134.00001108000AC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807124666.000011080017C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1806987533.0000110800164000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807017100.0000110800170000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3624
Source: msedgewebview2.exe, 00000002.00000003.1810937194.00003C9C00D30000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1810086397.00003C9C00BBC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2945525182.00003C9C00C2C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2931705134.00001108000AC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807124666.000011080017C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1806987533.0000110800164000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807017100.0000110800170000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3625
Source: msedgewebview2.exe, 00000002.00000003.1810937194.00003C9C00D30000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2944164356.00003C9C008B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1810086397.00003C9C00BBC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2930557082.000011080000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2933386202.000011080020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807124666.000011080017C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3832
Source: msedgewebview2.exe, 00000002.00000003.1810937194.00003C9C00D30000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2944164356.00003C9C008B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1810086397.00003C9C00BBC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2930557082.000011080000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2933386202.000011080020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807124666.000011080017C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3862
Source: msedgewebview2.exe, 00000002.00000003.1810937194.00003C9C00D30000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2944164356.00003C9C008B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1810086397.00003C9C00BBC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2930557082.000011080000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2933386202.000011080020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807124666.000011080017C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3965
Source: msedgewebview2.exe, 00000002.00000003.1810937194.00003C9C00D30000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2942166058.00003C9C0040C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1810086397.00003C9C00BBC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2942935131.00003C9C00660000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2930557082.000011080000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2933386202.000011080020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807124666.000011080017C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1806969487.0000110800154000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1806987533.0000110800164000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807017100.0000110800170000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3970
Source: msedgewebview2.exe, 00000002.00000003.1810937194.00003C9C00D30000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2943336648.00003C9C00738000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1810086397.00003C9C00BBC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2930557082.000011080000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2933386202.000011080020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807124666.000011080017C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1806969487.0000110800154000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1806987533.0000110800164000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807017100.0000110800170000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4324
Source: msedgewebview2.exe, 00000002.00000003.1810937194.00003C9C00D30000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2943336648.00003C9C00738000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1810086397.00003C9C00BBC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2930557082.000011080000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2933386202.000011080020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807124666.000011080017C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1806969487.0000110800154000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1806987533.0000110800164000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807017100.0000110800170000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4384
Source: msedgewebview2.exe, 00000002.00000003.1810937194.00003C9C00D30000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2941854280.00003C9C002CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1810086397.00003C9C00BBC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2930557082.000011080000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2933386202.000011080020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807124666.000011080017C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4405
Source: msedgewebview2.exe, 00000002.00000003.1810937194.00003C9C00D30000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2940378680.00003C9C0001C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1810086397.00003C9C00BBC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2930557082.000011080000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2933386202.000011080020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807124666.000011080017C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1806987533.0000110800164000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807017100.0000110800170000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4428
Source: msedgewebview2.exe, 00000002.00000003.1810937194.00003C9C00D30000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2944164356.00003C9C008B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2943336648.00003C9C00738000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1810086397.00003C9C00BBC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2930557082.000011080000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2933386202.000011080020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807124666.000011080017C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1806969487.0000110800154000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1806987533.0000110800164000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807017100.0000110800170000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4551
Source: msedgewebview2.exe, 00000002.00000003.1810937194.00003C9C00D30000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2944164356.00003C9C008B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1810086397.00003C9C00BBC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2930557082.000011080000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2933386202.000011080020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807124666.000011080017C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1806987533.0000110800164000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807017100.0000110800170000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4633
Source: msedgewebview2.exe, 00000002.00000003.1810937194.00003C9C00D30000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1810086397.00003C9C00BBC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2930557082.000011080000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2933386202.000011080020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807124666.000011080017C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1806969487.0000110800154000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1806987533.0000110800164000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807017100.0000110800170000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4722
Source: msedgewebview2.exe, 00000002.00000003.1810937194.00003C9C00D30000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2944164356.00003C9C008B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1810086397.00003C9C00BBC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2942935131.00003C9C00660000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2930557082.000011080000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2933386202.000011080020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807124666.000011080017C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1806987533.0000110800164000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807017100.0000110800170000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4836
Source: msedgewebview2.exe, 00000002.00000003.1810937194.00003C9C00D30000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1810086397.00003C9C00BBC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2942935131.00003C9C00660000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2930557082.000011080000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2933386202.000011080020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807124666.000011080017C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1806969487.0000110800154000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1806987533.0000110800164000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807017100.0000110800170000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4901
Source: msedgewebview2.exe, 00000002.00000003.1810937194.00003C9C00D30000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2942166058.00003C9C0040C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1810086397.00003C9C00BBC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2930557082.000011080000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2933386202.000011080020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807124666.000011080017C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1806987533.0000110800164000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807017100.0000110800170000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4937
Source: msedgewebview2.exe, 00000002.00000003.1810937194.00003C9C00D30000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2942166058.00003C9C0040C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1810086397.00003C9C00BBC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2930557082.000011080000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1806955389.0000110800144000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2933386202.000011080020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807124666.000011080017C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1806969487.0000110800154000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1806987533.0000110800164000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807017100.0000110800170000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5007
Source: msedgewebview2.exe, 00000002.00000003.1810937194.00003C9C00D30000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2944164356.00003C9C008B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1810086397.00003C9C00BBC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2930557082.000011080000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2933386202.000011080020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807124666.000011080017C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5055
Source: msedgewebview2.exe, 00000002.00000003.1810937194.00003C9C00D30000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2944164356.00003C9C008B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1810086397.00003C9C00BBC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2930557082.000011080000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2933386202.000011080020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807124666.000011080017C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5061
Source: msedgewebview2.exe, 00000002.00000003.1810937194.00003C9C00D30000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2944164356.00003C9C008B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1810086397.00003C9C00BBC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2930557082.000011080000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2933386202.000011080020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807124666.000011080017C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5281
Source: msedgewebview2.exe, 00000002.00000003.1810937194.00003C9C00D30000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2944164356.00003C9C008B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1810086397.00003C9C00BBC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2930557082.000011080000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2933386202.000011080020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807124666.000011080017C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5371
Source: msedgewebview2.exe, 00000002.00000003.1810937194.00003C9C00D30000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1810086397.00003C9C00BBC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2930557082.000011080000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2933386202.000011080020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807124666.000011080017C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1806987533.0000110800164000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807017100.0000110800170000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5375
Source: msedgewebview2.exe, 00000002.00000003.1810937194.00003C9C00D30000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1810086397.00003C9C00BBC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2942935131.00003C9C00660000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2930557082.000011080000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2933386202.000011080020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807124666.000011080017C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1806987533.0000110800164000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807017100.0000110800170000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5421
Source: msedgewebview2.exe, 00000002.00000003.1810937194.00003C9C00D30000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2944164356.00003C9C008B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1810086397.00003C9C00BBC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2930557082.000011080000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2933386202.000011080020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807124666.000011080017C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5430
Source: msedgewebview2.exe, 00000002.00000003.1810937194.00003C9C00D30000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1810086397.00003C9C00BBC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2942935131.00003C9C00660000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2930557082.000011080000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2933386202.000011080020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807124666.000011080017C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1806969487.0000110800154000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1806987533.0000110800164000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807017100.0000110800170000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5535
Source: msedgewebview2.exe, 00000002.00000003.1810937194.00003C9C00D30000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2943336648.00003C9C00738000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1810086397.00003C9C00BBC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2930557082.000011080000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2933386202.000011080020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807124666.000011080017C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1806969487.0000110800154000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1806987533.0000110800164000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807017100.0000110800170000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5658
Source: msedgewebview2.exe, 00000002.00000003.1810937194.00003C9C00D30000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2943336648.00003C9C00738000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1810086397.00003C9C00BBC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2930557082.000011080000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2933386202.000011080020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807124666.000011080017C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1806969487.0000110800154000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1806987533.0000110800164000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807017100.0000110800170000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5750
Source: msedgewebview2.exe, 00000002.00000003.1810937194.00003C9C00D30000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2944164356.00003C9C008B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1810086397.00003C9C00BBC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2930557082.000011080000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2933386202.000011080020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807124666.000011080017C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5881
Source: msedgewebview2.exe, 00000002.00000002.2945563973.00003C9C00C4C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1810937194.00003C9C00D30000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1809988517.00003C9C00C5C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1810086397.00003C9C00BBC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2930557082.000011080000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2933386202.000011080020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807124666.000011080017C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1806987533.0000110800164000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807017100.0000110800170000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5901
Source: msedgewebview2.exe, 00000002.00000003.1810937194.00003C9C00D30000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2941854280.00003C9C002CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2944164356.00003C9C008B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1810086397.00003C9C00BBC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2930557082.000011080000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2933386202.000011080020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807124666.000011080017C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1806987533.0000110800164000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807017100.0000110800170000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5906
Source: msedgewebview2.exe, 00000002.00000003.1810937194.00003C9C00D30000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2942166058.00003C9C0040C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1810086397.00003C9C00BBC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2930557082.000011080000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2933386202.000011080020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807124666.000011080017C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1806969487.0000110800154000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1806987533.0000110800164000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807017100.0000110800170000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6041
Source: msedgewebview2.exe, 00000002.00000003.1810937194.00003C9C00D30000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2944164356.00003C9C008B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1810086397.00003C9C00BBC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2930557082.000011080000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2933386202.000011080020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807124666.000011080017C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6048
Source: msedgewebview2.exe, 00000002.00000003.1810937194.00003C9C00D30000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2944164356.00003C9C008B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1810086397.00003C9C00BBC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2930557082.000011080000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2933386202.000011080020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807124666.000011080017C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6141
Source: msedgewebview2.exe, 00000002.00000003.1810937194.00003C9C00D30000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2941854280.00003C9C002CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1810086397.00003C9C00BBC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2930557082.000011080000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2933386202.000011080020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807124666.000011080017C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6248
Source: msedgewebview2.exe, 00000002.00000003.1810937194.00003C9C00D30000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2944164356.00003C9C008B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1810086397.00003C9C00BBC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2930557082.000011080000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2933386202.000011080020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807124666.000011080017C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6439
Source: msedgewebview2.exe, 00000002.00000003.1810937194.00003C9C00D30000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2942166058.00003C9C0040C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1810086397.00003C9C00BBC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2930557082.000011080000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2933386202.000011080020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807124666.000011080017C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1806987533.0000110800164000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807017100.0000110800170000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6651
Source: msedgewebview2.exe, 00000002.00000003.1810937194.00003C9C00D30000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2944164356.00003C9C008B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1810086397.00003C9C00BBC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2930557082.000011080000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2933386202.000011080020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807124666.000011080017C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6692
Source: msedgewebview2.exe, 00000002.00000003.1810937194.00003C9C00D30000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2942166058.00003C9C0040C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1810086397.00003C9C00BBC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2930557082.000011080000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2933386202.000011080020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807124666.000011080017C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1806969487.0000110800154000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1806987533.0000110800164000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807017100.0000110800170000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6755
Source: msedgewebview2.exe, 00000002.00000002.2945563973.00003C9C00C4C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1810937194.00003C9C00D30000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1809988517.00003C9C00C5C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1810086397.00003C9C00BBC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2930557082.000011080000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2933386202.000011080020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807124666.000011080017C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1806987533.0000110800164000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807017100.0000110800170000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6860
Source: msedgewebview2.exe, 00000002.00000003.1810937194.00003C9C00D30000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1810086397.00003C9C00BBC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2930557082.000011080000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2933386202.000011080020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807124666.000011080017C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1806987533.0000110800164000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807017100.0000110800170000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6876
Source: msedgewebview2.exe, 00000002.00000003.1810937194.00003C9C00D30000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2944164356.00003C9C008B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1810086397.00003C9C00BBC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2930557082.000011080000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2933386202.000011080020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807124666.000011080017C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6878
Source: msedgewebview2.exe, 00000002.00000003.1810937194.00003C9C00D30000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1810086397.00003C9C00BBC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2930557082.000011080000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2933386202.000011080020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807124666.000011080017C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1806987533.0000110800164000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807017100.0000110800170000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6929
Source: msedgewebview2.exe, 00000002.00000002.2945563973.00003C9C00C4C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1810937194.00003C9C00D30000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1809988517.00003C9C00C5C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1810086397.00003C9C00BBC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2930557082.000011080000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2933386202.000011080020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807124666.000011080017C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1806987533.0000110800164000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807017100.0000110800170000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6953
Source: msedgewebview2.exe, 00000002.00000003.1810937194.00003C9C00D30000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2943336648.00003C9C00738000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1810086397.00003C9C00BBC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2930557082.000011080000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1806955389.0000110800144000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2933386202.000011080020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807124666.000011080017C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1806969487.0000110800154000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1806987533.0000110800164000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807017100.0000110800170000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7036
Source: msedgewebview2.exe, 00000002.00000003.1810937194.00003C9C00D30000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2940378680.00003C9C0001C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1810086397.00003C9C00BBC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2930557082.000011080000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2933386202.000011080020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807124666.000011080017C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1806987533.0000110800164000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807017100.0000110800170000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7047
Source: msedgewebview2.exe, 00000002.00000003.1810937194.00003C9C00D30000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2941854280.00003C9C002CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1810086397.00003C9C00BBC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2930557082.000011080000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2933386202.000011080020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807124666.000011080017C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7172
Source: msedgewebview2.exe, 00000002.00000003.1810937194.00003C9C00D30000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2942166058.00003C9C0040C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1810086397.00003C9C00BBC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2930557082.000011080000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2933386202.000011080020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807124666.000011080017C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1806969487.0000110800154000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1806987533.0000110800164000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807017100.0000110800170000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7279
Source: msedgewebview2.exe, 00000002.00000003.1810937194.00003C9C00D30000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1810086397.00003C9C00BBC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2942935131.00003C9C00660000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2930557082.000011080000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2933386202.000011080020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807124666.000011080017C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1806969487.0000110800154000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1806987533.0000110800164000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807017100.0000110800170000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7370
Source: msedgewebview2.exe, 00000002.00000003.1810937194.00003C9C00D30000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2944164356.00003C9C008B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1810086397.00003C9C00BBC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2930557082.000011080000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2933386202.000011080020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807124666.000011080017C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1806987533.0000110800164000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807017100.0000110800170000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7406
Source: msedgewebview2.exe, 00000002.00000003.1810937194.00003C9C00D30000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2944164356.00003C9C008B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1810086397.00003C9C00BBC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2930557082.000011080000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2933386202.000011080020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807124666.000011080017C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7488
Source: msedgewebview2.exe, 00000002.00000003.1810937194.00003C9C00D30000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2941854280.00003C9C002CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1810086397.00003C9C00BBC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2930557082.000011080000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2933386202.000011080020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807124666.000011080017C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7553
Source: msedgewebview2.exe, 00000002.00000003.1810937194.00003C9C00D30000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2944164356.00003C9C008B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1810086397.00003C9C00BBC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2930557082.000011080000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2933386202.000011080020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807124666.000011080017C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7556
Source: msedgewebview2.exe, 00000002.00000003.1810937194.00003C9C00D30000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2943336648.00003C9C00738000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1810086397.00003C9C00BBC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2930557082.000011080000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1806955389.0000110800144000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2933386202.000011080020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807124666.000011080017C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1806969487.0000110800154000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1806987533.0000110800164000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807017100.0000110800170000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7724
Source: msedgewebview2.exe, 00000002.00000003.1810937194.00003C9C00D30000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2943336648.00003C9C00738000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1810086397.00003C9C00BBC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2930557082.000011080000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1806955389.0000110800144000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2933386202.000011080020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807124666.000011080017C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1806969487.0000110800154000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1806987533.0000110800164000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807017100.0000110800170000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7760
Source: msedgewebview2.exe, 00000002.00000003.1810937194.00003C9C00D30000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2943336648.00003C9C00738000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1810086397.00003C9C00BBC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2930557082.000011080000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2933386202.000011080020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807124666.000011080017C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1806969487.0000110800154000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1806987533.0000110800164000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807017100.0000110800170000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7761
Source: msedgewebview2.exe, 00000002.00000003.1810937194.00003C9C00D30000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2942166058.00003C9C0040C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1810086397.00003C9C00BBC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2930557082.000011080000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2933386202.000011080020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807124666.000011080017C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1806987533.0000110800164000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807017100.0000110800170000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8162
Source: msedgewebview2.exe, 00000002.00000003.1810937194.00003C9C00D30000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1810086397.00003C9C00BBC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2942935131.00003C9C00660000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2930557082.000011080000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2933386202.000011080020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807124666.000011080017C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1806987533.0000110800164000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807017100.0000110800170000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8215
Source: msedgewebview2.exe, 00000002.00000003.1810937194.00003C9C00D30000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2944164356.00003C9C008B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1810086397.00003C9C00BBC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2930557082.000011080000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2933386202.000011080020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807124666.000011080017C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1806987533.0000110800164000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807017100.0000110800170000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8229
Source: msedgewebview2.exe, 00000002.00000003.1810937194.00003C9C00D30000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2943336648.00003C9C00738000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1810086397.00003C9C00BBC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2930557082.000011080000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2933386202.000011080020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807124666.000011080017C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1806969487.0000110800154000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1806987533.0000110800164000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807017100.0000110800170000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8280
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://bd.gy912.com
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cdmg.yuchiweb.icu
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://click.dotmap.co.kr/?pf_code=
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://df.edge.bdkj.bailiana.com
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://df.edge.qhkj.baicana.com
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://df.edge.zdkj.ker58.com
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://dongtaiwang.com/loc/phome.php?v=
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://dongtaiwang.com/loc/phome.php?v=odo
Source: msedgewebview2.exe, 00000002.00000002.2942166058.00003C9C0040C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000006.00000002.2927450900.000042C4001D8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000006.00000002.2926221731.000042C40017C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000006.00000002.2929875286.000042C400364000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://e6.i.lencr.org/0A
Source: msedgewebview2.exe, 00000002.00000002.2942166058.00003C9C0040C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000006.00000002.2927450900.000042C4001D8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000006.00000002.2926221731.000042C40017C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000006.00000002.2929875286.000042C400364000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://e6.o.lencr.org0
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://game.whwuyan.cn
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://hao123.di178.com/?
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://hao123.di178.com/?r916
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://hao123kjedge.dh.softby.cn
Source: SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000002.2923480101.0000000140485000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://html4/loose.dtd
Source: SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1861339479.0000173C0030C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ipc.localhost/plugin%3Aevent%7ClistenfmethoddPOSTgheaders
Source: msedgewebview2.exe, 00000002.00000003.1810937194.00003C9C00D30000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2945904059.00003C9C00D4C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1810086397.00003C9C00BBC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2932896611.00001108001CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2930557082.000011080000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2933472953.0000110800218000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1812205357.00001108001CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807124666.000011080017C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1806987533.0000110800164000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2932373277.0000110800104000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807017100.0000110800170000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://issuetracker.google.com/200067929
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://jg.wangamela.com/tg
Source: SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000002.2923480101.0000000140485000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://localhost:5173/../disticons/128x128.pngicons/128x128
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mini.yyrtv.com/?from=
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://navi.anhuiyunci.com
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://navi.programmea.com
Source: msedgewebview2.exe, 00000002.00000002.2923717775.00000052F37F2000.00000004.00000010.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2941106744.00003C9C0018C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2941142440.00003C9C0019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2946062852.00003C9C00D7C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nmt.loca
Source: msedgewebview2.exe, 00000002.00000002.2923717775.00000052F37F2000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: http://nmt.locahost/
Source: msedgewebview2.exe, 00000002.00000002.2942166058.00003C9C0040C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2944948137.00003C9C00A88000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nmt.local
Source: SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000002.2911579928.00000000004E1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://nmt.localh
Source: SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000002.2923480101.0000000140485000.00000002.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1822777631.0000173C0080C000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000002.2936470358.0000173C00230000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1865822283.0000173C00FB0000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1861273117.0000173C00F54000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1822068362.0000173C0033C000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000002.2917307894.0000000003F34000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1866804802.0000173C0104C000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000002.2936893752.0000173C0026C000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1822920544.0000173C00EAC000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1823080429.0000173C00E0C000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1861377942.0000173C0033C000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1865314011.0000173C0110C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2945804868.00003C9C00D14000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1890005069.00003C9C012BC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2943795977.00003C9C0080C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1890213124.00003C9C0123C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2943956474.00003C9C00855000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1823051777.00003C9C0114C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1867113125.00003C9C012D0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1866980801.00003C9C012F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nmt.localhost
Source: SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000002.2917307894.0000000003F34000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://nmt.localhost.R
Source: msedgewebview2.exe, 00000002.00000003.2397617655.00003C9C0086C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2944125783.00003C9C00890000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2944089939.00003C9C00885000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2942788768.00003C9C0060C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2941252455.00003C9C001C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2943858900.00003C9C0082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2942166058.00003C9C0040C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2923717775.00000052F37F2000.00000004.00000010.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2943828064.00003C9C0081C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2940783054.00003C9C000E8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2933212335.00000154DD6D5000.00000002.00000001.00040000.0000001A.sdmp, msedgewebview2.exe, 00000002.00000002.2919504172.00000052987FC000.00000004.00000010.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2941142440.00003C9C0019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2944948137.00003C9C00A88000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2946518924.00003C9C00E5C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2945297044.00003C9C00B20000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2941072072.00003C9C0017C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2945936546.00003C9C00D58000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1823010420.00003C9C00E0C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2941002003.00003C9C0015C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2940818634.00003C9C000F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nmt.localhost/
Source: msedgewebview2.exe, 00000002.00000002.2945150687.00003C9C00ACC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2941142440.00003C9C0019C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nmt.localhost/(
Source: SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000002.2917307894.0000000003F34000.00000004.00000020.00020000.00000000.sdmp, msedgewebview2.exe, 00000008.00000003.1883540562.0000729800EC8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000008.00000003.1879477343.0000729800EC8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000008.00000003.2041030324.0000729800ED0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000008.00000003.2163519243.0000729800EC8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000008.00000003.1917792983.0000729800EC8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nmt.localhost/assets/index-BUegJusl.css
Source: SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000002.2917307894.0000000003F34000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://nmt.localhost/assets/index-BUegJusl.cssNR
Source: SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000002.2917307894.0000000003F34000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://nmt.localhost/assets/index-BUegJusl.cssZR
Source: SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000002.2917307894.0000000003F34000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://nmt.localhost/assets/index-BUegJusl.cssost
Source: SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000002.2917307894.0000000003F34000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://nmt.localhost/assets/index-BUegJusl.cssttf
Source: msedgewebview2.exe, 00000002.00000002.2944089939.00003C9C00885000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nmt.localhost/d
Source: msedgewebview2.exe, 00000002.00000002.2945150687.00003C9C00ACC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000008.00000003.1883540562.0000729800EC8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000008.00000003.1879477343.0000729800EC8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000008.00000003.2041030324.0000729800ED0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000008.00000003.2163519243.0000729800EC8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000008.00000003.1917792983.0000729800EC8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nmt.localhost/fonts/JetBrainsMono-Light.ttf
Source: SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000002.2937856838.0000173C002EC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nmt.localhost/fonts/JetBrainsMono-Light.ttffmethodcGETgheaders
Source: SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000002.2917307894.0000000003F34000.00000004.00000020.00020000.00000000.sdmp, msedgewebview2.exe, 00000008.00000003.1883540562.0000729800EC8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000008.00000003.1879477343.0000729800EC8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000008.00000003.2041030324.0000729800ED0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000008.00000003.2163519243.0000729800EC8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000008.00000003.1917792983.0000729800EC8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nmt.localhost/fonts/JetBrainsMono-Medium.ttf
Source: SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000002.2917307894.0000000003F34000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://nmt.localhost/fonts/JetBrainsMono-Medium.ttf.8
Source: SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000002.2917307894.0000000003F34000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://nmt.localhost/fonts/LexendExa-Bold.ttf
Source: SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000002.2917307894.0000000003F34000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://nmt.localhost/fonts/LexendExa-Bold.ttfFR
Source: SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000002.2936809185.0000173C00260000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000002.2917307894.0000000003F34000.00000004.00000020.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2944204272.00003C9C008E4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2945603689.00003C9C00C80000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2945150687.00003C9C00ACC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2941742690.00003C9C00288000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2945563973.00003C9C00C4C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.2397617655.00003C9C0086C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2943795977.00003C9C0080C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2942166058.00003C9C0040C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2945042042.00003C9C00A9C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2946131453.00003C9C00D98000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2940378680.00003C9C0001C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1860982060.00003C9C00D94000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2943305786.00003C9C0072C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2933212335.00000154DD6D5000.00000002.00000001.00040000.0000001A.sdmp, msedgewebview2.exe, 00000002.00000002.2941814171.00003C9C002AC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2946518924.00003C9C00E5C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2940494042.00003C9C00068000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2944164356.00003C9C008B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2945194850.00003C9C00AF0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nmt.localhost/install
Source: msedgewebview2.exe, 00000002.00000002.2943795977.00003C9C0080C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nmt.localhost/installP
Source: SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000002.2936809185.0000173C00260000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2945603689.00003C9C00C80000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2945150687.00003C9C00ACC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2945563973.00003C9C00C4C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2942166058.00003C9C0040C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2940378680.00003C9C0001C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2944164356.00003C9C008B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2945194850.00003C9C00AF0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2946201941.00003C9C00DB4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2945364020.00003C9C00B44000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2945836938.00003C9C00D18000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nmt.localhost/installr
Source: msedgewebview2.exe, 00000002.00000002.2945563973.00003C9C00C4C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nmt.localhost/installr8
Source: msedgewebview2.exe, 00000002.00000002.2941742690.00003C9C00288000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nmt.localhost/installrerPolicybledrs
Source: msedgewebview2.exe, 00000002.00000002.2944204272.00003C9C008E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nmt.localhost/installry
Source: msedgewebview2.exe, 00000002.00000002.2945075634.00003C9C00ABC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.2397617655.00003C9C0086C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2942166058.00003C9C0040C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2940378680.00003C9C0001C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2933212335.00000154DD6D5000.00000002.00000001.00040000.0000001A.sdmp, msedgewebview2.exe, 00000002.00000002.2941814171.00003C9C002AC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2944164356.00003C9C008B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2945194850.00003C9C00AF0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2942935131.00003C9C00660000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000008.00000003.2412195698.0000729801D18000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000008.00000003.1839800171.000072980195C000.00000004.00000800.00020000.00000000.sdmp, History.2.drString found in binary or memory: http://nmt.localhost/preloader
Source: msedgewebview2.exe, 00000002.00000002.2942166058.00003C9C0040C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nmt.localhost/preloaderh
Source: SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000002.2917307894.0000000003F34000.00000004.00000020.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2945563973.00003C9C00C4C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2945904059.00003C9C00D4C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2946201941.00003C9C00DB4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2942935131.00003C9C00660000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000008.00000003.1879419687.0000729800A98000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000008.00000003.1896842489.0000729800A78000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000008.00000003.1858330172.0000729800A88000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000008.00000003.1851703273.0000729800A9E000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000008.00000003.1854159030.0000729800A98000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000008.00000003.1851162910.0000729800A9E000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000008.00000003.2069186635.0000729800A98000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000008.00000003.1872797065.0000729800A88000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000008.00000003.1910676236.0000729800A88000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000008.00000003.1884035624.0000729800A88000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000008.00000003.1909818863.0000729800A78000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000008.00000003.1894353484.0000729800A88000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000008.00000003.1897223372.0000729800A80000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000008.00000003.2040192649.0000729800A98000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000008.00000003.2042524603.0000729800A90000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000008.00000003.1857855147.0000729800A7E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nmt.localhost/vite.svg
Source: msedgewebview2.exe, 00000002.00000002.2945563973.00003C9C00C4C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nmt.localhost/vite.svg7
Source: msedgewebview2.exe, 00000002.00000002.2945150687.00003C9C00ACC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nmt.localhost0E1B1E0C3990C00774E85E191C32B0E)
Source: SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000002.2937297276.0000173C002A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nmt.localhostcontent-type:
Source: SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1861339479.0000173C0030C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2945936546.00003C9C00D58000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nmt.localhostgRefereruhttp://nmt.localhost/jUser-Agentx
Source: SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000002.2937856838.0000173C002EC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2945332230.00003C9C00B38000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nmt.localhostgRefererx.http://nmt.localhost/assets/index-BUegJusl.cssjUser-Agentx
Source: SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000002.2917307894.0000000003F10000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://nmt.localhostt
Source: SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000002.2917307894.0000000003F10000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://nmt.localhosttZ
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://r.emsoso.cn
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://r.jgxqebp.cn
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://service.whchenxiang.com
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://sgcs.edge.ker58.com
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://sgkjedge.47gs.com
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://vi.liveen.vn/p/home.html
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://web.113989.com/?
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://web.503188.com/?
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.4399.com/flash/32979.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.4399.com/flash/48399.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.4399.com/flash/seer.htm
Source: msedgewebview2.exe, 00000002.00000002.2942788768.00003C9C0060C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.chambersign.org1
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.dinoklafbzor.org
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.hao123.com.11818wz.com/?e
Source: msedgewebview2.exe, 00000002.00000002.2942166058.00003C9C0040C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000006.00000002.2925361836.000042C400144000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
Source: msedgewebview2.exe, 00000002.00000002.2942166058.00003C9C0040C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000006.00000002.2925361836.000042C400144000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://xt.tiantianbannixue.com
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2941181332.00003C9C001AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://zn728.tdg68.com
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://123.sogou.com/?
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://360.qrfq25sg.xyz
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2941181332.00003C9C001AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://656a.com
Source: msedgewebview2.exe, 00000002.00000003.1810937194.00003C9C00D30000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2944164356.00003C9C008B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1810086397.00003C9C00BBC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2930557082.000011080000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2933386202.000011080020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807124666.000011080017C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/4830
Source: msedgewebview2.exe, 00000002.00000003.1810937194.00003C9C00D30000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1810086397.00003C9C00BBC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2942935131.00003C9C00660000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2930557082.000011080000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2933386202.000011080020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807124666.000011080017C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1806987533.0000110800164000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807017100.0000110800170000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/4966
Source: msedgewebview2.exe, 00000002.00000003.1810937194.00003C9C00D30000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2944164356.00003C9C008B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1810086397.00003C9C00BBC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2930557082.000011080000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2933386202.000011080020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807124666.000011080017C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/5845
Source: msedgewebview2.exe, 00000002.00000002.2945563973.00003C9C00C4C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1810937194.00003C9C00D30000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1809988517.00003C9C00C5C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1810086397.00003C9C00BBC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2930557082.000011080000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2933386202.000011080020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807124666.000011080017C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1806987533.0000110800164000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807017100.0000110800170000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/6574
Source: msedgewebview2.exe, 00000002.00000003.1810937194.00003C9C00D30000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1810086397.00003C9C00BBC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2942935131.00003C9C00660000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2930557082.000011080000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2933386202.000011080020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807124666.000011080017C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1806987533.0000110800164000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807017100.0000110800170000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7161
Source: msedgewebview2.exe, 00000002.00000003.1810937194.00003C9C00D30000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2944164356.00003C9C008B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1810086397.00003C9C00BBC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2930557082.000011080000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2933386202.000011080020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807124666.000011080017C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7162
Source: msedgewebview2.exe, 00000002.00000003.1810937194.00003C9C00D30000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2943336648.00003C9C00738000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1810086397.00003C9C00BBC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2930557082.000011080000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2933386202.000011080020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807124666.000011080017C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1806969487.0000110800154000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1806987533.0000110800164000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807017100.0000110800170000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7246
Source: msedgewebview2.exe, 00000002.00000003.1810937194.00003C9C00D30000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2940378680.00003C9C0001C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1810086397.00003C9C00BBC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2930557082.000011080000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2933386202.000011080020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807124666.000011080017C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1806987533.0000110800164000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807017100.0000110800170000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7308
Source: msedgewebview2.exe, 00000002.00000003.1810937194.00003C9C00D30000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2942166058.00003C9C0040C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1810086397.00003C9C00BBC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2930557082.000011080000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2933386202.000011080020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807124666.000011080017C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1806969487.0000110800154000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1806987533.0000110800164000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807017100.0000110800170000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7319
Source: msedgewebview2.exe, 00000002.00000003.1810937194.00003C9C00D30000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2944164356.00003C9C008B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1810086397.00003C9C00BBC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2930557082.000011080000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2933386202.000011080020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807124666.000011080017C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7320
Source: msedgewebview2.exe, 00000002.00000002.2945563973.00003C9C00C4C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1810937194.00003C9C00D30000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1809988517.00003C9C00C5C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2944164356.00003C9C008B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2943336648.00003C9C00738000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1810086397.00003C9C00BBC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2930557082.000011080000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2933386202.000011080020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807124666.000011080017C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1806987533.0000110800164000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807017100.0000110800170000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7369
Source: msedgewebview2.exe, 00000002.00000003.1810937194.00003C9C00D30000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2944164356.00003C9C008B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1810086397.00003C9C00BBC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2930557082.000011080000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2933386202.000011080020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807124666.000011080017C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1806987533.0000110800164000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807017100.0000110800170000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7382
Source: msedgewebview2.exe, 00000002.00000003.1810937194.00003C9C00D30000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2944164356.00003C9C008B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1810086397.00003C9C00BBC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2930557082.000011080000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2933386202.000011080020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807124666.000011080017C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7489
Source: msedgewebview2.exe, 00000002.00000003.1810937194.00003C9C00D30000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2944164356.00003C9C008B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1810086397.00003C9C00BBC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2930557082.000011080000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2933386202.000011080020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807124666.000011080017C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7604
Source: msedgewebview2.exe, 00000002.00000003.1810937194.00003C9C00D30000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2944164356.00003C9C008B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1810086397.00003C9C00BBC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2930557082.000011080000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2933386202.000011080020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807124666.000011080017C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7714
Source: msedgewebview2.exe, 00000002.00000003.1810937194.00003C9C00D30000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2944164356.00003C9C008B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1810086397.00003C9C00BBC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2930557082.000011080000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2933386202.000011080020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807124666.000011080017C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7847
Source: msedgewebview2.exe, 00000002.00000003.1810937194.00003C9C00D30000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2944164356.00003C9C008B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1810086397.00003C9C00BBC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2930557082.000011080000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2933386202.000011080020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807124666.000011080017C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7899
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ausu.lol
Source: msedgewebview2.exe, 00000002.00000002.2941424600.00003C9C0020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://azureedge.net/
Source: msedgewebview2.exe, 00000002.00000002.2942203638.00003C9C00428000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://baduk.hangame.com/?utm_source=baduk&utm_medium=icon&utm_campaign=shortcut
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://browser.360.cn/saas/index.html
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://browser.cloud.huawei.com.cn/pc
Source: msedgewebview2.exe, 00000002.00000002.2941665427.00003C9C00250000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromereporting-pa.googleapis.com/v1/record
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://code.51.com
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://daohang.96zxue.com
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://de.withtls.net
Source: msedgewebview2.exe, 00000002.00000002.2942312322.00003C9C00468000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://designerapp.officeapps.live.com/designerapp/TraceRequest.ashx
Source: msedgewebview2.exe, 00000002.00000002.2942312322.00003C9C00468000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://designerapp.officeapps.live.com/designerapp/TraceRequest.ashxn_value
Source: msedgewebview2.exe, 00000002.00000002.2942312322.00003C9C00468000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://designerapp.officeapps.live.com/designerapp/suggestions.ashx
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://dev.tg.wan.360.cn/?
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://discovery.lenovo.com.cn/home
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://discovery.lenovo.com.cn/home062291
Source: SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000002.2923480101.0000000140485000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://docs.rs/getrandom#nodejs-es-module-support
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://gamebox.160.com/static
Source: SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1861177661.0000000003F56000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1864202535.0000173C010AC000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1867325895.0000173C00F90000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000002.2919444970.0000000004B10000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1863891932.0000173C00FB0000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1866804802.0000173C0100C000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1864707997.0000173C0104C000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1863453959.0000173C00360000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1861576665.0000173C0036C000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1861989476.0000000003F71000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1860977081.0000000003F87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1861526267.0000173C00360000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1861426351.0000173C00348000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1862603017.0000000003FCF000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1864848805.0000173C00F7C000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1863046924.0000000003F71000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1867157275.0000173C0104C000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1863301930.0000000003FCF000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1866287908.0000173C0108C000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1864776205.0000173C0100C000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1864116207.0000173C010CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/JetBrains/JetBrainsMono)
Source: SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1865491227.0000173C01120000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1862475168.0000173C00378000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1862603017.0000000003FA9000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1861989476.0000000003FA9000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1865314011.0000173C01148000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1861858061.0000000003FC9000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1863713750.0000000003FA9000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1865075020.0000173C01170000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1864848805.0000173C00F7C000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1865007511.0000173C01198000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1862312311.0000173C00348000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1862373549.0000173C00360000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1863301930.0000000003FA9000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1865267724.0000173C011AC000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1865216936.0000173C01184000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1862415221.0000173C0036C000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1865555569.0000173C00F7C000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1862344505.0000173C00354000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1865314011.0000173C0110C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1890005069.00003C9C012BC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1867113125.00003C9C012D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/googlefonts/lexend)6_kw
Source: SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1813277344.00000000004EC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1812830458.00000000004E7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000002.2911579928.0000000000499000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000002.2923480101.0000000140485000.00000002.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000002.2937782256.0000173C002DC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2942935131.00003C9C00660000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000008.00000002.2916744208.000002A6DE5ED000.00000004.10000000.00040000.00000000.sdmp, msedgewebview2.exe, 00000008.00000003.1823259160.0000729800730000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/nmt-apps/nmt/issues/2549#issuecomment-1250036908
Source: SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1813277344.00000000004EC000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1812830458.00000000004E7000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000002.2911579928.0000000000499000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000002.2923480101.0000000140485000.00000002.00000001.01000000.00000003.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000002.2937782256.0000173C002DC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2942935131.00003C9C00660000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000008.00000002.2916744208.000002A6DE5ED000.00000004.10000000.00040000.00000000.sdmp, msedgewebview2.exe, 00000008.00000003.1823259160.0000729800730000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/nmt-apps/nmt/issues/8306)
Source: msedgewebview2.exe, 00000002.00000002.2941424600.00003C9C0020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google.com/
Source: SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1822317339.0000173C0066C000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1821828387.00000000004F4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1821949134.000000000401E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1822317339.0000173C0072C000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1822429201.0000000003F11000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1823470578.0000173C0080C000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1822835576.0000173C0080C000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1815867832.0000000003E03000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1823704473.0000173C00A04000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1823195166.0000173C0094C000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1822240382.0000173C0060C000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1822777631.0000173C0080C000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1822920544.0000173C00EAC000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1823080429.0000173C00E0C000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1822203703.0000173C00390000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1822574788.0000000004017000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1819690022.0000000003F11000.00000004.00000020.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1823051777.00003C9C0114C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1823112160.00003C9C010AC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1850283806.00003C9C00F48000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1823233204.00003C9C00EA8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://gsap.com
Source: SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1822317339.0000173C0066C000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1821828387.00000000004F4000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1821949134.000000000401E000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1822317339.0000173C0072C000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1822429201.0000000003F11000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1823470578.0000173C0080C000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1822835576.0000173C0080C000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1815867832.0000000003E03000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1823704473.0000173C00A04000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1823195166.0000173C0094C000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1822240382.0000173C0060C000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1822777631.0000173C0080C000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1822920544.0000173C00EAC000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1823080429.0000173C00E0C000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1822203703.0000173C00390000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1822574788.0000000004017000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1819690022.0000000003F11000.00000004.00000020.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1823051777.00003C9C0114C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1823112160.00003C9C010AC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1850283806.00003C9C00F48000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1823233204.00003C9C00EA8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://gsap.com/standard-license
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://h5.mcetab.com
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://hao.360.cn/?a1004
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://hao.360.com/?360safe
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://hao.360.com/?a1004
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://hao.360.com/?a1111
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://hao.360.com/?h_lnk
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://hao.360.com/?installer
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://hao.360.com/?src=jsqth
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://hao.360.com/?src=lm&ls=
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://hao.360.com/?wd_xp1
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://hao.360.com/?y1001
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://hao.360.com/?y1002
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://hao.360.com/?y1013
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://hao.qq.com/?unc=
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://hao.qq.com/?unc=Af31026&s=o400493_1
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://hk.eynbm.com
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://hlj04.com
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ilive.lenovo.com.cn/?f=
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://internet-start.net/?
Source: msedgewebview2.exe, 00000002.00000003.1810937194.00003C9C00D30000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2945904059.00003C9C00D4C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1810086397.00003C9C00BBC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2932896611.00001108001CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2930557082.000011080000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2933472953.0000110800218000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1812205357.00001108001CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807124666.000011080017C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1806987533.0000110800164000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2932373277.0000110800104000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807017100.0000110800170000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/161903006
Source: msedgewebview2.exe, 00000002.00000003.1810937194.00003C9C00D30000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2945904059.00003C9C00D4C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1810086397.00003C9C00BBC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2932896611.00001108001CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2930557082.000011080000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2933472953.0000110800218000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1812205357.00001108001CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807124666.000011080017C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1806987533.0000110800164000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2932373277.0000110800104000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807017100.0000110800170000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/166809097
Source: msedgewebview2.exe, 00000002.00000003.1810937194.00003C9C00D30000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2945904059.00003C9C00D4C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1810086397.00003C9C00BBC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2932896611.00001108001CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2930557082.000011080000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2933472953.0000110800218000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1812205357.00001108001CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807124666.000011080017C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1806987533.0000110800164000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2932373277.0000110800104000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807017100.0000110800170000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/184850002
Source: msedgewebview2.exe, 00000002.00000003.1810937194.00003C9C00D30000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2945904059.00003C9C00D4C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1810086397.00003C9C00BBC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2932896611.00001108001CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2930557082.000011080000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2933472953.0000110800218000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1812205357.00001108001CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807124666.000011080017C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1806987533.0000110800164000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2932373277.0000110800104000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807017100.0000110800170000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/187425444
Source: msedgewebview2.exe, 00000002.00000003.1810937194.00003C9C00D30000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2945904059.00003C9C00D4C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1810086397.00003C9C00BBC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2932896611.00001108001CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2930557082.000011080000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2933472953.0000110800218000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1812205357.00001108001CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807124666.000011080017C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1806969487.0000110800154000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1806987533.0000110800164000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807017100.0000110800170000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/220069903
Source: msedgewebview2.exe, 00000002.00000003.1810937194.00003C9C00D30000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2945904059.00003C9C00D4C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1810086397.00003C9C00BBC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2932896611.00001108001CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2930557082.000011080000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2933472953.0000110800218000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1812205357.00001108001CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807124666.000011080017C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1806987533.0000110800164000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2932373277.0000110800104000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807017100.0000110800170000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/229267970
Source: msedgewebview2.exe, 00000002.00000003.1810937194.00003C9C00D30000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2945904059.00003C9C00D4C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1810086397.00003C9C00BBC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2932896611.00001108001CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2930557082.000011080000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2933472953.0000110800218000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1812205357.00001108001CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807124666.000011080017C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1806987533.0000110800164000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2932373277.0000110800104000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807017100.0000110800170000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/250706693
Source: msedgewebview2.exe, 00000002.00000003.1810937194.00003C9C00D30000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2945904059.00003C9C00D4C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1810086397.00003C9C00BBC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2932896611.00001108001CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2930557082.000011080000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2933472953.0000110800218000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1812205357.00001108001CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807124666.000011080017C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1806987533.0000110800164000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2932373277.0000110800104000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807017100.0000110800170000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/253522366
Source: msedgewebview2.exe, 00000002.00000003.1810937194.00003C9C00D30000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2945904059.00003C9C00D4C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1810086397.00003C9C00BBC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2932896611.00001108001CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2930557082.000011080000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2933472953.0000110800218000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1812205357.00001108001CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807124666.000011080017C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1806969487.0000110800154000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1806987533.0000110800164000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807017100.0000110800170000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/255411748
Source: msedgewebview2.exe, 00000002.00000003.1810937194.00003C9C00D30000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2945904059.00003C9C00D4C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1810086397.00003C9C00BBC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2932896611.00001108001CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2930557082.000011080000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2933472953.0000110800218000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1812205357.00001108001CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807124666.000011080017C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1806987533.0000110800164000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807017100.0000110800170000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/258207403
Source: msedgewebview2.exe, 00000002.00000003.1810937194.00003C9C00D30000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2945904059.00003C9C00D4C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1810086397.00003C9C00BBC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2932896611.00001108001CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2930557082.000011080000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2933472953.0000110800218000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1812205357.00001108001CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807124666.000011080017C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1806987533.0000110800164000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2932373277.0000110800104000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807017100.0000110800170000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/274859104
Source: msedgewebview2.exe, 00000002.00000003.1810937194.00003C9C00D30000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2945904059.00003C9C00D4C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1810086397.00003C9C00BBC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2932896611.00001108001CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2930557082.000011080000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2933472953.0000110800218000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1812205357.00001108001CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807124666.000011080017C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2932373277.0000110800104000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/284462263
Source: msedgewebview2.exe, 00000002.00000003.1810937194.00003C9C00D30000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2942898093.00003C9C00650000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1810086397.00003C9C00BBC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807124666.000011080017C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2930740792.0000110800024000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1806969487.0000110800154000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1806987533.0000110800164000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807017100.0000110800170000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/issues/166475273
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://jg.awaliwa.com
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://jianjie.2345.com
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://kf.07073.com
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lenovo.ilive.cn/?f=
Source: msedgewebview2.exe, 00000002.00000002.2941665427.00003C9C00250000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login-us.microsoftonline.com/
Source: msedgewebview2.exe, 00000002.00000002.2941665427.00003C9C00250000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.chinacloudapi.cn/
Source: msedgewebview2.exe, 00000002.00000002.2941665427.00003C9C00250000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.cloudgovapi.us/
Source: msedgewebview2.exe, 00000002.00000002.2941665427.00003C9C00250000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoft-ppe.com/
Source: msedgewebview2.exe, 00000002.00000002.2941665427.00003C9C00250000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/
Source: msedgewebview2.exe, 00000002.00000002.2941665427.00003C9C00250000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.de/
Source: msedgewebview2.exe, 00000002.00000002.2941665427.00003C9C00250000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.us/
Source: msedgewebview2.exe, 00000002.00000002.2940535735.00003C9C00094000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.partner.microsoftonline.cn/er
Source: msedgewebview2.exe, 00000002.00000002.2941665427.00003C9C00250000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.usgovcloudapi.net/
Source: msedgewebview2.exe, 00000002.00000002.2941665427.00003C9C00250000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.windows-ppe.net/
Source: msedgewebview2.exe, 00000002.00000002.2941665427.00003C9C00250000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2934682384.00000154DEC10000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.windows.net/
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2941181332.00003C9C001AC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2940457318.00003C9C0005C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lx.pub
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lx.pub/
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mini.eastday.com/?qid=04433&rfstyle=qt
Source: msedgewebview2.exe, 00000002.00000002.2941424600.00003C9C0020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://msn.cn/
Source: msedgewebview2.exe, 00000002.00000002.2941424600.00003C9C0020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://msn.com/
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://news.4399.com/aoyazhiguang/
Source: SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000002.2923480101.0000000140485000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://nmtsocial.uno/static
Source: SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000002.2923480101.0000000140485000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://nmtsocial.uno/static/ecosystem
Source: SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000002.2911579928.00000000004B5000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000002.2917307894.0000000003F34000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://nmtsocial.uno/static/ecosystem/installer/index.nmt
Source: SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000002.2911579928.00000000004B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://nmtsocial.uno/static/ecosystem/installer/index.nmt36
Source: SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000002.2923480101.0000000140485000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://nmtsocial.uno/static/ecosystem/installer/installer.exe
Source: SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000002.2923480101.0000000140485000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://nmtsocial.uno/staticH
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ntp.msn.cn/edge/ntp
Source: msedgewebview2.exe, 00000002.00000002.2941424600.00003C9C0020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://office.net/
Source: msedgewebview2.exe, 00000002.00000002.2943858900.00003C9C0082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2940378680.00003C9C0001C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2941106744.00003C9C0018C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2941355801.00003C9C001E8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000006.00000002.2926723425.000042C4001AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/
Source: msedgewebview2.exe, 00000002.00000002.2943667675.00003C9C007D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/GetCheckConnectionInfo?source=ChromiumBrowser
Source: msedgewebview2.exe, 00000002.00000002.2941665427.00003C9C00250000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/devicemanagement/data/api
Source: msedgewebview2.exe, 00000002.00000002.2942312322.00003C9C00468000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2940378680.00003C9C0001C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/oauth/multilogin
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redian.mnjunshi.com/?qid=tpnews
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redian.mnjunshi.com/?qid=tpnewsy_pcuni
Source: SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1865491227.0000173C01120000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1862475168.0000173C00378000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1862603017.0000000003FA9000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1861989476.0000000003FA9000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1861177661.0000000003F56000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1865314011.0000173C01148000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1864202535.0000173C010AC000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1861858061.0000000003FC9000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1867325895.0000173C00F90000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000002.2919444970.0000000004B10000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1863891932.0000173C00FB0000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1866804802.0000173C0100C000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1864707997.0000173C0104C000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1863453959.0000173C00360000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1863713750.0000000003FA9000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1861576665.0000173C0036C000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1861989476.0000000003F71000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1860977081.0000000003F87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1861526267.0000173C00360000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1861426351.0000173C00348000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1865075020.0000173C01170000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://scripts.sil.org/OFLThis
Source: SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1861177661.0000000003F56000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1864202535.0000173C010AC000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1867325895.0000173C00F90000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000002.2919444970.0000000004B10000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1863891932.0000173C00FB0000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1866804802.0000173C0100C000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1864707997.0000173C0104C000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1863453959.0000173C00360000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1861576665.0000173C0036C000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1861989476.0000000003F71000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1860977081.0000000003F87000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1861526267.0000173C00360000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1861426351.0000173C00348000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1862603017.0000000003FCF000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1864848805.0000173C00F7C000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1863046924.0000000003F71000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1867157275.0000173C0104C000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1863301930.0000000003FCF000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1866287908.0000173C0108C000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1864776205.0000173C0100C000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1864116207.0000173C010CC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://scripts.sil.org/OFLhttps://www.jetbrains.comPhilipp
Source: SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1865491227.0000173C01120000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1862475168.0000173C00378000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1862603017.0000000003FA9000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1861989476.0000000003FA9000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1865314011.0000173C01148000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1861858061.0000000003FC9000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1863713750.0000000003FA9000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1865075020.0000173C01170000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1864848805.0000173C00F7C000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1865007511.0000173C01198000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1862312311.0000173C00348000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1862373549.0000173C00360000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1863301930.0000000003FA9000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1865267724.0000173C011AC000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1865216936.0000173C01184000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1862415221.0000173C0036C000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1865555569.0000173C00F7C000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1862344505.0000173C00354000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1865314011.0000173C0110C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1890005069.00003C9C012BC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1867113125.00003C9C012D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://scripts.sil.org/OFLhttps://www.lexend.comBonnie
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://so.lenovo.com.cn
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://start.jword.jp/?fr=slc
Source: msedgewebview2.exe, 00000002.00000002.2941665427.00003C9C00250000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sts.windows-ppe.net/
Source: msedgewebview2.exe, 00000002.00000002.2941665427.00003C9C00250000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sts.windows.net/
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tg.602.com
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tj.xyhvip.cn
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tp.9377s.com
Source: SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1822127479.0000173C00360000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://vuejs.org/error-reference/#runtime-$
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.sogou.com/?
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2940494042.00003C9C00068000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.2345.com/?
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/100030_2.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/10305_2.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/10379.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/10379_3.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/107884_3.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/109832_3.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/110975_1.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/110975_1.htmhttps://www.4399.com/flash/109832_3.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/112689_3.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/115339_1.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/117227_3.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/117945_4.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/118852_4.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/122099_1.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/12669_4.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/127539_4.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/130389_1.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/130396.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/130396_1.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/132028.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/133630_4.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/134302_2.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/136516_3.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/137116_3.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/137953_4.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/1382_2.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/145991_4.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/151915_1.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/155283_1.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/155476_2.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/15548_2.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/160944_3.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/163478_3.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/171322_1.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/173634_4.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/177937_3.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/17801_4.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/18012.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/18012_4.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/180977_3.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/18169_2.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/187040_1.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/187228_1.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/188593.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/188739_1.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/189558_3.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/191203_3.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/195673_4.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/195990_1.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/198491_1.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/198637_4.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/198660_4.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/199408_3.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/202061_3.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/202574_2.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/202604_4.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/202692_3.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/202724_3.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/202785.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/202819_3.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/202828_2.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/202901_4.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/202907_2.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/202911_1.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/203018_4.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/203093_4.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/203152.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/203153_4.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/203154.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/203166_2.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/203178_3.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/203215_3.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/203215_3.htmhttps://www.4399.com/flash/203178_3.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/203231_4.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/203369_3.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/203371_3.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/203404_2.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/203453_2.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/203476_2.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/203481_3.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/203495_1.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/203515_1.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/203564_4.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/203682_3.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/203768_1.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/204044_4.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/204056_4.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/204206.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/204255_2.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/204290_1.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/204422_4.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/204429_1.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/204562_3.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/204650_1.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/204685_1.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/204886_3.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/204926_3.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/204952_2.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/204989_4.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/205090_2.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/205147.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/205165.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/205182.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/205235_4.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/205325_2.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/205341_2.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/205462_4.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/205536_3.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/205551_4.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/205845_1.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/206114_1.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/20660_2.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/206724_3.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/207195_4.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/207717_3.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/208107_4.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/209567_2.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/210650_1.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/212767_2.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/21552_1.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/216417_2.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/21674_3.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/217370_4.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/217603_3.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/217622_2.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/217629_1.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/217706_4.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/217815_2.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/217844_1.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/217855_4.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/217926_2.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/218066_3.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/218162_2.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/218717_2.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/218860_1.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/218939_3.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/218939_3.htmIE11
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/220266_4.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/221162_3.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/221700_4.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/221839_4.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/222061_3.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/222151_2.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/222442_2.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/22287_2.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/223745.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/223745_2.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/225193_1.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/227465_4.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/230446_1.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/231814_2.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/27924.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/27924_2.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/32979_3.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/35538.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/35538_3.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/3881_4.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/3883_2.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/39379_2.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/40779_3.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/41193_1.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/42760_2.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/43689_1.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/43841_1.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/47931_1.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/48272_2.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/48504.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/48504_4.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/55146_4.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/59227_2.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/60369_2.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/6232_3.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/63805_4.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/65731_2.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/69112_4.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/69156_1.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/70215_3.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/72526_2.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/73386.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/776_1.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/79452_4.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/81895_2.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/83345_4.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/85646_1.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/87425_2.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/88902_1.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/90302_3.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/93015_1.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/93398_3.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/93551_3.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/yzzrhj.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/zmhj.htm
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.91duba.com/?
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.91duba.com/?f=
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.baidu.com/?tn=
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.baidu.com/s?tn=15007414_9_dg&wd=
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.douyin.com/?ug_source=
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.flash.cn/success
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.hao123.com/?tn=
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.iduba.com/sv.html?f=
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.jiegeng.com
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.nate.com/?f=nateontb
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.newduba.cn/?
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.newduba.cn/?f=
Source: msedgewebview2.exe, 00000002.00000002.2945563973.00003C9C00C4C000.00000004.00000800.00020000.00000000.sdmp, Top Sites.2.drString found in binary or memory: https://www.office.com/
Source: msedgewebview2.exe, 00000002.00000002.2946629217.00003C9C00E8D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.office.com/OfficeeEATE
Source: msedgewebview2.exe, 00000002.00000002.2945563973.00003C9C00C4C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.office.com/tallr
Source: msedgewebview2.exe, 00000002.00000002.2945563973.00003C9C00C4C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.office.com/w
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.so.com/?src=
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.startfenster.de
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.startseite24.net
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://yxtg.3zwx.cn/tg/ttfc.html?sc=
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://yxtg.flamebird.cn/tg/ttfc.html?sc=
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://yxtg.taojike.com.cn/tg/ttfc.html?sc=
Source: msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://zum.com/?af=
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
Source: unknownHTTPS traffic detected: 5.42.101.19:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: classification engineClassification label: mal80.evad.mine.winEXE@12/140@5/5
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exeFile created: C:\Users\user\AppData\Local\com.nmt.ecosystemJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeMutant created: NULL
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeFile created: C:\Users\user\AppData\Local\Temp\40cb8e6c-55e7-4f64-9302-50475c1a318f.tmpJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
Source: msedgewebview2.exe, 00000002.00000002.2933811145.00000154DD705000.00000002.00000001.00040000.0000001B.sdmp, Login Data.2.drBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exeVirustotal: Detection: 18%
Source: SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exeReversingLabs: Detection: 15%
Source: SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exeString found in binary or memory: ProductNamenmt-installer,
Source: unknownProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe"
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe --webview-exe-version=0.1.0 --user-data-dir="C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --edge-webview-custom-scheme --autoplay-policy=no-user-gesture-required --disable-features=msWebOOUI,msPdfOOUI,msSmartScreenProtection --enable-features=MojoIpcz --lang=en-GB --mojo-named-platform-channel-pipe=7544.7668.17675517513217638666
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=117.0.5938.132 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=117.0.2045.47 --initial-client-data=0x15c,0x160,0x164,0x138,0x16c,0x7ffdfb1c8e88,0x7ffdfb1c8e98,0x7ffdfb1c8ea8
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView" --webview-exe-name=SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe --webview-exe-version=0.1.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --edge-webview-custom-scheme --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1768 --field-trial-handle=1772,i,11401663883599953160,14768806848800428662,262144 --enable-features=MojoIpcz --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI /prefetch:2
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView" --webview-exe-name=SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe --webview-exe-version=0.1.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --edge-webview-custom-scheme --mojo-platform-channel-handle=2608 --field-trial-handle=1772,i,11401663883599953160,14768806848800428662,262144 --enable-features=MojoIpcz --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI /prefetch:3
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-GB --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView" --webview-exe-name=SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe --webview-exe-version=0.1.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --edge-webview-custom-scheme --mojo-platform-channel-handle=2652 --field-trial-handle=1772,i,11401663883599953160,14768806848800428662,262144 --enable-features=MojoIpcz --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI /prefetch:8
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView" --webview-exe-name=SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe --webview-exe-version=0.1.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --edge-webview-custom-scheme --disable-nacl --first-renderer-process --autoplay-policy=no-user-gesture-required --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_CH" --time-ticks-at-unix-epoch=-1725101066859934 --launch-time-ticks=5743702722 --mojo-platform-channel-handle=3400 --field-trial-handle=1772,i,11401663883599953160,14768806848800428662,262144 --enable-features=MojoIpcz --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI /prefetch:1
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=117.0.5938.132 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=117.0.2045.47 --initial-client-data=0x15c,0x160,0x164,0x138,0x16c,0x7ffdfb1c8e88,0x7ffdfb1c8e98,0x7ffdfb1c8ea8Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView" --webview-exe-name=SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe --webview-exe-version=0.1.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --edge-webview-custom-scheme --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1768 --field-trial-handle=1772,i,11401663883599953160,14768806848800428662,262144 --enable-features=MojoIpcz --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI /prefetch:2Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView" --webview-exe-name=SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe --webview-exe-version=0.1.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --edge-webview-custom-scheme --mojo-platform-channel-handle=2608 --field-trial-handle=1772,i,11401663883599953160,14768806848800428662,262144 --enable-features=MojoIpcz --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI /prefetch:3Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-GB --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView" --webview-exe-name=SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe --webview-exe-version=0.1.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --edge-webview-custom-scheme --mojo-platform-channel-handle=2652 --field-trial-handle=1772,i,11401663883599953160,14768806848800428662,262144 --enable-features=MojoIpcz --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView" --webview-exe-name=SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe --webview-exe-version=0.1.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --edge-webview-custom-scheme --disable-nacl --first-renderer-process --autoplay-policy=no-user-gesture-required --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_CH" --time-ticks-at-unix-epoch=-1725101066859934 --launch-time-ticks=5743702722 --mojo-platform-channel-handle=3400 --field-trial-handle=1772,i,11401663883599953160,14768806848800428662,262144 --enable-features=MojoIpcz --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI /prefetch:1Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exeSection loaded: explorerframe.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exeSection loaded: dataexchange.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exeSection loaded: d3d11.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exeSection loaded: dcomp.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exeSection loaded: dxgi.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exeSection loaded: edputil.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exeSection loaded: schannel.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exeSection loaded: mskeyprotect.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exeSection loaded: ncryptsslp.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exeSection loaded: cryptnet.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: version.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: windows.system.profile.platformdiagnosticsandusagedatasettings.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: policymanager.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: msvcp110_win.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: winmm.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: kbdus.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: windows.system.profile.platformdiagnosticsandusagedatasettings.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: policymanager.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: msvcp110_win.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: userenv.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: wkscli.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: netutils.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: mdmregistration.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: mdmregistration.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: msvcp110_win.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: omadmapi.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: dmcmnutils.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: iri.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: dsreg.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: msvcp110_win.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: profapi.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: dwrite.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: wldp.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: windows.ui.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: windowmanagementapi.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: inputhost.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: twinapi.appcore.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: propsys.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: profapi.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: winsta.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: mscms.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: coloradapterclient.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: winhttp.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: windows.security.authentication.web.core.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: devobj.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: dataexchange.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: d3d11.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: dcomp.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: dxgi.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: uiautomationcore.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: atlthunk.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: oleacc.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: directmanipulation.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: dxgi.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: resourcepolicyclient.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: mf.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: mfplat.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: rtworkq.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: hevcdecoder.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: dolbydecmft.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: mfperfhelper.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: d3d11.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: d3d10warp.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: dxcore.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: dcomp.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: dwrite.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: wldp.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: policymanager.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: msvcp110_win.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: dwritecore.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: vaultcli.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: aadwamextension.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: windows.web.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: hevcdecoder.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: tenantrestrictionsplugin.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: netprofm.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: npmproxy.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: wevtapi.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: windows.system.userprofile.diagnosticssettings.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: netapi32.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: secur32.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: windows.system.diagnostics.telemetry.platformtelemetryclient.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: bitsproxy.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: winmm.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: winmm.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: dhcpcsvc6.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: dhcpcsvc.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: nlaapi.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: ncrypt.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: ntasn1.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: ncryptprov.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: profapi.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: winmm.dllJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InProcServer32Jump to behavior
Source: SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
Source: SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exeStatic PE information: Image base 0x140000000 > 0x60000000
Source: SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exeStatic file information: File size 15394816 > 1048576
Source: SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exeStatic PE information: Raw size of .nmt2 is bigger than: 0x100000 < 0xe9ea00
Source: initial sampleStatic PE information: section where entry point is pointing to: .nmt2
Source: SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exeStatic PE information: section name: .nmt0
Source: SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exeStatic PE information: section name: .nmt1
Source: SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exeStatic PE information: section name: .nmt2

Hooking and other Techniques for Hiding and Protection

barindex
Overwrites code with unconditional jumps - possibly settings hooks in foreign process
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exeMemory written: PID: 7544 base: 7FFE22370008 value: E9 EB D9 E9 FF Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exeMemory written: PID: 7544 base: 7FFE2220D9F0 value: E9 20 26 16 00 Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exeMemory written: PID: 7544 base: 7FFE2238000D value: E9 BB CB EB FF Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exeMemory written: PID: 7544 base: 7FFE2223CBC0 value: E9 5A 34 14 00 Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeRegistry key monitored for changes: HKEY_CURRENT_USER_ClassesJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeRegistry key monitored for changes: HKEY_CURRENT_USER_ClassesJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Malware Analysis System Evasion

barindex
Query firmware table information (likely to detect VMs)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exeSystem information queried: FirmwareTableInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exeSystem information queried: FirmwareTableInformationJump to behavior
Tries to evade analysis by execution special instruction (VM detection)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exeSpecial instruction interceptor: First address: 1418D233C instructions rdtsc caused by: RDTSC with Trap Flag (TF)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exeSpecial instruction interceptor: First address: 1418D234B instructions rdtsc caused by: RDTSC with Trap Flag (TF)
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\d0010809Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeFile Volume queried: C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Default\Code Cache\wasm FullSizeInformationJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeFile Volume queried: C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Default\Code Cache\js FullSizeInformationJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeFile Volume queried: C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Default\blob_storage\8d3a6f72-ebd6-4d56-87e7-0a719c9ea4d1 FullSizeInformationJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeFile Volume queried: C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Default\Cache\Cache_Data FullSizeInformationJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeFile opened: C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Default\Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeFile opened: C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Default\Network\SCT Auditing Pending ReportsJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeFile opened: C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeFile opened: C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Default\Network\d092329e-afca-4715-8e6f-4716b6b57dee.tmpJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeFile opened: C:\Users\user\AppData\Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeFile opened: C:\Users\user\Jump to behavior
Source: msedgewebview2.exe, 00000002.00000002.2944629215.00003C9C009CC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware
Source: msedgewebview2.exe, 00000002.00000002.2946378392.00003C9C00E1C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware Virtual USB Mouse
Source: msedgewebview2.exe, 00000002.00000002.2940818634.00003C9C000F8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: USB device added: path=\\?\usb#vid_0e0f&pid_0003#5&2dda038&0&5#{a5dcbf10-6530-11d2-901f-00c04fb951ed} vendor=3599 "VMware", product=3 "VMware Virtual USB Mouse", serial="", driver="usbccgp", guid=0d8bb110-3ec2-4b6c-ab61-ad3e741a7f67
Source: SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000002.2913839830.000000000050F000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1860829576.000000000050E000.00000004.00000020.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2928939237.00000154D8440000.00000004.00000020.00020000.00000000.sdmp, msedgewebview2.exe, 00000006.00000002.2918326241.00000296BA64A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exeSystem information queried: ModuleInformationJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exeProcess information queried: ProcessInformationJump to behavior

Anti Debugging

barindex
Hides threads from debuggers
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exeThread information set: HideFromDebuggerJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exeThread information set: HideFromDebuggerJump to behavior
Tries to detect debuggers (CloseHandle check)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exeHandle closed: DEADC0DE
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exeProcess queried: DebugObjectHandleJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exeProcess queried: DebugObjectHandleJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exeProcess queried: DebugObjectHandleJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exeProcess queried: DebugPortJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exeMemory allocated: page read and write | page guardJump to behavior

HIPS / PFW / Operating System Protection Evasion

barindex
Found direct / indirect Syscall (likely to bypass EDR)
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exeNtQueryInformationProcess: Direct from: 0x1411B1572Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exeNtProtectVirtualMemory: Direct from: 0x1411ED035Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exeNtQuerySystemInformation: Direct from: 0x140E402D7Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exeNtProtectVirtualMemory: Direct from: 0x140F30DB2Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exeNtSetInformationThread: Direct from: 0x1418CD80FJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exeNtQuerySystemInformation: Direct from: 0x140F4C0F3Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exeNtClose: Direct from: 0x1418CA369
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exeNtProtectVirtualMemory: Direct from: 0x141347947Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exeNtProtectVirtualMemory: Indirect: 0x140E2C853Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exeNtQuerySystemInformation: Direct from: 0x14114DAAFJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exeNtUnmapViewOfSection: Direct from: 0x140F49D0DJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exeNtProtectVirtualMemory: Direct from: 0x140F60EAAJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exeNtSetInformationThread: Direct from: 0x14135DF4BJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exeNtQuerySystemInformation: Direct from: 0x14118CB4EJump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exeNtDeviceIoControlFile: Indirect: 0x1402B2D67Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exeNtCreateFile: Indirect: 0x1402B380AJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=117.0.5938.132 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=117.0.2045.47 --initial-client-data=0x15c,0x160,0x164,0x138,0x16c,0x7ffdfb1c8e88,0x7ffdfb1c8e98,0x7ffdfb1c8ea8Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView" --webview-exe-name=SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe --webview-exe-version=0.1.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --edge-webview-custom-scheme --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1768 --field-trial-handle=1772,i,11401663883599953160,14768806848800428662,262144 --enable-features=MojoIpcz --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI /prefetch:2Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView" --webview-exe-name=SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe --webview-exe-version=0.1.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --edge-webview-custom-scheme --mojo-platform-channel-handle=2608 --field-trial-handle=1772,i,11401663883599953160,14768806848800428662,262144 --enable-features=MojoIpcz --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI /prefetch:3Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-GB --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView" --webview-exe-name=SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe --webview-exe-version=0.1.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --edge-webview-custom-scheme --mojo-platform-channel-handle=2652 --field-trial-handle=1772,i,11401663883599953160,14768806848800428662,262144 --enable-features=MojoIpcz --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView" --webview-exe-name=SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe --webview-exe-version=0.1.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --edge-webview-custom-scheme --disable-nacl --first-renderer-process --autoplay-policy=no-user-gesture-required --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_CH" --time-ticks-at-unix-epoch=-1725101066859934 --launch-time-ticks=5743702722 --mojo-platform-channel-handle=3400 --field-trial-handle=1772,i,11401663883599953160,14768806848800428662,262144 --enable-features=MojoIpcz --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI /prefetch:1Jump to behavior
Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=securiteinfo.com.trojan.win64.krypt.13435.32435.exe --webview-exe-version=0.1.0 --user-data-dir="c:\users\user\appdata\local\com.nmt.ecosystem\ebwebview" --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --edge-webview-custom-scheme --autoplay-policy=no-user-gesture-required --disable-features=mswebooui,mspdfooui,mssmartscreenprotection --enable-features=mojoipcz --lang=en-gb --mojo-named-platform-channel-pipe=7544.7668.17675517513217638666
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=c:\users\user\appdata\local\com.nmt.ecosystem\ebwebview /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=c:\users\user\appdata\local\com.nmt.ecosystem\ebwebview\crashpad --annotation=isofficialbuild=1 --annotation=channel= --annotation=chromium-version=117.0.5938.132 "--annotation=exe=c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --annotation=plat=win64 "--annotation=prod=edge webview2" --annotation=ver=117.0.2045.47 --initial-client-data=0x15c,0x160,0x164,0x138,0x16c,0x7ffdfb1c8e88,0x7ffdfb1c8e98,0x7ffdfb1c8ea8
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="c:\users\user\appdata\local\com.nmt.ecosystem\ebwebview" --webview-exe-name=securiteinfo.com.trojan.win64.krypt.13435.32435.exe --webview-exe-version=0.1.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --edge-webview-custom-scheme --gpu-preferences=waaaaaaaaadgaaamaaaaaaaaaaaaaaaaaabgaaaaaaa4aaaaaaaaaaaaaaaeaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaagaaaaaaaaaayaaaaaaaaaagaaaaaaaaacaaaaaaaaaaiaaaaaaaaaa== --mojo-platform-channel-handle=1768 --field-trial-handle=1772,i,11401663883599953160,14768806848800428662,262144 --enable-features=mojoipcz --disable-features=mspdfooui,mssmartscreenprotection,mswebooui /prefetch:2
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.networkservice --lang=en-gb --service-sandbox-type=none --noerrdialogs --user-data-dir="c:\users\user\appdata\local\com.nmt.ecosystem\ebwebview" --webview-exe-name=securiteinfo.com.trojan.win64.krypt.13435.32435.exe --webview-exe-version=0.1.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --edge-webview-custom-scheme --mojo-platform-channel-handle=2608 --field-trial-handle=1772,i,11401663883599953160,14768806848800428662,262144 --enable-features=mojoipcz --disable-features=mspdfooui,mssmartscreenprotection,mswebooui /prefetch:3
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.storageservice --lang=en-gb --service-sandbox-type=service --noerrdialogs --user-data-dir="c:\users\user\appdata\local\com.nmt.ecosystem\ebwebview" --webview-exe-name=securiteinfo.com.trojan.win64.krypt.13435.32435.exe --webview-exe-version=0.1.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --edge-webview-custom-scheme --mojo-platform-channel-handle=2652 --field-trial-handle=1772,i,11401663883599953160,14768806848800428662,262144 --enable-features=mojoipcz --disable-features=mspdfooui,mssmartscreenprotection,mswebooui /prefetch:8
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="c:\users\user\appdata\local\com.nmt.ecosystem\ebwebview" --webview-exe-name=securiteinfo.com.trojan.win64.krypt.13435.32435.exe --webview-exe-version=0.1.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --edge-webview-custom-scheme --disable-nacl --first-renderer-process --autoplay-policy=no-user-gesture-required --lang=en-gb --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_ch" --time-ticks-at-unix-epoch=-1725101066859934 --launch-time-ticks=5743702722 --mojo-platform-channel-handle=3400 --field-trial-handle=1772,i,11401663883599953160,14768806848800428662,262144 --enable-features=mojoipcz --disable-features=mspdfooui,mssmartscreenprotection,mswebooui /prefetch:1
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=c:\users\user\appdata\local\com.nmt.ecosystem\ebwebview /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=c:\users\user\appdata\local\com.nmt.ecosystem\ebwebview\crashpad --annotation=isofficialbuild=1 --annotation=channel= --annotation=chromium-version=117.0.5938.132 "--annotation=exe=c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --annotation=plat=win64 "--annotation=prod=edge webview2" --annotation=ver=117.0.2045.47 --initial-client-data=0x15c,0x160,0x164,0x138,0x16c,0x7ffdfb1c8e88,0x7ffdfb1c8e98,0x7ffdfb1c8ea8Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="c:\users\user\appdata\local\com.nmt.ecosystem\ebwebview" --webview-exe-name=securiteinfo.com.trojan.win64.krypt.13435.32435.exe --webview-exe-version=0.1.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --edge-webview-custom-scheme --gpu-preferences=waaaaaaaaadgaaamaaaaaaaaaaaaaaaaaabgaaaaaaa4aaaaaaaaaaaaaaaeaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaagaaaaaaaaaayaaaaaaaaaagaaaaaaaaacaaaaaaaaaaiaaaaaaaaaa== --mojo-platform-channel-handle=1768 --field-trial-handle=1772,i,11401663883599953160,14768806848800428662,262144 --enable-features=mojoipcz --disable-features=mspdfooui,mssmartscreenprotection,mswebooui /prefetch:2Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.networkservice --lang=en-gb --service-sandbox-type=none --noerrdialogs --user-data-dir="c:\users\user\appdata\local\com.nmt.ecosystem\ebwebview" --webview-exe-name=securiteinfo.com.trojan.win64.krypt.13435.32435.exe --webview-exe-version=0.1.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --edge-webview-custom-scheme --mojo-platform-channel-handle=2608 --field-trial-handle=1772,i,11401663883599953160,14768806848800428662,262144 --enable-features=mojoipcz --disable-features=mspdfooui,mssmartscreenprotection,mswebooui /prefetch:3Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.storageservice --lang=en-gb --service-sandbox-type=service --noerrdialogs --user-data-dir="c:\users\user\appdata\local\com.nmt.ecosystem\ebwebview" --webview-exe-name=securiteinfo.com.trojan.win64.krypt.13435.32435.exe --webview-exe-version=0.1.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --edge-webview-custom-scheme --mojo-platform-channel-handle=2652 --field-trial-handle=1772,i,11401663883599953160,14768806848800428662,262144 --enable-features=mojoipcz --disable-features=mspdfooui,mssmartscreenprotection,mswebooui /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="c:\users\user\appdata\local\com.nmt.ecosystem\ebwebview" --webview-exe-name=securiteinfo.com.trojan.win64.krypt.13435.32435.exe --webview-exe-version=0.1.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --edge-webview-custom-scheme --disable-nacl --first-renderer-process --autoplay-policy=no-user-gesture-required --lang=en-gb --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_ch" --time-ticks-at-unix-epoch=-1725101066859934 --launch-time-ticks=5743702722 --mojo-platform-channel-handle=3400 --field-trial-handle=1772,i,11401663883599953160,14768806848800428662,262144 --enable-features=mojoipcz --disable-features=mspdfooui,mssmartscreenprotection,mswebooui /prefetch:1Jump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\Trust Protection Lists\manifest.json VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\WidevineCdm\manifest.json VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\System32\spool\drivers\color\sRGB Color Space Profile.icm VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\MEIPreload\preloaded_data.pb VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Default\Network\SCT Auditing Pending Reports VolumeInformationJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts12
Command and Scripting Interpreter		1
DLL Side-Loading		11
Process Injection		1
Masquerading		1
Credential API Hooking		1
Query Registry		Remote Services1
Credential API Hooking		1
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
Abuse Elevation Control Mechanism		21
Virtualization/Sandbox Evasion		LSASS Memory411
Security Software Discovery		Remote Desktop ProtocolData from Removable Media1
Ingress Tool Transfer		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
DLL Side-Loading		1
Disable or Modify Tools		Security Account Manager21
Virtualization/Sandbox Evasion		SMB/Windows Admin SharesData from Network Shared Drive3
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook11
Process Injection		NTDS1
Process Discovery		Distributed Component Object ModelInput Capture14
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
Abuse Elevation Control Mechanism		LSA Secrets1
Remote System Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
DLL Side-Loading		Cached Domain Credentials1
File and Directory Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup ItemsCompile After DeliveryDCSync123
System Information Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe19%VirustotalBrowse
SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe16%ReversingLabs

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

SourceDetectionScannerLabelLink
chrome.cloudflare-dns.com0%VirustotalBrowse
nmtsocial.uno0%VirustotalBrowse

URLs

SourceDetectionScannerLabelLink
http://anglebug.com/46330%URL Reputationsafe
https://anglebug.com/73820%URL Reputationsafe
http://www.chambersign.org10%URL Reputationsafe
http://anglebug.com/69290%URL Reputationsafe
https://anglebug.com/72460%URL Reputationsafe
https://anglebug.com/73690%URL Reputationsafe
https://anglebug.com/74890%URL Reputationsafe
https://issuetracker.google.com/1619030060%URL Reputationsafe
http://anglebug.com/47220%URL Reputationsafe
http://anglebug.com/35020%URL Reputationsafe
http://anglebug.com/36230%URL Reputationsafe
http://anglebug.com/36250%URL Reputationsafe
http://anglebug.com/36240%URL Reputationsafe
http://anglebug.com/38620%URL Reputationsafe
http://anglebug.com/48360%URL Reputationsafe
https://issuetracker.google.com/issues/1664752730%URL Reputationsafe
http://x1.c.lencr.org/00%URL Reputationsafe
http://x1.i.lencr.org/00%URL Reputationsafe
http://anglebug.com/39700%URL Reputationsafe
http://web.503188.com/?0%Avira URL Cloudsafe
https://vuejs.org/error-reference/#runtime-$0%Avira URL Cloudsafe
http://anglebug.com/59010%URL Reputationsafe
http://www.4399.com/flash/32979.htm0%Avira URL Cloudsafe
http://hao123.di178.com/?r9160%Avira URL Cloudsafe
https://hao.360.com/?installer0%Avira URL Cloudsafe
https://www.4399.com/flash/180977_3.htm0%Avira URL Cloudsafe
https://tg.602.com0%Avira URL Cloudsafe
https://www.4399.com/flash/127539_4.htm0%Avira URL Cloudsafe
http://hao123.di178.com/?r9160%VirustotalBrowse
https://www.4399.com/flash/205462_4.htm0%Avira URL Cloudsafe
http://www.4399.com/flash/32979.htm0%VirustotalBrowse
https://vuejs.org/error-reference/#runtime-$0%VirustotalBrowse
https://www.4399.com/flash/127539_4.htm0%VirustotalBrowse
https://www.4399.com/flash/145991_4.htm0%Avira URL Cloudsafe
https://www.4399.com/flash/180977_3.htm0%VirustotalBrowse
https://www.4399.com/flash/203215_3.htmhttps://www.4399.com/flash/203178_3.htm0%Avira URL Cloudsafe
http://web.503188.com/?0%VirustotalBrowse
http://nmt.localhost/(0%Avira URL Cloudsafe
https://ntp.msn.cn/edge/ntp0%Avira URL Cloudsafe
https://hao.360.com/?installer0%VirustotalBrowse
https://www.4399.com/flash/39379_2.htm0%Avira URL Cloudsafe
http://nmt.localhost.R0%Avira URL Cloudsafe
https://www.4399.com/flash/55146_4.htm0%Avira URL Cloudsafe
https://tg.602.com0%VirustotalBrowse
https://www.4399.com/flash/145991_4.htm0%VirustotalBrowse
https://www.4399.com/flash/195673_4.htm0%Avira URL Cloudsafe
http://nmt.localhostt0%Avira URL Cloudsafe
https://www.4399.com/flash/39379_2.htm0%VirustotalBrowse
https://ntp.msn.cn/edge/ntp1%VirustotalBrowse
https://kf.07073.com0%Avira URL Cloudsafe
https://www.4399.com/flash/18012.htm0%Avira URL Cloudsafe
https://www.4399.com/flash/195673_4.htm0%VirustotalBrowse
http://nmt.localhost/d0%Avira URL Cloudsafe
http://bd.gy912.com0%Avira URL Cloudsafe
https://www.4399.com/flash/55146_4.htm0%VirustotalBrowse
https://www.91duba.com/?f=0%Avira URL Cloudsafe
https://www.4399.com/flash/217926_2.htm0%Avira URL Cloudsafe
https://www.4399.com/flash/218860_1.htm0%Avira URL Cloudsafe
https://kf.07073.com1%VirustotalBrowse
https://www.4399.com/flash/27924_2.htm0%Avira URL Cloudsafe
https://www.4399.com/flash/18012_4.htm0%Avira URL Cloudsafe
https://www.91duba.com/?f=0%VirustotalBrowse
https://www.4399.com/flash/18012.htm0%VirustotalBrowse
https://www.newduba.cn/?0%Avira URL Cloudsafe
https://www.4399.com/flash/217926_2.htm0%VirustotalBrowse
https://www.4399.com/flash/48504.htm0%Avira URL Cloudsafe
https://www.4399.com/flash/205462_4.htm0%VirustotalBrowse
http://nmt.localhostgRefererx.http://nmt.localhost/assets/index-BUegJusl.cssjUser-Agentx0%Avira URL Cloudsafe
https://www.4399.com/flash/218860_1.htm0%VirustotalBrowse
https://www.4399.com/flash/27924_2.htm0%VirustotalBrowse
http://df.edge.qhkj.baicana.com0%Avira URL Cloudsafe
https://www.4399.com/flash/18012_4.htm0%VirustotalBrowse
https://www.office.com/OfficeeEATE0%Avira URL Cloudsafe
http://bd.gy912.com0%VirustotalBrowse
https://tp.9377s.com0%Avira URL Cloudsafe
https://www.newduba.cn/?0%VirustotalBrowse
http://nmt.localhost/0%Avira URL Cloudsafe
https://tp.9377s.com3%VirustotalBrowse
http://nmt.localhost/assets/index-BUegJusl.cssNR0%Avira URL Cloudsafe
http://r.emsoso.cn0%Avira URL Cloudsafe
https://www.4399.com/flash/zmhj.htm0%Avira URL Cloudsafe
https://www.4399.com/flash/69156_1.htm0%Avira URL Cloudsafe
https://www.4399.com/flash/776_1.htm0%Avira URL Cloudsafe
http://129fy.ie.chalai.net0%Avira URL Cloudsafe
http://df.edge.qhkj.baicana.com1%VirustotalBrowse
https://www.4399.com/flash/zmhj.htm0%VirustotalBrowse
https://www.4399.com/flash/198637_4.htm0%Avira URL Cloudsafe
https://www.4399.com/flash/133630_4.htm0%Avira URL Cloudsafe
http://e6.i.lencr.org/0A0%Avira URL Cloudsafe
http://nmt.localhost/fonts/JetBrainsMono-Medium.ttf.80%Avira URL Cloudsafe
http://html4/loose.dtd0%Avira URL Cloudsafe
http://sgcs.edge.ker58.com0%Avira URL Cloudsafe
https://www.4399.com/flash/218717_2.htm0%Avira URL Cloudsafe
https://www.4399.com/flash/69156_1.htm0%VirustotalBrowse
https://www.4399.com/flash/136516_3.htm0%Avira URL Cloudsafe
https://www.4399.com/flash/48504.htm1%VirustotalBrowse
https://www.4399.com/flash/203215_3.htm0%Avira URL Cloudsafe
https://www.4399.com/flash/207195_4.htm0%Avira URL Cloudsafe
https://www.office.com/OfficeeEATE0%VirustotalBrowse
https://discovery.lenovo.com.cn/home0622910%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
chrome.cloudflare-dns.com
162.159.61.3
truefalseunknown
nmtsocial.uno
5.42.101.19
truefalseunknown

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
http://web.503188.com/?msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://hao.360.com/?installermsedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
http://www.4399.com/flash/32979.htmmsedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://vuejs.org/error-reference/#runtime-$SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000003.1822127479.0000173C00360000.00000004.00000800.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
http://hao123.di178.com/?r916msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://www.4399.com/flash/180977_3.htmmsedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://tg.602.commsedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://www.4399.com/flash/127539_4.htmmsedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
http://anglebug.com/4633msedgewebview2.exe, 00000002.00000003.1810937194.00003C9C00D30000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2944164356.00003C9C008B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1810086397.00003C9C00BBC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2930557082.000011080000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2933386202.000011080020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807124666.000011080017C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1806987533.0000110800164000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807017100.0000110800170000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://anglebug.com/7382msedgewebview2.exe, 00000002.00000003.1810937194.00003C9C00D30000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2944164356.00003C9C008B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1810086397.00003C9C00BBC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2930557082.000011080000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2933386202.000011080020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807124666.000011080017C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1806987533.0000110800164000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807017100.0000110800170000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://www.4399.com/flash/205462_4.htmmsedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://www.4399.com/flash/145991_4.htmmsedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://www.4399.com/flash/203215_3.htmhttps://www.4399.com/flash/203178_3.htmmsedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://nmt.localhost/(msedgewebview2.exe, 00000002.00000002.2945150687.00003C9C00ACC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2941142440.00003C9C0019C000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://www.chambersign.org1msedgewebview2.exe, 00000002.00000002.2942788768.00003C9C0060C000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://ntp.msn.cn/edge/ntpmsedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpfalse
  • 1%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://www.4399.com/flash/39379_2.htmmsedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
http://nmt.localhost.RSecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000002.2917307894.0000000003F34000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://www.4399.com/flash/55146_4.htmmsedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://www.4399.com/flash/195673_4.htmmsedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
http://nmt.localhosttSecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000002.2917307894.0000000003F10000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://kf.07073.commsedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpfalse
  • 1%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://www.4399.com/flash/18012.htmmsedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
http://nmt.localhost/dmsedgewebview2.exe, 00000002.00000002.2944089939.00003C9C00885000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://bd.gy912.commsedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://www.91duba.com/?f=msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
http://anglebug.com/6929msedgewebview2.exe, 00000002.00000003.1810937194.00003C9C00D30000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1810086397.00003C9C00BBC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2930557082.000011080000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2933386202.000011080020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807124666.000011080017C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1806987533.0000110800164000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807017100.0000110800170000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://www.4399.com/flash/217926_2.htmmsedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://www.4399.com/flash/218860_1.htmmsedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://anglebug.com/7246msedgewebview2.exe, 00000002.00000003.1810937194.00003C9C00D30000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2943336648.00003C9C00738000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1810086397.00003C9C00BBC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2930557082.000011080000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2933386202.000011080020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807124666.000011080017C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1806969487.0000110800154000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1806987533.0000110800164000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807017100.0000110800170000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://www.4399.com/flash/27924_2.htmmsedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://anglebug.com/7369msedgewebview2.exe, 00000002.00000002.2945563973.00003C9C00C4C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1810937194.00003C9C00D30000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1809988517.00003C9C00C5C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2944164356.00003C9C008B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2943336648.00003C9C00738000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1810086397.00003C9C00BBC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2930557082.000011080000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2933386202.000011080020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807124666.000011080017C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1806987533.0000110800164000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807017100.0000110800170000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://anglebug.com/7489msedgewebview2.exe, 00000002.00000003.1810937194.00003C9C00D30000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2944164356.00003C9C008B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1810086397.00003C9C00BBC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2930557082.000011080000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2933386202.000011080020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807124666.000011080017C000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://www.4399.com/flash/18012_4.htmmsedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://www.newduba.cn/?msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://www.4399.com/flash/48504.htmmsedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpfalse
  • 1%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
http://nmt.localhostgRefererx.http://nmt.localhost/assets/index-BUegJusl.cssjUser-AgentxSecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000002.2937856838.0000173C002EC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2945332230.00003C9C00B38000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://df.edge.qhkj.baicana.commsedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpfalse
  • 1%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://issuetracker.google.com/161903006msedgewebview2.exe, 00000002.00000003.1810937194.00003C9C00D30000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2945904059.00003C9C00D4C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1810086397.00003C9C00BBC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2932896611.00001108001CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2930557082.000011080000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2933472953.0000110800218000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1812205357.00001108001CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807124666.000011080017C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1806987533.0000110800164000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2932373277.0000110800104000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807017100.0000110800170000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://www.office.com/OfficeeEATEmsedgewebview2.exe, 00000002.00000002.2946629217.00003C9C00E8D000.00000004.00000800.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://tp.9377s.commsedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpfalse
  • 3%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
http://anglebug.com/4722msedgewebview2.exe, 00000002.00000003.1810937194.00003C9C00D30000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1810086397.00003C9C00BBC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2930557082.000011080000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2933386202.000011080020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807124666.000011080017C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1806969487.0000110800154000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1806987533.0000110800164000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807017100.0000110800170000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://nmt.localhost/msedgewebview2.exe, 00000002.00000003.2397617655.00003C9C0086C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2944125783.00003C9C00890000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2944089939.00003C9C00885000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2942788768.00003C9C0060C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2941252455.00003C9C001C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2943858900.00003C9C0082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2942166058.00003C9C0040C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2923717775.00000052F37F2000.00000004.00000010.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2943828064.00003C9C0081C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2940783054.00003C9C000E8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2933212335.00000154DD6D5000.00000002.00000001.00040000.0000001A.sdmp, msedgewebview2.exe, 00000002.00000002.2919504172.00000052987FC000.00000004.00000010.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2941142440.00003C9C0019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2944948137.00003C9C00A88000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2946518924.00003C9C00E5C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2945297044.00003C9C00B20000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2941072072.00003C9C0017C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2945936546.00003C9C00D58000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1823010420.00003C9C00E0C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2941002003.00003C9C0015C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2940818634.00003C9C000F8000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://nmt.localhost/assets/index-BUegJusl.cssNRSecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000002.2917307894.0000000003F34000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://r.emsoso.cnmsedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://www.4399.com/flash/zmhj.htmmsedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://www.4399.com/flash/69156_1.htmmsedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpfalse
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
unknown
https://www.4399.com/flash/776_1.htmmsedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://129fy.ie.chalai.netmsedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://www.4399.com/flash/198637_4.htmmsedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://www.4399.com/flash/133630_4.htmmsedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://e6.i.lencr.org/0Amsedgewebview2.exe, 00000002.00000002.2942166058.00003C9C0040C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000006.00000002.2927450900.000042C4001D8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000006.00000002.2926221731.000042C40017C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000006.00000002.2929875286.000042C400364000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://nmt.localhost/fonts/JetBrainsMono-Medium.ttf.8SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000002.2917307894.0000000003F34000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://html4/loose.dtdSecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000002.2923480101.0000000140485000.00000002.00000001.01000000.00000003.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://sgcs.edge.ker58.commsedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://www.4399.com/flash/218717_2.htmmsedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://www.4399.com/flash/136516_3.htmmsedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://www.4399.com/flash/203215_3.htmmsedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://www.4399.com/flash/207195_4.htmmsedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://anglebug.com/3502msedgewebview2.exe, 00000002.00000003.1810937194.00003C9C00D30000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1810086397.00003C9C00BBC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2930557082.000011080000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2933386202.000011080020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807124666.000011080017C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1806987533.0000110800164000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807017100.0000110800170000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://anglebug.com/3623msedgewebview2.exe, 00000002.00000003.1810937194.00003C9C00D30000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1810086397.00003C9C00BBC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2945525182.00003C9C00C2C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2931705134.00001108000AC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807124666.000011080017C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1806987533.0000110800164000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807017100.0000110800170000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://discovery.lenovo.com.cn/home062291msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://www.newduba.cn/?f=msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://hao.360.com/?src=jsqthmsedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://anglebug.com/3625msedgewebview2.exe, 00000002.00000003.1810937194.00003C9C00D30000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1810086397.00003C9C00BBC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2945525182.00003C9C00C2C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2931705134.00001108000AC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807124666.000011080017C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1806987533.0000110800164000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807017100.0000110800170000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://anglebug.com/3624msedgewebview2.exe, 00000002.00000003.1810937194.00003C9C00D30000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1810086397.00003C9C00BBC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2945525182.00003C9C00C2C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2931705134.00001108000AC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807124666.000011080017C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1806987533.0000110800164000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807017100.0000110800170000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://www.4399.com/flash/217855_4.htmmsedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://anglebug.com/3862msedgewebview2.exe, 00000002.00000003.1810937194.00003C9C00D30000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2944164356.00003C9C008B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1810086397.00003C9C00BBC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2930557082.000011080000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2933386202.000011080020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807124666.000011080017C000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://docs.rs/getrandom#nodejs-es-module-supportSecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000002.2923480101.0000000140485000.00000002.00000001.01000000.00000003.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://yxtg.taojike.com.cn/tg/ttfc.html?sc=msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://nmt.localhost/fonts/JetBrainsMono-Medium.ttfSecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000002.2917307894.0000000003F34000.00000004.00000020.00020000.00000000.sdmp, msedgewebview2.exe, 00000008.00000003.1883540562.0000729800EC8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000008.00000003.1879477343.0000729800EC8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000008.00000003.2041030324.0000729800ED0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000008.00000003.2163519243.0000729800EC8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000008.00000003.1917792983.0000729800EC8000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://anglebug.com/4836msedgewebview2.exe, 00000002.00000003.1810937194.00003C9C00D30000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2944164356.00003C9C008B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1810086397.00003C9C00BBC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2942935131.00003C9C00660000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2930557082.000011080000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2933386202.000011080020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807124666.000011080017C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1806987533.0000110800164000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807017100.0000110800170000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://issuetracker.google.com/issues/166475273msedgewebview2.exe, 00000002.00000003.1810937194.00003C9C00D30000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2942898093.00003C9C00650000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1810086397.00003C9C00BBC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807124666.000011080017C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2930740792.0000110800024000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1806969487.0000110800154000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1806987533.0000110800164000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807017100.0000110800170000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://www.4399.com/flash/21674_3.htmmsedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://www.4399.com/flash/204650_1.htmmsedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://sts.windows.net/msedgewebview2.exe, 00000002.00000002.2941665427.00003C9C00250000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://www.4399.com/flash/115339_1.htmmsedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://www.4399.com/flash/203369_3.htmmsedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://www.jiegeng.commsedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://www.office.com/wmsedgewebview2.exe, 00000002.00000002.2945563973.00003C9C00C4C000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://internet-start.net/?msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://www.4399.com/flash/35538.htmmsedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://www.4399.com/flash/218066_3.htmmsedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://www.4399.com/flash/6232_3.htmmsedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://x1.c.lencr.org/0msedgewebview2.exe, 00000002.00000002.2942166058.00003C9C0040C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000006.00000002.2925361836.000042C400144000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
http://x1.i.lencr.org/0msedgewebview2.exe, 00000002.00000002.2942166058.00003C9C0040C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000006.00000002.2925361836.000042C400144000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://www.4399.com/flash/195990_1.htmmsedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://www.4399.com/flash/12669_4.htmmsedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://www.4399.com/flash/204056_4.htmmsedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://anglebug.com/3970msedgewebview2.exe, 00000002.00000003.1810937194.00003C9C00D30000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2942166058.00003C9C0040C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1810086397.00003C9C00BBC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2942935131.00003C9C00660000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2930557082.000011080000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2933386202.000011080020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807124666.000011080017C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1806969487.0000110800154000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1806987533.0000110800164000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807017100.0000110800170000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown
https://www.4399.com/flash/205090_2.htmmsedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://www.startfenster.demsedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://nmt.localhost/vite.svgSecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000002.2917307894.0000000003F34000.00000004.00000020.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2945563973.00003C9C00C4C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2945904059.00003C9C00D4C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2946201941.00003C9C00DB4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000002.2942935131.00003C9C00660000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000008.00000003.1879419687.0000729800A98000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000008.00000003.1896842489.0000729800A78000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000008.00000003.1858330172.0000729800A88000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000008.00000003.1851703273.0000729800A9E000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000008.00000003.1854159030.0000729800A98000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000008.00000003.1851162910.0000729800A9E000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000008.00000003.2069186635.0000729800A98000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000008.00000003.1872797065.0000729800A88000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000008.00000003.1910676236.0000729800A88000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000008.00000003.1884035624.0000729800A88000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000008.00000003.1909818863.0000729800A78000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000008.00000003.1894353484.0000729800A88000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000008.00000003.1897223372.0000729800A80000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000008.00000003.2040192649.0000729800A98000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000008.00000003.2042524603.0000729800A90000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000008.00000003.1857855147.0000729800A7E000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://www.4399.com/flash/10379_3.htmmsedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://www.4399.com/flash/203018_4.htmmsedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://.jpgSecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000002.2923480101.0000000140485000.00000002.00000001.01000000.00000003.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://login.chinacloudapi.cn/msedgewebview2.exe, 00000002.00000002.2941665427.00003C9C00250000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://nmt.localhost/fonts/LexendExa-Bold.ttfSecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe, 00000000.00000002.2917307894.0000000003F34000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://www.so.com/?src=msedgewebview2.exe, 00000002.00000002.2942712805.00003C9C005D0000.00000004.00000800.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://anglebug.com/5901msedgewebview2.exe, 00000002.00000002.2945563973.00003C9C00C4C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1810937194.00003C9C00D30000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1809988517.00003C9C00C5C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000002.00000003.1810086397.00003C9C00BBC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2930557082.000011080000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807047048.00001108001A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000002.2933386202.000011080020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807124666.000011080017C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1806987533.0000110800164000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000005.00000003.1807017100.0000110800170000.00000004.00000800.00020000.00000000.sdmpfalse
  • URL Reputation: safe
unknown

World Map of Contacted IPs

  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Public IPs

IPDomainCountryFlagASNASN NameMalicious
162.159.61.3
chrome.cloudflare-dns.comUnited States
13335CLOUDFLARENETUSfalse
13.107.21.239
unknownUnited States
8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
172.64.41.3
unknownUnited States
13335CLOUDFLARENETUSfalse
5.42.101.19
nmtsocial.unoRussian Federation
39493RU-KSTVKolomnaGroupofcompaniesGuarantee-tvRUfalse

Private

IP
127.0.0.1

General Information

Joe Sandbox version:40.0.0 Tourmaline
Analysis ID:1502192
Start date and time:2024-08-31 14:19:06 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 5m 29s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:default.jbs
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:15
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • HCA enabled
  • EGA enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Sample name:SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe
Detection:MAL
Classification:mal80.evad.mine.winEXE@12/140@5/5
EGA Information:Failed
HCA Information:
  • Successful, ratio: 100%
  • Number of executed functions: 0
  • Number of non-executed functions: 0
Cookbook Comments:
  • Found application associated with file extension: .exe

Warnings

  • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe
  • Excluded IPs from analysis (whitelisted): 13.107.42.16, 142.250.80.67, 142.250.65.163
  • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, config.edge.skype.com.trafficmanager.net, slscr.update.microsoft.com, l-0007.config.skype.com, config-edge-skype.l-0007.l-msedge.net, msedge.b.tlu.dl.delivery.mp.microsoft.com, ctldl.windowsupdate.com, www.gstatic.com, l-0007.l-msedge.net, config.edge.skype.com, fe3cr.delivery.mp.microsoft.com
  • Execution Graph export aborted for target msedgewebview2.exe, PID 7944 because there are no executed function
  • Execution Graph export aborted for target msedgewebview2.exe, PID 8008 because there are no executed function
  • Execution Graph export aborted for target msedgewebview2.exe, PID 8032 because there are no executed function
  • Not all processes where analyzed, report is missing behavior information
  • Report size getting too big, too many NtAllocateVirtualMemory calls found.
  • Report size getting too big, too many NtOpenKeyEx calls found.
  • Report size getting too big, too many NtProtectVirtualMemory calls found.
  • Report size getting too big, too many NtQueryValueKey calls found.
  • Report size getting too big, too many NtReadVirtualMemory calls found.

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
162.159.61.3file.exeGet hashmaliciousUnknownBrowse
    file.exeGet hashmaliciousUnknownBrowse
      file.exeGet hashmaliciousUnknownBrowse
        file.exeGet hashmaliciousUnknownBrowse
          file.exeGet hashmaliciousUnknownBrowse
            file.exeGet hashmaliciousUnknownBrowse
              file.exeGet hashmaliciousUnknownBrowse
                file.exeGet hashmaliciousUnknownBrowse
                  file.exeGet hashmaliciousUnknownBrowse
                    file.exeGet hashmaliciousUnknownBrowse
                      13.107.21.239https://iv1tm.ykrbkt.ru/iV1TM/#hans.wurst@us.comGet hashmaliciousHTMLPhisherBrowse
                        pdftool-v3.2.1222.0.msiGet hashmaliciousUnknownBrowse
                          https://verif.dlvideosfre.click/2ndhsoruGet hashmaliciousUnknownBrowse
                            FACTUR@484859 - 345677890A.emlGet hashmaliciousUnknownBrowse
                              PDFpower (1).exeGet hashmaliciousUnknownBrowse
                                https://acrobat.adobe.com/id/urn:aaid:sc:EU:98ca4a25-984a-4511-9eb1-b7e6c5c56a12Get hashmaliciousHTMLPhisherBrowse
                                  BraveBrowserSetup-BRV010.exeGet hashmaliciousUnknownBrowse
                                    BraveBrowserSetup-BRV010.exeGet hashmaliciousUnknownBrowse
                                      RmwvP67C7X.exeGet hashmaliciousAmadey, Babadeda, Stealc, VidarBrowse
                                        setup.exeGet hashmaliciousAmadey, Babadeda, Stealc, VidarBrowse
                                          172.64.41.3file.exeGet hashmaliciousUnknownBrowse
                                            file.exeGet hashmaliciousUnknownBrowse
                                              file.exeGet hashmaliciousUnknownBrowse
                                                file.exeGet hashmaliciousUnknownBrowse
                                                  file.exeGet hashmaliciousUnknownBrowse
                                                    file.exeGet hashmaliciousUnknownBrowse
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                        file.exeGet hashmaliciousUnknownBrowse
                                                          file.exeGet hashmaliciousUnknownBrowse
                                                            file.exeGet hashmaliciousUnknownBrowse

                                                              Domains

                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                              chrome.cloudflare-dns.comfile.exeGet hashmaliciousUnknownBrowse
                                                              • 162.159.61.3
                                                              file.exeGet hashmaliciousUnknownBrowse
                                                              • 172.64.41.3
                                                              file.exeGet hashmaliciousUnknownBrowse
                                                              • 172.64.41.3
                                                              file.exeGet hashmaliciousUnknownBrowse
                                                              • 162.159.61.3
                                                              file.exeGet hashmaliciousUnknownBrowse
                                                              • 172.64.41.3
                                                              file.exeGet hashmaliciousUnknownBrowse
                                                              • 162.159.61.3
                                                              file.exeGet hashmaliciousUnknownBrowse
                                                              • 162.159.61.3
                                                              file.exeGet hashmaliciousUnknownBrowse
                                                              • 172.64.41.3
                                                              file.exeGet hashmaliciousUnknownBrowse
                                                              • 162.159.61.3
                                                              file.exeGet hashmaliciousUnknownBrowse
                                                              • 172.64.41.3

                                                              ASNs

                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                              MICROSOFT-CORP-MSN-AS-BLOCKUSfile.exeGet hashmaliciousUnknownBrowse
                                                              • 13.107.246.57
                                                              file.exeGet hashmaliciousUnknownBrowse
                                                              • 13.107.246.60
                                                              file.exeGet hashmaliciousUnknownBrowse
                                                              • 13.107.246.60
                                                              file.exeGet hashmaliciousUnknownBrowse
                                                              • 13.107.246.57
                                                              file.exeGet hashmaliciousUnknownBrowse
                                                              • 13.107.246.57
                                                              SecuriteInfo.com.Linux.Siggen.9999.15938.22369.elfGet hashmaliciousMiraiBrowse
                                                              • 20.65.255.2
                                                              SecuriteInfo.com.Linux.Siggen.9999.6222.10653.elfGet hashmaliciousMiraiBrowse
                                                              • 20.110.97.184
                                                              SecuriteInfo.com.Linux.Siggen.9999.28313.2324.elfGet hashmaliciousMiraiBrowse
                                                              • 20.54.143.248
                                                              SecuriteInfo.com.Linux.Siggen.9999.29618.24208.elfGet hashmaliciousMiraiBrowse
                                                              • 40.96.151.201
                                                              file.exeGet hashmaliciousUnknownBrowse
                                                              • 13.107.246.57
                                                              CLOUDFLARENETUSplay.exeGet hashmaliciousFormBookBrowse
                                                              • 188.114.96.3
                                                              BankPaymAdviceVend.Report.docxGet hashmaliciousUnknownBrowse
                                                              • 188.114.96.3
                                                              file.exeGet hashmaliciousUnknownBrowse
                                                              • 172.64.41.3
                                                              file.exeGet hashmaliciousLummaC, PureLog StealerBrowse
                                                              • 188.114.96.3
                                                              https://emp.eduyield.com/el?aid=28gedda0e6c-1865-11ef-80aa-0217a07992df&rid=33766156&pid=771868&cid=497&dest=google.com.////amp/s/innhanhanhsang.com.vn/.dev/RgZNq3Jz/a2ltLmZvcmRAcmF2ZWlzLmNvbQ==$%C3%A3%E2%82%ACGet hashmaliciousUnknownBrowse
                                                              • 188.114.96.3
                                                              file.exeGet hashmaliciousUnknownBrowse
                                                              • 172.64.41.3
                                                              wfJfUGeGT3.exeGet hashmaliciousAmadey, Cryptbot, LummaC Stealer, PureLog Stealer, RedLine, XWorm, zgRATBrowse
                                                              • 188.114.96.3
                                                              file.exeGet hashmaliciousUnknownBrowse
                                                              • 172.64.41.3
                                                              dmhu7oz5yP.exeGet hashmaliciousDCRatBrowse
                                                              • 188.114.97.3
                                                              file.exeGet hashmaliciousUnknownBrowse
                                                              • 172.64.41.3
                                                              CLOUDFLARENETUSplay.exeGet hashmaliciousFormBookBrowse
                                                              • 188.114.96.3
                                                              BankPaymAdviceVend.Report.docxGet hashmaliciousUnknownBrowse
                                                              • 188.114.96.3
                                                              file.exeGet hashmaliciousUnknownBrowse
                                                              • 172.64.41.3
                                                              file.exeGet hashmaliciousLummaC, PureLog StealerBrowse
                                                              • 188.114.96.3
                                                              https://emp.eduyield.com/el?aid=28gedda0e6c-1865-11ef-80aa-0217a07992df&rid=33766156&pid=771868&cid=497&dest=google.com.////amp/s/innhanhanhsang.com.vn/.dev/RgZNq3Jz/a2ltLmZvcmRAcmF2ZWlzLmNvbQ==$%C3%A3%E2%82%ACGet hashmaliciousUnknownBrowse
                                                              • 188.114.96.3
                                                              file.exeGet hashmaliciousUnknownBrowse
                                                              • 172.64.41.3
                                                              wfJfUGeGT3.exeGet hashmaliciousAmadey, Cryptbot, LummaC Stealer, PureLog Stealer, RedLine, XWorm, zgRATBrowse
                                                              • 188.114.96.3
                                                              file.exeGet hashmaliciousUnknownBrowse
                                                              • 172.64.41.3
                                                              dmhu7oz5yP.exeGet hashmaliciousDCRatBrowse
                                                              • 188.114.97.3
                                                              file.exeGet hashmaliciousUnknownBrowse
                                                              • 172.64.41.3
                                                              RU-KSTVKolomnaGroupofcompaniesGuarantee-tvRU7NtKYH4Ejx.exeGet hashmaliciousNymaimBrowse
                                                              • 5.42.64.3
                                                              7NtKYH4Ejx.exeGet hashmaliciousNymaimBrowse
                                                              • 5.42.64.3
                                                              https://d.metrckter.com/1pwkqpuod22w.htmlGet hashmaliciousUnknownBrowse
                                                              • 5.42.103.144
                                                              9c0e6f401644a7fe1eabace6fe5e0b10c20c73db7c28b.exeGet hashmaliciousRedLineBrowse
                                                              • 5.42.92.213
                                                              injector.exeGet hashmaliciousRedLineBrowse
                                                              • 5.42.92.213
                                                              P8Cw9drW3m.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                              • 45.15.159.127
                                                              a86htsmUe5.exeGet hashmaliciousRedLineBrowse
                                                              • 5.42.92.213
                                                              SecuriteInfo.com.Trojan.PWS.RedLineNET.9.15216.6695.exeGet hashmaliciousRedLineBrowse
                                                              • 5.42.65.96
                                                              qg155Ew08h.exeGet hashmaliciousRedLineBrowse
                                                              • 5.42.92.213
                                                              nuCc19sDOl.exeGet hashmaliciousRedLineBrowse
                                                              • 5.42.92.213

                                                              JA3 Fingerprints

                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                              74954a0c86284d0d6e1c4efefe92b521slmgr.vbsGet hashmaliciousUnknownBrowse
                                                              • 5.42.101.19
                                                              scan_9374673_Medoc.pdf.exeGet hashmaliciousDBatLoader, TVratBrowse
                                                              • 5.42.101.19
                                                              scan_9374673_Medoc.pdf.exeGet hashmaliciousDBatLoader, TVratBrowse
                                                              • 5.42.101.19
                                                              i.batGet hashmaliciousUnknownBrowse
                                                              • 5.42.101.19
                                                              Archive.zipGet hashmaliciousGandcrabBrowse
                                                              • 5.42.101.19
                                                              attachment.txt.lnkGet hashmaliciousUnknownBrowse
                                                              • 5.42.101.19
                                                              Doc1.docmGet hashmaliciousPython StealerBrowse
                                                              • 5.42.101.19
                                                              YENB0G9CNCEL.batGet hashmaliciousAsyncRAT, DcRatBrowse
                                                              • 5.42.101.19
                                                              Eksik#U0130slemBildirimi.batGet hashmaliciousUnknownBrowse
                                                              • 5.42.101.19
                                                              Turkiye_Sigorta_Komisyon_Odemesi_Hatalar#U0131.batGet hashmaliciousUnknownBrowse
                                                              • 5.42.101.19

                                                              Dropped Files

                                                              No context

                                                              Created / dropped Files

                                                              C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):2278
                                                              Entropy (8bit):3.85781354017312
                                                              Encrypted:false
                                                              SSDEEP:48:uiTrlKxrgxWxl9Il8uZe0IlFczRFh5+ofmkGow8lEd1rc:m3YGohgQmkGoX
                                                              MD5:C97F00544AC6871037E3879E6F40DB1C
                                                              SHA1:77C9CBA33AACA3F50904E736B3469C6881E36F4C
                                                              SHA-256:C7C2C166A0372FB3193731C4234CB25769CB0C1C5D6CE32C8118A6D2EF96FF82
                                                              SHA-512:573B38AE048F3107ED8A72931E1FA0390FB409AE3EE17A5621DC9963730AADC661242A118993AB23E7EFADEF4B878509C4EDC5040FC49A38077DEEBB716388DC
                                                              Malicious:false
                                                              Reputation:low
                                                              Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".W.i.p.w.W.M.+.N.H.l.b.C.D.m.s.Z.p.8.S.O.s.j.h.t.F.B.s.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".g.O.t.4.h.q.j.7.2.g.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.Y.b.J.d.W.k.

                                                              C:\Users\user\AppData\Local\Temp\40cb8e6c-55e7-4f64-9302-50475c1a318f.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1219696
                                                              Category:modified
                                                              Size (bytes):200360
                                                              Entropy (8bit):7.973744571139147
                                                              Encrypted:false
                                                              SSDEEP:3072:AmDeKJqYDGA72WO0mfSCEr1Kk5qgyvZyqeKPaORHV6VT0R1Wy0OOzBvK3jEbrpz7:A48NABOGXd8c4ZHSTR9vK3Qx6SwSPt
                                                              MD5:D56A35C8B2926FD8A5726FEC87A2BB11
                                                              SHA1:63A90D0DA10318055BCFFC71D21DDC939AC45E31
                                                              SHA-256:958B12A900A245AB93EEEA1F767CD9904C76AB78514EC16F3A388A141AA8A6D6
                                                              SHA-512:0E1AAB6A173872C9E952958D9110AD7E7C83A366168EE2A7158C37C48A3518091E51DB954870B60E56CEBCA862F879D18509525508E82706EDDE525CF40E84F0
                                                              Malicious:false
                                                              Reputation:low
                                                              Preview:...........mwT..0...+.'k..I.@.9.i....rx.\ ....4v.thw..6.....R..JRi..9.>w....%m.T*.{.wc.tW.s7q#..v.......c........o.p..OK...u.......7........|..^.o.`|is....3w...Wg....r...#..9|..oS...?..q..aF3.#<Y..?......|.g.Ts~V..j..a..?.+..-.~...S...._..}......Qv}..?.9.p.+......e.G;........#?...p....+.w=...@......3..?.#...O|.....'...#....._...0....?._|G#/.<..[}x...../.@.^......*W.....C.............W\..}}.2.W.O....^.........X......W....oh.v..\.<.c.........F.g..........HY#..a.0.p......|g._.{l...{................&....>c.....E..^.W...|e|............~...c.......M0*.z..?...:..a........D(..J....8.S?.=nS.Q.8..#..+..1....w.. ~...1Az..j.4d.O~.6...d.U.o..i...........w.....x..rE8z......1.{[..4....0...9]..#....s..@...8.o.Oa....V...W._.........>P..|.......~.......}Gm.......3..^.."x\q/.X...B.;p...K....=..3|...f..{.4*@o..X5..O....w.?....ul...........zjz....>....?w....Z\.^.^..y...?....7]~N...LO...C.pw..y.}4..!?.S..K.1.0S....;~.O.l_..>v..}.....M.....[...V.....".....l....(

                                                              C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\01242091-cba0-40ee-b922-93b82916d3dd.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):950
                                                              Entropy (8bit):5.743859093142071
                                                              Encrypted:false
                                                              SSDEEP:24:YKWJu5rrtMt0JELE7BnaeCUWO5bPbvXX7QQRCYfYg:Yqf+t0JEmBnZH5PvnUB0
                                                              MD5:2A2CD60C9FE2163912C61C65E9A3DC10
                                                              SHA1:ADCE433B399D982DE483C277F869B1524D324EA7
                                                              SHA-256:C35C4F5D216D94461497D6584B12ABC7746956E3636667BF0781F0D31FC626E5
                                                              SHA-512:534EB96E269084ABB79766FD67A1EFCCC131FA95A17D6CD5FBB2186A79BF060C07A4F8F171651759BF9D38EC8D493034296E7F18A46AA819999C4592F7024ECA
                                                              Malicious:false
                                                              Reputation:low
                                                              Preview:{"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABhsl1aQVbMQoaFAtlKP7OjEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAACR5sCZHXkMVHWrH0xsM20ZpfPFS5uBRnD6+2XfGrAScAAAAAAOgAAAAAIAACAAAAACmHGYskA22D0vHEd2COSd2rPLXGdXRLX2yakIRBIkRzAAAABPR/WTroV5Uj9NJ5WoHH72yWOSUxDpA0nsVBD4NuM5JB1gPdCPYP8jtkM58QUQTMVAAAAAEBOTvuRFgJ/OwknoIJATwmPSZVWqma1H+4sv+bZ4p33qjVhTY6qB1aopWY9BhaTwUj3XXY+rbMVUMuXzE2VgiQ=="},"uninstall_metrics":{"installation_date2":"1725106809"},"user_experience_metrics":{"client_id2":"{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}C:\\Users\\user0s:92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A","diagnostics":{"last_data_collection_level_on_launch":1},"low_entropy_source3":1009,"pseudo_low_entropy_source":3349,"reset_client_id_deterministic":true,"stability":{"browser_last_live_timestamp":"13369580409769661","stats_buildtime":"1695934310","stats_version":"117.0.2045.47-64","system_crash_count":0}}}

                                                              C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\0204d1f9-91b6-49e1-a57d-1c06696f9c46.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):2899
                                                              Entropy (8bit):5.321322583780378
                                                              Encrypted:false
                                                              SSDEEP:48:YDEFMsFiHGS0af+t0JEde3p8QSh/cIgwLURMYXylVotoW95K1DGHB+kdrxMBnZHZ:PNkGS1f+yl58rh/cI9URoDotocjBVCpr
                                                              MD5:25F9FB773234FE67BC937236581EC61C
                                                              SHA1:0A962C1F03A3F57CD03A53A49113ACD91A89C5AA
                                                              SHA-256:2F140133AD44DD8367139204245B823E1740C3BA9F2A2A1975F44241A1593A43
                                                              SHA-512:8410E166D5755EC33BD9F36C83B285A067266B557AF404E61F68201E0A72BB92D7C583F4B442653F6C7E22F5438FA21A899A71FE1136BE764C6205BA80C82456
                                                              Malicious:false
                                                              Reputation:low
                                                              Preview:{"dual_engine":{"ie_to_edge":{"redirection_mode":0}},"edge":{"tab_stabs":{"closed_without_unfreeze_never_unfrozen":0,"closed_without_unfreeze_previously_unfrozen":0,"discard_without_unfreeze_never_unfrozen":0,"discard_without_unfreeze_previously_unfrozen":0},"tab_stats":{"frozen_daily":0,"unfrozen_daily":0}},"fre":{"oem_bookmarks_set":true},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABhsl1aQVbMQoaFAtlKP7OjEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAACR5sCZHXkMVHWrH0xsM20ZpfPFS5uBRnD6+2XfGrAScAAAAAAOgAAAAAIAACAAAAACmHGYskA22D0vHEd2COSd2rPLXGdXRLX2yakIRBIkRzAAAABPR/WTroV5Uj9NJ5WoHH72yWOSUxDpA0nsVBD4NuM5JB1gPdCPYP8jtkM58QUQTMVAAAAAEBOTvuRFgJ/OwknoIJATwmPSZVWqma1H+4sv+bZ4p33qjVhTY6qB1aopWY9BhaTwUj3XXY+rbMVUMuXzE2VgiQ=="},"policy":{"last_statistics_update":"13369580410081676"},"profile":{"info_cache":{"Default":{"avatar_icon":"chrome://t

                                                              C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\79a8676f-615e-493f-bb3a-87fc1e15891f.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):16229
                                                              Entropy (8bit):6.0682369369419735
                                                              Encrypted:false
                                                              SSDEEP:384:dtMGQ7LBjuYXGIgtDAW5u0TDJ2q03XNBSLEHpGc83i3F3n:XMGQ7FCYXGIgtDAWtJ45HpGc83i1X
                                                              MD5:491F341BF46B35280644E5F0DE61546E
                                                              SHA1:E2B7EA2EF929ACFC3A9FE0A22F996D1420844AFB
                                                              SHA-256:D24DA1B0E4B9F13048D06C4489AAF627F9AA0F3F5174D18A11809AC5CD1F588D
                                                              SHA-512:7D69B3BECBBC3948202C912F5711B805FF3BE05B3CC452E3FBA70E888CDF122152237CA16FB2DB00A5355CD2F2EF23F04B240F38A2530E0351D94CBE11F5A156
                                                              Malicious:false
                                                              Reputation:low
                                                              Preview:{"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm3rXSyzABnWdKBG+Ijlx7hEE4QTzo+AB6fnDLLJBpo7PKv8Ob367/KjUg8mcY6CmCjTJCmtsWFOcUf5vj04cw0e1yZe2WAl8svFn5IC43jfc+dLnGrEyDwAicHCxNdhlrVa5LEtTgt5u2lAK02pd198r5dr5VYgHj55jUJZGTtlg0NlA7S5AnvB8l7z3olnPV2vfCLsugvBUH7vTVIe9Y151SnmS2Auyvcr5UGYXBvzT2s0L3fKpCZl+2D91MLf04NPNNUni9BZmDP4Sfjk2Ig7ktgg8r8InfhHz//zSP7e8bquWlsDJ411jYlhlRsBQRm+LIWvOaiW4hdcyEra5fCtzINfylY7VRB4yiCP35c3GslC7pbGWtdjepFQa8o4gNsBaDMhehaeQEDKO6AuQYO0uvD+5/wQXojHN6Y2SPI05Q0YrzvQdAR90ulreieqdtVSV

                                                              C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\8e57af8d-8650-4054-94c6-4bd0fd06fb19.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):17463
                                                              Entropy (8bit):6.063512452741912
                                                              Encrypted:false
                                                              SSDEEP:384:dtMGQ7LBjuYXGIgtDAW5u0TDJ2q03lNBSLEHQ2wwx6Gc83i3F3n:XMGQ7FCYXGIgtDAWtJ4PHdwwx6Gc83iJ
                                                              MD5:387213CAEA630BF5F8D752436FEA6EC2
                                                              SHA1:8552E46C59B384443116D5CCC684D41E46836A84
                                                              SHA-256:1C45D204596000E281D945A6BC03FFAC748B653082C9E49DB53FF72BF428B5A0
                                                              SHA-512:1EB0C38E8BAB0F112434A0BAC64A193F4CA08E33814147C432255C28ACCCBBA5CB9B5124E2C895C0C3A4C3CB94DF55C8138B855B731965E122771D79E950B5A0
                                                              Malicious:false
                                                              Reputation:low
                                                              Preview:{"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm3rXSyzABnWdKBG+Ijlx7hEE4QTzo+AB6fnDLLJBpo7PKv8Ob367/KjUg8mcY6CmCjTJCmtsWFOcUf5vj04cw0e1yZe2WAl8svFn5IC43jfc+dLnGrEyDwAicHCxNdhlrVa5LEtTgt5u2lAK02pd198r5dr5VYgHj55jUJZGTtlg0NlA7S5AnvB8l7z3olnPV2vfCLsugvBUH7vTVIe9Y151SnmS2Auyvcr5UGYXBvzT2s0L3fKpCZl+2D91MLf04NPNNUni9BZmDP4Sfjk2Ig7ktgg8r8InfhHz//zSP7e8bquWlsDJ411jYlhlRsBQRm+LIWvOaiW4hdcyEra5fCtzINfylY7VRB4yiCP35c3GslC7pbGWtdjepFQa8o4gNsBaDMhehaeQEDKO6AuQYO0uvD+5/wQXojHN6Y2SPI05Q0YrzvQdAR90ulreieqdtVSV

                                                              C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\952a6b4c-413b-476d-9df7-3b70f4218868.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):17514
                                                              Entropy (8bit):6.062707191691727
                                                              Encrypted:false
                                                              SSDEEP:384:dtMGQ7LBjuYXGIgtDAW5u0TDJ2q03lNlLEHQ2wwx6Gc83i3F3n:XMGQ7FCYXGIgtDAWtJ4qHdwwx6Gc83iJ
                                                              MD5:3EEF58B79AA297DDD85120A82F9F8B4F
                                                              SHA1:F8D56DAAA7E53157321869955CF0073D12B946FE
                                                              SHA-256:FDF7C834965A120FB72EC4E86DB6E37C9B7CDFC9581A794550F006D00B395B44
                                                              SHA-512:C2F4C69B5AFED58AC53DF1FF1B2E9ACEE9B41BF44EDEB92875E6AD83B14C5C379848EDA1B9C2507B8199FB3DFE6EAA997462E84B460B57F2020D36D90F144DEC
                                                              Malicious:false
                                                              Preview:{"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm3rXSyzABnWdKBG+Ijlx7hEE4QTzo+AB6fnDLLJBpo7PKv8Ob367/KjUg8mcY6CmCjTJCmtsWFOcUf5vj04cw0e1yZe2WAl8svFn5IC43jfc+dLnGrEyDwAicHCxNdhlrVa5LEtTgt5u2lAK02pd198r5dr5VYgHj55jUJZGTtlg0NlA7S5AnvB8l7z3olnPV2vfCLsugvBUH7vTVIe9Y151SnmS2Auyvcr5UGYXBvzT2s0L3fKpCZl+2D91MLf04NPNNUni9BZmDP4Sfjk2Ig7ktgg8r8InfhHz//zSP7e8bquWlsDJ411jYlhlRsBQRm+LIWvOaiW4hdcyEra5fCtzINfylY7VRB4yiCP35c3GslC7pbGWtdjepFQa8o4gNsBaDMhehaeQEDKO6AuQYO0uvD+5/wQXojHN6Y2SPI05Q0YrzvQdAR90ulreieqdtVSV

                                                              C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\BrowserMetrics-spare.pma (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):1310720
                                                              Entropy (8bit):0.0
                                                              Encrypted:false
                                                              SSDEEP:3::
                                                              MD5:1045BFD216AE1AE480DD0EF626F5FF39
                                                              SHA1:377E869BC123602E9B568816B76BE600ED03DBD0
                                                              SHA-256:439292E489A0A35E4A3A0FE304EA1A680337243FA53B135AA9310881E1D7E078
                                                              SHA-512:F9F8FCC23FC084AF69D7C9ABB0EF72C4684AC8DDF7FA6B2028E2F19FD67435F28534C0CF5B17453DFE352437C777D6F71CFE1D6AD3542AD9D636263400908FD2
                                                              Malicious:false
                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\BrowserMetrics-spare.pma.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):1310720
                                                              Entropy (8bit):0.0
                                                              Encrypted:false
                                                              SSDEEP:3::
                                                              MD5:1045BFD216AE1AE480DD0EF626F5FF39
                                                              SHA1:377E869BC123602E9B568816B76BE600ED03DBD0
                                                              SHA-256:439292E489A0A35E4A3A0FE304EA1A680337243FA53B135AA9310881E1D7E078
                                                              SHA-512:F9F8FCC23FC084AF69D7C9ABB0EF72C4684AC8DDF7FA6B2028E2F19FD67435F28534C0CF5B17453DFE352437C777D6F71CFE1D6AD3542AD9D636263400908FD2
                                                              Malicious:false
                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\BrowserMetrics\BrowserMetrics-66D30A79-1E18.pma

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):1310720
                                                              Entropy (8bit):0.5828502263840504
                                                              Encrypted:false
                                                              SSDEEP:1536:4fkf0UnE1O+P+ya/eRGg1DRFFyRG9FrHcqCuhO/V8RGj:+q02V+P+ya/Xg1HF7Aqq/VJ
                                                              MD5:35F966DC1BEA37448383EEF062F58083
                                                              SHA1:65DAD8438FA7AE6E431ADA187B2A6B4954DBEEB7
                                                              SHA-256:17B4E9184DD71FD3D9071F9274C9567DCCD9C8042587637E36DD4E690120ED28
                                                              SHA-512:545B7AF0C1742047E639A117B9A043AC1BF5EF6D6F18DF7EA9D929257F59D405CB6BDC0DB04A53F86D319785B9AE88616D126BC9770534F9E0091F6C50C63E1D
                                                              Malicious:false
                                                              Preview:...@............C.].....@................J..`J..............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30..............117.0.2045.47-64".en-GB*...Windows NT..10.0.190452(..x86_64..?........".gexasg20,1...x86_64J....?.^o..P......................>..*........W:00000000000000000000000000000000000000000000!00000000000000000000000000000000000000000000!SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe.G1900/01/01:00:00:00!SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe".0.1.02...".*.:...............,..(.......EarlyProcessSingleton.......Default3.(..$.......msEdgeEDropUI.......triggered....8..4... ...msDelayLoadAuthenticationManager....triggered....<..8...#...msSleepingTabsShorterTimeoutDefault.....triggered....8..4... ...msEdgeMouseGestureDefaultEnabled....triggered....8..4.......msEdgeShowHo

                                                              C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Crashpad\settings.dat

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):280
                                                              Entropy (8bit):1.8775553997663104
                                                              Encrypted:false
                                                              SSDEEP:3:FiWWltlByXMGTl/dNEjYb1gmlx/ll:o1ByXM4/dfCmlZl
                                                              MD5:0F0F185371497C8CEF57AFA5933C78F9
                                                              SHA1:E7B680AC3AB0A3FE524929FEAF9312270FF8FAA7
                                                              SHA-256:C7FC93087B614F7147AC607E2190745AF84D265356BE0D47E03BD0407AC1C2CF
                                                              SHA-512:A9499DADE4E25FBCF8EC06A8C3B750A402440AAF438EB24A2FAD40C56756B708AFF91C811D498A1A84DCD0D947784CF95B1D45D8114C33455F904C440A5E2C6A
                                                              Malicious:false
                                                              Preview:sdPC.......................a...M...,..D................................................................................................................................................................................................{F3017226-FE2A-4295-8BDF-00C3A9A7E4C.}C:........

                                                              C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Crashpad\throttle_store.dat

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):20
                                                              Entropy (8bit):3.6219280948873624
                                                              Encrypted:false
                                                              SSDEEP:3:8g6Vvn:8g6Vv
                                                              MD5:9E4E94633B73F4A7680240A0FFD6CD2C
                                                              SHA1:E68E02453CE22736169A56FDB59043D33668368F
                                                              SHA-256:41C91A9C93D76295746A149DCE7EBB3B9EE2CB551D84365FFF108E59A61CC304
                                                              SHA-512:193011A756B2368956C71A9A3AE8BC9537D99F52218F124B2E64545EEB5227861D372639052B74D0DD956CB33CA72A9107E069F1EF332B9645044849D14AF337
                                                              Malicious:false
                                                              Preview:level=none expiry=0.

                                                              C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Default\1ae02bad-75db-493d-aba8-d313357c372f.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):6780
                                                              Entropy (8bit):5.58059133801902
                                                              Encrypted:false
                                                              SSDEEP:96:v6i6Plf/ROoBpkF5d1Mil7VaTEv9V5h5pg5vezodIU854cFSpsA5IOrMn3YPo0M1:PGrsT9l554cFSpFIOAn3go0ium
                                                              MD5:8EAE49EA5BDEEF55F605501CBDA1B98E
                                                              SHA1:12A3FF8F8B248A81ABA61628D8B447E8D8F8D223
                                                              SHA-256:FD51A1D6C670990DDC3CF7EF6178659A8468C7BE78C6E9F9E12805465BF661D6
                                                              SHA-512:2692DA538336442144DFA410E305345DBED1BA23DFF0215250AE37691232BFCB2DF86C9C7CA85BA676D14EF92C8D20B44260631E1E962BAD10E3629023098CB1
                                                              Malicious:false
                                                              Preview:{"extensions":{"settings":{"dgiklkfkllikcanfonkcabmbdfmgleag":{"active_permissions":{"api":[],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13369580410161362","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13369580410161362","location":5,"manifest":{"content_capabilities":{"include_globs":["https://*excel.officeapps.live.com/*","https://*onenote.officeapps.live.com/*","https://*powerpoint.officeapps.live.com/*","https://*word-edit.officeapps.live.com/*","https://*excel.officeapps.live.com.mcas.ms/*","https://*onenote.officeapps.live.com.mcas.ms/*","https://*word-edit.officeapps.live.com.mcas.ms/*","https://*excel.partner.officewebapps.cn/*","https://*onenote.partner.officewebapps.cn/*","https://*powerpoint.partner.officewebapps.cn/*","https://*word-edit.partner.officewebapps.cn/*","https://*excel.gov.online.office365.us/*","

                                                              C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Default\4f66b902-3445-4dfa-8159-6b79c16b468c.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):6127
                                                              Entropy (8bit):4.822875586929316
                                                              Encrypted:false
                                                              SSDEEP:96:stQ/NO7s13Cb9dG8zXn85eh6Cb7/x+6MhmuecDV1eAebTY2MR7K:stEwsYGkXn88bV+FPVQAIYPhK
                                                              MD5:22BA7F0EDB3D5B0A7332B70617B6BA38
                                                              SHA1:197FC6C891695D57B22CF06CB8A183223E38B389
                                                              SHA-256:3733410E23430E785DF60F6712CB0317BA67652630FB03D410946AB10FD662D4
                                                              SHA-512:DFA80D4A8C2F219E5855504027C364504B58D057E0A6461524404BE1FFB3590B00FFEA60D4044C0E8F9335A7410F5C414FA4F62F070324A72C0C8AC237A76BE8
                                                              Malicious:false
                                                              Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13369580410192375","alternate_error_pages":{"backup":true,"enabled":false},"autocomplete":{"retention_policy_last_version":117},"autofill":{"autostuff_enabled":false,"credit_card_enabled":false,"custom_data_enabled":false,"custom_data_fill_enabled":false,"custom_data_identify_info_from_form_enabled":false,"custom_data_save_enabled":false},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false},"browser_content_container_height":380,"browser_content_container_width":500,"browser_content_container_x":0,"browser_content_container_y":0,"countryid_at_install":17224,"credentials_enable_service":false,"dips_timer_last_update":"13369580410453649","domain_diversity":{"last_reporting_timestamp":"13369580410536711"},"dual_engine":{"consumer_mode":{"ie_user":false},"consumer_site_list_with_ie_entries":false,"consumer_sitelist_location":"","consumer_sitelist_version":"","external_consumer_shared_cookie_data":

                                                              C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Default\9e9b14bc-510b-4561-b344-29a97c81fdd4.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:JSON data
                                                              Category:modified
                                                              Size (bytes):6025
                                                              Entropy (8bit):4.818396645722576
                                                              Encrypted:false
                                                              SSDEEP:96:stQ/NO7s13Cb9dG8zXn85eh6Cb7/x+6MhmuecDV1eAebTJ2MR7K:stEwsYGkXn88bV+FPVQAIJPhK
                                                              MD5:B9B387F9DC4C48996D55EF925AEE1BE4
                                                              SHA1:57B27EBBD381E152B84CD507D41F80F6A58AD2E4
                                                              SHA-256:778E62DF476592DE639B04624B941B8FFFB6585FB8CB4DBEAFBD8BA82121ADAF
                                                              SHA-512:E2B6EACB8086FA5A576A1A3DADE414401716BA9D41B214D3A59C1298CA32CABDAEBAF514DA5F7EB58DBA491680D9B9519FCA302068681053B5E575FF4234C15C
                                                              Malicious:false
                                                              Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13369580410192375","alternate_error_pages":{"backup":true,"enabled":false},"autocomplete":{"retention_policy_last_version":117},"autofill":{"autostuff_enabled":false,"credit_card_enabled":false,"custom_data_enabled":false,"custom_data_fill_enabled":false,"custom_data_identify_info_from_form_enabled":false,"custom_data_save_enabled":false},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false},"browser_content_container_height":380,"browser_content_container_width":500,"browser_content_container_x":0,"browser_content_container_y":0,"countryid_at_install":17224,"credentials_enable_service":false,"dips_timer_last_update":"13369580410453649","domain_diversity":{"last_reporting_timestamp":"13369580410536711"},"dual_engine":{"consumer_mode":{"ie_user":false},"consumer_site_list_with_ie_entries":false,"consumer_sitelist_location":"","consumer_sitelist_version":"","external_consumer_shared_cookie_data":

                                                              C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Default\AssistanceHome\AssistanceHomeSQLite

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 1
                                                              Category:dropped
                                                              Size (bytes):12288
                                                              Entropy (8bit):0.3202460253800455
                                                              Encrypted:false
                                                              SSDEEP:6:l9bNFlEuWk8TRH9MRumWEyE4gLueXdNOmWxFxCxmWxYgCxmW5y/mWz4ynLAtD/W4:TLiuWkMORuHEyESeXdwDQ3SOAtD/ie
                                                              MD5:40B18EC43DB334E7B3F6295C7626F28D
                                                              SHA1:0E46584B0E0A9703C6B2EC1D246F41E63AF2296F
                                                              SHA-256:85E961767239E90A361FB6AA0A3FD9DAA57CAAF9E30599BB70124F1954B751C8
                                                              SHA-512:8BDACDC4A9559E4273AD01407D5D411035EECD927385A51172F401558444AD29B5AD2DC5562D1101244665EBE86BBDDE072E75ECA050B051482005EB6A52CDBD
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Default\Cache\Cache_Data\data_0

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                              Category:dropped
                                                              Size (bytes):8192
                                                              Entropy (8bit):0.01057775872642915
                                                              Encrypted:false
                                                              SSDEEP:3:MsFl:/F
                                                              MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                              SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                              SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                              SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                              Malicious:false
                                                              Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Default\Cache\Cache_Data\data_1

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):270336
                                                              Entropy (8bit):8.280239615765425E-4
                                                              Encrypted:false
                                                              SSDEEP:3:MsEllllkEthXllkl2:/M/xT02
                                                              MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                                              SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                                              SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                                              SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                                              Malicious:false
                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Default\Cache\Cache_Data\data_2

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):8192
                                                              Entropy (8bit):0.011852361981932763
                                                              Encrypted:false
                                                              SSDEEP:3:MsHlDll:/H
                                                              MD5:0962291D6D367570BEE5454721C17E11
                                                              SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                              SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                              SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                              Malicious:false
                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Default\Cache\Cache_Data\data_3

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):8192
                                                              Entropy (8bit):0.012340643231932763
                                                              Encrypted:false
                                                              SSDEEP:3:MsGl3ll:/y
                                                              MD5:41876349CB12D6DB992F1309F22DF3F0
                                                              SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                              SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                              SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                              Malicious:false
                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Default\Cache\Cache_Data\index

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                              Category:dropped
                                                              Size (bytes):524656
                                                              Entropy (8bit):4.974937393114874E-4
                                                              Encrypted:false
                                                              SSDEEP:3:LsulEaq:Lsjaq
                                                              MD5:EAC3D4DA69F3F20F77A80EFA0ABEB516
                                                              SHA1:F07F67E5CD6B724F80B6359F0F4B700B258D21B0
                                                              SHA-256:703DD31D012893BFB78C3A6E160AEFCA0D9373E46A204BC9C8F7BC42A3028F07
                                                              SHA-512:7EEC137FC37FA31CD3806CC0208117C08107B4B2641A2E9EFF76B810766A7A218E3776B45753FFF575027CF308F7DC5427D0626795DBD8519B365699EC26DDC4
                                                              Malicious:false
                                                              Preview:..........................................|.../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Default\Code Cache\js\427b152a762aef29_0

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):252
                                                              Entropy (8bit):5.65071017863145
                                                              Encrypted:false
                                                              SSDEEP:6:mNllVlZ3NQwlRdQZ3N96tc15fAvElYuJ4noisYH:O/TZ9QZZ99661AVRnon4
                                                              MD5:D8A78E0E90E70717505FDA11036D76C1
                                                              SHA1:AF7059DF32CE0EC12D6A2665CCB4CE245EAE95A9
                                                              SHA-256:219145A82C88EF2DBE09DB6AE569735C661BEBAC7B051945EEADA238C4E375E3
                                                              SHA-512:17D957044E725BDBA8824DB2ACDF5B122165B1B77051F42A63AAFB36032D0A1F15D87D4E068D4CF9E088DA992BA0EBDA25DE01767507A142738BE642AF0E6323
                                                              Malicious:false
                                                              Preview:0\r..m......H....c.H...._keyhttp://nmt.localhost/assets/index-DJ5qGZKz.js .http://nmt.localhost/.A..Eo..................\VH.../.@.............>3.n`..+..;D.U...O..[.`...B.....Z............W......l...c..C..../......r.~*..(.F{8.A..Eo.......G#[L.......

                                                              C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Default\Code Cache\js\index

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):24
                                                              Entropy (8bit):2.1431558784658327
                                                              Encrypted:false
                                                              SSDEEP:3:m+l:m
                                                              MD5:54CB446F628B2EA4A5BCE5769910512E
                                                              SHA1:C27CA848427FE87F5CF4D0E0E3CD57151B0D820D
                                                              SHA-256:FBCFE23A2ECB82B7100C50811691DDE0A33AA3DA8D176BE9882A9DB485DC0F2D
                                                              SHA-512:8F6ED2E91AED9BD415789B1DBE591E7EAB29F3F1B48FDFA5E864D7BF4AE554ACC5D82B4097A770DABC228523253623E4296C5023CF48252E1B94382C43123CB0
                                                              Malicious:false
                                                              Preview:0\r..m..................

                                                              C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Default\Code Cache\js\index-dir\temp-index

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):72
                                                              Entropy (8bit):3.687218230578928
                                                              Encrypted:false
                                                              SSDEEP:3:YbcC0Xl/ldldl7TPJ81CrY+mN:YbC7TPJtY+mN
                                                              MD5:2C104CB1A4C8906A3286C083C0DDC981
                                                              SHA1:3DC510C2BF6802349233041E34A936CD13F516CB
                                                              SHA-256:BD232AFC6465873A1C9193556CB1CB9AA8E21A49318E535C8C29CC8A0767D20D
                                                              SHA-512:41B3750B820E1AA88D6D898E746933597FCECEEF86BA1E1D21A7EF1B034E00BBDBDA9396103006B5DEF74FEE5A889F281A9C421C443EB859625ECF320B5B92EF
                                                              Malicious:false
                                                              Preview:@...m...oy retne........................).*v*.{B@.P.../...........[.../.

                                                              C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Default\Code Cache\js\index-dir\the-real-index (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):72
                                                              Entropy (8bit):3.687218230578928
                                                              Encrypted:false
                                                              SSDEEP:3:YbcC0Xl/ldldl7TPJ81CrY+mN:YbC7TPJtY+mN
                                                              MD5:2C104CB1A4C8906A3286C083C0DDC981
                                                              SHA1:3DC510C2BF6802349233041E34A936CD13F516CB
                                                              SHA-256:BD232AFC6465873A1C9193556CB1CB9AA8E21A49318E535C8C29CC8A0767D20D
                                                              SHA-512:41B3750B820E1AA88D6D898E746933597FCECEEF86BA1E1D21A7EF1B034E00BBDBDA9396103006B5DEF74FEE5A889F281A9C421C443EB859625ECF320B5B92EF
                                                              Malicious:false
                                                              Preview:@...m...oy retne........................).*v*.{B@.P.../...........[.../.

                                                              C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Default\Code Cache\js\index-dir\the-real-index~RF57fe4e.TMP (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):72
                                                              Entropy (8bit):3.687218230578928
                                                              Encrypted:false
                                                              SSDEEP:3:YbcC0Xl/ldldl7TPJ81CrY+mN:YbC7TPJtY+mN
                                                              MD5:2C104CB1A4C8906A3286C083C0DDC981
                                                              SHA1:3DC510C2BF6802349233041E34A936CD13F516CB
                                                              SHA-256:BD232AFC6465873A1C9193556CB1CB9AA8E21A49318E535C8C29CC8A0767D20D
                                                              SHA-512:41B3750B820E1AA88D6D898E746933597FCECEEF86BA1E1D21A7EF1B034E00BBDBDA9396103006B5DEF74FEE5A889F281A9C421C443EB859625ECF320B5B92EF
                                                              Malicious:false
                                                              Preview:@...m...oy retne........................).*v*.{B@.P.../...........[.../.

                                                              C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Default\Code Cache\wasm\index

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):24
                                                              Entropy (8bit):2.1431558784658327
                                                              Encrypted:false
                                                              SSDEEP:3:m+l:m
                                                              MD5:54CB446F628B2EA4A5BCE5769910512E
                                                              SHA1:C27CA848427FE87F5CF4D0E0E3CD57151B0D820D
                                                              SHA-256:FBCFE23A2ECB82B7100C50811691DDE0A33AA3DA8D176BE9882A9DB485DC0F2D
                                                              SHA-512:8F6ED2E91AED9BD415789B1DBE591E7EAB29F3F1B48FDFA5E864D7BF4AE554ACC5D82B4097A770DABC228523253623E4296C5023CF48252E1B94382C43123CB0
                                                              Malicious:false
                                                              Preview:0\r..m..................

                                                              C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Default\Code Cache\wasm\index-dir\temp-index

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):48
                                                              Entropy (8bit):2.9972243200613975
                                                              Encrypted:false
                                                              SSDEEP:3:+fW200Ekcea+:+fW9n+
                                                              MD5:8B162FA92148D6208548C0AE0B443C24
                                                              SHA1:F1EE4C5BED1F720783760D56937195C85A059E42
                                                              SHA-256:A60FABB743E79C4B068F8225E75C50C5BFBFD437D872FC0E505F8D9DA9ADFBE2
                                                              SHA-512:EF54A394A58CA9D3A4FB4E587373E9F28DB219E62904A5D6438352EE233FBDA6E9D2C2E71AE700E31AD2D5B962FD03BD399A1E23D46F49FAE5081326779D101B
                                                              Malicious:false
                                                              Preview:(...cz..oy retne..........................&.../.

                                                              C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Default\Code Cache\wasm\index-dir\the-real-index (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):48
                                                              Entropy (8bit):2.9972243200613975
                                                              Encrypted:false
                                                              SSDEEP:3:+fW200Ekcea+:+fW9n+
                                                              MD5:8B162FA92148D6208548C0AE0B443C24
                                                              SHA1:F1EE4C5BED1F720783760D56937195C85A059E42
                                                              SHA-256:A60FABB743E79C4B068F8225E75C50C5BFBFD437D872FC0E505F8D9DA9ADFBE2
                                                              SHA-512:EF54A394A58CA9D3A4FB4E587373E9F28DB219E62904A5D6438352EE233FBDA6E9D2C2E71AE700E31AD2D5B962FD03BD399A1E23D46F49FAE5081326779D101B
                                                              Malicious:false
                                                              Preview:(...cz..oy retne..........................&.../.

                                                              C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Default\DIPS

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 1
                                                              Category:dropped
                                                              Size (bytes):28672
                                                              Entropy (8bit):0.4585516651476977
                                                              Encrypted:false
                                                              SSDEEP:24:TLi5YFQq3qh7z3WMYziciNW9WkZ96UwOfB:TouQq3qh7z3bY2LNW9WMcUvB
                                                              MD5:F93571255160B333F74C7AF7C04BF98C
                                                              SHA1:878D1F7F68B3CF7284592FDD4F8FFF7055B7BE9F
                                                              SHA-256:A597B1B80D96A85103A33C6505FE67809C97BB81812BDDD36B8D883B05225972
                                                              SHA-512:F9D6B141D757FFCFFDBB4D054C3BFE9EEBD1AAD2D4AB8217A570B4B4435B79F0DD54C1563C720F51BB8CE7152C0552E6234BEB9B19B9B828CBD3936ED29FAEA4
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j..........g.....8...n................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Default\DawnCache\data_0

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                              Category:dropped
                                                              Size (bytes):8192
                                                              Entropy (8bit):0.01057775872642915
                                                              Encrypted:false
                                                              SSDEEP:3:MsFl:/F
                                                              MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                              SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                              SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                              SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                              Malicious:false
                                                              Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Default\DawnCache\data_1

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):270336
                                                              Entropy (8bit):8.280239615765425E-4
                                                              Encrypted:false
                                                              SSDEEP:3:MsEllllkEthXllkl2:/M/xT02
                                                              MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                                              SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                                              SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                                              SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                                              Malicious:false
                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Default\DawnCache\data_2

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):8192
                                                              Entropy (8bit):0.011852361981932763
                                                              Encrypted:false
                                                              SSDEEP:3:MsHlDll:/H
                                                              MD5:0962291D6D367570BEE5454721C17E11
                                                              SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                              SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                              SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                              Malicious:false
                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Default\DawnCache\data_3

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):8192
                                                              Entropy (8bit):0.012340643231932763
                                                              Encrypted:false
                                                              SSDEEP:3:MsGl3ll:/y
                                                              MD5:41876349CB12D6DB992F1309F22DF3F0
                                                              SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                              SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                              SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                              Malicious:false
                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Default\DawnCache\index

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                              Category:dropped
                                                              Size (bytes):262512
                                                              Entropy (8bit):9.448177365217996E-4
                                                              Encrypted:false
                                                              SSDEEP:3:LsNlW:Ls3W
                                                              MD5:DBA0F2A0340051F0E2D6E7A1AEE497A7
                                                              SHA1:1B74AC469D70069D5EA23453338C34755C49D6B2
                                                              SHA-256:2F673ABEE5337B9160D62349ACAADAA8660019D60253FE511D1C00889982A35F
                                                              SHA-512:1E37E901DB4635BCB142D2321FE9B464E4281EE4AEE9699102832AB644FAC04C177718DC3680D7A98C2E1787F69C4EF343585F19D63D1B14C796D183E08A49AD
                                                              Malicious:false
                                                              Preview:..........................................+.../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Default\EdgeEDrop\EdgeEDropSQLite.db

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 14, database pages 8, cookie 0xe, schema 4, UTF-8, version-valid-for 14
                                                              Category:dropped
                                                              Size (bytes):32768
                                                              Entropy (8bit):0.494709561094235
                                                              Encrypted:false
                                                              SSDEEP:24:TLEC30OIcqIn2o0FUFlA2cs0US5S693Xlej2:ThLaJUnAg0UB6I
                                                              MD5:CF7760533536E2AF66EA68BC3561B74D
                                                              SHA1:E991DE2EA8F42AE7E0A96A3B3B8AF87A689C8CCD
                                                              SHA-256:E1F183FAE5652BA52F5363A7E28BF62B53E7781314C9AB76B5708AF9918BE066
                                                              SHA-512:38B15FE7503F6DFF9D39BC74AA0150A7FF038029F973BE9A37456CDE6807BCBDEAB06E624331C8DFDABE95A5973B0EE26A391DB2587E614A37ADD50046470162
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j...i............t...c................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Default\Extension Rules\000001.dbtmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):16
                                                              Entropy (8bit):3.2743974703476995
                                                              Encrypted:false
                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                              Malicious:false
                                                              Preview:MANIFEST-000001.

                                                              C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Default\Extension Rules\000003.log

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):38
                                                              Entropy (8bit):1.8784775129881184
                                                              Encrypted:false
                                                              SSDEEP:3:FQxlXNQxlX:qTCT
                                                              MD5:51A2CBB807F5085530DEC18E45CB8569
                                                              SHA1:7AD88CD3DE5844C7FC269C4500228A630016AB5B
                                                              SHA-256:1C43A1BDA1E458863C46DFAE7FB43BFB3E27802169F37320399B1DD799A819AC
                                                              SHA-512:B643A8FA75EDA90C89AB98F79D4D022BB81F1F62F50ED4E5440F487F22D1163671EC3AE73C4742C11830214173FF2935C785018318F4A4CAD413AE4EEEF985DF
                                                              Malicious:false
                                                              Preview:.f.5................f.5...............

                                                              C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Default\Extension Rules\CURRENT (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):16
                                                              Entropy (8bit):3.2743974703476995
                                                              Encrypted:false
                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                              Malicious:false
                                                              Preview:MANIFEST-000001.

                                                              C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Default\Extension Rules\LOG

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):287
                                                              Entropy (8bit):5.246425340541019
                                                              Encrypted:false
                                                              SSDEEP:6:ueBv54M1wkn23GKpOpaVdg2KLlEeZq2Pwkn23GKpOpaPrqIFUv:L54rftwHLrvYftwo3FUv
                                                              MD5:175D12E1C6295D0BDF863EAEA57809C7
                                                              SHA1:89D9FFB5DBA1DCA76E3E91940413757D0492CB38
                                                              SHA-256:6868770F4DB45A5518F47816A96B3A65CD568754EDFBFE41818E5470B0A33B16
                                                              SHA-512:23D3A8D07A9D572F985DBCCE78039FCA1341CF1DA80137882608E3466343294851825C0FC3CD8A0D2CBC861AB5C721407183B47F063B979583857B701B743F83
                                                              Malicious:false
                                                              Preview:2024/08/31-08:20:10.237 1ed4 Creating DB C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Default\Extension Rules since it was missing..2024/08/31-08:20:10.315 1ed4 Reusing MANIFEST C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Default\Extension Rules/MANIFEST-000001.

                                                              C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Default\Extension Rules\MANIFEST-000001

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:OpenPGP Secret Key
                                                              Category:dropped
                                                              Size (bytes):41
                                                              Entropy (8bit):4.704993772857998
                                                              Encrypted:false
                                                              SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                              MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                              SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                              SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                              SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                              Malicious:false
                                                              Preview:.|.."....leveldb.BytewiseComparator......

                                                              C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Default\Extension Scripts\000001.dbtmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):16
                                                              Entropy (8bit):3.2743974703476995
                                                              Encrypted:false
                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                              Malicious:false
                                                              Preview:MANIFEST-000001.

                                                              C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Default\Extension Scripts\000003.log

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):38
                                                              Entropy (8bit):1.8784775129881184
                                                              Encrypted:false
                                                              SSDEEP:3:FQxlXNQxlX:qTCT
                                                              MD5:51A2CBB807F5085530DEC18E45CB8569
                                                              SHA1:7AD88CD3DE5844C7FC269C4500228A630016AB5B
                                                              SHA-256:1C43A1BDA1E458863C46DFAE7FB43BFB3E27802169F37320399B1DD799A819AC
                                                              SHA-512:B643A8FA75EDA90C89AB98F79D4D022BB81F1F62F50ED4E5440F487F22D1163671EC3AE73C4742C11830214173FF2935C785018318F4A4CAD413AE4EEEF985DF
                                                              Malicious:false
                                                              Preview:.f.5................f.5...............

                                                              C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Default\Extension Scripts\CURRENT (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):16
                                                              Entropy (8bit):3.2743974703476995
                                                              Encrypted:false
                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                              Malicious:false
                                                              Preview:MANIFEST-000001.

                                                              C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Default\Extension Scripts\LOG

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):291
                                                              Entropy (8bit):5.245096895656047
                                                              Encrypted:false
                                                              SSDEEP:6:ueb4M1wkn23GKpOp6FB2KLlEehq2Pwkn23GKpOp65IFUv:J4rftwQFFLjvYftwQWFUv
                                                              MD5:153E063D955E9ECA12E72D790F0A23F7
                                                              SHA1:03B2C031BE2B3926EC14A8841B9BBF6C9AD0B281
                                                              SHA-256:8AFED5949C065772783C2B8D29D3F071700084B435DB989F53F29337D272BA75
                                                              SHA-512:1C0B2A098AB5AB9D8C5E2B902DA242B6945C5BA5EB0F3608CB6F744999A87B0CF03A89E763345AFA3402C9846BCC56312AFB8250FA0F897551973DEA83F5A723
                                                              Malicious:false
                                                              Preview:2024/08/31-08:20:10.318 1ed4 Creating DB C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Default\Extension Scripts since it was missing..2024/08/31-08:20:10.395 1ed4 Reusing MANIFEST C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Default\Extension Scripts/MANIFEST-000001.

                                                              C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Default\Extension Scripts\MANIFEST-000001

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:OpenPGP Secret Key
                                                              Category:dropped
                                                              Size (bytes):41
                                                              Entropy (8bit):4.704993772857998
                                                              Encrypted:false
                                                              SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                              MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                              SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                              SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                              SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                              Malicious:false
                                                              Preview:.|.."....leveldb.BytewiseComparator......

                                                              C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Default\Extension State\000001.dbtmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):16
                                                              Entropy (8bit):3.2743974703476995
                                                              Encrypted:false
                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                              Malicious:false
                                                              Preview:MANIFEST-000001.

                                                              C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Default\Extension State\000003.log

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):114
                                                              Entropy (8bit):1.8784775129881184
                                                              Encrypted:false
                                                              SSDEEP:3:FQxlXNQxlXNQxlXNQxlXNQxlXNQxlX:qTCTCTCTCTCT
                                                              MD5:891A884B9FA2BFF4519F5F56D2A25D62
                                                              SHA1:B54A3C12EE78510CB269FB1D863047DD8F571DEA
                                                              SHA-256:E2610960C3757D1757F206C7B84378EFA22D86DCF161A98096A5F0E56E1A367E
                                                              SHA-512:CD50C3EE4DFB9C4EC051B20DD1E148A5015457EE0C1A29FFF482E62291B32097B07A069DB62951B32F209FD118FD77A46B8E8CC92DA3EAAE6110735D126A90EE
                                                              Malicious:false
                                                              Preview:.f.5................f.5................f.5................f.5................f.5................f.5...............

                                                              C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Default\Extension State\CURRENT (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):16
                                                              Entropy (8bit):3.2743974703476995
                                                              Encrypted:false
                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                              Malicious:false
                                                              Preview:MANIFEST-000001.

                                                              C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Default\Extension State\LOG

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):287
                                                              Entropy (8bit):5.190331777159299
                                                              Encrypted:false
                                                              SSDEEP:6:ueHR4M1wkn23GKpOpYg2KLlEeHTq2Pwkn23GKpOpNIFUv:FR4rftwNL9TvYftwwFUv
                                                              MD5:E8A283F9F48AAE92E51FE9AE514B1B29
                                                              SHA1:262C6E19C7012E1373B7E8CDB7A69EDA209A4C66
                                                              SHA-256:23471494733AB0F26AA8FE5ABF0697C00B5FEBE31CA51993681F515B94C5972A
                                                              SHA-512:C5542ED254330FA2ABEF9E63F5586C18AA02B51D60098B6A215E229D365057A7CAF17C7ADB9FD391913C4D3B111B59ED30079613D95B489A3755C403F953C686
                                                              Malicious:false
                                                              Preview:2024/08/31-08:20:10.420 1ed4 Creating DB C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Default\Extension State since it was missing..2024/08/31-08:20:10.432 1ed4 Reusing MANIFEST C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Default\Extension State/MANIFEST-000001.

                                                              C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Default\Extension State\MANIFEST-000001

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:OpenPGP Secret Key
                                                              Category:dropped
                                                              Size (bytes):41
                                                              Entropy (8bit):4.704993772857998
                                                              Encrypted:false
                                                              SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                              MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                              SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                              SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                              SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                              Malicious:false
                                                              Preview:.|.."....leveldb.BytewiseComparator......

                                                              C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Default\ExtensionActivityComp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 1, cookie 0x1, schema 4, UTF-8, version-valid-for 1
                                                              Category:dropped
                                                              Size (bytes):4096
                                                              Entropy (8bit):0.3169096321222068
                                                              Encrypted:false
                                                              SSDEEP:3:lSWbNFl/sl+ltl4ltllOl83/XWEEabIDWzdWuAzTgdWj3FtFIU:l9bNFlEs1ok8fDEPDadUTgd81Z
                                                              MD5:2554AD7847B0D04963FDAE908DB81074
                                                              SHA1:F84ABD8D05D7B0DFB693485614ECF5204989B74A
                                                              SHA-256:F6EF01E679B9096A7D8A0BD8151422543B51E65142119A9F3271F25F966E6C42
                                                              SHA-512:13009172518387D77A67BBF86719527077BE9534D90CB06E7F34E1CCE7C40B49A185D892EE859A8BAFB69D5EBB6D667831A0FAFBA28AC1F44570C8B68F8C90A4
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Default\ExtensionActivityEdge

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 8, cookie 0x8, schema 4, UTF-8, version-valid-for 2
                                                              Category:dropped
                                                              Size (bytes):32768
                                                              Entropy (8bit):0.40981274649195937
                                                              Encrypted:false
                                                              SSDEEP:24:TL1WK3iOvwxwwweePKmJIOAdQBVA/kjo/TJZwJ9OV3WOT/5eQQ:Tmm+/9ZW943WOT/
                                                              MD5:1A7F642FD4F71A656BE75B26B2D9ED79
                                                              SHA1:51BBF587FB0CCC2D726DDB95C96757CC2854CFAD
                                                              SHA-256:B96B6DDC10C29496069E16089DB0AB6911D7C13B82791868D583897C6D317977
                                                              SHA-512:FD14EADCF5F7AB271BE6D8EF682977D1A0B5199A142E4AB353614F2F96AE9B49A6F35A19CC237489F297141994A4A16B580F88FAC44486FCB22C05B2F1C3F7D1
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j............M.....8...b..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Default\Favicons

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 10, cookie 0x8, schema 4, UTF-8, version-valid-for 1
                                                              Category:dropped
                                                              Size (bytes):20480
                                                              Entropy (8bit):0.6975083372685086
                                                              Encrypted:false
                                                              SSDEEP:24:LLiZxh0GY/l1rWR1PmCx9fZjsBX+T6UwcE85fBmI:EBmw6fU1zBmI
                                                              MD5:F5BBD8449A9C3AB28AC2DE45E9059B01
                                                              SHA1:C569D730853C33234AF2402E69C19E0C057EC165
                                                              SHA-256:825FF36C4431084C76F3D22CE0C75FA321EA680D1F8548706B43E60FCF5B566E
                                                              SHA-512:96ACDED5A51236630A64FAE91B8FA9FAB43E22E0C1BCB80C2DD8D4829E03FBFA75AA6438053599A42EC4BBCF805BF0B1E6DFF9069B2BA182AD0BB30F2542FD3F
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j..........g....._.c...~.2.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................s...;+...indexfavicon_bitmaps_icon_idfavico

                                                              C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Default\GPUCache\data_0

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                              Category:dropped
                                                              Size (bytes):8192
                                                              Entropy (8bit):0.01057775872642915
                                                              Encrypted:false
                                                              SSDEEP:3:MsFl:/F
                                                              MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                              SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                              SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                              SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                              Malicious:false
                                                              Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Default\GPUCache\data_1

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):270336
                                                              Entropy (8bit):8.280239615765425E-4
                                                              Encrypted:false
                                                              SSDEEP:3:MsEllllkEthXllkl2:/M/xT02
                                                              MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                                              SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                                              SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                                              SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                                              Malicious:false
                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Default\GPUCache\data_2

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):8192
                                                              Entropy (8bit):0.011852361981932763
                                                              Encrypted:false
                                                              SSDEEP:3:MsHlDll:/H
                                                              MD5:0962291D6D367570BEE5454721C17E11
                                                              SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                              SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                              SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                              Malicious:false
                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Default\GPUCache\data_3

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):8192
                                                              Entropy (8bit):0.012340643231932763
                                                              Encrypted:false
                                                              SSDEEP:3:MsGl3ll:/y
                                                              MD5:41876349CB12D6DB992F1309F22DF3F0
                                                              SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                              SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                              SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                              Malicious:false
                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Default\GPUCache\index

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                              Category:dropped
                                                              Size (bytes):262512
                                                              Entropy (8bit):9.371990371861502E-4
                                                              Encrypted:false
                                                              SSDEEP:3:LsNlZ1aq:Ls3LR
                                                              MD5:5D8EC09BA149A8DE6CD9C185CD51C496
                                                              SHA1:5C2BB0E7F6AC361D131B4DE8109E55477E1A7885
                                                              SHA-256:988EB2F1A0B52C3921B678BA665112E7F10374A394858E42546D48902CE3507D
                                                              SHA-512:F889AE50EB6C825B62CD5F264291ECA01BF93683E1174E1AF679A0E65F134A92B513D2248BD50530AE2C459A59D9FC9A77C7A6B52BC67F834D07FDE60F34B892
                                                              Malicious:false
                                                              Preview:..........................................).../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Default\History

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 2
                                                              Category:dropped
                                                              Size (bytes):155648
                                                              Entropy (8bit):0.6193318130662793
                                                              Encrypted:false
                                                              SSDEEP:192:+59IiKk6UhH+bDo3iN0bJ2TVJkXBBE3ybyRc:+59IiKk6UhIU3iGbwIBBE3qyRc
                                                              MD5:175116B5B92D0E8E014AB95919B2BB55
                                                              SHA1:09BDFA5887AAB9B5CF807A64B4DEC00B2DD4B278
                                                              SHA-256:F54207C7AA9DFD4F7730EA6615BE39E81CED584E6F10100CE1A9EF76F928455E
                                                              SHA-512:CA97BD1F8AF427088115CB470F9B059E6B3842BDA6B4D9DF8B92423407510E3414527AA9C48F4EFAB765E1E973C029845504C6956215328EA5F2C943824AA87B
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .......&..................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Default\History-journal

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):8720
                                                              Entropy (8bit):0.21782872433447142
                                                              Encrypted:false
                                                              SSDEEP:3:Cp5lntFlljq7A/mhWJFuQ3yy7IOWUyB/ol/dweytllrE9SFcTp4AGbNCV9RUIl:CXG75fOQBQ/d0Xi99pEYb
                                                              MD5:D65405707D240688390D6803EA6B7C1C
                                                              SHA1:3EF89DB8113F92C743EC4DF373528B241A8B3557
                                                              SHA-256:BA13C42319FC2978E939EA9F5AA81C4572B4CBF656FBFA7F88ECB04A1AD385D1
                                                              SHA-512:BBE5C7808717B5D71433764B6CCB269C0CD89FDF39DA8030B31E076078DAC2A1E630ED32A7E61213DB64E3BCC970665FCCBA1DAD21A36583F166E259AC78A0F0
                                                              Malicious:false
                                                              Preview:............n..c...&....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Default\Local Storage\leveldb\000001.dbtmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):16
                                                              Entropy (8bit):3.2743974703476995
                                                              Encrypted:false
                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                              Malicious:false
                                                              Preview:MANIFEST-000001.

                                                              C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Default\Local Storage\leveldb\CURRENT (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):16
                                                              Entropy (8bit):3.2743974703476995
                                                              Encrypted:false
                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                              Malicious:false
                                                              Preview:MANIFEST-000001.

                                                              C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Default\Local Storage\leveldb\LOG

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):299
                                                              Entropy (8bit):5.2360957378489275
                                                              Encrypted:false
                                                              SSDEEP:6:ueyUDdm81wkn23GKpO1a2jM8B2KLlEekvqM+q2Pwkn23GKpO1a2jMGIFUv:qftw1jFL2+vYftw1EFUv
                                                              MD5:30A4B8D1CD69A65F31AF0FE8C35DB53B
                                                              SHA1:4083C9CEC4E21BCE8478ACEB1E6C0934A20BD41B
                                                              SHA-256:2393A45EC4C73E29D99BBA73DC7B1A205A156B9311DE21EBF3F1B2F301717795
                                                              SHA-512:A96B6AE39387463B2CF4457A2CD1CA12C9D8943733C7DE48A6271A31BF091A26211F04204B1679B2B86B20EA3E3F50A552375519893A9509CACBAB15D1E0A1FF
                                                              Malicious:false
                                                              Preview:2024/08/31-08:20:11.044 1fac Creating DB C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Default\Local Storage\leveldb since it was missing..2024/08/31-08:20:11.070 1fac Reusing MANIFEST C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Default\Local Storage\leveldb/MANIFEST-000001.

                                                              C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Default\Local Storage\leveldb\MANIFEST-000001

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:OpenPGP Secret Key
                                                              Category:dropped
                                                              Size (bytes):41
                                                              Entropy (8bit):4.704993772857998
                                                              Encrypted:false
                                                              SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                              MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                              SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                              SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                              SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                              Malicious:false
                                                              Preview:.|.."....leveldb.BytewiseComparator......

                                                              C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Default\Login Data

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 21, cookie 0xc, schema 4, UTF-8, version-valid-for 1
                                                              Category:dropped
                                                              Size (bytes):43008
                                                              Entropy (8bit):0.9009435143901008
                                                              Encrypted:false
                                                              SSDEEP:96:C2BeymwLCn8MouB6wzFlXqiEqUvJKLuyn:C2TLG7IwRFqidn
                                                              MD5:FB3D677576C25FF04A308A1F627410B7
                                                              SHA1:97D530911F9CB0C37717ABB145D748982ADA0440
                                                              SHA-256:A79300470D18AF26E3C5B4F23F81915B92D490105CE84A8122BF8100EC0C7517
                                                              SHA-512:ED6666B064958B107E55BD76E52D2E5BF7A4791379902D208EF909A6B68803240D372CE03641249EB917C241B36A5684656A48D099A8A084AD34BA009857B098
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Default\Network Action Predictor

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 11, cookie 0x6, schema 4, UTF-8, version-valid-for 3
                                                              Category:dropped
                                                              Size (bytes):45056
                                                              Entropy (8bit):0.40293591932113104
                                                              Encrypted:false
                                                              SSDEEP:24:TLVgTjDk5Yk8k+/kCkzD3zzbLGfIzLihje90xq/WMFFfeFzfXVVlYWOT/CUFSe:Tmo9n+8dv/qALihje9kqL42WOT/9F
                                                              MD5:ADC0CFB8A1A20DE2C4AB738B413CBEA4
                                                              SHA1:238EF489E5FDC6EBB36F09D415FB353350E7097B
                                                              SHA-256:7C071E36A64FB1881258712C9880F155D9CBAC693BADCC391A1CB110C257CC37
                                                              SHA-512:38C8B7293B8F7BEF03299BAFB981EEEE309945B1BDE26ACDAD6FDD63247C21CA04D493A1DDAFC3B9A1904EFED998E9C7C0C8E98506FD4AC0AB252DFF34566B66
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j.......=......\.t.+.>...,...=........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Default\Network\7c9cf9ed-4d64-4a36-ae85-892888b43e59.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):2
                                                              Entropy (8bit):1.0
                                                              Encrypted:false
                                                              SSDEEP:3:H:H
                                                              MD5:D751713988987E9331980363E24189CE
                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                              Malicious:false
                                                              Preview:[]

                                                              C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Default\Network\Cookies

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                              Category:dropped
                                                              Size (bytes):20480
                                                              Entropy (8bit):0.6732424250451717
                                                              Encrypted:false
                                                              SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                              MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                              SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                              SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                              SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Default\Network\Network Persistent State (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):59
                                                              Entropy (8bit):4.619434150836742
                                                              Encrypted:false
                                                              SSDEEP:3:YLbkVKJq0nMb1KKtiVY:YHkVKJTnMRK3VY
                                                              MD5:2800881C775077E1C4B6E06BF4676DE4
                                                              SHA1:2873631068C8B3B9495638C865915BE822442C8B
                                                              SHA-256:226EEC4486509917AA336AFEBD6FF65777B75B65F1FB06891D2A857A9421A974
                                                              SHA-512:E342407AB65CC68F1B3FD706CD0A37680A0864FFD30A6539730180EDE2CDCD732CC97AE0B9EF7DB12DA5C0F83E429DF0840DBF7596ACA859A0301665E517377B
                                                              Malicious:false
                                                              Preview:{"net":{"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                              C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Default\Network\Network Persistent State~RF58cc9a.TMP (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):59
                                                              Entropy (8bit):4.619434150836742
                                                              Encrypted:false
                                                              SSDEEP:3:YLbkVKJq0nMb1KKtiVY:YHkVKJTnMRK3VY
                                                              MD5:2800881C775077E1C4B6E06BF4676DE4
                                                              SHA1:2873631068C8B3B9495638C865915BE822442C8B
                                                              SHA-256:226EEC4486509917AA336AFEBD6FF65777B75B65F1FB06891D2A857A9421A974
                                                              SHA-512:E342407AB65CC68F1B3FD706CD0A37680A0864FFD30A6539730180EDE2CDCD732CC97AE0B9EF7DB12DA5C0F83E429DF0840DBF7596ACA859A0301665E517377B
                                                              Malicious:false
                                                              Preview:{"net":{"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                              C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Default\Network\Reporting and NEL

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 4
                                                              Category:dropped
                                                              Size (bytes):36864
                                                              Entropy (8bit):0.5559635235158827
                                                              Encrypted:false
                                                              SSDEEP:48:T6IopKWurJNVr1GJmA8pv82pfurJNVrdHXuccaurJN2VrJ1n4n1GmzNGU1cSB:OIEumQv8m1ccnvS6
                                                              MD5:9AAAE8C040B616D1378F3E0E17689A29
                                                              SHA1:F91E7DE07F1DA14D15D067E1F50C3B84A328DBB7
                                                              SHA-256:5B94D63C31AE795661F69B9D10E8BFD115584CD6FEF5FBB7AA483FDC6A66945B
                                                              SHA-512:436202AB8B6BB0318A30946108E6722DFF781F462EE05980C14F57F347EDDCF8119E236C3290B580CEF6902E1B59FB4F546D6BD69F62479805B39AB0F3308EC1
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j..........g...D.........7............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Default\Network\SCT Auditing Pending Reports (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):2
                                                              Entropy (8bit):1.0
                                                              Encrypted:false
                                                              SSDEEP:3:H:H
                                                              MD5:D751713988987E9331980363E24189CE
                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                              Malicious:false
                                                              Preview:[]

                                                              C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Default\Network\SCT Auditing Pending Reports~RF57a5ce.TMP (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):2
                                                              Entropy (8bit):1.0
                                                              Encrypted:false
                                                              SSDEEP:3:H:H
                                                              MD5:D751713988987E9331980363E24189CE
                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                              Malicious:false
                                                              Preview:[]

                                                              C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Default\Network\Sdch Dictionaries (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):40
                                                              Entropy (8bit):4.1275671571169275
                                                              Encrypted:false
                                                              SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                              MD5:20D4B8FA017A12A108C87F540836E250
                                                              SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                              SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                              SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                              Malicious:false
                                                              Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                              C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Default\Network\Trust Tokens

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 9, cookie 0x6, schema 4, UTF-8, version-valid-for 3
                                                              Category:dropped
                                                              Size (bytes):36864
                                                              Entropy (8bit):0.36515621748816035
                                                              Encrypted:false
                                                              SSDEEP:24:TLH3lIIAoDJ84l5lDlnDMlRlyKDtM6UwccWfp15fBIe:Tb31DtX5nDOvyKDhU1cSB
                                                              MD5:25363ADC3C9D98BAD1A33D0792405CBF
                                                              SHA1:D06E343087D86EF1A06F7479D81B26C90A60B5C3
                                                              SHA-256:6E019B8B9E389216D5BDF1F2FE63F41EF98E71DA101F2A6BE04F41CC5954532D
                                                              SHA-512:CF7EEE35D0E00945AF221BEC531E8BF06C08880DA00BD103FA561BC069D7C6F955CBA3C1C152A4884601E5A670B7487D39B4AE9A4D554ED8C14F129A74E555F7
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j.......X..g...}.....$.X..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Default\Network\c7ad462e-200f-4f88-ba51-71de0bf1a8c3.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):111
                                                              Entropy (8bit):4.718418993774295
                                                              Encrypted:false
                                                              SSDEEP:3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKtiVY:YHpoeS7PMVKJTnMRK3VY
                                                              MD5:285252A2F6327D41EAB203DC2F402C67
                                                              SHA1:ACEDB7BA5FBC3CE914A8BF386A6F72CA7BAA33C6
                                                              SHA-256:5DFC321417FC31359F23320EA68014EBFD793C5BBED55F77DAB4180BBD4A2026
                                                              SHA-512:11CE7CB484FEE66894E63C31DB0D6B7EF66AD0327D4E7E2EB85F3BCC2E836A3A522C68D681E84542E471E54F765E091EFE1EE4065641B0299B15613EB32DCC0D
                                                              Malicious:false
                                                              Preview:{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                              C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Default\Network\d092329e-afca-4715-8e6f-4716b6b57dee.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):2
                                                              Entropy (8bit):1.0
                                                              Encrypted:false
                                                              SSDEEP:3:H:H
                                                              MD5:D751713988987E9331980363E24189CE
                                                              SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                              SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                              SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                              Malicious:false
                                                              Preview:[]

                                                              C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Default\Network\d134ec83-0560-42ca-ba9c-44ab9edfc843.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):40
                                                              Entropy (8bit):4.1275671571169275
                                                              Encrypted:false
                                                              SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                              MD5:20D4B8FA017A12A108C87F540836E250
                                                              SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                              SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                              SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                              Malicious:false
                                                              Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                              C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Default\Network\ffc46605-2d05-4e63-a4e1-d2f02f0ce946.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):59
                                                              Entropy (8bit):4.619434150836742
                                                              Encrypted:false
                                                              SSDEEP:3:YLbkVKJq0nMb1KKtiVY:YHkVKJTnMRK3VY
                                                              MD5:2800881C775077E1C4B6E06BF4676DE4
                                                              SHA1:2873631068C8B3B9495638C865915BE822442C8B
                                                              SHA-256:226EEC4486509917AA336AFEBD6FF65777B75B65F1FB06891D2A857A9421A974
                                                              SHA-512:E342407AB65CC68F1B3FD706CD0A37680A0864FFD30A6539730180EDE2CDCD732CC97AE0B9EF7DB12DA5C0F83E429DF0840DBF7596ACA859A0301665E517377B
                                                              Malicious:false
                                                              Preview:{"net":{"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                              C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Default\Preferences (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):5963
                                                              Entropy (8bit):4.8129801784453194
                                                              Encrypted:false
                                                              SSDEEP:96:stQ/NO7s13Cb9dG8zXn85eh6Cb7/x+6MhmuecDV1eAebTTh2MR7K:stEwsYGkXn88bV+FPVQAIFPhK
                                                              MD5:4D6528C1964050CD128A6A5CE08B13D1
                                                              SHA1:C64D92A951F7258B63FEF6191718E9A103A75B2A
                                                              SHA-256:39DE8B8B2972AC8F9D263BFE496FECCA1C6D772D6468E67D27F148E07730A42D
                                                              SHA-512:8E746BCBDCCB99D0F30D626ED4143518DB7A0492FF033A51B01F5DD92AAA02F84DF76E4522CD107DB5C18168F6EE72F86011B3AE5364028853F4B61BB6229A3E
                                                              Malicious:false
                                                              Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13369580410192375","alternate_error_pages":{"backup":true,"enabled":false},"autocomplete":{"retention_policy_last_version":117},"autofill":{"autostuff_enabled":false,"credit_card_enabled":false,"custom_data_enabled":false,"custom_data_fill_enabled":false,"custom_data_identify_info_from_form_enabled":false,"custom_data_save_enabled":false},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false},"browser_content_container_height":380,"browser_content_container_width":500,"browser_content_container_x":0,"browser_content_container_y":0,"countryid_at_install":17224,"credentials_enable_service":false,"dips_timer_last_update":"13369580410453649","domain_diversity":{"last_reporting_timestamp":"13369580410536711"},"dual_engine":{"consumer_mode":{"ie_user":false},"consumer_site_list_with_ie_entries":false,"consumer_sitelist_location":"","consumer_sitelist_version":"","external_consumer_shared_cookie_data":

                                                              C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Default\Preferences~RF583fcc.TMP (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):5963
                                                              Entropy (8bit):4.8129801784453194
                                                              Encrypted:false
                                                              SSDEEP:96:stQ/NO7s13Cb9dG8zXn85eh6Cb7/x+6MhmuecDV1eAebTTh2MR7K:stEwsYGkXn88bV+FPVQAIFPhK
                                                              MD5:4D6528C1964050CD128A6A5CE08B13D1
                                                              SHA1:C64D92A951F7258B63FEF6191718E9A103A75B2A
                                                              SHA-256:39DE8B8B2972AC8F9D263BFE496FECCA1C6D772D6468E67D27F148E07730A42D
                                                              SHA-512:8E746BCBDCCB99D0F30D626ED4143518DB7A0492FF033A51B01F5DD92AAA02F84DF76E4522CD107DB5C18168F6EE72F86011B3AE5364028853F4B61BB6229A3E
                                                              Malicious:false
                                                              Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13369580410192375","alternate_error_pages":{"backup":true,"enabled":false},"autocomplete":{"retention_policy_last_version":117},"autofill":{"autostuff_enabled":false,"credit_card_enabled":false,"custom_data_enabled":false,"custom_data_fill_enabled":false,"custom_data_identify_info_from_form_enabled":false,"custom_data_save_enabled":false},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false},"browser_content_container_height":380,"browser_content_container_width":500,"browser_content_container_x":0,"browser_content_container_y":0,"countryid_at_install":17224,"credentials_enable_service":false,"dips_timer_last_update":"13369580410453649","domain_diversity":{"last_reporting_timestamp":"13369580410536711"},"dual_engine":{"consumer_mode":{"ie_user":false},"consumer_site_list_with_ie_entries":false,"consumer_sitelist_location":"","consumer_sitelist_version":"","external_consumer_shared_cookie_data":

                                                              C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Default\Preferences~RF58b4cd.TMP (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):5963
                                                              Entropy (8bit):4.8129801784453194
                                                              Encrypted:false
                                                              SSDEEP:96:stQ/NO7s13Cb9dG8zXn85eh6Cb7/x+6MhmuecDV1eAebTTh2MR7K:stEwsYGkXn88bV+FPVQAIFPhK
                                                              MD5:4D6528C1964050CD128A6A5CE08B13D1
                                                              SHA1:C64D92A951F7258B63FEF6191718E9A103A75B2A
                                                              SHA-256:39DE8B8B2972AC8F9D263BFE496FECCA1C6D772D6468E67D27F148E07730A42D
                                                              SHA-512:8E746BCBDCCB99D0F30D626ED4143518DB7A0492FF033A51B01F5DD92AAA02F84DF76E4522CD107DB5C18168F6EE72F86011B3AE5364028853F4B61BB6229A3E
                                                              Malicious:false
                                                              Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13369580410192375","alternate_error_pages":{"backup":true,"enabled":false},"autocomplete":{"retention_policy_last_version":117},"autofill":{"autostuff_enabled":false,"credit_card_enabled":false,"custom_data_enabled":false,"custom_data_fill_enabled":false,"custom_data_identify_info_from_form_enabled":false,"custom_data_save_enabled":false},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false},"browser_content_container_height":380,"browser_content_container_width":500,"browser_content_container_x":0,"browser_content_container_y":0,"countryid_at_install":17224,"credentials_enable_service":false,"dips_timer_last_update":"13369580410453649","domain_diversity":{"last_reporting_timestamp":"13369580410536711"},"dual_engine":{"consumer_mode":{"ie_user":false},"consumer_site_list_with_ie_entries":false,"consumer_sitelist_location":"","consumer_sitelist_version":"","external_consumer_shared_cookie_data":

                                                              C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Default\PreferredApps

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):33
                                                              Entropy (8bit):4.051821770808046
                                                              Encrypted:false
                                                              SSDEEP:3:YVXADAEvTLSJ:Y9AcEvHSJ
                                                              MD5:2B432FEF211C69C745ACA86DE4F8E4AB
                                                              SHA1:4B92DA8D4C0188CF2409500ADCD2200444A82FCC
                                                              SHA-256:42B55D126D1E640B1ED7A6BDCB9A46C81DF461FA7E131F4F8C7108C2C61C14DE
                                                              SHA-512:948502DE4DC89A7E9D2E1660451FCD0F44FD3816072924A44F145D821D0363233CC92A377DBA3A0A9F849E3C17B1893070025C369C8120083A622D025FE1EACF
                                                              Malicious:false
                                                              Preview:{"preferred_apps":[],"version":1}

                                                              C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Default\README

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:ASCII text, with no line terminators
                                                              Category:dropped
                                                              Size (bytes):182
                                                              Entropy (8bit):4.2629097520179995
                                                              Encrypted:false
                                                              SSDEEP:3:RGXKRjg0QwVIWRKXECSAV6jDyhjgHGAW+LB2Z4MKLFE1SwhiFAfXQmWyKBPMwRgK:z3frsUpAQQgHGwB26MK8Sw06fXQmWtRT
                                                              MD5:643E00B0186AA80523F8A6BED550A925
                                                              SHA1:EC4056125D6F1A8890FFE01BFFC973C2F6ABD115
                                                              SHA-256:A0C9ABAE18599F0A65FC654AD36251F6330794BEA66B718A09D8B297F3E38E87
                                                              SHA-512:D91A934EAF7D9D669B8AD4452234DE6B23D15237CB4D251F2C78C8339CEE7B4F9BA6B8597E35FE8C81B3D6F64AE707C68FF492903C0EDC3E4BAF2C6B747E247D
                                                              Malicious:false
                                                              Preview:Microsoft Edge settings and storage represent user-selected preferences and information and MUST not be extracted, overwritten or modified except through Microsoft Edge defined APIs.

                                                              C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Default\Secure Preferences (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):6780
                                                              Entropy (8bit):5.58059133801902
                                                              Encrypted:false
                                                              SSDEEP:96:v6i6Plf/ROoBpkF5d1Mil7VaTEv9V5h5pg5vezodIU854cFSpsA5IOrMn3YPo0M1:PGrsT9l554cFSpFIOAn3go0ium
                                                              MD5:8EAE49EA5BDEEF55F605501CBDA1B98E
                                                              SHA1:12A3FF8F8B248A81ABA61628D8B447E8D8F8D223
                                                              SHA-256:FD51A1D6C670990DDC3CF7EF6178659A8468C7BE78C6E9F9E12805465BF661D6
                                                              SHA-512:2692DA538336442144DFA410E305345DBED1BA23DFF0215250AE37691232BFCB2DF86C9C7CA85BA676D14EF92C8D20B44260631E1E962BAD10E3629023098CB1
                                                              Malicious:false
                                                              Preview:{"extensions":{"settings":{"dgiklkfkllikcanfonkcabmbdfmgleag":{"active_permissions":{"api":[],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13369580410161362","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13369580410161362","location":5,"manifest":{"content_capabilities":{"include_globs":["https://*excel.officeapps.live.com/*","https://*onenote.officeapps.live.com/*","https://*powerpoint.officeapps.live.com/*","https://*word-edit.officeapps.live.com/*","https://*excel.officeapps.live.com.mcas.ms/*","https://*onenote.officeapps.live.com.mcas.ms/*","https://*word-edit.officeapps.live.com.mcas.ms/*","https://*excel.partner.officewebapps.cn/*","https://*onenote.partner.officewebapps.cn/*","https://*powerpoint.partner.officewebapps.cn/*","https://*word-edit.partner.officewebapps.cn/*","https://*excel.gov.online.office365.us/*","

                                                              C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Default\Session Storage\000001.dbtmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):16
                                                              Entropy (8bit):3.2743974703476995
                                                              Encrypted:false
                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                              Malicious:false
                                                              Preview:MANIFEST-000001.

                                                              C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Default\Session Storage\000003.log

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:data
                                                              Category:modified
                                                              Size (bytes):148
                                                              Entropy (8bit):4.9595149167964925
                                                              Encrypted:false
                                                              SSDEEP:3:S8ltHlS+QUl1ASEG60FG+WlldllaLuGoD36xW+0GoiVlso3Nv:S85al08TllaLutMWBGfZ3Nv
                                                              MD5:2142AFF83045C7B430F90F71A4E89168
                                                              SHA1:CE337AF532F5EB742EB9367F1D365BECBA4FE9F0
                                                              SHA-256:FADB568812046353C8CA5E1283A42A2C0BB2A66E4304D9E2A22403761C871418
                                                              SHA-512:9F548759FEF16696F963FD613EF452B95383553D367E8F6E8B9B568E6205C17B72070F4DA04AB36D627A65BA92B10095E5C4B70F6B42932E02DD11D693F47C12
                                                              Malicious:false
                                                              Preview:*...#................version.1..namespace-..t c................next-map-id.1.Dnamespace-6b966c4a_9f08_4db3_a342_3c063d2bc114-http://nmt.localhost/.0

                                                              C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Default\Session Storage\CURRENT (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):16
                                                              Entropy (8bit):3.2743974703476995
                                                              Encrypted:false
                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                              Malicious:false
                                                              Preview:MANIFEST-000001.

                                                              C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Default\Session Storage\LOG

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):287
                                                              Entropy (8bit):5.2166869092163255
                                                              Encrypted:false
                                                              SSDEEP:6:uexYGFm81wkn23GKpOWQM72KLlEe6LM+q2Pwkn23GKpOWQMxIFUv:rY1ftwIL9+vYftwHFUv
                                                              MD5:66309927B735A42B65A24E10E7CD4130
                                                              SHA1:664729297D7EDCD29050B7D47ADE00962BFE95D1
                                                              SHA-256:137994DEC3BD6CD970261ADF4BCB9026502A3AF44AC3440FE801053349AA63D9
                                                              SHA-512:B27A2B6DE2DE8B58E035DDB7EF2BC4A829666703C772477B518C5151966698206CCE1F42B5288F7BE1DED35EAF7843D3DD87068AF3AAF0C8848C119C8CB0CFE0
                                                              Malicious:false
                                                              Preview:2024/08/31-08:20:11.626 1fac Creating DB C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Default\Session Storage since it was missing..2024/08/31-08:20:11.655 1fac Reusing MANIFEST C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Default\Session Storage/MANIFEST-000001.

                                                              C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Default\Session Storage\MANIFEST-000001

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:OpenPGP Secret Key
                                                              Category:dropped
                                                              Size (bytes):41
                                                              Entropy (8bit):4.704993772857998
                                                              Encrypted:false
                                                              SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                              MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                              SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                              SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                              SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                              Malicious:false
                                                              Preview:.|.."....leveldb.BytewiseComparator......

                                                              C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Default\Site Characteristics Database\000001.dbtmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):16
                                                              Entropy (8bit):3.2743974703476995
                                                              Encrypted:false
                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                              Malicious:false
                                                              Preview:MANIFEST-000001.

                                                              C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Default\Site Characteristics Database\000003.log

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):40
                                                              Entropy (8bit):3.473726825238924
                                                              Encrypted:false
                                                              SSDEEP:3:41tt0diERGn:et084G
                                                              MD5:148079685E25097536785F4536AF014B
                                                              SHA1:C5FF5B1B69487A9DD4D244D11BBAFA91708C1A41
                                                              SHA-256:F096BC366A931FBA656BDCD77B24AF15A5F29FC53281A727C79F82C608ECFAB8
                                                              SHA-512:C2556034EA51ABFBC172EB62FF11F5AC45C317F84F39D4B9E3DDBD0190DA6EF7FA03FE63631B97AB806430442974A07F8E81B5F7DC52D9F2FCDC669ADCA8D91F
                                                              Malicious:false
                                                              Preview:.On.!................database_metadata.1

                                                              C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Default\Site Characteristics Database\CURRENT (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):16
                                                              Entropy (8bit):3.2743974703476995
                                                              Encrypted:false
                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                              Malicious:false
                                                              Preview:MANIFEST-000001.

                                                              C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Default\Site Characteristics Database\LOG

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):315
                                                              Entropy (8bit):5.126612629288812
                                                              Encrypted:false
                                                              SSDEEP:6:ueB9GcXs1wkn23GKpOUUh2gr52KLlEe4nL+q2Pwkn23GKpOUUh2ghZIFUv:IcXLftwrhHJL2nL+vYftwrhHh2FUv
                                                              MD5:68F1CC722E4FD1865CBFE3DDB78CEBB6
                                                              SHA1:CB6E63CD6ACC037790C5013BC4AF79AB268AD114
                                                              SHA-256:CC8E708C1919CC8387ACD5946B2935FAB93904D60A19D2418CD4427D5343292F
                                                              SHA-512:B25EBED0F72DBFB0837A6BDD31C042DB0013F49C352125B3EFEE993C7A459FF8ADA5D4A7BD0DF7015878935AD00F0286FAF0362A27B39F6258ED4D991B180EE8
                                                              Malicious:false
                                                              Preview:2024/08/31-08:20:10.272 1ecc Creating DB C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Default\Site Characteristics Database since it was missing..2024/08/31-08:20:10.388 1ecc Reusing MANIFEST C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Default\Site Characteristics Database/MANIFEST-000001.

                                                              C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Default\Site Characteristics Database\MANIFEST-000001

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:OpenPGP Secret Key
                                                              Category:dropped
                                                              Size (bytes):41
                                                              Entropy (8bit):4.704993772857998
                                                              Encrypted:false
                                                              SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                              MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                              SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                              SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                              SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                              Malicious:false
                                                              Preview:.|.."....leveldb.BytewiseComparator......

                                                              C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Default\Sync Data\LevelDB\000001.dbtmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):16
                                                              Entropy (8bit):3.2743974703476995
                                                              Encrypted:false
                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                              Malicious:false
                                                              Preview:MANIFEST-000001.

                                                              C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Default\Sync Data\LevelDB\000003.log

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):46
                                                              Entropy (8bit):4.019797536844534
                                                              Encrypted:false
                                                              SSDEEP:3:sLollttz6sjlGXU2tkn:qolXtWswXU2tkn
                                                              MD5:90881C9C26F29FCA29815A08BA858544
                                                              SHA1:06FEE974987B91D82C2839A4BB12991FA99E1BDD
                                                              SHA-256:A2CA52E34B6138624AC2DD20349CDE28482143B837DB40A7F0FBDA023077C26A
                                                              SHA-512:15F7F8197B4FC46C4C5C2570FB1F6DD73CB125F9EE53DFA67F5A0D944543C5347BDAB5CCE95E91DD6C948C9023E23C7F9D76CFF990E623178C92F8D49150A625
                                                              Malicious:false
                                                              Preview:...n'................_mts_schema_descriptor...

                                                              C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Default\Sync Data\LevelDB\CURRENT (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):16
                                                              Entropy (8bit):3.2743974703476995
                                                              Encrypted:false
                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                              Malicious:false
                                                              Preview:MANIFEST-000001.

                                                              C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Default\Sync Data\LevelDB\LOG

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):291
                                                              Entropy (8bit):5.273897403124511
                                                              Encrypted:false
                                                              SSDEEP:6:ueHW1wkn23GKpOgx2KLlEeEtd+q2Pwkn23GKpOWIFUv:FRftwgVLCtYvYftwPFUv
                                                              MD5:E7F8A225BC977B003D40473E462321F7
                                                              SHA1:75747A059941D72862E4E95FBFB912E651C7CB35
                                                              SHA-256:6D636218C461456C9C5A169CAA9268CDEC9425BFABFE5970C04DB3AA72ED59E2
                                                              SHA-512:0C16443E7C57AA34FF5F5F58B47DD935EACB67BC8E7CEABA63A6329AA089A7FD55D1002826C58A1A45FF376A51E6EB437EB6E14FC3E8C8C76553274108B686F4
                                                              Malicious:false
                                                              Preview:2024/08/31-08:20:10.484 1e78 Creating DB C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Default\Sync Data\LevelDB since it was missing..2024/08/31-08:20:10.569 1e78 Reusing MANIFEST C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Default\Sync Data\LevelDB/MANIFEST-000001.

                                                              C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Default\Sync Data\LevelDB\MANIFEST-000001

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:OpenPGP Secret Key
                                                              Category:dropped
                                                              Size (bytes):41
                                                              Entropy (8bit):4.704993772857998
                                                              Encrypted:false
                                                              SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                              MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                              SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                              SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                              SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                              Malicious:false
                                                              Preview:.|.."....leveldb.BytewiseComparator......

                                                              C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Default\Top Sites

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
                                                              Category:dropped
                                                              Size (bytes):20480
                                                              Entropy (8bit):0.3528485475628876
                                                              Encrypted:false
                                                              SSDEEP:12:TLiN6CZhDu6MvDOF5yEHFxOUwa5qguYZ75fOSiPe2d:TLiwCZwE8I6Uwcco5fBtC
                                                              MD5:F2B4FB2D384AA4E4D6F4AEB0BBA217DC
                                                              SHA1:2CD70CFB3CE72D9B079170C360C1F563B6BF150E
                                                              SHA-256:1ECC07CD1D383472DAD33D2A5766625009EA5EACBAEDE2417ADA1842654CBBC8
                                                              SHA-512:48D03991660FA1598B3E002F5BC5F0F05E9696BCB2289240FA8CCBB2C030CDD23245D4ECC0C64DA1E7C54B092C3E60AE0427358F63087018BF0E6CEDC471DD34
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j..........g.....4....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Default\Visited Links

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):131072
                                                              Entropy (8bit):0.005582420312713277
                                                              Encrypted:false
                                                              SSDEEP:3:ImtVpXYviIHtG2eZt/ZST/:IiVpo6wk2eTBSL
                                                              MD5:78C1E3C73A80ABB092FD12BF940C5F79
                                                              SHA1:3C2B577EAC257700FBB1F93E3990C543E07F4B03
                                                              SHA-256:6DC320B22A3B39C7FC1B5A3E168EEFF0BBC8D78913359D1A951D6FA03DF540F4
                                                              SHA-512:53F177C62640A54D4FE06059D7F0714772AE5D3978B9CAEC37E2A8481C0C17374CB435648ED578FF14283656F695F3E61B5030D1975838C3EB0857ACBD99CC9A
                                                              Malicious:false
                                                              Preview:VLnk.....?..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................Z.................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Default\Web Data

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 87, cookie 0x36, schema 4, UTF-8, version-valid-for 3
                                                              Category:dropped
                                                              Size (bytes):178176
                                                              Entropy (8bit):0.9328712687751187
                                                              Encrypted:false
                                                              SSDEEP:192:R2qAdB9TbTbuDDsnxCkvSAE+WslKOMq+c:R2qOB1nxCkvSAELyKOMq+c
                                                              MD5:6B2D5ED0A90C99FD05D58FE8E924C886
                                                              SHA1:34E1103E18E57E9D1769C89DFB2DAD84BFDD54B5
                                                              SHA-256:2873E973AB5B91CD07405FD5D35E2A843A408AD53696372BEC794F4582368E49
                                                              SHA-512:08373748A19C0381866090CB60929A4642BB624AF777240CB63B918180CEEE0C80DFAD852830FC6821AD6266DF1A865940A90D2089621F612617C5E92A4B29B2
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ .......W...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Default\f53f90bc-50fa-4c10-8a61-ade3edb672a3.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):5963
                                                              Entropy (8bit):4.8129801784453194
                                                              Encrypted:false
                                                              SSDEEP:96:stQ/NO7s13Cb9dG8zXn85eh6Cb7/x+6MhmuecDV1eAebTTh2MR7K:stEwsYGkXn88bV+FPVQAIFPhK
                                                              MD5:4D6528C1964050CD128A6A5CE08B13D1
                                                              SHA1:C64D92A951F7258B63FEF6191718E9A103A75B2A
                                                              SHA-256:39DE8B8B2972AC8F9D263BFE496FECCA1C6D772D6468E67D27F148E07730A42D
                                                              SHA-512:8E746BCBDCCB99D0F30D626ED4143518DB7A0492FF033A51B01F5DD92AAA02F84DF76E4522CD107DB5C18168F6EE72F86011B3AE5364028853F4B61BB6229A3E
                                                              Malicious:false
                                                              Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13369580410192375","alternate_error_pages":{"backup":true,"enabled":false},"autocomplete":{"retention_policy_last_version":117},"autofill":{"autostuff_enabled":false,"credit_card_enabled":false,"custom_data_enabled":false,"custom_data_fill_enabled":false,"custom_data_identify_info_from_form_enabled":false,"custom_data_save_enabled":false},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false},"browser_content_container_height":380,"browser_content_container_width":500,"browser_content_container_x":0,"browser_content_container_y":0,"countryid_at_install":17224,"credentials_enable_service":false,"dips_timer_last_update":"13369580410453649","domain_diversity":{"last_reporting_timestamp":"13369580410536711"},"dual_engine":{"consumer_mode":{"ie_user":false},"consumer_site_list_with_ie_entries":false,"consumer_sitelist_location":"","consumer_sitelist_version":"","external_consumer_shared_cookie_data":

                                                              C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Default\heavy_ad_intervention_opt_out.db

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 4, cookie 0x2, schema 4, UTF-8, version-valid-for 2
                                                              Category:dropped
                                                              Size (bytes):16384
                                                              Entropy (8bit):0.35226517389931394
                                                              Encrypted:false
                                                              SSDEEP:12:TLC+waBg9LBgVDBgQjiZBgKuFtuQkMbmgcVAzO5kMCgGUg5OR:TLPdBgtBgJBgQjiZS53uQFE27MCgGZsR
                                                              MD5:D2CCDC36225684AAE8FA563AFEDB14E7
                                                              SHA1:3759649035F23004A4C30A14C5F0B54191BEBF80
                                                              SHA-256:080AEE864047C67CB1586A5BA5EDA007AFD18ECC2B702638287E386F159D7AEE
                                                              SHA-512:1A915AF643D688CA68AEDC1FF26C407D960D18DFDE838B417C437D7ADAC7B91C906E782DCC414784E64287915BD1DE5BB6A282E59AA9FEB8C384B4D4BC5F70EC
                                                              Malicious:false
                                                              Preview:SQLite format 3......@ ..........................................................................j.......Q......Q......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Default\shared_proto_db\000001.dbtmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):16
                                                              Entropy (8bit):3.2743974703476995
                                                              Encrypted:false
                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                              Malicious:false
                                                              Preview:MANIFEST-000001.

                                                              C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Default\shared_proto_db\000003.log

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):100
                                                              Entropy (8bit):3.2073824618951257
                                                              Encrypted:false
                                                              SSDEEP:3:VVXntjQPEnjQvxljl:/XntM+4ljl
                                                              MD5:72BE20D992CF12FF688D9C672A7EDAFD
                                                              SHA1:7D01A82EED7DD41776B04E0F9CC80059EA9715E3
                                                              SHA-256:C83848B49A734F0892972625B70108D27ABFC1A5B799D91C3CE11B89D5E51194
                                                              SHA-512:ED0A108AB089F3CDE11DA9409FF15EC94442B726863423C0E87EEAF47A3B112ADB4B92D4D28BA0B0F01A2DA112821D010186D3E40D0804DCCA6C33A07385382D
                                                              Malicious:false
                                                              Preview:A..r.................20_1_1...1.,U.................20_1_1...1..&f.................&f...............

                                                              C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Default\shared_proto_db\CURRENT (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):16
                                                              Entropy (8bit):3.2743974703476995
                                                              Encrypted:false
                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                              Malicious:false
                                                              Preview:MANIFEST-000001.

                                                              C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Default\shared_proto_db\LOG

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):287
                                                              Entropy (8bit):5.311312688304566
                                                              Encrypted:false
                                                              SSDEEP:6:ueFwmRq1wkn23GKpO4rl2KLlEeFt+q2Pwkn23GKpO4rK+IFUv:QyftwqLwvYftw53FUv
                                                              MD5:62321E9F3B878B45BAB057E8BAEA177B
                                                              SHA1:9CEC73EBE5A2BD9EA33272D937B0F35742B702F9
                                                              SHA-256:4F79875259A8BA3715145AEE14875E065F15187CFAFF39198ED263CDFC358179
                                                              SHA-512:1620E841C884B106B9C5F9FE2FA0941B31B9B84C7FAE99D4AFF9D67E5A67832BB0A01749EA32666E0A0BB4E2A471135E3E08496913A006D4AAF2770EA4B46470
                                                              Malicious:false
                                                              Preview:2024/08/31-08:20:10.664 1ec8 Creating DB C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Default\shared_proto_db since it was missing..2024/08/31-08:20:10.685 1ec8 Reusing MANIFEST C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Default\shared_proto_db/MANIFEST-000001.

                                                              C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Default\shared_proto_db\MANIFEST-000001

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:OpenPGP Secret Key
                                                              Category:dropped
                                                              Size (bytes):41
                                                              Entropy (8bit):4.704993772857998
                                                              Encrypted:false
                                                              SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                              MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                              SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                              SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                              SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                              Malicious:false
                                                              Preview:.|.."....leveldb.BytewiseComparator......

                                                              C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Default\shared_proto_db\metadata\000001.dbtmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):16
                                                              Entropy (8bit):3.2743974703476995
                                                              Encrypted:false
                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                              Malicious:false
                                                              Preview:MANIFEST-000001.

                                                              C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Default\shared_proto_db\metadata\000003.log

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):443
                                                              Entropy (8bit):3.8632842697631133
                                                              Encrypted:false
                                                              SSDEEP:6:G0Xtqcsqc9Ct3mxKm9HTl1mL//3mQtmF2lHDNm8L/3mtyWmF2lpgll1mF2lA3m8e:G0nYUteza//z3p/F+iPAHlT0
                                                              MD5:1DE951E901ED35E532EEBE62E25D7B68
                                                              SHA1:31CC63C8C6AD38F1AD9EC5B75391E5E642D5EB73
                                                              SHA-256:19A8D45F22049CA45CCCF3CE04A1C3BA194B7CE6DB6F94FBDEBC95D5A3F55B23
                                                              SHA-512:BD76B10AE75E2F5C458B53627D4B85E00BB275CE2FD622EEB60E16E7B2C68AF06105B9BA7EDD2F948821A07FCBB1FD64C690EF77E789255375C3F1E44A865CA9
                                                              Malicious:false
                                                              Preview:.h.6.................__global... .t...................__global... .9..b.................33_..........................21_.....n[.=.................33_.....vuNX.................21_.....<...................20_.....,.1..................19_.....QL.s.................18_......Q...................20_.......w<.................20_.......ln.................19_......Y...................18_.....%.{..................9_.....f..U.................9_.....

                                                              C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Default\shared_proto_db\metadata\CURRENT (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):16
                                                              Entropy (8bit):3.2743974703476995
                                                              Encrypted:false
                                                              SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                              MD5:46295CAC801E5D4857D09837238A6394
                                                              SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                              SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                              SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                              Malicious:false
                                                              Preview:MANIFEST-000001.

                                                              C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Default\shared_proto_db\metadata\LOG

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:ASCII text
                                                              Category:dropped
                                                              Size (bytes):305
                                                              Entropy (8bit):5.267898140093695
                                                              Encrypted:false
                                                              SSDEEP:6:ueF2mRq1wkn23GKpO4rzs52KLlEeFDFQ3+q2Pwkn23GKpO4rzAdIFUv:Wyftw59L7FQOvYftwuFUv
                                                              MD5:E7384E108A53C1664625D3CFB69BC91E
                                                              SHA1:3BF13872C89E540B41605680945A75485D3A1D5E
                                                              SHA-256:8628230992E4BE9160A1D1BB02283E2E35E6B441C566E001E4247C8370510636
                                                              SHA-512:63E94B0538C56DD2A3E4FEB31FD797418C50B828704BBBB869F323BD4F9C835C8FC16C541926EDE7936E2141E1E7E18E46026A9D69371C4AD42A045A190F2ABF
                                                              Malicious:false
                                                              Preview:2024/08/31-08:20:10.644 1ec8 Creating DB C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Default\shared_proto_db\metadata since it was missing..2024/08/31-08:20:10.653 1ec8 Reusing MANIFEST C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Default\shared_proto_db\metadata/MANIFEST-000001.

                                                              C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Default\shared_proto_db\metadata\MANIFEST-000001

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:OpenPGP Secret Key
                                                              Category:dropped
                                                              Size (bytes):41
                                                              Entropy (8bit):4.704993772857998
                                                              Encrypted:false
                                                              SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                              MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                              SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                              SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                              SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                              Malicious:false
                                                              Preview:.|.."....leveldb.BytewiseComparator......

                                                              C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\GrShaderCache\data_0

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                              Category:dropped
                                                              Size (bytes):8192
                                                              Entropy (8bit):0.01057775872642915
                                                              Encrypted:false
                                                              SSDEEP:3:MsFl:/F
                                                              MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                              SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                              SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                              SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                              Malicious:false
                                                              Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\GrShaderCache\data_1

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):270336
                                                              Entropy (8bit):8.280239615765425E-4
                                                              Encrypted:false
                                                              SSDEEP:3:MsEllllkEthXllkl2:/M/xT02
                                                              MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                                              SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                                              SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                                              SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                                              Malicious:false
                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\GrShaderCache\data_2

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):8192
                                                              Entropy (8bit):0.011852361981932763
                                                              Encrypted:false
                                                              SSDEEP:3:MsHlDll:/H
                                                              MD5:0962291D6D367570BEE5454721C17E11
                                                              SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                              SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                              SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                              Malicious:false
                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\GrShaderCache\data_3

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):8192
                                                              Entropy (8bit):0.012340643231932763
                                                              Encrypted:false
                                                              SSDEEP:3:MsGl3ll:/y
                                                              MD5:41876349CB12D6DB992F1309F22DF3F0
                                                              SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                              SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                              SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                              Malicious:false
                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\GrShaderCache\index

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                              Category:dropped
                                                              Size (bytes):262512
                                                              Entropy (8bit):9.448177365217996E-4
                                                              Encrypted:false
                                                              SSDEEP:3:LsNlNjKll/:Ls35Klt
                                                              MD5:E1E50FC3B3EC817B9673194594D81201
                                                              SHA1:3AB839AA1897EB073D420C65A33CC48F3B4A56D6
                                                              SHA-256:2D3F15C75A7E56BA33A051B7BCC17595D1420FFF74A954C6E325DF731AD4A688
                                                              SHA-512:BC4D234A4E8EFE4CAFBE64711677E3BB120C61AEF6CB3ABD2D7D2FB26C6637F484305FE066D633912547D5B3519B0D641E2D1EB57BE3E624A5F7261DA2E62665
                                                              Malicious:false
                                                              Preview:..........................................0.../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\GraphiteDawnCache\data_0

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                              Category:dropped
                                                              Size (bytes):8192
                                                              Entropy (8bit):0.01057775872642915
                                                              Encrypted:false
                                                              SSDEEP:3:MsFl:/F
                                                              MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                              SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                              SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                              SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                              Malicious:false
                                                              Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\GraphiteDawnCache\data_1

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):270336
                                                              Entropy (8bit):8.280239615765425E-4
                                                              Encrypted:false
                                                              SSDEEP:3:MsEllllkEthXllkl2:/M/xT02
                                                              MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                                              SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                                              SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                                              SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                                              Malicious:false
                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\GraphiteDawnCache\data_2

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):8192
                                                              Entropy (8bit):0.011852361981932763
                                                              Encrypted:false
                                                              SSDEEP:3:MsHlDll:/H
                                                              MD5:0962291D6D367570BEE5454721C17E11
                                                              SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                              SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                              SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                              Malicious:false
                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\GraphiteDawnCache\data_3

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):8192
                                                              Entropy (8bit):0.012340643231932763
                                                              Encrypted:false
                                                              SSDEEP:3:MsGl3ll:/y
                                                              MD5:41876349CB12D6DB992F1309F22DF3F0
                                                              SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                              SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                              SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                              Malicious:false
                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\GraphiteDawnCache\index

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                              Category:dropped
                                                              Size (bytes):262512
                                                              Entropy (8bit):9.448177365217996E-4
                                                              Encrypted:false
                                                              SSDEEP:3:LsNlTE/:Ls3o
                                                              MD5:3AB72CB7E092137397EF4B04E548CF8C
                                                              SHA1:821C2BB91E7733BD4BC5035ABC2DB14A7E1654D5
                                                              SHA-256:412260307A52FDC312D1DA0D799531E44343E003089E46F2B87240B07190F87A
                                                              SHA-512:5507D06E7DC7CF24F1DC569449E98EE301F648680FD20CDBA9A8F209D4F75B31DBFBAFAD0ADE98C9DE508F8F051DC5CACDE377EC01F8BEE5A8A61F84DB6A81CB
                                                              Malicious:false
                                                              Preview:..........................................2.../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Last Version

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:ASCII text, with no line terminators
                                                              Category:dropped
                                                              Size (bytes):13
                                                              Entropy (8bit):2.7192945256669794
                                                              Encrypted:false
                                                              SSDEEP:3:NYLFRQI:ap2I
                                                              MD5:BF16C04B916ACE92DB941EBB1AF3CB18
                                                              SHA1:FA8DAEAE881F91F61EE0EE21BE5156255429AA8A
                                                              SHA-256:7FC23C9028A316EC0AC25B09B5B0D61A1D21E58DFCF84C2A5F5B529129729098
                                                              SHA-512:F0B7DF5517596B38D57C57B5777E008D6229AB5B1841BBE74602C77EEA2252BF644B8650C7642BD466213F62E15CC7AB5A95B28E26D3907260ED1B96A74B65FB
                                                              Malicious:false
                                                              Preview:117.0.2045.47

                                                              C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Local State (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):950
                                                              Entropy (8bit):5.743859093142071
                                                              Encrypted:false
                                                              SSDEEP:24:YKWJu5rrtMt0JELE7BnaeCUWO5bPbvXX7QQRCYfYg:Yqf+t0JEmBnZH5PvnUB0
                                                              MD5:2A2CD60C9FE2163912C61C65E9A3DC10
                                                              SHA1:ADCE433B399D982DE483C277F869B1524D324EA7
                                                              SHA-256:C35C4F5D216D94461497D6584B12ABC7746956E3636667BF0781F0D31FC626E5
                                                              SHA-512:534EB96E269084ABB79766FD67A1EFCCC131FA95A17D6CD5FBB2186A79BF060C07A4F8F171651759BF9D38EC8D493034296E7F18A46AA819999C4592F7024ECA
                                                              Malicious:false
                                                              Preview:{"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABhsl1aQVbMQoaFAtlKP7OjEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAACR5sCZHXkMVHWrH0xsM20ZpfPFS5uBRnD6+2XfGrAScAAAAAAOgAAAAAIAACAAAAACmHGYskA22D0vHEd2COSd2rPLXGdXRLX2yakIRBIkRzAAAABPR/WTroV5Uj9NJ5WoHH72yWOSUxDpA0nsVBD4NuM5JB1gPdCPYP8jtkM58QUQTMVAAAAAEBOTvuRFgJ/OwknoIJATwmPSZVWqma1H+4sv+bZ4p33qjVhTY6qB1aopWY9BhaTwUj3XXY+rbMVUMuXzE2VgiQ=="},"uninstall_metrics":{"installation_date2":"1725106809"},"user_experience_metrics":{"client_id2":"{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}C:\\Users\\user0s:92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A","diagnostics":{"last_data_collection_level_on_launch":1},"low_entropy_source3":1009,"pseudo_low_entropy_source":3349,"reset_client_id_deterministic":true,"stability":{"browser_last_live_timestamp":"13369580409769661","stats_buildtime":"1695934310","stats_version":"117.0.2045.47-64","system_crash_count":0}}}

                                                              C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Local State~RF57a292.TMP (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):950
                                                              Entropy (8bit):5.743859093142071
                                                              Encrypted:false
                                                              SSDEEP:24:YKWJu5rrtMt0JELE7BnaeCUWO5bPbvXX7QQRCYfYg:Yqf+t0JEmBnZH5PvnUB0
                                                              MD5:2A2CD60C9FE2163912C61C65E9A3DC10
                                                              SHA1:ADCE433B399D982DE483C277F869B1524D324EA7
                                                              SHA-256:C35C4F5D216D94461497D6584B12ABC7746956E3636667BF0781F0D31FC626E5
                                                              SHA-512:534EB96E269084ABB79766FD67A1EFCCC131FA95A17D6CD5FBB2186A79BF060C07A4F8F171651759BF9D38EC8D493034296E7F18A46AA819999C4592F7024ECA
                                                              Malicious:false
                                                              Preview:{"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABhsl1aQVbMQoaFAtlKP7OjEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAACR5sCZHXkMVHWrH0xsM20ZpfPFS5uBRnD6+2XfGrAScAAAAAAOgAAAAAIAACAAAAACmHGYskA22D0vHEd2COSd2rPLXGdXRLX2yakIRBIkRzAAAABPR/WTroV5Uj9NJ5WoHH72yWOSUxDpA0nsVBD4NuM5JB1gPdCPYP8jtkM58QUQTMVAAAAAEBOTvuRFgJ/OwknoIJATwmPSZVWqma1H+4sv+bZ4p33qjVhTY6qB1aopWY9BhaTwUj3XXY+rbMVUMuXzE2VgiQ=="},"uninstall_metrics":{"installation_date2":"1725106809"},"user_experience_metrics":{"client_id2":"{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}C:\\Users\\user0s:92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A","diagnostics":{"last_data_collection_level_on_launch":1},"low_entropy_source3":1009,"pseudo_low_entropy_source":3349,"reset_client_id_deterministic":true,"stability":{"browser_last_live_timestamp":"13369580409769661","stats_buildtime":"1695934310","stats_version":"117.0.2045.47-64","system_crash_count":0}}}

                                                              C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Local State~RF57a2b1.TMP (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):950
                                                              Entropy (8bit):5.743859093142071
                                                              Encrypted:false
                                                              SSDEEP:24:YKWJu5rrtMt0JELE7BnaeCUWO5bPbvXX7QQRCYfYg:Yqf+t0JEmBnZH5PvnUB0
                                                              MD5:2A2CD60C9FE2163912C61C65E9A3DC10
                                                              SHA1:ADCE433B399D982DE483C277F869B1524D324EA7
                                                              SHA-256:C35C4F5D216D94461497D6584B12ABC7746956E3636667BF0781F0D31FC626E5
                                                              SHA-512:534EB96E269084ABB79766FD67A1EFCCC131FA95A17D6CD5FBB2186A79BF060C07A4F8F171651759BF9D38EC8D493034296E7F18A46AA819999C4592F7024ECA
                                                              Malicious:false
                                                              Preview:{"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABhsl1aQVbMQoaFAtlKP7OjEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAACR5sCZHXkMVHWrH0xsM20ZpfPFS5uBRnD6+2XfGrAScAAAAAAOgAAAAAIAACAAAAACmHGYskA22D0vHEd2COSd2rPLXGdXRLX2yakIRBIkRzAAAABPR/WTroV5Uj9NJ5WoHH72yWOSUxDpA0nsVBD4NuM5JB1gPdCPYP8jtkM58QUQTMVAAAAAEBOTvuRFgJ/OwknoIJATwmPSZVWqma1H+4sv+bZ4p33qjVhTY6qB1aopWY9BhaTwUj3XXY+rbMVUMuXzE2VgiQ=="},"uninstall_metrics":{"installation_date2":"1725106809"},"user_experience_metrics":{"client_id2":"{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}C:\\Users\\user0s:92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A","diagnostics":{"last_data_collection_level_on_launch":1},"low_entropy_source3":1009,"pseudo_low_entropy_source":3349,"reset_client_id_deterministic":true,"stability":{"browser_last_live_timestamp":"13369580409769661","stats_buildtime":"1695934310","stats_version":"117.0.2045.47-64","system_crash_count":0}}}

                                                              C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Local State~RF57c934.TMP (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):950
                                                              Entropy (8bit):5.743859093142071
                                                              Encrypted:false
                                                              SSDEEP:24:YKWJu5rrtMt0JELE7BnaeCUWO5bPbvXX7QQRCYfYg:Yqf+t0JEmBnZH5PvnUB0
                                                              MD5:2A2CD60C9FE2163912C61C65E9A3DC10
                                                              SHA1:ADCE433B399D982DE483C277F869B1524D324EA7
                                                              SHA-256:C35C4F5D216D94461497D6584B12ABC7746956E3636667BF0781F0D31FC626E5
                                                              SHA-512:534EB96E269084ABB79766FD67A1EFCCC131FA95A17D6CD5FBB2186A79BF060C07A4F8F171651759BF9D38EC8D493034296E7F18A46AA819999C4592F7024ECA
                                                              Malicious:false
                                                              Preview:{"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABhsl1aQVbMQoaFAtlKP7OjEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAACR5sCZHXkMVHWrH0xsM20ZpfPFS5uBRnD6+2XfGrAScAAAAAAOgAAAAAIAACAAAAACmHGYskA22D0vHEd2COSd2rPLXGdXRLX2yakIRBIkRzAAAABPR/WTroV5Uj9NJ5WoHH72yWOSUxDpA0nsVBD4NuM5JB1gPdCPYP8jtkM58QUQTMVAAAAAEBOTvuRFgJ/OwknoIJATwmPSZVWqma1H+4sv+bZ4p33qjVhTY6qB1aopWY9BhaTwUj3XXY+rbMVUMuXzE2VgiQ=="},"uninstall_metrics":{"installation_date2":"1725106809"},"user_experience_metrics":{"client_id2":"{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}C:\\Users\\user0s:92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A","diagnostics":{"last_data_collection_level_on_launch":1},"low_entropy_source3":1009,"pseudo_low_entropy_source":3349,"reset_client_id_deterministic":true,"stability":{"browser_last_live_timestamp":"13369580409769661","stats_buildtime":"1695934310","stats_version":"117.0.2045.47-64","system_crash_count":0}}}

                                                              C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Local State~RF58b346.TMP (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):950
                                                              Entropy (8bit):5.743859093142071
                                                              Encrypted:false
                                                              SSDEEP:24:YKWJu5rrtMt0JELE7BnaeCUWO5bPbvXX7QQRCYfYg:Yqf+t0JEmBnZH5PvnUB0
                                                              MD5:2A2CD60C9FE2163912C61C65E9A3DC10
                                                              SHA1:ADCE433B399D982DE483C277F869B1524D324EA7
                                                              SHA-256:C35C4F5D216D94461497D6584B12ABC7746956E3636667BF0781F0D31FC626E5
                                                              SHA-512:534EB96E269084ABB79766FD67A1EFCCC131FA95A17D6CD5FBB2186A79BF060C07A4F8F171651759BF9D38EC8D493034296E7F18A46AA819999C4592F7024ECA
                                                              Malicious:false
                                                              Preview:{"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABhsl1aQVbMQoaFAtlKP7OjEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAACR5sCZHXkMVHWrH0xsM20ZpfPFS5uBRnD6+2XfGrAScAAAAAAOgAAAAAIAACAAAAACmHGYskA22D0vHEd2COSd2rPLXGdXRLX2yakIRBIkRzAAAABPR/WTroV5Uj9NJ5WoHH72yWOSUxDpA0nsVBD4NuM5JB1gPdCPYP8jtkM58QUQTMVAAAAAEBOTvuRFgJ/OwknoIJATwmPSZVWqma1H+4sv+bZ4p33qjVhTY6qB1aopWY9BhaTwUj3XXY+rbMVUMuXzE2VgiQ=="},"uninstall_metrics":{"installation_date2":"1725106809"},"user_experience_metrics":{"client_id2":"{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}C:\\Users\\user0s:92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A","diagnostics":{"last_data_collection_level_on_launch":1},"low_entropy_source3":1009,"pseudo_low_entropy_source":3349,"reset_client_id_deterministic":true,"stability":{"browser_last_live_timestamp":"13369580409769661","stats_buildtime":"1695934310","stats_version":"117.0.2045.47-64","system_crash_count":0}}}

                                                              C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Local State~RF5924fb.TMP (copy)

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):950
                                                              Entropy (8bit):5.743859093142071
                                                              Encrypted:false
                                                              SSDEEP:24:YKWJu5rrtMt0JELE7BnaeCUWO5bPbvXX7QQRCYfYg:Yqf+t0JEmBnZH5PvnUB0
                                                              MD5:2A2CD60C9FE2163912C61C65E9A3DC10
                                                              SHA1:ADCE433B399D982DE483C277F869B1524D324EA7
                                                              SHA-256:C35C4F5D216D94461497D6584B12ABC7746956E3636667BF0781F0D31FC626E5
                                                              SHA-512:534EB96E269084ABB79766FD67A1EFCCC131FA95A17D6CD5FBB2186A79BF060C07A4F8F171651759BF9D38EC8D493034296E7F18A46AA819999C4592F7024ECA
                                                              Malicious:false
                                                              Preview:{"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABhsl1aQVbMQoaFAtlKP7OjEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAACR5sCZHXkMVHWrH0xsM20ZpfPFS5uBRnD6+2XfGrAScAAAAAAOgAAAAAIAACAAAAACmHGYskA22D0vHEd2COSd2rPLXGdXRLX2yakIRBIkRzAAAABPR/WTroV5Uj9NJ5WoHH72yWOSUxDpA0nsVBD4NuM5JB1gPdCPYP8jtkM58QUQTMVAAAAAEBOTvuRFgJ/OwknoIJATwmPSZVWqma1H+4sv+bZ4p33qjVhTY6qB1aopWY9BhaTwUj3XXY+rbMVUMuXzE2VgiQ=="},"uninstall_metrics":{"installation_date2":"1725106809"},"user_experience_metrics":{"client_id2":"{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}C:\\Users\\user0s:92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A","diagnostics":{"last_data_collection_level_on_launch":1},"low_entropy_source3":1009,"pseudo_low_entropy_source":3349,"reset_client_id_deterministic":true,"stability":{"browser_last_live_timestamp":"13369580409769661","stats_buildtime":"1695934310","stats_version":"117.0.2045.47-64","system_crash_count":0}}}

                                                              C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\ShaderCache\data_0

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                              Category:dropped
                                                              Size (bytes):8192
                                                              Entropy (8bit):0.01057775872642915
                                                              Encrypted:false
                                                              SSDEEP:3:MsFl:/F
                                                              MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                              SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                              SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                              SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                              Malicious:false
                                                              Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\ShaderCache\data_1

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):270336
                                                              Entropy (8bit):8.280239615765425E-4
                                                              Encrypted:false
                                                              SSDEEP:3:MsEllllkEthXllkl2:/M/xT02
                                                              MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                                              SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                                              SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                                              SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                                              Malicious:false
                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\ShaderCache\data_2

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):8192
                                                              Entropy (8bit):0.011852361981932763
                                                              Encrypted:false
                                                              SSDEEP:3:MsHlDll:/H
                                                              MD5:0962291D6D367570BEE5454721C17E11
                                                              SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                              SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                              SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                              Malicious:false
                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\ShaderCache\data_3

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:data
                                                              Category:dropped
                                                              Size (bytes):8192
                                                              Entropy (8bit):0.012340643231932763
                                                              Encrypted:false
                                                              SSDEEP:3:MsGl3ll:/y
                                                              MD5:41876349CB12D6DB992F1309F22DF3F0
                                                              SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                              SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                              SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                              Malicious:false
                                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\ShaderCache\index

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                              Category:dropped
                                                              Size (bytes):262512
                                                              Entropy (8bit):9.448177365217996E-4
                                                              Encrypted:false
                                                              SSDEEP:3:LsNl5aq:Ls35R
                                                              MD5:9C9E50AB066D50329F8A45A0AF57FF42
                                                              SHA1:7C22FAE05750095164AD918890A01BADC6417829
                                                              SHA-256:43E3F26F7944B2B46788B2C89923B4A969B32D5E19D7B4AD938E2DAFF0942F9D
                                                              SHA-512:31429E77D5E306360562BAC531577016BE5DF7368999A89EB89EF11E56F725AC334C63A04913B6641391BCACE3E8297BD7F1BC6CBA2F8EDFC6085184FFC9E12E
                                                              Malicious:false
                                                              Preview:.........................................t#.../.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                              C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Variations

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):86
                                                              Entropy (8bit):4.3751917412896075
                                                              Encrypted:false
                                                              SSDEEP:3:YQ3JYq9xSs0dMEJAELJ2rjozQan:YQ3Kq9X0dMgAEwjM
                                                              MD5:961E3604F228B0D10541EBF921500C86
                                                              SHA1:6E00570D9F78D9CFEBE67D4DA5EFE546543949A7
                                                              SHA-256:F7B24F2EB3D5EB0550527490395D2F61C3D2FE74BB9CB345197DAD81B58B5FED
                                                              SHA-512:535F930AFD2EF50282715C7E48859CC2D7B354FF4E6C156B94D5A2815F589B33189FFEDFCAF4456525283E993087F9F560D84CFCF497D189AB8101510A09C472
                                                              Malicious:false
                                                              Preview:{"user_experience_metrics.stability.exited_cleanly":false,"variations_crash_streak":0}

                                                              C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\f5ba9b99-1764-4816-8dcb-21c57a247ed8.tmp

                                                              Download File
                                                              Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              File Type:JSON data
                                                              Category:dropped
                                                              Size (bytes):2052
                                                              Entropy (8bit):5.494998450195899
                                                              Encrypted:false
                                                              SSDEEP:48:YDEFMsFiHC0af+t0JEde15nPHB+kdrxMBnZHFRPTnUBG/d2a:PNkC1f+ylL/BVCpZjPTnUI4a
                                                              MD5:12FE6147DE1EF28DD32121738F74A03A
                                                              SHA1:71713D8793DC4E2E5105440C878766205BB36FBE
                                                              SHA-256:AA7F3BC4FA447810D4CFD66695EB78E88E64F9E4D46E1647FC8C865E2366C2DD
                                                              SHA-512:F9C2F5D65A28C8FFAB83204DB9D2904A554B6F426449038FDACE0AE219CEDA27504031A593706C2C9F02D86824F2637A963A0999C1316AEAD51D99585EBB7AD7
                                                              Malicious:false
                                                              Preview:{"dual_engine":{"ie_to_edge":{"redirection_mode":0}},"edge":{"tab_stabs":{"closed_without_unfreeze_never_unfrozen":0,"closed_without_unfreeze_previously_unfrozen":0,"discard_without_unfreeze_never_unfrozen":0,"discard_without_unfreeze_previously_unfrozen":0},"tab_stats":{"frozen_daily":0,"unfrozen_daily":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABhsl1aQVbMQoaFAtlKP7OjEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAACR5sCZHXkMVHWrH0xsM20ZpfPFS5uBRnD6+2XfGrAScAAAAAAOgAAAAAIAACAAAAACmHGYskA22D0vHEd2COSd2rPLXGdXRLX2yakIRBIkRzAAAABPR/WTroV5Uj9NJ5WoHH72yWOSUxDpA0nsVBD4NuM5JB1gPdCPYP8jtkM58QUQTMVAAAAAEBOTvuRFgJ/OwknoIJATwmPSZVWqma1H+4sv+bZ4p33qjVhTY6qB1aopWY9BhaTwUj3XXY+rbMVUMuXzE2VgiQ=="},"policy":{"last_statistics_update":"13369580410081676"},"profile":{"info_cache":{},"profile_counts_reported":"13369580410087720","profiles_order":[]},

                                                              Static File Info

                                                              General

                                                              File type:PE32+ executable (GUI) x86-64, for MS Windows
                                                              Entropy (8bit):7.869668087120094
                                                              TrID:
                                                              • Win64 Executable GUI (202006/5) 92.65%
                                                              • Win64 Executable (generic) (12005/4) 5.51%
                                                              • Generic Win/DOS Executable (2004/3) 0.92%
                                                              • DOS Executable Generic (2002/1) 0.92%
                                                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                              File name:SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe
                                                              File size:15'394'816 bytes
                                                              MD5:43b1b2c0a77f854b3da78dcea07dde13
                                                              SHA1:3bba28b52b62a793bbfab4a70e086d914534c131
                                                              SHA256:1da656b1a5ab3d5fe578eb6bcfd078bf68df4a7ecc570b611686b0213cb54775
                                                              SHA512:27cf1ccc678f8965697685d494a210ee2215c7899318b78e817097576009cf715de905c08bb0804a72970ef6e818152898c6ec2fff8b61dab4601759cc8654a3
                                                              SSDEEP:196608:TbI0WbFRHC+NnoqXR/vr8Fgbzb4oK8kdVAsPzTHrVyhwxucf08VqYdUmyg9Dl/kM:FWfTh/vrFzb4oK8iDLTL8py98a/kVAP
                                                              TLSH:57F623C154FE92FCD197071028C2638E3CD8317695FDDADD39CA4C1766C2E6A89CA2B6
                                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d...g..f..........#....(.8H...(................@.......................................... ................................

                                                              File Icon

                                                              Icon Hash:71b0aa2a69ac740d

                                                              Static PE Info

                                                              General

                                                              Entrypoint:0x1411404b2
                                                              Entrypoint Section:.nmt2
                                                              Digitally signed:false
                                                              Imagebase:0x140000000
                                                              Subsystem:windows gui
                                                              Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                              DLL Characteristics:HIGH_ENTROPY_VA, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                              Time Stamp:0x66CAF767 [Sun Aug 25 09:20:39 2024 UTC]
                                                              TLS Callbacks:0x4134795a, 0x1, 0x403d0600, 0x1
                                                              CLR (.Net) Version:
                                                              OS Version Major:6
                                                              OS Version Minor:0
                                                              File Version Major:6
                                                              File Version Minor:0
                                                              Subsystem Version Major:6
                                                              Subsystem Version Minor:0
                                                              Import Hash:707c87659a8652c67689ad2fe3348d58

                                                              Entrypoint Preview

                                                              Instruction
                                                              call 00007F8394ECEB28h
                                                              call 00007F83952AFBA9h
                                                              sbb ecx, dword ptr [ecx+25h]
                                                              lodsd
                                                              leave
                                                              and ebx, dword ptr [ecx-2139BECEh]
                                                              sahf
                                                              jnc 00007F83950AF60Bh
                                                              xor al, byte ptr [ecx-62h]
                                                              adc ecx, ebx
                                                              xor ebx, dword ptr [ecx+21964132h]
                                                              cdq
                                                              jnc 00007F83950AF60Bh
                                                              xor al, byte ptr [ecx-02h]
                                                              mov fs, word ptr [ecx]
                                                              xor eax, 6F95EB3Ah
                                                              js 00007F83950AF6BAh
                                                              movsd
                                                              adc byte ptr [esi-29h], ch
                                                              lodsd
                                                              dec edx
                                                              bound esp, dword ptr [ecx+2BC2EB1Eh]
                                                              dec esp
                                                              imul ebx, edi, 2D36A400h
                                                              pop esp
                                                              lea ecx, dword ptr [eax-30h]
                                                              inc edx
                                                              and cl, byte ptr [ebx]
                                                              call far esi
                                                              aas
                                                              lodsd
                                                              outsd
                                                              push edx
                                                              cld
                                                              pushfd
                                                              fld qword ptr [ebx+2E2EF480h]
                                                              mov ebx, 40443031h
                                                              js 00007F83950AF631h
                                                              jl 00007F83950AF6DAh
                                                              mov seg?, word ptr [esi+ebx*2]
                                                              jmp far 5A05h : 3E2C9CDDh
                                                              dec ecx
                                                              retn B7E0h
                                                              add byte ptr [eax-57BDDA09h], cl
                                                              mov byte ptr [edi-35h], bh
                                                              pop edx
                                                              scasd
                                                              xchg eax, ecx
                                                              aad BFh
                                                              out 4Dh, eax
                                                              fsubr st(0), st(3)
                                                              outsd
                                                              inc ecx
                                                              lodsd
                                                              inc edx
                                                              into
                                                              adc ecx, dword ptr [edi-4C15CAE0h]
                                                              into
                                                              nop
                                                              jns 00007F83950AF632h
                                                              pop esi
                                                              in eax, dx
                                                              and byte ptr [ebx+19h], bh
                                                              loop 00007F83950AF6EDh
                                                              das
                                                              sbb ebx, edx
                                                              add ch, byte ptr [edi]
                                                              cwde
                                                              xor al, A0h
                                                              fmul dword ptr [edx+7CD925EDh]
                                                              jns 00007F83950AF5F8h
                                                              mov dword ptr [F4D96F7Ah], eax
                                                              jns 00007F83950AF6B8h
                                                              cli
                                                              inc eax
                                                              fcom dword ptr [ecx]
                                                              push eax
                                                              and byte ptr [edi], bl
                                                              salc
                                                              sub dword ptr [ecx], esp
                                                              out 1Dh, eax
                                                              jnp 00007F83950AF6E1h
                                                              fxtract
                                                              mov dword ptr [E9B40259h], eax
                                                              pop esi

                                                              Data Directories

                                                              NameVirtual AddressVirtual Size Is in Section
                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x11d49480x230.nmt2
                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x1cde0000xe3a6.rsrc
                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x1ca06d00x3d308.nmt2
                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_TLS0x11586200x28.nmt2
                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x1ca05900x140.nmt2
                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_IAT0xe3d0000x1d8.nmt1
                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                              Sections

                                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                              .text0x10000x4837400x0d41d8cd98f00b204e9800998ecf8427eunknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                              .rdata0x4850000x23ded80x0d41d8cd98f00b204e9800998ecf8427eunknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                              .data0x6c30000x35c00x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                              .pdata0x6c70000x3a9980x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                              .nmt00x7020000x73a0830x0d41d8cd98f00b204e9800998ecf8427eunknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                              .nmt10xe3d0000x14bc0x16002b5e82b5be4d611f371e72eb02768e51False0.036931818181818184data0.2826847272103332IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                              .nmt20xe3f0000xe9e9d80xe9ea009ecbc6b98ae3ca1cba662122976e40c4unknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_NOT_PAGED, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                              .rsrc0x1cde0000xe3a60xe400c15066be562053b230f82c8d9314b980False0.948156524122807data7.899863903160729IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                              Resources

                                                              NameRVASizeTypeLanguageCountryZLIB Complexity
                                                              RT_ICON0x1cde2200xc70PNG image data, 32 x 32, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9585427135678392
                                                              RT_ICON0x1cdee900x454PNG image data, 16 x 16, 8-bit/color RGBA, non-interlacedEnglishUnited States0.6922382671480144
                                                              RT_ICON0x1cdf2e80x849PNG image data, 24 x 24, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9523809523809523
                                                              RT_ICON0x1cdfb380x1791PNG image data, 48 x 48, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9434775401955909
                                                              RT_ICON0x1ce12d00x23cfPNG image data, 64 x 64, 8-bit/color RGBA, non-interlacedEnglishUnited States0.941747572815534
                                                              RT_ICON0x1ce36a00x89a7PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States1.000595930645024
                                                              RT_GROUP_ICON0x1cec0480x5adataEnglishUnited States0.8
                                                              RT_VERSION0x1cec0a80x1b0dataEnglishUnited States0.5254629629629629
                                                              RT_MANIFEST0x1cec2580x14eASCII text, with very long lines (334), with no line terminatorsEnglishUnited States0.6586826347305389

                                                              Imports

                                                              DLLImport
                                                              api-ms-win-core-synch-l1-2-0.dllWakeByAddressAll
                                                              bcryptprimitives.dllProcessPrng
                                                              ADVAPI32.dllRegOpenKeyExW
                                                              KERNEL32.dllInitializeCriticalSectionAndSpinCount
                                                              USER32.dllGetCursorPos
                                                              ntdll.dllNtCreateFile
                                                              dwmapi.dllDwmGetWindowAttribute
                                                              oleaut32.dllSysFreeString
                                                              comctl32.dllDefSubclassProc
                                                              shell32.dllDragQueryFileW
                                                              ole32.dllRegisterDragDrop
                                                              bcrypt.dllBCryptGenRandom
                                                              ws2_32.dllgetsockname
                                                              gdi32.dllCreateRectRgn
                                                              crypt32.dllCertFreeCertificateContext
                                                              secur32.dllFreeContextBuffer
                                                              shlwapi.dllSHCreateMemStream
                                                              api-ms-win-crt-math-l1-1-0.dll__setusermatherr
                                                              api-ms-win-crt-string-l1-1-0.dll_wcsicmp
                                                              api-ms-win-crt-heap-l1-1-0.dll_set_new_mode
                                                              api-ms-win-crt-utility-l1-1-0.dll_rotl64
                                                              api-ms-win-crt-convert-l1-1-0.dllwcstol
                                                              api-ms-win-crt-runtime-l1-1-0.dll_register_onexit_function
                                                              api-ms-win-crt-stdio-l1-1-0.dll_set_fmode
                                                              api-ms-win-crt-locale-l1-1-0.dll_configthreadlocale
                                                              KERNEL32.dllGetSystemTimeAsFileTime
                                                              KERNEL32.dllHeapAlloc, HeapFree, ExitProcess, LoadLibraryA, GetModuleHandleA, GetProcAddress

                                                              Possible Origin

                                                              Language of compilation systemCountry where language is spokenMap
                                                              EnglishUnited States

                                                              Network Behavior

                                                              Network Port Distribution

                                                              TCP Packets

                                                              TimestampSource PortDest PortSource IPDest IP
                                                              Aug 31, 2024 14:20:14.717684031 CEST49741443192.168.2.45.42.101.19
                                                              Aug 31, 2024 14:20:14.717720032 CEST443497415.42.101.19192.168.2.4
                                                              Aug 31, 2024 14:20:14.717809916 CEST49741443192.168.2.45.42.101.19
                                                              Aug 31, 2024 14:20:14.745480061 CEST49741443192.168.2.45.42.101.19
                                                              Aug 31, 2024 14:20:14.745502949 CEST443497415.42.101.19192.168.2.4
                                                              Aug 31, 2024 14:20:15.394361019 CEST443497415.42.101.19192.168.2.4
                                                              Aug 31, 2024 14:20:15.394450903 CEST49741443192.168.2.45.42.101.19
                                                              Aug 31, 2024 14:20:15.418267012 CEST49741443192.168.2.45.42.101.19
                                                              Aug 31, 2024 14:20:15.418283939 CEST443497415.42.101.19192.168.2.4
                                                              Aug 31, 2024 14:20:15.418486118 CEST443497415.42.101.19192.168.2.4
                                                              Aug 31, 2024 14:20:15.516623020 CEST49741443192.168.2.45.42.101.19
                                                              Aug 31, 2024 14:20:15.913794041 CEST49741443192.168.2.45.42.101.19
                                                              Aug 31, 2024 14:20:15.956502914 CEST443497415.42.101.19192.168.2.4
                                                              Aug 31, 2024 14:20:16.097309113 CEST443497415.42.101.19192.168.2.4
                                                              Aug 31, 2024 14:20:16.097464085 CEST443497415.42.101.19192.168.2.4
                                                              Aug 31, 2024 14:20:16.097852945 CEST49741443192.168.2.45.42.101.19
                                                              Aug 31, 2024 14:20:16.098815918 CEST49741443192.168.2.45.42.101.19
                                                              Aug 31, 2024 14:20:16.098835945 CEST443497415.42.101.19192.168.2.4
                                                              Aug 31, 2024 14:20:16.098953962 CEST49741443192.168.2.45.42.101.19
                                                              Aug 31, 2024 14:20:16.098959923 CEST443497415.42.101.19192.168.2.4
                                                              Aug 31, 2024 14:20:16.470566988 CEST49745443192.168.2.4162.159.61.3
                                                              Aug 31, 2024 14:20:16.470611095 CEST44349745162.159.61.3192.168.2.4
                                                              Aug 31, 2024 14:20:16.470664978 CEST49745443192.168.2.4162.159.61.3
                                                              Aug 31, 2024 14:20:16.471052885 CEST49745443192.168.2.4162.159.61.3
                                                              Aug 31, 2024 14:20:16.471067905 CEST44349745162.159.61.3192.168.2.4
                                                              Aug 31, 2024 14:20:16.551832914 CEST49746443192.168.2.4172.64.41.3
                                                              Aug 31, 2024 14:20:16.551865101 CEST44349746172.64.41.3192.168.2.4
                                                              Aug 31, 2024 14:20:16.552781105 CEST49746443192.168.2.4172.64.41.3
                                                              Aug 31, 2024 14:20:16.561392069 CEST49746443192.168.2.4172.64.41.3
                                                              Aug 31, 2024 14:20:16.561408043 CEST44349746172.64.41.3192.168.2.4
                                                              Aug 31, 2024 14:20:16.932849884 CEST44349745162.159.61.3192.168.2.4
                                                              Aug 31, 2024 14:20:16.933690071 CEST49745443192.168.2.4162.159.61.3
                                                              Aug 31, 2024 14:20:16.933706045 CEST44349745162.159.61.3192.168.2.4
                                                              Aug 31, 2024 14:20:16.934663057 CEST44349745162.159.61.3192.168.2.4
                                                              Aug 31, 2024 14:20:16.934889078 CEST49745443192.168.2.4162.159.61.3
                                                              Aug 31, 2024 14:20:16.947052956 CEST49745443192.168.2.4162.159.61.3
                                                              Aug 31, 2024 14:20:16.947120905 CEST44349745162.159.61.3192.168.2.4
                                                              Aug 31, 2024 14:20:16.947803974 CEST49745443192.168.2.4162.159.61.3
                                                              Aug 31, 2024 14:20:16.988506079 CEST44349745162.159.61.3192.168.2.4
                                                              Aug 31, 2024 14:20:17.001754045 CEST49745443192.168.2.4162.159.61.3
                                                              Aug 31, 2024 14:20:17.001760006 CEST44349745162.159.61.3192.168.2.4
                                                              Aug 31, 2024 14:20:17.014575005 CEST44349746172.64.41.3192.168.2.4
                                                              Aug 31, 2024 14:20:17.014961004 CEST49746443192.168.2.4172.64.41.3
                                                              Aug 31, 2024 14:20:17.014977932 CEST44349746172.64.41.3192.168.2.4
                                                              Aug 31, 2024 14:20:17.015855074 CEST44349746172.64.41.3192.168.2.4
                                                              Aug 31, 2024 14:20:17.015953064 CEST49746443192.168.2.4172.64.41.3
                                                              Aug 31, 2024 14:20:17.017565966 CEST49746443192.168.2.4172.64.41.3
                                                              Aug 31, 2024 14:20:17.017621994 CEST44349746172.64.41.3192.168.2.4
                                                              Aug 31, 2024 14:20:17.017791033 CEST49746443192.168.2.4172.64.41.3
                                                              Aug 31, 2024 14:20:17.017798901 CEST44349746172.64.41.3192.168.2.4
                                                              Aug 31, 2024 14:20:17.048897982 CEST49745443192.168.2.4162.159.61.3
                                                              Aug 31, 2024 14:20:17.063492060 CEST44349745162.159.61.3192.168.2.4
                                                              Aug 31, 2024 14:20:17.063554049 CEST44349745162.159.61.3192.168.2.4
                                                              Aug 31, 2024 14:20:17.063790083 CEST49745443192.168.2.4162.159.61.3
                                                              Aug 31, 2024 14:20:17.064063072 CEST49745443192.168.2.4162.159.61.3
                                                              Aug 31, 2024 14:20:17.064080000 CEST44349745162.159.61.3192.168.2.4
                                                              Aug 31, 2024 14:20:17.065156937 CEST49746443192.168.2.4172.64.41.3
                                                              Aug 31, 2024 14:20:17.140835047 CEST44349746172.64.41.3192.168.2.4
                                                              Aug 31, 2024 14:20:17.140885115 CEST44349746172.64.41.3192.168.2.4
                                                              Aug 31, 2024 14:20:17.140938997 CEST49746443192.168.2.4172.64.41.3
                                                              Aug 31, 2024 14:20:17.142254114 CEST49746443192.168.2.4172.64.41.3
                                                              Aug 31, 2024 14:20:17.142271042 CEST44349746172.64.41.3192.168.2.4
                                                              Aug 31, 2024 14:21:10.792546988 CEST49750443192.168.2.4162.159.61.3
                                                              Aug 31, 2024 14:21:10.792582035 CEST44349750162.159.61.3192.168.2.4
                                                              Aug 31, 2024 14:21:10.792644978 CEST49750443192.168.2.4162.159.61.3
                                                              Aug 31, 2024 14:21:10.792921066 CEST49751443192.168.2.4162.159.61.3
                                                              Aug 31, 2024 14:21:10.792948008 CEST44349751162.159.61.3192.168.2.4
                                                              Aug 31, 2024 14:21:10.793030977 CEST49751443192.168.2.4162.159.61.3
                                                              Aug 31, 2024 14:21:10.793153048 CEST49750443192.168.2.4162.159.61.3
                                                              Aug 31, 2024 14:21:10.793164015 CEST44349750162.159.61.3192.168.2.4
                                                              Aug 31, 2024 14:21:10.793375015 CEST49751443192.168.2.4162.159.61.3
                                                              Aug 31, 2024 14:21:10.793385983 CEST44349751162.159.61.3192.168.2.4
                                                              Aug 31, 2024 14:21:11.266118050 CEST44349750162.159.61.3192.168.2.4
                                                              Aug 31, 2024 14:21:11.266390085 CEST49750443192.168.2.4162.159.61.3
                                                              Aug 31, 2024 14:21:11.266407967 CEST44349750162.159.61.3192.168.2.4
                                                              Aug 31, 2024 14:21:11.267277956 CEST44349750162.159.61.3192.168.2.4
                                                              Aug 31, 2024 14:21:11.267340899 CEST49750443192.168.2.4162.159.61.3
                                                              Aug 31, 2024 14:21:11.267679930 CEST49750443192.168.2.4162.159.61.3
                                                              Aug 31, 2024 14:21:11.267733097 CEST44349750162.159.61.3192.168.2.4
                                                              Aug 31, 2024 14:21:11.278408051 CEST44349751162.159.61.3192.168.2.4
                                                              Aug 31, 2024 14:21:11.278660059 CEST49751443192.168.2.4162.159.61.3
                                                              Aug 31, 2024 14:21:11.278680086 CEST44349751162.159.61.3192.168.2.4
                                                              Aug 31, 2024 14:21:11.279665947 CEST44349751162.159.61.3192.168.2.4
                                                              Aug 31, 2024 14:21:11.279723883 CEST49751443192.168.2.4162.159.61.3
                                                              Aug 31, 2024 14:21:11.280029058 CEST49751443192.168.2.4162.159.61.3
                                                              Aug 31, 2024 14:21:11.280086040 CEST44349751162.159.61.3192.168.2.4
                                                              Aug 31, 2024 14:21:11.312361002 CEST49750443192.168.2.4162.159.61.3
                                                              Aug 31, 2024 14:21:11.312372923 CEST44349750162.159.61.3192.168.2.4
                                                              Aug 31, 2024 14:21:11.327963114 CEST49751443192.168.2.4162.159.61.3
                                                              Aug 31, 2024 14:21:11.327980995 CEST44349751162.159.61.3192.168.2.4
                                                              Aug 31, 2024 14:21:11.352976084 CEST49752443192.168.2.413.107.21.239
                                                              Aug 31, 2024 14:21:11.353013039 CEST4434975213.107.21.239192.168.2.4
                                                              Aug 31, 2024 14:21:11.353096008 CEST49752443192.168.2.413.107.21.239
                                                              Aug 31, 2024 14:21:11.353305101 CEST49752443192.168.2.413.107.21.239
                                                              Aug 31, 2024 14:21:11.353317022 CEST4434975213.107.21.239192.168.2.4
                                                              Aug 31, 2024 14:21:11.359088898 CEST49750443192.168.2.4162.159.61.3
                                                              Aug 31, 2024 14:21:11.374676943 CEST49751443192.168.2.4162.159.61.3
                                                              Aug 31, 2024 14:21:11.949465036 CEST4434975213.107.21.239192.168.2.4
                                                              Aug 31, 2024 14:21:11.949855089 CEST49752443192.168.2.413.107.21.239
                                                              Aug 31, 2024 14:21:11.949873924 CEST4434975213.107.21.239192.168.2.4
                                                              Aug 31, 2024 14:21:11.951071024 CEST4434975213.107.21.239192.168.2.4
                                                              Aug 31, 2024 14:21:11.951143980 CEST49752443192.168.2.413.107.21.239
                                                              Aug 31, 2024 14:21:11.952368021 CEST49752443192.168.2.413.107.21.239
                                                              Aug 31, 2024 14:21:11.952424049 CEST4434975213.107.21.239192.168.2.4
                                                              Aug 31, 2024 14:21:11.952681065 CEST49752443192.168.2.413.107.21.239
                                                              Aug 31, 2024 14:21:11.952687025 CEST4434975213.107.21.239192.168.2.4
                                                              Aug 31, 2024 14:21:11.952755928 CEST49752443192.168.2.413.107.21.239
                                                              Aug 31, 2024 14:21:11.952794075 CEST4434975213.107.21.239192.168.2.4
                                                              Aug 31, 2024 14:21:12.070298910 CEST4434975213.107.21.239192.168.2.4
                                                              Aug 31, 2024 14:21:12.070322990 CEST4434975213.107.21.239192.168.2.4
                                                              Aug 31, 2024 14:21:12.070398092 CEST49752443192.168.2.413.107.21.239
                                                              Aug 31, 2024 14:21:12.070415974 CEST4434975213.107.21.239192.168.2.4
                                                              Aug 31, 2024 14:21:12.070460081 CEST49752443192.168.2.413.107.21.239
                                                              Aug 31, 2024 14:21:12.071485043 CEST4434975213.107.21.239192.168.2.4
                                                              Aug 31, 2024 14:21:12.071541071 CEST4434975213.107.21.239192.168.2.4
                                                              Aug 31, 2024 14:21:12.071547031 CEST49752443192.168.2.413.107.21.239
                                                              Aug 31, 2024 14:21:12.071551085 CEST4434975213.107.21.239192.168.2.4
                                                              Aug 31, 2024 14:21:12.071588039 CEST49752443192.168.2.413.107.21.239
                                                              Aug 31, 2024 14:21:12.071590900 CEST4434975213.107.21.239192.168.2.4
                                                              Aug 31, 2024 14:21:12.071599960 CEST4434975213.107.21.239192.168.2.4
                                                              Aug 31, 2024 14:21:12.071641922 CEST49752443192.168.2.413.107.21.239
                                                              Aug 31, 2024 14:21:12.072240114 CEST49752443192.168.2.413.107.21.239
                                                              Aug 31, 2024 14:21:12.072249889 CEST4434975213.107.21.239192.168.2.4
                                                              Aug 31, 2024 14:21:12.072272062 CEST49752443192.168.2.413.107.21.239
                                                              Aug 31, 2024 14:21:12.072299004 CEST49752443192.168.2.413.107.21.239
                                                              Aug 31, 2024 14:21:26.172853947 CEST44349750162.159.61.3192.168.2.4
                                                              Aug 31, 2024 14:21:26.172915936 CEST44349750162.159.61.3192.168.2.4
                                                              Aug 31, 2024 14:21:26.175254107 CEST49750443192.168.2.4162.159.61.3
                                                              Aug 31, 2024 14:21:26.180574894 CEST44349751162.159.61.3192.168.2.4
                                                              Aug 31, 2024 14:21:26.180640936 CEST44349751162.159.61.3192.168.2.4
                                                              Aug 31, 2024 14:21:26.180687904 CEST49751443192.168.2.4162.159.61.3

                                                              UDP Packets

                                                              TimestampSource PortDest PortSource IPDest IP
                                                              Aug 31, 2024 14:20:14.458611965 CEST5451753192.168.2.41.1.1.1
                                                              Aug 31, 2024 14:20:14.711971045 CEST53545171.1.1.1192.168.2.4
                                                              Aug 31, 2024 14:20:16.462287903 CEST5935453192.168.2.41.1.1.1
                                                              Aug 31, 2024 14:20:16.462551117 CEST6121953192.168.2.41.1.1.1
                                                              Aug 31, 2024 14:20:16.469737053 CEST53593541.1.1.1192.168.2.4
                                                              Aug 31, 2024 14:20:16.469871998 CEST53612191.1.1.1192.168.2.4
                                                              Aug 31, 2024 14:20:16.542932987 CEST5182453192.168.2.41.1.1.1
                                                              Aug 31, 2024 14:20:16.543498039 CEST5703053192.168.2.41.1.1.1
                                                              Aug 31, 2024 14:20:16.549911022 CEST53518241.1.1.1192.168.2.4
                                                              Aug 31, 2024 14:20:16.550599098 CEST53570301.1.1.1192.168.2.4
                                                              Aug 31, 2024 14:21:10.792082071 CEST63450443192.168.2.4162.159.61.3
                                                              Aug 31, 2024 14:21:11.098570108 CEST63450443192.168.2.4162.159.61.3
                                                              Aug 31, 2024 14:21:11.250210047 CEST44363450162.159.61.3192.168.2.4
                                                              Aug 31, 2024 14:21:11.250225067 CEST44363450162.159.61.3192.168.2.4
                                                              Aug 31, 2024 14:21:11.250231028 CEST44363450162.159.61.3192.168.2.4
                                                              Aug 31, 2024 14:21:11.250871897 CEST44363450162.159.61.3192.168.2.4
                                                              Aug 31, 2024 14:21:11.250883102 CEST44363450162.159.61.3192.168.2.4
                                                              Aug 31, 2024 14:21:11.251223087 CEST63450443192.168.2.4162.159.61.3
                                                              Aug 31, 2024 14:21:11.253268957 CEST63450443192.168.2.4162.159.61.3
                                                              Aug 31, 2024 14:21:11.253495932 CEST63450443192.168.2.4162.159.61.3
                                                              Aug 31, 2024 14:21:11.254005909 CEST63450443192.168.2.4162.159.61.3
                                                              Aug 31, 2024 14:21:11.254131079 CEST63450443192.168.2.4162.159.61.3
                                                              Aug 31, 2024 14:21:11.349179983 CEST44363450162.159.61.3192.168.2.4
                                                              Aug 31, 2024 14:21:11.349230051 CEST44363450162.159.61.3192.168.2.4
                                                              Aug 31, 2024 14:21:11.349234104 CEST44363450162.159.61.3192.168.2.4
                                                              Aug 31, 2024 14:21:11.349236965 CEST44363450162.159.61.3192.168.2.4
                                                              Aug 31, 2024 14:21:11.349850893 CEST63450443192.168.2.4162.159.61.3
                                                              Aug 31, 2024 14:21:11.349992990 CEST63450443192.168.2.4162.159.61.3
                                                              Aug 31, 2024 14:21:11.350264072 CEST44363450162.159.61.3192.168.2.4
                                                              Aug 31, 2024 14:21:11.351509094 CEST44363450162.159.61.3192.168.2.4
                                                              Aug 31, 2024 14:21:11.352026939 CEST44363450162.159.61.3192.168.2.4
                                                              Aug 31, 2024 14:21:11.352437973 CEST63450443192.168.2.4162.159.61.3
                                                              Aug 31, 2024 14:21:11.445353031 CEST44363450162.159.61.3192.168.2.4
                                                              Aug 31, 2024 14:21:11.487788916 CEST63450443192.168.2.4162.159.61.3

                                                              DNS Queries

                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                              Aug 31, 2024 14:20:14.458611965 CEST192.168.2.41.1.1.10x230fStandard query (0)nmtsocial.unoA (IP address)IN (0x0001)false
                                                              Aug 31, 2024 14:20:16.462287903 CEST192.168.2.41.1.1.10xf583Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                              Aug 31, 2024 14:20:16.462551117 CEST192.168.2.41.1.1.10x1f64Standard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                              Aug 31, 2024 14:20:16.542932987 CEST192.168.2.41.1.1.10x304eStandard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                              Aug 31, 2024 14:20:16.543498039 CEST192.168.2.41.1.1.10xecb0Standard query (0)chrome.cloudflare-dns.com65IN (0x0001)false

                                                              DNS Answers

                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                              Aug 31, 2024 14:20:14.711971045 CEST1.1.1.1192.168.2.40x230fNo error (0)nmtsocial.uno5.42.101.19A (IP address)IN (0x0001)false
                                                              Aug 31, 2024 14:20:16.469737053 CEST1.1.1.1192.168.2.40xf583No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                              Aug 31, 2024 14:20:16.469737053 CEST1.1.1.1192.168.2.40xf583No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                              Aug 31, 2024 14:20:16.469871998 CEST1.1.1.1192.168.2.40x1f64No error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                              Aug 31, 2024 14:20:16.549911022 CEST1.1.1.1192.168.2.40x304eNo error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                              Aug 31, 2024 14:20:16.549911022 CEST1.1.1.1192.168.2.40x304eNo error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                              Aug 31, 2024 14:20:16.550599098 CEST1.1.1.1192.168.2.40xecb0No error (0)chrome.cloudflare-dns.com65IN (0x0001)false

                                                              HTTP Request Dependency Graph

                                                              • nmtsocial.uno
                                                              • chrome.cloudflare-dns.com
                                                              • edge.microsoft.com

                                                              HTTPS Proxied Packets

                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              0192.168.2.4497415.42.101.194437544C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-08-31 12:20:15 UTC88OUTGET /static/ecosystem/installer/index.nmt HTTP/1.1
                                                              accept: */*
                                                              host: nmtsocial.uno
                                                              2024-08-31 12:20:16 UTC253INHTTP/1.1 200 OK
                                                              Server: nginx/1.24.0 (Ubuntu)
                                                              Date: Sat, 31 Aug 2024 12:20:16 GMT
                                                              Content-Type: application/octet-stream
                                                              Content-Length: 3
                                                              Last-Modified: Fri, 30 Aug 2024 14:14:04 GMT
                                                              Connection: close
                                                              ETag: "66d1d3ac-3"
                                                              Accept-Ranges: bytes
                                                              2024-08-31 12:20:16 UTC3INData Raw: 31 2e 33
                                                              Data Ascii: 1.3


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              1192.168.2.449745162.159.61.34437988C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-08-31 12:20:16 UTC245OUTPOST /dns-query HTTP/1.1
                                                              Host: chrome.cloudflare-dns.com
                                                              Connection: keep-alive
                                                              Content-Length: 128
                                                              Accept: application/dns-message
                                                              Accept-Language: *
                                                              User-Agent: Chrome
                                                              Accept-Encoding: identity
                                                              Content-Type: application/dns-message
                                                              2024-08-31 12:20:16 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                              Data Ascii: wwwgstaticcom)TP
                                                              2024-08-31 12:20:17 UTC247INHTTP/1.1 200 OK
                                                              Server: cloudflare
                                                              Date: Sat, 31 Aug 2024 12:20:17 GMT
                                                              Content-Type: application/dns-message
                                                              Connection: close
                                                              Access-Control-Allow-Origin: *
                                                              Content-Length: 468
                                                              CF-RAY: 8bbcf94659b5c434-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              2024-08-31 12:20:17 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 01 00 04 8e fa 50 43 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                              Data Ascii: wwwgstaticcomPC)


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              2192.168.2.449746172.64.41.34437988C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-08-31 12:20:17 UTC245OUTPOST /dns-query HTTP/1.1
                                                              Host: chrome.cloudflare-dns.com
                                                              Connection: keep-alive
                                                              Content-Length: 128
                                                              Accept: application/dns-message
                                                              Accept-Language: *
                                                              User-Agent: Chrome
                                                              Accept-Encoding: identity
                                                              Content-Type: application/dns-message
                                                              2024-08-31 12:20:17 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                              Data Ascii: wwwgstaticcom)TP
                                                              2024-08-31 12:20:17 UTC247INHTTP/1.1 200 OK
                                                              Server: cloudflare
                                                              Date: Sat, 31 Aug 2024 12:20:17 GMT
                                                              Content-Type: application/dns-message
                                                              Connection: close
                                                              Access-Control-Allow-Origin: *
                                                              Content-Length: 468
                                                              CF-RAY: 8bbcf946de192361-EWR
                                                              alt-svc: h3=":443"; ma=86400
                                                              2024-08-31 12:20:17 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 00 f4 00 04 8e fa 41 a3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                              Data Ascii: wwwgstaticcomA)


                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                              3192.168.2.44975213.107.21.2394437988C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              TimestampBytes transferredDirectionData
                                                              2024-08-31 12:21:11 UTC1284OUTPOST /componentupdater/api/v1/update?cup2key=6:Z9WEj5j7bMokk2oDrtG6tYZnJW9KL-znJhyrhQ6gzCI&cup2hreq=3d2a7c1e263e23ad11d695c9a680e73a61ccc1164e54b0e31b81af7eea4054bf HTTP/1.1
                                                              Host: edge.microsoft.com
                                                              Connection: keep-alive
                                                              Content-Length: 4921
                                                              X-Microsoft-Update-AppId: oankkpibpaokgecfckkdkgaoafllipag,fppmbhmldokgmleojlplaaodlkibgikh,ndikpojcjlepofdkaaldkinkjbeeebkl,eeobbhfgfagbclfofmgbdfoicabjdbkn,jbfaflocpnkhbgcijpkiafdpbjkedane,alpjnmnfbgfkmmpcfpejmmoebdndedno,ahmaebgpfccdhgidjaidaoojjcijckba,ohckeflnhegojcjlcpbfpciadgikcohk,fgbafbciocncjfbbonhocjaohoknlaco,kpfehajjjbbcifeehjgfgnabifknmdad,ojblfafjmiikbkepnnolpgbbhejhlcim
                                                              X-Microsoft-Update-Interactivity: bg
                                                              X-Microsoft-Update-Service-Cohort: 7331
                                                              X-Microsoft-Update-Updater: msedge-117.0.2045.47
                                                              Content-Type: application/json
                                                              Sec-Mesh-Client-Edge-Version: 117.0.2045.47
                                                              Sec-Mesh-Client-Edge-Channel: stable
                                                              Sec-Mesh-Client-OS: Windows
                                                              Sec-Mesh-Client-OS-Version: 10.0.19045
                                                              Sec-Mesh-Client-Arch: x86_64
                                                              Sec-Mesh-Client-WebView: 1
                                                              X-Client-Data: CIPhygE=
                                                              Sec-Fetch-Site: none
                                                              Sec-Fetch-Mode: no-cors
                                                              Sec-Fetch-Dest: empty
                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                              Accept-Encoding: gzip, deflate, br
                                                              2024-08-31 12:21:11 UTC4921OUTData Raw: 7b 22 72 65 71 75 65 73 74 22 3a 7b 22 40 6f 73 22 3a 22 77 69 6e 22 2c 22 40 75 70 64 61 74 65 72 22 3a 22 6d 73 65 64 67 65 22 2c 22 61 63 63 65 70 74 66 6f 72 6d 61 74 22 3a 22 63 72 78 33 2c 70 75 66 66 22 2c 22 61 70 70 22 3a 5b 7b 22 61 70 70 69 64 22 3a 22 6f 61 6e 6b 6b 70 69 62 70 61 6f 6b 67 65 63 66 63 6b 6b 64 6b 67 61 6f 61 66 6c 6c 69 70 61 67 22 2c 22 62 72 61 6e 64 22 3a 22 47 47 4c 53 22 2c 22 63 6f 68 6f 72 74 22 3a 22 72 72 66 40 30 2e 35 37 22 2c 22 65 6e 61 62 6c 65 64 22 3a 74 72 75 65 2c 22 69 6e 73 74 61 6c 6c 64 61 74 65 22 3a 2d 31 2c 22 6c 61 6e 67 22 3a 22 65 6e 2d 47 42 22 2c 22 70 69 6e 67 22 3a 7b 22 72 22 3a 2d 32 7d 2c 22 74 61 72 67 65 74 69 6e 67 61 74 74 72 69 62 75 74 65 73 22 3a 7b 22 41 70 70 43 6f 68 6f 72 74 22 3a
                                                              Data Ascii: {"request":{"@os":"win","@updater":"msedge","acceptformat":"crx3,puff","app":[{"appid":"oankkpibpaokgecfckkdkgaoafllipag","brand":"GGLS","cohort":"rrf@0.57","enabled":true,"installdate":-1,"lang":"en-GB","ping":{"r":-2},"targetingattributes":{"AppCohort":
                                                              2024-08-31 12:21:12 UTC947INHTTP/1.1 200 OK
                                                              Cache-Control: no-store, must-revalidate, no-cache, max-age=0
                                                              Pragma: no-cache
                                                              Content-Length: 10722
                                                              Content-Type: application/json
                                                              Content-Encoding: identity
                                                              Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                              ETag: 304502205AE7DF483F55A1918B7DE5A7AD9F31A46B8553FAF60445837D39F434F476B3D7022100A5A10FC7C6842DD892D16A1A43BEE89DFB0A1269D90A2B4F8ECAB6758FDBA9F7:3d2a7c1e263e23ad11d695c9a680e73a61ccc1164e54b0e31b81af7eea4054bf
                                                              X-Frame-Options: sameorigin
                                                              X-Content-Type-Options: nosniff
                                                              X-XSS-Protection: 1; mode=block
                                                              x-cup-server-proof: 304502205AE7DF483F55A1918B7DE5A7AD9F31A46B8553FAF60445837D39F434F476B3D7022100A5A10FC7C6842DD892D16A1A43BEE89DFB0A1269D90A2B4F8ECAB6758FDBA9F7:3d2a7c1e263e23ad11d695c9a680e73a61ccc1164e54b0e31b81af7eea4054bf
                                                              X-Cache: CONFIG_NOCACHE
                                                              X-MSEdge-Ref: Ref A: E89A728017234E679DE32AFA781E6F16 Ref B: EWR30EDGE1613 Ref C: 2024-08-31T12:21:11Z
                                                              Date: Sat, 31 Aug 2024 12:21:11 GMT
                                                              Connection: close
                                                              2024-08-31 12:21:12 UTC3059INData Raw: 29 5d 7d 27 0a 7b 22 72 65 73 70 6f 6e 73 65 22 3a 7b 22 73 65 72 76 65 72 22 3a 22 70 72 6f 64 22 2c 22 70 72 6f 74 6f 63 6f 6c 22 3a 22 33 2e 31 22 2c 22 64 61 79 73 74 61 72 74 22 3a 7b 22 65 6c 61 70 73 65 64 5f 73 65 63 6f 6e 64 73 22 3a 31 32 2c 22 65 6c 61 70 73 65 64 5f 64 61 79 73 22 3a 36 34 35 32 2e 35 31 34 37 32 32 33 39 32 37 31 36 7d 2c 22 61 70 70 22 3a 5b 7b 22 61 70 70 69 64 22 3a 22 6f 61 6e 6b 6b 70 69 62 70 61 6f 6b 67 65 63 66 63 6b 6b 64 6b 67 61 6f 61 66 6c 6c 69 70 61 67 22 2c 22 63 6f 68 6f 72 74 22 3a 22 22 2c 22 73 74 61 74 75 73 22 3a 22 6f 6b 22 2c 22 63 6f 68 6f 72 74 6e 61 6d 65 22 3a 22 22 2c 22 75 70 64 61 74 65 63 68 65 63 6b 22 3a 7b 22 73 74 61 74 75 73 22 3a 22 6f 6b 22 2c 22 75 72 6c 73 22 3a 7b 22 75 72 6c 22 3a 5b
                                                              Data Ascii: )]}'{"response":{"server":"prod","protocol":"3.1","daystart":{"elapsed_seconds":12,"elapsed_days":6452.514722392716},"app":[{"appid":"oankkpibpaokgecfckkdkgaoafllipag","cohort":"","status":"ok","cohortname":"","updatecheck":{"status":"ok","urls":{"url":[
                                                              2024-08-31 12:21:12 UTC202INData Raw: 68 46 69 6c 65 55 72 6c 22 3a 22 68 74 74 70 3a 2f 2f 6d 73 65 64 67 65 2e 66 2e 64 6c 2e 64 65 6c 69 76 65 72 79 2e 6d 70 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 66 69 6c 65 73 74 72 65 61 6d 69 6e 67 73 65 72 76 69 63 65 2f 66 69 6c 65 73 2f 61 61 64 30 39 61 37 32 2d 38 30 64 62 2d 34 66 66 65 2d 38 31 63 65 2d 39 62 33 31 37 65 37 64 38 39 31 62 2f 70 69 65 63 65 73 68 61 73 68 22 2c 22 48 61 73 68 4f 66 48 61 73 68 65 73 22 3a 22 38 71 63 57 52 2f 5a 65 49 4e 4b 6e 69 43 32 63 42 35 58 64 56 67 73 36 4f 67 4f 47 74 55 37 65 66 65 74 73 66 73 4a 6c 59 4f 38 3d 22 7d 7d 7d 7d 5d 7d 2c 22 61
                                                              Data Ascii: hFileUrl":"http://msedge.f.dl.delivery.mp.microsoft.com/filestreamingservice/files/aad09a72-80db-4ffe-81ce-9b317e7d891b/pieceshash","HashOfHashes":"8qcWR/ZeINKniC2cB5XdVgs6OgOGtU7efetsfsJlYO8="}}}}]},"a
                                                              2024-08-31 12:21:12 UTC4096INData Raw: 72 67 75 6d 65 6e 74 73 22 3a 22 22 7d 7d 7d 2c 7b 22 61 70 70 69 64 22 3a 22 65 65 6f 62 62 68 66 67 66 61 67 62 63 6c 66 6f 66 6d 67 62 64 66 6f 69 63 61 62 6a 64 62 6b 6e 22 2c 22 63 6f 68 6f 72 74 22 3a 22 22 2c 22 73 74 61 74 75 73 22 3a 22 6f 6b 22 2c 22 63 6f 68 6f 72 74 6e 61 6d 65 22 3a 22 22 2c 22 75 70 64 61 74 65 63 68 65 63 6b 22 3a 7b 22 73 74 61 74 75 73 22 3a 22 6f 6b 22 2c 22 75 72 6c 73 22 3a 7b 22 75 72 6c 22 3a 5b 7b 22 63 6f 64 65 62 61 73 65 22 3a 22 68 74 74 70 3a 2f 2f 6d 73 65 64 67 65 2e 62 2e 74 6c 75 2e 64 6c 2e 64 65 6c 69 76 65 72 79 2e 6d 70 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 66 69 6c 65 73 74 72 65 61 6d 69 6e 67 73 65 72 76 69 63 65 2f 66 69 6c 65 73 2f 65 66 35 66 37 39 32 65 2d 39 64 66 37 2d 34 37 34 38 2d 61
                                                              Data Ascii: rguments":""}}},{"appid":"eeobbhfgfagbclfofmgbdfoicabjdbkn","cohort":"","status":"ok","cohortname":"","updatecheck":{"status":"ok","urls":{"url":[{"codebase":"http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/ef5f792e-9df7-4748-a
                                                              2024-08-31 12:21:12 UTC3365INData Raw: 69 6c 65 55 72 6c 22 3a 22 68 74 74 70 3a 2f 2f 6d 73 65 64 67 65 2e 66 2e 64 6c 2e 64 65 6c 69 76 65 72 79 2e 6d 70 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 66 69 6c 65 73 74 72 65 61 6d 69 6e 67 73 65 72 76 69 63 65 2f 66 69 6c 65 73 2f 62 32 32 66 35 66 31 38 2d 66 37 65 61 2d 34 32 39 30 2d 39 32 39 64 2d 62 31 33 63 30 33 39 30 38 33 33 34 2f 70 69 65 63 65 73 68 61 73 68 22 2c 22 48 61 73 68 4f 66 48 61 73 68 65 73 22 3a 22 56 4e 50 32 6b 30 4c 67 42 67 78 58 78 72 42 6a 4c 65 4f 78 50 42 56 79 54 6d 4d 77 54 4d 43 52 43 62 2b 49 49 4e 42 76 49 44 77 3d 22 7d 7d 7d 7d 5d 7d 2c 22 61 72 67 75 6d 65 6e 74 73 22 3a 22 22 7d 7d 7d 2c 7b 22 61 70 70 69 64 22 3a 22 66 67 62 61 66 62 63 69 6f 63 6e 63 6a 66 62 62 6f 6e 68 6f 63 6a 61 6f 68 6f 6b 6e 6c
                                                              Data Ascii: ileUrl":"http://msedge.f.dl.delivery.mp.microsoft.com/filestreamingservice/files/b22f5f18-f7ea-4290-929d-b13c03908334/pieceshash","HashOfHashes":"VNP2k0LgBgxXxrBjLeOxPBVyTmMwTMCRCb+IINBvIDw="}}}}]},"arguments":""}}},{"appid":"fgbafbciocncjfbbonhocjaohoknl


                                                              Statistics

                                                              CPU Usage

                                                              Click to jump to process

                                                              Memory Usage

                                                              Click to jump to process

                                                              High Level Behavior Distribution

                                                              Click to dive into process behavior distribution

                                                              Behavior

                                                              Click to jump to process

                                                              System Behavior

                                                              General

                                                              Target ID:0
                                                              Start time:08:19:56
                                                              Start date:31/08/2024
                                                              Path:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:"C:\Users\user\Desktop\SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe"
                                                              Imagebase:0x140000000
                                                              File size:15'394'816 bytes
                                                              MD5 hash:43B1B2C0A77F854B3DA78DCEA07DDE13
                                                              Has elevated privileges:true
                                                              Has administrator privileges:true
                                                              Programmed in:C, C++ or other language
                                                              Reputation:low
                                                              Has exited:false

                                                              General

                                                              Target ID:2
                                                              Start time:08:20:09
                                                              Start date:31/08/2024
                                                              Path:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe --webview-exe-version=0.1.0 --user-data-dir="C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --edge-webview-custom-scheme --autoplay-policy=no-user-gesture-required --disable-features=msWebOOUI,msPdfOOUI,msSmartScreenProtection --enable-features=MojoIpcz --lang=en-GB --mojo-named-platform-channel-pipe=7544.7668.17675517513217638666
                                                              Imagebase:0x7ff7b9b90000
                                                              File size:3'749'328 bytes
                                                              MD5 hash:9909D978B39FB7369F511D8506C17CA0
                                                              Has elevated privileges:false
                                                              Has administrator privileges:false
                                                              Programmed in:C, C++ or other language
                                                              Reputation:moderate
                                                              Has exited:false

                                                              General

                                                              Target ID:3
                                                              Start time:08:20:09
                                                              Start date:31/08/2024
                                                              Path:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=117.0.5938.132 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=117.0.2045.47 --initial-client-data=0x15c,0x160,0x164,0x138,0x16c,0x7ffdfb1c8e88,0x7ffdfb1c8e98,0x7ffdfb1c8ea8
                                                              Imagebase:0x7ff7b9b90000
                                                              File size:3'749'328 bytes
                                                              MD5 hash:9909D978B39FB7369F511D8506C17CA0
                                                              Has elevated privileges:false
                                                              Has administrator privileges:false
                                                              Programmed in:C, C++ or other language
                                                              Reputation:moderate
                                                              Has exited:false

                                                              General

                                                              Target ID:5
                                                              Start time:08:20:10
                                                              Start date:31/08/2024
                                                              Path:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView" --webview-exe-name=SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe --webview-exe-version=0.1.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --edge-webview-custom-scheme --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1768 --field-trial-handle=1772,i,11401663883599953160,14768806848800428662,262144 --enable-features=MojoIpcz --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI /prefetch:2
                                                              Imagebase:0x7ff7b9b90000
                                                              File size:3'749'328 bytes
                                                              MD5 hash:9909D978B39FB7369F511D8506C17CA0
                                                              Has elevated privileges:false
                                                              Has administrator privileges:false
                                                              Programmed in:C, C++ or other language
                                                              Reputation:moderate
                                                              Has exited:false

                                                              General

                                                              Target ID:6
                                                              Start time:08:20:10
                                                              Start date:31/08/2024
                                                              Path:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView" --webview-exe-name=SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe --webview-exe-version=0.1.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --edge-webview-custom-scheme --mojo-platform-channel-handle=2608 --field-trial-handle=1772,i,11401663883599953160,14768806848800428662,262144 --enable-features=MojoIpcz --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI /prefetch:3
                                                              Imagebase:0x7ff7b9b90000
                                                              File size:3'749'328 bytes
                                                              MD5 hash:9909D978B39FB7369F511D8506C17CA0
                                                              Has elevated privileges:false
                                                              Has administrator privileges:false
                                                              Programmed in:C, C++ or other language
                                                              Reputation:moderate
                                                              Has exited:false

                                                              General

                                                              Target ID:7
                                                              Start time:08:20:10
                                                              Start date:31/08/2024
                                                              Path:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              Wow64 process (32bit):false
                                                              Commandline:"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-GB --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView" --webview-exe-name=SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe --webview-exe-version=0.1.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --edge-webview-custom-scheme --mojo-platform-channel-handle=2652 --field-trial-handle=1772,i,11401663883599953160,14768806848800428662,262144 --enable-features=MojoIpcz --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI /prefetch:8
                                                              Imagebase:0x7ff7b9b90000
                                                              File size:3'749'328 bytes
                                                              MD5 hash:9909D978B39FB7369F511D8506C17CA0
                                                              Has elevated privileges:false
                                                              Has administrator privileges:false
                                                              Programmed in:C, C++ or other language
                                                              Reputation:moderate
                                                              Has exited:false

                                                              General

                                                              Target ID:8
                                                              Start time:08:20:10
                                                              Start date:31/08/2024
                                                              Path:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                              Wow64 process (32bit):true
                                                              Commandline:"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\user\AppData\Local\com.nmt.ecosystem\EBWebView" --webview-exe-name=SecuriteInfo.com.Trojan.Win64.Krypt.13435.32435.exe --webview-exe-version=0.1.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --edge-webview-custom-scheme --disable-nacl --first-renderer-process --autoplay-policy=no-user-gesture-required --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_CH" --time-ticks-at-unix-epoch=-1725101066859934 --launch-time-ticks=5743702722 --mojo-platform-channel-handle=3400 --field-trial-handle=1772,i,11401663883599953160,14768806848800428662,262144 --enable-features=MojoIpcz --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI /prefetch:1
                                                              Imagebase:0xc50000
                                                              File size:3'749'328 bytes
                                                              MD5 hash:9909D978B39FB7369F511D8506C17CA0
                                                              Has elevated privileges:false
                                                              Has administrator privileges:false
                                                              Programmed in:C, C++ or other language
                                                              Reputation:moderate
                                                              Has exited:false

                                                              Disassembly

                                                              No disassembly