Analysis Overview
SHA256
15522b5539cc52ee228e0e92de854d5e154d095dfb933849c80de65e96271b06
Threat Level: Known bad
The file 15522b5539cc52ee228e0e92de854d5e154d095dfb933849c80de65e96271b06 was found to be: Known bad.
Malicious Activity Summary
RedLine
Glupteba
SmokeLoader
xmrig
Glupteba payload
Healer
Detects Healer an antivirus disabler dropper
Modifies Windows Defender Real-time Protection settings
Detect Fabookie payload
Fabookie
RedLine payload
XMRig Miner payload
Downloads MZ/PE file
Uses the VBS compiler for execution
Reads user/profile data of web browsers
Checks computer location settings
Executes dropped EXE
Loads dropped DLL
Accesses cryptocurrency files/wallets, possible credential harvesting
Adds Run key to start application
Checks installed software on the system
Detected potential entity reuse from brand microsoft.
Suspicious use of SetThreadContext
Drops file in Program Files directory
Enumerates physical storage devices
Program crash
Unsigned PE
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious behavior: LoadsDriver
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Suspicious behavior: GetForegroundWindowSpam
Enumerates system info in registry
Runs net.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
Suspicious use of AdjustPrivilegeToken
Checks SCSI registry key(s)
Uses Task Scheduler COM API
Suspicious behavior: MapViewOfSection
Suspicious use of UnmapMainImage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2023-09-23 20:27
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2023-09-23 20:27
Reported
2023-09-23 20:29
Platform
win10v2004-20230915-en
Max time kernel
151s
Max time network
148s
Command Line
Signatures
Detect Fabookie payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Detects Healer an antivirus disabler dropper
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Fabookie
Glupteba
Glupteba payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Healer
Modifies Windows Defender Real-time Protection settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableIOAVProtection = "1" | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableOnAccessProtection = "1" | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableRealtimeMonitoring = "1" | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableScanOnRealtimeEnable = "1" | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableBehaviorMonitoring = "1" | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe | N/A |
RedLine
RedLine payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
SmokeLoader
xmrig
XMRig Miner payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Downloads MZ/PE file
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\kos1.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\kos.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2890696111-2332180956-3312704074-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\B7B3.exe | N/A |
Executes dropped EXE
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-O6QLH.tmp\is-7L7L4.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-O6QLH.tmp\is-7L7L4.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-O6QLH.tmp\is-7L7L4.tmp | N/A |
Reads user/profile data of web browsers
Uses the VBS compiler for execution
Accesses cryptocurrency files/wallets, possible credential harvesting
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\15522b5539cc52ee228e0e92de854d5e154d095dfb933849c80de65e96271b06.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\v8314439.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup2 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP002.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\v4077104.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup3 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP003.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\v0502390.exe | N/A |
Checks installed software on the system
Detected potential entity reuse from brand microsoft.
Suspicious use of SetThreadContext
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\PA Previewer\unins000.dat | C:\Users\Admin\AppData\Local\Temp\is-O6QLH.tmp\is-7L7L4.tmp | N/A |
| File created | C:\Program Files (x86)\PA Previewer\is-V40II.tmp | C:\Users\Admin\AppData\Local\Temp\is-O6QLH.tmp\is-7L7L4.tmp | N/A |
| File created | C:\Program Files (x86)\PA Previewer\is-KO842.tmp | C:\Users\Admin\AppData\Local\Temp\is-O6QLH.tmp\is-7L7L4.tmp | N/A |
| File created | C:\Program Files (x86)\PA Previewer\is-6TF0Q.tmp | C:\Users\Admin\AppData\Local\Temp\is-O6QLH.tmp\is-7L7L4.tmp | N/A |
| File created | C:\Program Files (x86)\PA Previewer\is-Q4VAO.tmp | C:\Users\Admin\AppData\Local\Temp\is-O6QLH.tmp\is-7L7L4.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\PA Previewer\unins000.dat | C:\Users\Admin\AppData\Local\Temp\is-O6QLH.tmp\is-7L7L4.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\PA Previewer\previewer.exe | C:\Users\Admin\AppData\Local\Temp\is-O6QLH.tmp\is-7L7L4.tmp | N/A |
Enumerates physical storage devices
Program crash
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\toolspub2.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\toolspub2.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\toolspub2.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Runs net.exe
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe | N/A |
| N/A | N/A | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe | N/A |
| N/A | N/A | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe | N/A |
| N/A | N/A | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Suspicious behavior: MapViewOfSection
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\BC39.exe | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\kos.exe | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files (x86)\PA Previewer\previewer.exe | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of UnmapMainImage
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\15522b5539cc52ee228e0e92de854d5e154d095dfb933849c80de65e96271b06.exe
"C:\Users\Admin\AppData\Local\Temp\15522b5539cc52ee228e0e92de854d5e154d095dfb933849c80de65e96271b06.exe"
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\v8314439.exe
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\v8314439.exe
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\v4077104.exe
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\v4077104.exe
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\v0502390.exe
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\v0502390.exe
C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\a3888399.exe
C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\a3888399.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 2012 -ip 2012
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2012 -s 572
C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\b4155882.exe
C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\b4155882.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 1632 -ip 1632
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 400 -ip 400
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1632 -s 572
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 400 -s 540
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\c7280371.exe
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\c7280371.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 500 -p 4392 -ip 4392
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4392 -s 580
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\d4631374.exe
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\d4631374.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 4128 -ip 4128
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4128 -s 552
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\e1227156.exe
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\e1227156.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\A8DD.bat" "
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffdf39146f8,0x7ffdf3914708,0x7ffdf3914718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffdf39146f8,0x7ffdf3914708,0x7ffdf3914718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,9226336787365661531,6819230540250841989,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2900 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,9226336787365661531,6819230540250841989,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2884 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2172,9226336787365661531,6819230540250841989,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3412 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,9226336787365661531,6819230540250841989,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3400 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,9226336787365661531,6819230540250841989,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3344 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2012,12554887736489293092,3499763198588820025,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2024 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,9226336787365661531,6819230540250841989,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3996 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2012,12554887736489293092,3499763198588820025,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1788 /prefetch:3
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Users\Admin\AppData\Local\Temp\B7B3.exe
C:\Users\Admin\AppData\Local\Temp\B7B3.exe
C:\Users\Admin\AppData\Local\Temp\BC39.exe
C:\Users\Admin\AppData\Local\Temp\BC39.exe
C:\Users\Admin\AppData\Local\Temp\ss41.exe
"C:\Users\Admin\AppData\Local\Temp\ss41.exe"
C:\Users\Admin\AppData\Local\Temp\toolspub2.exe
"C:\Users\Admin\AppData\Local\Temp\toolspub2.exe"
C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe
"C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe"
C:\Users\Admin\AppData\Local\Temp\C254.exe
C:\Users\Admin\AppData\Local\Temp\C254.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,9226336787365661531,6819230540250841989,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\C69B.exe
C:\Users\Admin\AppData\Local\Temp\C69B.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,9226336787365661531,6819230540250841989,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1
C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe"
C:\Users\Admin\AppData\Local\Temp\kos1.exe
"C:\Users\Admin\AppData\Local\Temp\kos1.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,9226336787365661531,6819230540250841989,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5728 /prefetch:8
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,9226336787365661531,6819230540250841989,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5728 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,9226336787365661531,6819230540250841989,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4140 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,9226336787365661531,6819230540250841989,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5924 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\kos.exe
"C:\Users\Admin\AppData\Local\Temp\kos.exe"
C:\Users\Admin\AppData\Local\Temp\set16.exe
"C:\Users\Admin\AppData\Local\Temp\set16.exe"
C:\Users\Admin\AppData\Local\Temp\is-O6QLH.tmp\is-7L7L4.tmp
"C:\Users\Admin\AppData\Local\Temp\is-O6QLH.tmp\is-7L7L4.tmp" /SL4 $801E6 "C:\Users\Admin\AppData\Local\Temp\set16.exe" 1232936 52224
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,9226336787365661531,6819230540250841989,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4092 /prefetch:1
C:\Program Files (x86)\PA Previewer\previewer.exe
"C:\Program Files (x86)\PA Previewer\previewer.exe" -i
C:\Windows\SysWOW64\net.exe
"C:\Windows\system32\net.exe" helpmsg 8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,9226336787365661531,6819230540250841989,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4016 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,9226336787365661531,6819230540250841989,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:1
C:\Program Files (x86)\PA Previewer\previewer.exe
"C:\Program Files (x86)\PA Previewer\previewer.exe" -s
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 helpmsg 8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=C69B.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffdf39146f8,0x7ffdf3914708,0x7ffdf3914718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=C69B.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdf39146f8,0x7ffdf3914708,0x7ffdf3914718
C:\Users\Admin\AppData\Local\Temp\toolspub2.exe
"C:\Users\Admin\AppData\Local\Temp\toolspub2.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,8294731358200345249,4468099044313187352,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2548 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,8294731358200345249,4468099044313187352,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,8294731358200345249,4468099044313187352,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2212 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,8294731358200345249,4468099044313187352,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,8294731358200345249,4468099044313187352,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,8294731358200345249,4468099044313187352,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4112 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,8294731358200345249,4468099044313187352,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,8294731358200345249,4468099044313187352,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe -o rx.unmineable.com:3333 -a rx -k -u RVN:RBvfugTGdvfZCHCgvSoHZdsYt2u1JwYhUP.RIG_CPU -p x --cpu-max-threads-hint=50
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,8294731358200345249,4468099044313187352,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,8294731358200345249,4468099044313187352,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,8294731358200345249,4468099044313187352,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3496 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,8294731358200345249,4468099044313187352,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3496 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,8294731358200345249,4468099044313187352,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,8294731358200345249,4468099044313187352,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6032 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 74.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.240.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.209.247.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.1.85.104.in-addr.arpa | udp |
| FI | 77.91.124.82:19071 | tcp | |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| FI | 77.91.68.29:80 | 77.91.68.29 | tcp |
| FI | 77.91.124.231:80 | tcp | |
| US | 8.8.8.8:53 | 254.22.238.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.68.91.77.in-addr.arpa | udp |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.68.29:80 | 77.91.68.29 | tcp |
| FI | 77.91.124.231:80 | tcp | |
| FI | 77.91.124.82:19071 | tcp | |
| FI | 77.91.68.29:80 | 77.91.68.29 | tcp |
| FI | 77.91.68.61:80 | 77.91.68.61 | tcp |
| RU | 5.42.65.80:80 | 5.42.65.80 | tcp |
| US | 8.8.8.8:53 | 61.68.91.77.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.65.42.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.179.141:443 | accounts.google.com | tcp |
| NL | 157.240.247.35:443 | www.facebook.com | tcp |
| NL | 142.250.179.141:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | static.xx.fbcdn.net | udp |
| NL | 157.240.201.15:443 | static.xx.fbcdn.net | tcp |
| NL | 157.240.201.15:443 | static.xx.fbcdn.net | tcp |
| NL | 157.240.201.15:443 | static.xx.fbcdn.net | tcp |
| NL | 157.240.201.15:443 | static.xx.fbcdn.net | tcp |
| NL | 157.240.201.15:443 | static.xx.fbcdn.net | tcp |
| NL | 157.240.201.15:443 | static.xx.fbcdn.net | tcp |
| US | 8.8.8.8:53 | facebook.com | udp |
| NL | 157.240.201.35:443 | facebook.com | tcp |
| US | 8.8.8.8:53 | 141.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.247.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.201.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | fbcdn.net | udp |
| NL | 157.240.201.35:443 | fbcdn.net | tcp |
| US | 8.8.8.8:53 | fbsbx.com | udp |
| FI | 77.91.68.78:80 | 77.91.68.78 | tcp |
| US | 8.8.8.8:53 | 78.68.91.77.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | z.nnnaajjjgc.com | udp |
| MU | 156.236.72.121:443 | z.nnnaajjjgc.com | tcp |
| US | 8.8.8.8:53 | 121.72.236.156.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 147.174.42.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.175.53.84.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| MD | 176.123.9.85:16482 | tcp | |
| US | 8.8.8.8:53 | iplogger.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| DE | 148.251.234.93:443 | iplogger.com | tcp |
| NL | 142.251.36.14:443 | play.google.com | tcp |
| NL | 142.251.36.14:443 | play.google.com | udp |
| NL | 141.98.6.38:39001 | tcp | |
| US | 8.8.8.8:53 | 85.9.123.176.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.234.251.148.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.6.98.141.in-addr.arpa | udp |
| FI | 77.91.124.82:19071 | tcp | |
| US | 8.8.8.8:53 | app.nnnaajjjgc.com | udp |
| HK | 154.221.26.108:80 | app.nnnaajjjgc.com | tcp |
| US | 8.8.8.8:53 | 108.26.221.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | transfer.sh | udp |
| DE | 144.76.136.153:443 | transfer.sh | tcp |
| US | 8.8.8.8:53 | 153.136.76.144.in-addr.arpa | udp |
| US | 8.8.8.8:53 | learn.microsoft.com | udp |
| NL | 104.85.2.139:443 | learn.microsoft.com | tcp |
| US | 8.8.8.8:53 | 183.2.85.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | js.monitor.azure.com | udp |
| US | 13.107.246.67:443 | js.monitor.azure.com | tcp |
| US | 13.107.246.67:443 | js.monitor.azure.com | tcp |
| US | 8.8.8.8:53 | mscom.demdex.net | udp |
| IE | 34.253.158.202:443 | mscom.demdex.net | tcp |
| US | 8.8.8.8:53 | 139.2.85.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.246.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | target.microsoft.com | udp |
| US | 8.8.8.8:53 | microsoftmscompoc.tt.omtrdc.net | udp |
| US | 8.8.8.8:53 | 202.158.253.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | browser.events.data.microsoft.com | udp |
| US | 20.189.173.23:443 | browser.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 23.173.189.20.in-addr.arpa | udp |
| US | 20.189.173.23:443 | browser.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | rx.unmineable.com | udp |
| US | 165.227.182.82:3333 | rx.unmineable.com | tcp |
| US | 8.8.8.8:53 | 82.182.227.165.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.99.105.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 89.65.42.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\v8314439.exe
| MD5 | 59640c5d13965243a3324f98cec19c82 |
| SHA1 | 41074c676531f13e6c2473b60a031e94e3e07955 |
| SHA256 | 1b11b039b77125b1c2a969f98d7f6f8fa7055256bc705f53fdee927415a8e8ce |
| SHA512 | a8d551d44120c1fc7a4d787866ab589371f882e0521e9491544fd2909fa56035dcc7f35a4bca63c9c24eff16e268a298af333453b729a14812982c7a40ed3413 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\v8314439.exe
| MD5 | 59640c5d13965243a3324f98cec19c82 |
| SHA1 | 41074c676531f13e6c2473b60a031e94e3e07955 |
| SHA256 | 1b11b039b77125b1c2a969f98d7f6f8fa7055256bc705f53fdee927415a8e8ce |
| SHA512 | a8d551d44120c1fc7a4d787866ab589371f882e0521e9491544fd2909fa56035dcc7f35a4bca63c9c24eff16e268a298af333453b729a14812982c7a40ed3413 |
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\v4077104.exe
| MD5 | c4d3f08e38c4d19a09880655dd51f66c |
| SHA1 | b66fe2cf8a10bca6a0c806e02edd04432db6a598 |
| SHA256 | 80cf12fd1964d5e491ba528f07c05481d6ee02632ba17162d5d7654c65671f6c |
| SHA512 | 43cb8a273fa041a8e710e8ad36e0b80fb153c5f311d80801a8bbd17d123dea0fd214591e5e65e59cd8059505b9192f6afa7c9eec5ca31619d769cb52e8b5d6a7 |
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\v4077104.exe
| MD5 | c4d3f08e38c4d19a09880655dd51f66c |
| SHA1 | b66fe2cf8a10bca6a0c806e02edd04432db6a598 |
| SHA256 | 80cf12fd1964d5e491ba528f07c05481d6ee02632ba17162d5d7654c65671f6c |
| SHA512 | 43cb8a273fa041a8e710e8ad36e0b80fb153c5f311d80801a8bbd17d123dea0fd214591e5e65e59cd8059505b9192f6afa7c9eec5ca31619d769cb52e8b5d6a7 |
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\v0502390.exe
| MD5 | ea7274838f49d606d78ae6b038e1123f |
| SHA1 | 3b2b364bbaf0e317a98f3f052208c15b708bcaed |
| SHA256 | 484dbb78d9dd4131ae02f71ffb39d275b4bd470b8c3ac78c3c147d30b0a86511 |
| SHA512 | ad3ea265b54a647911fc1e4e5a7a66626311ad1c938b53e959d8005cf9352d14e3457b7d45dcad81100ea33bc1589b67150f986593315390a0d2eac5c7cfcf23 |
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\v0502390.exe
| MD5 | ea7274838f49d606d78ae6b038e1123f |
| SHA1 | 3b2b364bbaf0e317a98f3f052208c15b708bcaed |
| SHA256 | 484dbb78d9dd4131ae02f71ffb39d275b4bd470b8c3ac78c3c147d30b0a86511 |
| SHA512 | ad3ea265b54a647911fc1e4e5a7a66626311ad1c938b53e959d8005cf9352d14e3457b7d45dcad81100ea33bc1589b67150f986593315390a0d2eac5c7cfcf23 |
C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\a3888399.exe
| MD5 | adc293241b94f369deac81c197eea1a0 |
| SHA1 | 433c93c96893fee73319e97d33873133df022279 |
| SHA256 | e47a260708e3f9bf958b69a6bd7a0620f83dec6af50ab27dfe79712836bf999b |
| SHA512 | e1dbc0da640b048b8b957b61080a5ca6a0b0af33001ffabd3cf5015a016da081e70fcee1736fe29aea14b39e797b7986d4dd6b629ebefd64d17942d6a224218d |
C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\a3888399.exe
| MD5 | adc293241b94f369deac81c197eea1a0 |
| SHA1 | 433c93c96893fee73319e97d33873133df022279 |
| SHA256 | e47a260708e3f9bf958b69a6bd7a0620f83dec6af50ab27dfe79712836bf999b |
| SHA512 | e1dbc0da640b048b8b957b61080a5ca6a0b0af33001ffabd3cf5015a016da081e70fcee1736fe29aea14b39e797b7986d4dd6b629ebefd64d17942d6a224218d |
memory/3228-28-0x0000000000400000-0x000000000040A000-memory.dmp
memory/3228-29-0x0000000074670000-0x0000000074E20000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\b4155882.exe
| MD5 | ee984dc98ece0caa1685268fb582829c |
| SHA1 | beafff908eb60bb7176f34e3c9599429da2a4b45 |
| SHA256 | e88f53c602f5d07e3004e1d19182c3e1558ed7532e6edf7cf1178d88c697b8e4 |
| SHA512 | 62eb64085b2cb75cfdb669206964c7c5663fa6870b5f11c1e4d529a9ca691c9812a34d455b5f15af00e2ba3f06a1abfc1b66c95568d68e5205c84e3c80399ceb |
C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\b4155882.exe
| MD5 | ee984dc98ece0caa1685268fb582829c |
| SHA1 | beafff908eb60bb7176f34e3c9599429da2a4b45 |
| SHA256 | e88f53c602f5d07e3004e1d19182c3e1558ed7532e6edf7cf1178d88c697b8e4 |
| SHA512 | 62eb64085b2cb75cfdb669206964c7c5663fa6870b5f11c1e4d529a9ca691c9812a34d455b5f15af00e2ba3f06a1abfc1b66c95568d68e5205c84e3c80399ceb |
memory/400-33-0x0000000000400000-0x000000000042C000-memory.dmp
memory/400-34-0x0000000000400000-0x000000000042C000-memory.dmp
memory/400-35-0x0000000000400000-0x000000000042C000-memory.dmp
memory/400-37-0x0000000000400000-0x000000000042C000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\c7280371.exe
| MD5 | 8422c25508ff2570e8a3c8520a7621db |
| SHA1 | 0beb6060d5d17c76d010da14410ab3655d07a72a |
| SHA256 | e8bcd501a782d304ce516cfee0fefe0cde1ffbd7071209198f9173db20d5a844 |
| SHA512 | 137d6d2d0f04ee16fe976bb0a0ea977349e4c23d968af4c71b1b06c96d4d51e0e2645f30582ddf043ddbe773727f6dab5103867c18999c236fc3e6ffdb848eae |
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\c7280371.exe
| MD5 | 8422c25508ff2570e8a3c8520a7621db |
| SHA1 | 0beb6060d5d17c76d010da14410ab3655d07a72a |
| SHA256 | e8bcd501a782d304ce516cfee0fefe0cde1ffbd7071209198f9173db20d5a844 |
| SHA512 | 137d6d2d0f04ee16fe976bb0a0ea977349e4c23d968af4c71b1b06c96d4d51e0e2645f30582ddf043ddbe773727f6dab5103867c18999c236fc3e6ffdb848eae |
memory/4412-41-0x0000000000400000-0x0000000000430000-memory.dmp
memory/4412-43-0x0000000074670000-0x0000000074E20000-memory.dmp
memory/4412-42-0x0000000002DC0000-0x0000000002DC6000-memory.dmp
memory/4412-44-0x0000000005C80000-0x0000000006298000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\d4631374.exe
| MD5 | 9142c09f5d2cfaf48891dd24334914cd |
| SHA1 | b8e3c8215be48304d10d18209a1b7fc3544c6ab6 |
| SHA256 | 2f183a1090007f6da801c361a7102653c1d9912c7e29176bfced8e1323b3af08 |
| SHA512 | f205915a9974e6e2f9295ab39c32ed07efbf25473b1b54bff14c98cad67fabb295dbdad250d404766bfa6e1a041038e648a7975c84f3d6ddfb2ed81a372b3290 |
memory/4412-48-0x0000000005770000-0x000000000587A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\d4631374.exe
| MD5 | 9142c09f5d2cfaf48891dd24334914cd |
| SHA1 | b8e3c8215be48304d10d18209a1b7fc3544c6ab6 |
| SHA256 | 2f183a1090007f6da801c361a7102653c1d9912c7e29176bfced8e1323b3af08 |
| SHA512 | f205915a9974e6e2f9295ab39c32ed07efbf25473b1b54bff14c98cad67fabb295dbdad250d404766bfa6e1a041038e648a7975c84f3d6ddfb2ed81a372b3290 |
memory/4412-49-0x0000000005660000-0x0000000005672000-memory.dmp
memory/4412-50-0x0000000005650000-0x0000000005660000-memory.dmp
memory/4412-51-0x00000000056C0000-0x00000000056FC000-memory.dmp
memory/4412-52-0x0000000005700000-0x000000000574C000-memory.dmp
memory/3844-53-0x0000000000400000-0x0000000000409000-memory.dmp
memory/3228-54-0x0000000074670000-0x0000000074E20000-memory.dmp
memory/3844-55-0x0000000000400000-0x0000000000409000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\e1227156.exe
| MD5 | 05cd2a3d3126bb1d52483532f008646e |
| SHA1 | e6ca8de3d5a979e3263c56f31b939d684eeef858 |
| SHA256 | dd2f86221d5bad7239415e8849c138b924d201b8202db7669d22f3b5d1ddd849 |
| SHA512 | 2200c082976405aa9e3f6b43bd36dbddcf71d3dbbf45a283f7e5d19894bb9d0366300ecd50779178a9466246f5d5f1b38eb3321ed922850b0e17398ced96ef05 |
memory/3228-59-0x0000000074670000-0x0000000074E20000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\e1227156.exe
| MD5 | 05cd2a3d3126bb1d52483532f008646e |
| SHA1 | e6ca8de3d5a979e3263c56f31b939d684eeef858 |
| SHA256 | dd2f86221d5bad7239415e8849c138b924d201b8202db7669d22f3b5d1ddd849 |
| SHA512 | 2200c082976405aa9e3f6b43bd36dbddcf71d3dbbf45a283f7e5d19894bb9d0366300ecd50779178a9466246f5d5f1b38eb3321ed922850b0e17398ced96ef05 |
memory/3164-61-0x0000000002D30000-0x0000000002D46000-memory.dmp
memory/3844-62-0x0000000000400000-0x0000000000409000-memory.dmp
memory/4412-65-0x0000000074670000-0x0000000074E20000-memory.dmp
memory/4412-66-0x0000000005650000-0x0000000005660000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\A8DD.bat
| MD5 | 403991c4d18ac84521ba17f264fa79f2 |
| SHA1 | 850cc068de0963854b0fe8f485d951072474fd45 |
| SHA256 | ef6e942aefe925fefac19fa816986ea25de6935c4f377c717e29b94e65f9019f |
| SHA512 | a20aaa77065d30195e5893f2ff989979383c8d7f82d9e528d4833b1c1236aef4f85284f5250d0f190a174790b650280ffe1fbff7e00c98024ccf5ca746e5b576 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 7a602869e579f44dfa2a249baa8c20fe |
| SHA1 | e0ac4a8508f60cb0408597eb1388b3075e27383f |
| SHA256 | 9ecfb98abb311a853f6b532b8eb6861455ca3f0cc3b4b6b844095ad8fb28dfa5 |
| SHA512 | 1f611034390aaeb815d92514cdeea68c52ceb101ad8ac9f0ae006226bebc15bfa283375b88945f38837c2423d2d397fbf832b85f7db230af6392c565d21f8d10 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 3d5af55f794f9a10c5943d2f80dde5c5 |
| SHA1 | 5252adf87d6bd769f2c39b9e8eba77b087a0160d |
| SHA256 | 43e50edafcaaeae9fcd4dce5b99bf14fe79dae1401019443f31aa9ff81347764 |
| SHA512 | 2e2e09a00db732ff934da1e6ab8617fb3c8de482f9667a2c987435d0a5d67550b4bfd66e8b4475012b60908c24e39dff58e2f2ffa55f13ffc55caae1be630c71 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 3d5af55f794f9a10c5943d2f80dde5c5 |
| SHA1 | 5252adf87d6bd769f2c39b9e8eba77b087a0160d |
| SHA256 | 43e50edafcaaeae9fcd4dce5b99bf14fe79dae1401019443f31aa9ff81347764 |
| SHA512 | 2e2e09a00db732ff934da1e6ab8617fb3c8de482f9667a2c987435d0a5d67550b4bfd66e8b4475012b60908c24e39dff58e2f2ffa55f13ffc55caae1be630c71 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 3d5af55f794f9a10c5943d2f80dde5c5 |
| SHA1 | 5252adf87d6bd769f2c39b9e8eba77b087a0160d |
| SHA256 | 43e50edafcaaeae9fcd4dce5b99bf14fe79dae1401019443f31aa9ff81347764 |
| SHA512 | 2e2e09a00db732ff934da1e6ab8617fb3c8de482f9667a2c987435d0a5d67550b4bfd66e8b4475012b60908c24e39dff58e2f2ffa55f13ffc55caae1be630c71 |
\??\pipe\LOCAL\crashpad_2560_NEXOZRNUWAVTERDM
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b469bd01eccb06fc98519a9adfdd6698 |
| SHA1 | 33fff1e6c071074a064f2e89029b8267f77f351f |
| SHA256 | cfc757eb649eb4d300dac345d871e80ae6bedd92da4c2af3e0a725a65af9aed0 |
| SHA512 | 611ec3af204d6085acfc4badaa93f71862eb350e26e84cb2fd85b0fe23f38afd026473dd9933cddc65bc7578ece3e8c16f010453795f83b3706e06d2d5e2ac51 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 3d5af55f794f9a10c5943d2f80dde5c5 |
| SHA1 | 5252adf87d6bd769f2c39b9e8eba77b087a0160d |
| SHA256 | 43e50edafcaaeae9fcd4dce5b99bf14fe79dae1401019443f31aa9ff81347764 |
| SHA512 | 2e2e09a00db732ff934da1e6ab8617fb3c8de482f9667a2c987435d0a5d67550b4bfd66e8b4475012b60908c24e39dff58e2f2ffa55f13ffc55caae1be630c71 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | c45634900a30452c22f79c7cadc0160d |
| SHA1 | 4f1f4d996529ad801f10e6d7e0569917bfec0dda |
| SHA256 | b668cb51d668f10ff213b698a9e3031db8ab6071697af5f70f214a562f0a6675 |
| SHA512 | 0a3da40510565b4205bcef703114a5b4788934539fba44fb520f67125c2ecee8fd3201b70b2e9d7789e8e8e97c4ef4ba0e6fdf9ed0f5b4a70f5a11a8460f0cc9 |
\??\pipe\LOCAL\crashpad_4300_IMRNUGBBXKLROHHR
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Temp\B7B3.exe
| MD5 | 6b254caca548f0be01842a0c4bd4c649 |
| SHA1 | 79bbeed18d08c3010e8954f6d5c9f52967dcc32e |
| SHA256 | 01a7afff3220c1a442e3b8bc41dbf4036e9c223f9aab374265d9beae0709e434 |
| SHA512 | b69f8c71f2b71268150cc74e8e842b6526e87c5e944d163bb3def85cc919428c249a733ca9bbefc4cf4b80a8dbf6961b8e6f0333194713faf10551b8eb97d3ff |
C:\Users\Admin\AppData\Local\Temp\B7B3.exe
| MD5 | 6b254caca548f0be01842a0c4bd4c649 |
| SHA1 | 79bbeed18d08c3010e8954f6d5c9f52967dcc32e |
| SHA256 | 01a7afff3220c1a442e3b8bc41dbf4036e9c223f9aab374265d9beae0709e434 |
| SHA512 | b69f8c71f2b71268150cc74e8e842b6526e87c5e944d163bb3def85cc919428c249a733ca9bbefc4cf4b80a8dbf6961b8e6f0333194713faf10551b8eb97d3ff |
C:\Users\Admin\AppData\Local\Temp\BC39.exe
| MD5 | ef11a166e73f258d4159c1904485623c |
| SHA1 | bc1f4c685f4ec4f617f79e3f3f8c82564cccfc4e |
| SHA256 | dc24474e1211ef4554c63f4d70380cc71063466c3d0a07e1a4d0726e0f587747 |
| SHA512 | 2db0b963f92ce1f0b965011f250361e0951702267e8502a7648a726c407941e6b95abb360545e61ff7914c66258ee33a86766b877da3ad4603d68901fbd95708 |
C:\Users\Admin\AppData\Local\Temp\BC39.exe
| MD5 | ef11a166e73f258d4159c1904485623c |
| SHA1 | bc1f4c685f4ec4f617f79e3f3f8c82564cccfc4e |
| SHA256 | dc24474e1211ef4554c63f4d70380cc71063466c3d0a07e1a4d0726e0f587747 |
| SHA512 | 2db0b963f92ce1f0b965011f250361e0951702267e8502a7648a726c407941e6b95abb360545e61ff7914c66258ee33a86766b877da3ad4603d68901fbd95708 |
memory/3796-209-0x0000027277010000-0x00000272770F6000-memory.dmp
memory/3796-212-0x00007FFDF0120000-0x00007FFDF0BE1000-memory.dmp
memory/3796-211-0x0000027279550000-0x0000027279632000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ss41.exe
| MD5 | 2527628a2b3b4343c614e48132ab3edb |
| SHA1 | 0d60f573a21251dcfd61d28a7a0566dc29d38aa6 |
| SHA256 | 04ce968bedd7f177b35e130887aee1ec599e3d7b72f45f370f3ade343950b6bf |
| SHA512 | 416b0990011e24ba2d03d3859b63a2b2ba4494aafeb6cd27efd335055ab063bd677902b74faa1162493dae827a96ef768b957f8a407d25902c067a13a8718dd2 |
C:\Users\Admin\AppData\Local\Temp\ss41.exe
| MD5 | 2527628a2b3b4343c614e48132ab3edb |
| SHA1 | 0d60f573a21251dcfd61d28a7a0566dc29d38aa6 |
| SHA256 | 04ce968bedd7f177b35e130887aee1ec599e3d7b72f45f370f3ade343950b6bf |
| SHA512 | 416b0990011e24ba2d03d3859b63a2b2ba4494aafeb6cd27efd335055ab063bd677902b74faa1162493dae827a96ef768b957f8a407d25902c067a13a8718dd2 |
C:\Users\Admin\AppData\Local\Temp\ss41.exe
| MD5 | 2527628a2b3b4343c614e48132ab3edb |
| SHA1 | 0d60f573a21251dcfd61d28a7a0566dc29d38aa6 |
| SHA256 | 04ce968bedd7f177b35e130887aee1ec599e3d7b72f45f370f3ade343950b6bf |
| SHA512 | 416b0990011e24ba2d03d3859b63a2b2ba4494aafeb6cd27efd335055ab063bd677902b74faa1162493dae827a96ef768b957f8a407d25902c067a13a8718dd2 |
C:\Users\Admin\AppData\Local\Temp\toolspub2.exe
| MD5 | f0ba7739cc07608c54312e79abaf9ece |
| SHA1 | 38b075b2e04bc8eee78b89766c1cede5ad889a7e |
| SHA256 | 9e96d77f013c6ca17f641c947be11a1bb8921937ed79ec98c4b49ef4c641ae5f |
| SHA512 | 15da0554fdd9fb80325883344349b3b4d7b5a612c13eecb810c488621f805ab59c159a54c526ae92f1b81064949bf408f9f2ad07a4c8eda424b2a8f89ea6e165 |
memory/3796-225-0x0000027279690000-0x00000272796A0000-memory.dmp
memory/1204-234-0x00007FF762EF0000-0x00007FF762FC9000-memory.dmp
memory/3796-233-0x00000272796A0000-0x0000027279770000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\toolspub2.exe
| MD5 | f0ba7739cc07608c54312e79abaf9ece |
| SHA1 | 38b075b2e04bc8eee78b89766c1cede5ad889a7e |
| SHA256 | 9e96d77f013c6ca17f641c947be11a1bb8921937ed79ec98c4b49ef4c641ae5f |
| SHA512 | 15da0554fdd9fb80325883344349b3b4d7b5a612c13eecb810c488621f805ab59c159a54c526ae92f1b81064949bf408f9f2ad07a4c8eda424b2a8f89ea6e165 |
memory/3796-241-0x0000027278CB0000-0x0000027278CFC000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe
| MD5 | d974162e0cccb469e745708ced4124c0 |
| SHA1 | 2749ebc0ddaa6ae0c59c1f92f6dbb509cc0f5929 |
| SHA256 | 77793c069040127f89af88feb293829bd66c1df811b31d5b709868f0c9dd1df5 |
| SHA512 | ab716b96f09c5a8c1a957c209ed13958f5a21abcd488437aab8f1b1107e758207e3a51c264b39463256bf58a2266de771fa73477b0555be6cc4221f84e3684a1 |
C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe
| MD5 | d974162e0cccb469e745708ced4124c0 |
| SHA1 | 2749ebc0ddaa6ae0c59c1f92f6dbb509cc0f5929 |
| SHA256 | 77793c069040127f89af88feb293829bd66c1df811b31d5b709868f0c9dd1df5 |
| SHA512 | ab716b96f09c5a8c1a957c209ed13958f5a21abcd488437aab8f1b1107e758207e3a51c264b39463256bf58a2266de771fa73477b0555be6cc4221f84e3684a1 |
C:\Users\Admin\AppData\Local\Temp\toolspub2.exe
| MD5 | f0ba7739cc07608c54312e79abaf9ece |
| SHA1 | 38b075b2e04bc8eee78b89766c1cede5ad889a7e |
| SHA256 | 9e96d77f013c6ca17f641c947be11a1bb8921937ed79ec98c4b49ef4c641ae5f |
| SHA512 | 15da0554fdd9fb80325883344349b3b4d7b5a612c13eecb810c488621f805ab59c159a54c526ae92f1b81064949bf408f9f2ad07a4c8eda424b2a8f89ea6e165 |
C:\Users\Admin\AppData\Local\Temp\C254.exe
| MD5 | 52c2f13a9fa292d1f32439dde355ff71 |
| SHA1 | 03a9aa82a8070de26b9a347cfbd4090fd239f8df |
| SHA256 | 020c6da8f2bbd3a3f15dcbc8808255c2650df37f2b499b680e69d9e3cb1c1316 |
| SHA512 | 097d5415d7ed0ebb6b6f89cc38b29471a47ef99df79e7c6b0b01592174dfb115abdf496126bb7177527c252803bcc53a31b8c40d2f1aa65fae4331b5afe9e36a |
memory/3116-264-0x0000000000BB0000-0x0000000000D88000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\kos1.exe
| MD5 | 85b698363e74ba3c08fc16297ddc284e |
| SHA1 | 171cfea4a82a7365b241f16aebdb2aad29f4f7c0 |
| SHA256 | 78efcbb0c6eb6a4c76c036adc65154b8ff028849f79d508e45babfb527cb7cfe |
| SHA512 | 7e4816c43e0addba088709948e8aedc9e39d6802c74a75cfbc2a0e739b44c5b5eef2bb2453b7032c758b0bdb38e4e7a598aa29be015796361b81d7f9e8027796 |
memory/3824-268-0x0000000000670000-0x00000000007E4000-memory.dmp
memory/3824-269-0x0000000074670000-0x0000000074E20000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\C69B.exe
| MD5 | bf58b6afac98febc716a85be5b8e9d9e |
| SHA1 | 4a36385b3f8e8a84a995826d77fcd8e76eba7328 |
| SHA256 | 16b88051fd1e27d08d1408bb51002dd25edb88292807a92ee25ba5f4c0895b8d |
| SHA512 | a3f8deabbb35e4d4928ec6cf836cdef1a57aed879ce10646d3f8cd9cccf93c0c80c89d1e82dc6c9c558f61429eb6416f5ecd8235f8933f90db6bb46f7cf165ec |
memory/3116-274-0x0000000000BB0000-0x0000000000D88000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\kos1.exe
| MD5 | 85b698363e74ba3c08fc16297ddc284e |
| SHA1 | 171cfea4a82a7365b241f16aebdb2aad29f4f7c0 |
| SHA256 | 78efcbb0c6eb6a4c76c036adc65154b8ff028849f79d508e45babfb527cb7cfe |
| SHA512 | 7e4816c43e0addba088709948e8aedc9e39d6802c74a75cfbc2a0e739b44c5b5eef2bb2453b7032c758b0bdb38e4e7a598aa29be015796361b81d7f9e8027796 |
memory/4544-275-0x0000000000400000-0x000000000045A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\C254.exe
| MD5 | 52c2f13a9fa292d1f32439dde355ff71 |
| SHA1 | 03a9aa82a8070de26b9a347cfbd4090fd239f8df |
| SHA256 | 020c6da8f2bbd3a3f15dcbc8808255c2650df37f2b499b680e69d9e3cb1c1316 |
| SHA512 | 097d5415d7ed0ebb6b6f89cc38b29471a47ef99df79e7c6b0b01592174dfb115abdf496126bb7177527c252803bcc53a31b8c40d2f1aa65fae4331b5afe9e36a |
C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe
| MD5 | d974162e0cccb469e745708ced4124c0 |
| SHA1 | 2749ebc0ddaa6ae0c59c1f92f6dbb509cc0f5929 |
| SHA256 | 77793c069040127f89af88feb293829bd66c1df811b31d5b709868f0c9dd1df5 |
| SHA512 | ab716b96f09c5a8c1a957c209ed13958f5a21abcd488437aab8f1b1107e758207e3a51c264b39463256bf58a2266de771fa73477b0555be6cc4221f84e3684a1 |
C:\Users\Admin\AppData\Local\Temp\kos1.exe
| MD5 | 85b698363e74ba3c08fc16297ddc284e |
| SHA1 | 171cfea4a82a7365b241f16aebdb2aad29f4f7c0 |
| SHA256 | 78efcbb0c6eb6a4c76c036adc65154b8ff028849f79d508e45babfb527cb7cfe |
| SHA512 | 7e4816c43e0addba088709948e8aedc9e39d6802c74a75cfbc2a0e739b44c5b5eef2bb2453b7032c758b0bdb38e4e7a598aa29be015796361b81d7f9e8027796 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
memory/3116-294-0x0000000000BB0000-0x0000000000D88000-memory.dmp
memory/4544-295-0x0000000074670000-0x0000000074E20000-memory.dmp
memory/4544-297-0x0000000008040000-0x00000000085E4000-memory.dmp
memory/4828-296-0x0000000000400000-0x00000000004B2000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\C69B.exe
| MD5 | bf58b6afac98febc716a85be5b8e9d9e |
| SHA1 | 4a36385b3f8e8a84a995826d77fcd8e76eba7328 |
| SHA256 | 16b88051fd1e27d08d1408bb51002dd25edb88292807a92ee25ba5f4c0895b8d |
| SHA512 | a3f8deabbb35e4d4928ec6cf836cdef1a57aed879ce10646d3f8cd9cccf93c0c80c89d1e82dc6c9c558f61429eb6416f5ecd8235f8933f90db6bb46f7cf165ec |
memory/4828-309-0x00007FFDF0120000-0x00007FFDF0BE1000-memory.dmp
memory/4544-298-0x0000000007B30000-0x0000000007BC2000-memory.dmp
memory/3796-310-0x00007FFDF0120000-0x00007FFDF0BE1000-memory.dmp
memory/4544-312-0x0000000007B20000-0x0000000007B2A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\set16.exe
| MD5 | 22d5269955f256a444bd902847b04a3b |
| SHA1 | 41a83de3273270c3bd5b2bd6528bdc95766aa268 |
| SHA256 | ab16986253bd187e3134f27495ef0db4b648f769721bc8c84b708c7ba69156fd |
| SHA512 | d85ada5d8c2c02932a79241a484b088ba70bda0497fd8ad638300935a16841d7cbc8258be93055907cb533bc534fdd48c7c91109fa22f87e65a6b374cd51055c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | c696d337b1220dc01106de3ec6a1a90e |
| SHA1 | 73f263caaa134f4987f7b87714fd28dd6c3d05d2 |
| SHA256 | 77f35ff621424bb37687e3e68b47ccb5e07ffb2f85bd9399210fe0f296629c98 |
| SHA512 | 168dcfaf1d7725d2476dc9171a29bba863ed3f2c03d2918e0ec56dda400c9c890fef2a7a7c36f30520a14dd4ceb3702e840182dd99764108a86941bd4814309b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | c45634900a30452c22f79c7cadc0160d |
| SHA1 | 4f1f4d996529ad801f10e6d7e0569917bfec0dda |
| SHA256 | b668cb51d668f10ff213b698a9e3031db8ab6071697af5f70f214a562f0a6675 |
| SHA512 | 0a3da40510565b4205bcef703114a5b4788934539fba44fb520f67125c2ecee8fd3201b70b2e9d7789e8e8e97c4ef4ba0e6fdf9ed0f5b4a70f5a11a8460f0cc9 |
C:\Users\Admin\AppData\Local\Temp\set16.exe
| MD5 | 22d5269955f256a444bd902847b04a3b |
| SHA1 | 41a83de3273270c3bd5b2bd6528bdc95766aa268 |
| SHA256 | ab16986253bd187e3134f27495ef0db4b648f769721bc8c84b708c7ba69156fd |
| SHA512 | d85ada5d8c2c02932a79241a484b088ba70bda0497fd8ad638300935a16841d7cbc8258be93055907cb533bc534fdd48c7c91109fa22f87e65a6b374cd51055c |
memory/4828-311-0x0000027879650000-0x0000027879660000-memory.dmp
memory/4544-314-0x0000000007C80000-0x0000000007C90000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\set16.exe
| MD5 | 22d5269955f256a444bd902847b04a3b |
| SHA1 | 41a83de3273270c3bd5b2bd6528bdc95766aa268 |
| SHA256 | ab16986253bd187e3134f27495ef0db4b648f769721bc8c84b708c7ba69156fd |
| SHA512 | d85ada5d8c2c02932a79241a484b088ba70bda0497fd8ad638300935a16841d7cbc8258be93055907cb533bc534fdd48c7c91109fa22f87e65a6b374cd51055c |
memory/4828-301-0x0000027879660000-0x0000027879762000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\kos.exe
| MD5 | 076ab7d1cc5150a5e9f8745cc5f5fb6c |
| SHA1 | 7b40783a27a38106e2cc91414f2bc4d8b484c578 |
| SHA256 | d1b71081d7ba414b589338329f278ba51c6ccf542d74f131f96c2337ee0a4c90 |
| SHA512 | 75e274a654e88feb0d66156f387bc5e420811f4f62939396a7455d12e835d7e134b2579ab59976c591b416d1ec1acdf05e9eb290c8f01383c6a50bf43854420b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c746d7d1bb0754470ef6a5043e75ec92 |
| SHA1 | 02a45accf9dcbc0c4a8967e382292865b226ffea |
| SHA256 | ca65db8cc9a19bf6c569dff80de84f008963e38369a3e86a3245aa3452a874bf |
| SHA512 | e00f69653b476e29471cb8f6f73872e6f5dc70f95cfabea0fc871ce7c13989a442b6d3a7439d37946b5e4d05cd7d689ae062a2e1ababaac94ea51e31b135ed19 |
C:\Users\Admin\AppData\Local\Temp\kos.exe
| MD5 | 076ab7d1cc5150a5e9f8745cc5f5fb6c |
| SHA1 | 7b40783a27a38106e2cc91414f2bc4d8b484c578 |
| SHA256 | d1b71081d7ba414b589338329f278ba51c6ccf542d74f131f96c2337ee0a4c90 |
| SHA512 | 75e274a654e88feb0d66156f387bc5e420811f4f62939396a7455d12e835d7e134b2579ab59976c591b416d1ec1acdf05e9eb290c8f01383c6a50bf43854420b |
memory/5408-352-0x0000000000D60000-0x0000000000D68000-memory.dmp
memory/3824-360-0x0000000074670000-0x0000000074E20000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-O6QLH.tmp\is-7L7L4.tmp
| MD5 | 2fba5642cbcaa6857c3995ccb5d2ee2a |
| SHA1 | 91fe8cd860cba7551fbf78bc77cc34e34956e8cc |
| SHA256 | ddec51f3741f3988b9cc792f6f8fc0dfa2098ef0eb84c6a2af7f8da5a72b40fa |
| SHA512 | 30613b43427d17115134798506f197c0f5f8b2b9f247668fa25b9dd4853bbd97ac1e27f4e3325dec4f6dfc0e448ebbddb2969ad1a1781aa59ebf522d436aed7c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | 10f5b64000466c1e6da25fb5a0115924 |
| SHA1 | cb253bacf2b087c4040eb3c6a192924234f68639 |
| SHA256 | d818b1cebb2d1e2b269f2e41654702a0df261e63ba2a479f34b75563265ee46b |
| SHA512 | 8a8d230594d6fade63ecd63ba60985a7ccd1353de8d0a119543985bf182fdbb45f38ccc96441c24f0792ea1c449de69563c38348c2bedb2845522a2f83a149db |
memory/5408-362-0x00007FFDF0120000-0x00007FFDF0BE1000-memory.dmp
memory/5408-364-0x000000001B9A0000-0x000000001B9B0000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-O6QLH.tmp\is-7L7L4.tmp
| MD5 | 2fba5642cbcaa6857c3995ccb5d2ee2a |
| SHA1 | 91fe8cd860cba7551fbf78bc77cc34e34956e8cc |
| SHA256 | ddec51f3741f3988b9cc792f6f8fc0dfa2098ef0eb84c6a2af7f8da5a72b40fa |
| SHA512 | 30613b43427d17115134798506f197c0f5f8b2b9f247668fa25b9dd4853bbd97ac1e27f4e3325dec4f6dfc0e448ebbddb2969ad1a1781aa59ebf522d436aed7c |
memory/4828-365-0x0000027877500000-0x0000027877508000-memory.dmp
memory/4828-366-0x00000278795D0000-0x0000027879626000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\kos.exe
| MD5 | 076ab7d1cc5150a5e9f8745cc5f5fb6c |
| SHA1 | 7b40783a27a38106e2cc91414f2bc4d8b484c578 |
| SHA256 | d1b71081d7ba414b589338329f278ba51c6ccf542d74f131f96c2337ee0a4c90 |
| SHA512 | 75e274a654e88feb0d66156f387bc5e420811f4f62939396a7455d12e835d7e134b2579ab59976c591b416d1ec1acdf05e9eb290c8f01383c6a50bf43854420b |
memory/4444-344-0x0000000000400000-0x0000000000469000-memory.dmp
memory/5152-325-0x0000000000400000-0x0000000000413000-memory.dmp
memory/5468-370-0x0000000000610000-0x0000000000611000-memory.dmp
memory/4444-334-0x0000000000550000-0x00000000005AA000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-DABJ4.tmp\_isetup\_iscrypt.dll
| MD5 | a69559718ab506675e907fe49deb71e9 |
| SHA1 | bc8f404ffdb1960b50c12ff9413c893b56f2e36f |
| SHA256 | 2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc |
| SHA512 | e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63 |
C:\Users\Admin\AppData\Local\Temp\is-DABJ4.tmp\_isetup\_isdecmp.dll
| MD5 | b4786eb1e1a93633ad1b4c112514c893 |
| SHA1 | 734750b771d0809c88508e4feb788d7701e6dada |
| SHA256 | 2ae4169f721beb389a661e6dbb18bc84ef38556af1f46807da9d87aec2a6f06f |
| SHA512 | 0882d2aa163ece22796f837111db0d55158098035005e57cd2e9b8d59dc2e582207840bf98bee534b81c368acf60ab5d8ecbe762209273bda067a215cdb2c0c6 |
memory/4544-384-0x00000000086B0000-0x0000000008716000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-DABJ4.tmp\_isetup\_isdecmp.dll
| MD5 | b4786eb1e1a93633ad1b4c112514c893 |
| SHA1 | 734750b771d0809c88508e4feb788d7701e6dada |
| SHA256 | 2ae4169f721beb389a661e6dbb18bc84ef38556af1f46807da9d87aec2a6f06f |
| SHA512 | 0882d2aa163ece22796f837111db0d55158098035005e57cd2e9b8d59dc2e582207840bf98bee534b81c368acf60ab5d8ecbe762209273bda067a215cdb2c0c6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
memory/1204-394-0x00000000036E0000-0x0000000003851000-memory.dmp
memory/1204-395-0x0000000003860000-0x0000000003991000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe
| MD5 | ec6aae2bb7d8781226ea61adca8f0586 |
| SHA1 | d82b3bad240f263c1b887c7c0cc4c2ff0e86dfe3 |
| SHA256 | b02fffaba9e664ff7840c82b102d6851ec0bb148cec462cef40999545309e599 |
| SHA512 | aa62a8cd02a03e4f462f76ae6ff2e43849052ce77cca3a2ccf593f6669425830d0910afac3cf2c46dd385454a6fb3b4bd604ae13b9586087d6f22de644f9dfc7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | c696d337b1220dc01106de3ec6a1a90e |
| SHA1 | 73f263caaa134f4987f7b87714fd28dd6c3d05d2 |
| SHA256 | 77f35ff621424bb37687e3e68b47ccb5e07ffb2f85bd9399210fe0f296629c98 |
| SHA512 | 168dcfaf1d7725d2476dc9171a29bba863ed3f2c03d2918e0ec56dda400c9c890fef2a7a7c36f30520a14dd4ceb3702e840182dd99764108a86941bd4814309b |
C:\Program Files (x86)\PA Previewer\previewer.exe
| MD5 | 27b85a95804a760da4dbee7ca800c9b4 |
| SHA1 | f03136226bf3dd38ba0aa3aad1127ccab380197c |
| SHA256 | f98b98404ecf3871a10a290ade21ad77d0b2633f47247debc53d094b9bdff245 |
| SHA512 | e760a15370272aa9541f1afceaaf4f5a8068dad21c6a8d50ebd01514e16bbc8f867c8af349080f3d1fa7a19eafe7cde74921d01716dea69ef801da1b74eae4a7 |
memory/4544-425-0x0000000074670000-0x0000000074E20000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 3d5af55f794f9a10c5943d2f80dde5c5 |
| SHA1 | 5252adf87d6bd769f2c39b9e8eba77b087a0160d |
| SHA256 | 43e50edafcaaeae9fcd4dce5b99bf14fe79dae1401019443f31aa9ff81347764 |
| SHA512 | 2e2e09a00db732ff934da1e6ab8617fb3c8de482f9667a2c987435d0a5d67550b4bfd66e8b4475012b60908c24e39dff58e2f2ffa55f13ffc55caae1be630c71 |
memory/4828-430-0x0000027879650000-0x0000027879660000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 05c9c5761d84fe45aa139b714a65848d |
| SHA1 | bcaa97bf803f3016eba2e3d7c8fa65c787a35785 |
| SHA256 | c88d63fb5fe923a61a96b9c37d2aabd4d17d5cda0843d2971c26488b0713675f |
| SHA512 | 83ce069aa445349adeda6e142b83f0c1ec26e496af4bfadbefb3e6f7476c657cd0a3421ca3721627959d86efc7974b10cee409752cf0b36b1bd108b2f15f8371 |
memory/6068-439-0x0000000000400000-0x00000000005F1000-memory.dmp
memory/6068-432-0x0000000000400000-0x00000000005F1000-memory.dmp
memory/6068-431-0x0000000000400000-0x00000000005F1000-memory.dmp
memory/4828-448-0x00007FFDF0120000-0x00007FFDF0BE1000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 1a1229027b6696dac6dfa0c9515448f6 |
| SHA1 | 929c42017439b630264e0e95f7d3d9b02bf5c91f |
| SHA256 | 4019193a12d22581d195d431f7216fd672af1267bfb851fdba4447e52c870019 |
| SHA512 | 8658bc12df367cc2470d473cbcc17bfbda2285aa761f3b3177e956dfbd54b9c8d40547c85d216de5ba84c16cf752bb065b030468bcfe33aa0348c5e813b02f09 |
memory/4544-461-0x0000000007C80000-0x0000000007C90000-memory.dmp
memory/5152-482-0x0000000000400000-0x0000000000413000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0b5a2a89313ad9bbc6431d90ce5164dc |
| SHA1 | 7693be097fe75fff31cc3c7200628ec5cceffbf1 |
| SHA256 | d2f131c0b0c1461294fcbeb3a6057f13da23d07924002421e355b82adebcf230 |
| SHA512 | e54764ba218199b46990774500c2874daa037adfbb6272f35bdb4984a5660b2529cbda972ea34765999268652172c618ae6ff8c8ecb849798a1519a930f570ab |
memory/5216-506-0x0000000000400000-0x00000000005F1000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 96cdebc0b53b4b260de09eaa9e175e4a |
| SHA1 | ac33124c07c11782bf7edf1117932361a9f08dc3 |
| SHA256 | 0555aa8592eb6c3dc04405f01c530b82886654afd1d5ac2deee49512462899f7 |
| SHA512 | 61c09af62a53ec83b12df07587df003d7021bb3850e8ba92d2806254aa2e85d63525b2edaeea2e68388bf058393fe8c221a30395f990d2520db3fdd2276d641e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 704bb2d754e02ad7015b2b93dadad5f3 |
| SHA1 | 0c8c4c38e8267d5abe3aed083008ca58012180fb |
| SHA256 | 62bc91249833d1b36800bbf6ce03fb7b8a290cd97c791816f4dd056c7b59ce3b |
| SHA512 | 520f2294d0e185c1dc424646f95b58e37ee2d9d6c355a6a155e7bb1fed4de8d2fa8b50acf73469cc94d07be3173f83b79a75b8c566b8aae3778817a368403b5f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58f325.TMP
| MD5 | 54d7185e6f2b7c1155e00457bbdfc2dd |
| SHA1 | c6e6b2f028d4eba8c78de8405e6136904d3f3680 |
| SHA256 | 257e92ccadf10462f81aa56ed48fb00bc6d5ba8678c0e0cf539e8cacd2d1493e |
| SHA512 | f2e161aa16e5c09c55b39977282a0bde3cd06e2f68b5256523f97f5baa3708d76d3b55e050ab88e009af7a391ff9064b3f82c8f132180706e9972e1da20c0001 |
memory/4828-449-0x0000027879650000-0x0000027879660000-memory.dmp
memory/4544-532-0x00000000094B0000-0x0000000009526000-memory.dmp
memory/4828-570-0x0000027879650000-0x0000027879660000-memory.dmp
memory/5408-569-0x00007FFDF0120000-0x00007FFDF0BE1000-memory.dmp
memory/4544-571-0x0000000009460000-0x000000000947E000-memory.dmp
memory/5408-574-0x000000001B9A0000-0x000000001B9B0000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | d3066f8d6ddfb0a8153bb8ffc24f614e |
| SHA1 | 21df35915359cfc51879a8a6278418c64acba476 |
| SHA256 | 0b517b3959dbcbf67d3df0a22b74ad37c48d32ccedb818c12ed85ade6bf77309 |
| SHA512 | 20f9913e6c0254789cb58eddaf3465210897cedb7c9e84b6703792268fb991086a289df4318fd9d220bfc3f5e49704f6f75c8ba060ae788e310812957a0bf8b6 |
memory/5468-582-0x0000000000400000-0x00000000004B0000-memory.dmp
memory/5468-583-0x0000000000610000-0x0000000000611000-memory.dmp
memory/1204-589-0x0000000003860000-0x0000000003991000-memory.dmp
memory/4392-591-0x0000000000550000-0x0000000000565000-memory.dmp
memory/4808-595-0x0000000000400000-0x0000000000409000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 7ca131aa7b7fdb8817e4d2ef90e815a1 |
| SHA1 | c3e809d340b32d9a8f2dbc44d341b416c45dcdf5 |
| SHA256 | 61c3c7e9fa63e9fac903709cad1b2a8982a0589b732cc343a73523b6389c0e2e |
| SHA512 | b4605d41e9623e4fb09d3774f6e54b5193ecc6f428397e638413fce4e39c4edcbc575e62e00f1e757294c82c1c1d66480f03d7bce1032a7dbc55d816201381f8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 30e63dcbb546a5b31e1f2757ef93ae68 |
| SHA1 | dd55581c03328ca147e64b38cb0444d621b0d80c |
| SHA256 | d9204eda679da7ed67b342c87a94a78d82b88b33aca31034273b385e182ce3c6 |
| SHA512 | 4cc9f92a83c6454463e7ff090ccbf41a9f1908d7953c982178a87fc1c3f59883890065d6de3aabc05664b8e117c917e09ef8c49723ca08f24e69083d79e9dd71 |
memory/3660-667-0x0000000000400000-0x0000000000D1B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_i30d54kb.01c.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/2252-716-0x0000000140000000-0x00000001407CF000-memory.dmp
memory/2252-717-0x0000000140000000-0x00000001407CF000-memory.dmp
memory/2252-719-0x00000204FBFC0000-0x00000204FBFE0000-memory.dmp
memory/2252-718-0x0000000140000000-0x00000001407CF000-memory.dmp
memory/2252-723-0x0000000140000000-0x00000001407CF000-memory.dmp
memory/2252-724-0x0000000140000000-0x00000001407CF000-memory.dmp
memory/2252-725-0x0000000140000000-0x00000001407CF000-memory.dmp
memory/2252-726-0x0000000140000000-0x00000001407CF000-memory.dmp
memory/2252-727-0x0000000140000000-0x00000001407CF000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | aefd77f47fb84fae5ea194496b44c67a |
| SHA1 | dcfbb6a5b8d05662c4858664f81693bb7f803b82 |
| SHA256 | 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611 |
| SHA512 | b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 9dca9f086f84183f250629657759ed1d |
| SHA1 | f2f2359a698b11603a91350c9d582d7e45f8dbfc |
| SHA256 | a67917c4da2738c3831f8dc13a8bb433b10166506e9a3ca69aa10781361eb196 |
| SHA512 | f2f2776c6c4f91375647c039074d96949fdfc26012957d41ba3ff253e11b67ecee558aa6f7d8b72b18c6e4de7303f3f74ae8c0e254191ac26be8626b8f960214 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 28e2a5992c8c10bd89ae7710adf6091e |
| SHA1 | 967a9088b5c05c816df7fbabbbd310bd458114f4 |
| SHA256 | ff44552b6984deb196ed01e743d9cdf32784076dd944c0d387a68869dd3491d4 |
| SHA512 | 6c3fe596762665e953d664294fe6a4056e2f280cd84b064f6512d3e578e1515cc987cc08b35c11e71da8aad8ac172272750cb5ad994dc69dc3ac45cbdb7d9ccb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 663d1bc8efdb35a7412d4a23545c8956 |
| SHA1 | fb580be9d84299a859038e72e3d0841f5d530cdd |
| SHA256 | 34c83bf0ce6fce0e0583594977173a47fc0bc9edee00d96af261ff06b2ce1c4d |
| SHA512 | 27b74ffe21b68bdc1289e214c9c1c469cb338e573a9b1325647b65a0b56a7fe6fc92594814f873dc21abbd4804ea6c4d3b40d864f59be194326373706afa18ea |
memory/5216-791-0x0000000000400000-0x00000000005F1000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | ace896f9ff3ce76e6c5f6523cb7c7a55 |
| SHA1 | 9fa918b25c0da6841ef1be06419a53d6d20162f6 |
| SHA256 | bb74853333d1b30ee3e5d732a179eee788345e10ddab692121663d4ed81e96cc |
| SHA512 | dbd66e525360f928ea142c4439c1c2a6776f5483972be22521c8585726b7f1a0b89c90846e7bc4d36f0cd4aac1b3b7cf458af03d9a7fe7851763c962bc37663a |
memory/5216-812-0x0000000000400000-0x00000000005F1000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 5b0c119677546172f18c6512d4fd2a2a |
| SHA1 | f4eb1511d4345ffdc1625a0abb245757867a1808 |
| SHA256 | 6cf37bb428e28eb61a31b847fe721c2696f2706aa990b373c654b9b9fecd4a77 |
| SHA512 | 500738b3088da298f6fc7517a307b2183f67e3bb9fc6ee720816d275e05b2403d7d6642f6d05b496cf488e9016130a0036e85945ca8d12fe3a4475315a18f23e |
memory/5216-819-0x0000000000400000-0x00000000005F1000-memory.dmp
memory/2252-820-0x0000000140000000-0x00000001407CF000-memory.dmp
memory/2252-821-0x0000000140000000-0x00000001407CF000-memory.dmp
memory/5216-827-0x0000000000400000-0x00000000005F1000-memory.dmp