Analysis Overview
SHA256
e1765e1efd8044e90319786c6b1ab81d0a394711497c43d1ff57b0086548fd80
Threat Level: Known bad
The file e1765e1efd8044e90319786c6b1ab81d0a394711497c43d1ff57b0086548fd80 was found to be: Known bad.
Malicious Activity Summary
RedLine
RedLine payload
Detect Mystic stealer payload
Mystic
Executes dropped EXE
Adds Run key to start application
Suspicious use of SetThreadContext
AutoIT Executable
Unsigned PE
Enumerates physical storage devices
Program crash
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2023-11-11 04:52
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2023-11-11 04:52
Reported
2023-11-11 04:57
Platform
win10v2004-20231023-en
Max time kernel
203s
Max time network
211s
Command Line
Signatures
Detect Mystic stealer payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Mystic
RedLine
RedLine payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\rG8mK88.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\sX1EJ28.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3TN107US.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4IW3fg8.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5MJ25nP.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6Ma590.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\e1765e1efd8044e90319786c6b1ab81d0a394711497c43d1ff57b0086548fd80.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\rG8mK88.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup2 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP002.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\sX1EJ28.exe | N/A |
AutoIT Executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 4320 set thread context of 7220 | N/A | C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4IW3fg8.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
| PID 6496 set thread context of 6024 | N/A | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5MJ25nP.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\e1765e1efd8044e90319786c6b1ab81d0a394711497c43d1ff57b0086548fd80.exe
"C:\Users\Admin\AppData\Local\Temp\e1765e1efd8044e90319786c6b1ab81d0a394711497c43d1ff57b0086548fd80.exe"
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\rG8mK88.exe
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\rG8mK88.exe
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\sX1EJ28.exe
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\sX1EJ28.exe
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3TN107US.exe
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3TN107US.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffaa37a46f8,0x7ffaa37a4708,0x7ffaa37a4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffaa37a46f8,0x7ffaa37a4708,0x7ffaa37a4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffaa37a46f8,0x7ffaa37a4708,0x7ffaa37a4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffaa37a46f8,0x7ffaa37a4708,0x7ffaa37a4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x144,0x174,0x7ffaa37a46f8,0x7ffaa37a4708,0x7ffaa37a4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffaa37a46f8,0x7ffaa37a4708,0x7ffaa37a4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffaa37a46f8,0x7ffaa37a4708,0x7ffaa37a4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffaa37a46f8,0x7ffaa37a4708,0x7ffaa37a4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffaa37a46f8,0x7ffaa37a4708,0x7ffaa37a4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffaa37a46f8,0x7ffaa37a4708,0x7ffaa37a4718
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4IW3fg8.exe
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4IW3fg8.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2220,12267748537817200475,17732803916276598759,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2232 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2220,12267748537817200475,17732803916276598759,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,12267748537817200475,17732803916276598759,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,10142372700687242580,1417064604839447938,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,5979320369497424088,13037575705048477075,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1468,4602793519419184294,18179608880908948163,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1468,4602793519419184294,18179608880908948163,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,3797645150732756337,9635355139841849064,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,12267748537817200475,17732803916276598759,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,5979320369497424088,13037575705048477075,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,10142372700687242580,1417064604839447938,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,3797645150732756337,9635355139841849064,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1932,7507105039278459363,3126443889073902430,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1932,7507105039278459363,3126443889073902430,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1944 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1976,13737509165814534820,3662626437898808012,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2000,5554939632075731565,15697947215007454895,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1976,13737509165814534820,3662626437898808012,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,15474331956926049595,2800111907384645347,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,15474331956926049595,2800111907384645347,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,5554939632075731565,15697947215007454895,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2068 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2220,12267748537817200475,17732803916276598759,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,12267748537817200475,17732803916276598759,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4028 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,15522665363532949112,7733895597110653213,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,15522665363532949112,7733895597110653213,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,12267748537817200475,17732803916276598759,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4276 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,12267748537817200475,17732803916276598759,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4536 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,12267748537817200475,17732803916276598759,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4480 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,12267748537817200475,17732803916276598759,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4476 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,12267748537817200475,17732803916276598759,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4436 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,12267748537817200475,17732803916276598759,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4460 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,12267748537817200475,17732803916276598759,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4440 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,12267748537817200475,17732803916276598759,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4260 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5MJ25nP.exe
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5MJ25nP.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,12267748537817200475,17732803916276598759,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6068 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,12267748537817200475,17732803916276598759,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6020 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,12267748537817200475,17732803916276598759,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7184 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,12267748537817200475,17732803916276598759,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6820 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,12267748537817200475,17732803916276598759,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7656 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,12267748537817200475,17732803916276598759,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7436 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 7220 -ip 7220
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7220 -s 540
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,12267748537817200475,17732803916276598759,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4000 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6Ma590.exe
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6Ma590.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,12267748537817200475,17732803916276598759,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2220,12267748537817200475,17732803916276598759,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5156 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2220,12267748537817200475,17732803916276598759,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5156 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.175.53.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 39.142.81.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.78.124.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| US | 8.8.8.8:53 | www.epicgames.com | udp |
| NL | 23.222.49.98:443 | steamcommunity.com | tcp |
| NL | 23.222.49.98:443 | steamcommunity.com | tcp |
| US | 8.8.8.8:53 | 1.208.79.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.49.222.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.paypal.com | udp |
| US | 8.8.8.8:53 | twitter.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | store.steampowered.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 34.203.135.243:443 | www.epicgames.com | tcp |
| NL | 142.250.179.141:443 | accounts.google.com | tcp |
| US | 104.244.42.129:443 | twitter.com | tcp |
| US | 151.101.1.21:443 | www.paypal.com | tcp |
| NL | 157.240.247.35:443 | www.facebook.com | tcp |
| NL | 104.85.0.101:443 | store.steampowered.com | tcp |
| US | 34.203.135.243:443 | www.epicgames.com | tcp |
| NL | 142.250.179.141:443 | accounts.google.com | tcp |
| US | 104.244.42.129:443 | twitter.com | tcp |
| US | 151.101.1.21:443 | www.paypal.com | tcp |
| NL | 157.240.247.35:443 | www.facebook.com | tcp |
| NL | 104.85.0.101:443 | store.steampowered.com | tcp |
| US | 8.8.8.8:53 | 141.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.247.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 142.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.0.85.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 243.135.203.34.in-addr.arpa | udp |
| NL | 142.250.179.141:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | abs.twimg.com | udp |
| US | 8.8.8.8:53 | pbs.twimg.com | udp |
| US | 8.8.8.8:53 | api.twitter.com | udp |
| DE | 172.217.23.214:443 | i.ytimg.com | tcp |
| US | 192.229.233.50:443 | pbs.twimg.com | tcp |
| US | 104.244.42.66:443 | api.twitter.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 8.8.8.8:53 | video.twimg.com | udp |
| US | 8.8.8.8:53 | t.co | udp |
| US | 68.232.34.217:443 | video.twimg.com | tcp |
| US | 104.244.42.69:443 | t.co | tcp |
| US | 8.8.8.8:53 | 8.39.65.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 214.23.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.233.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 141.21.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.34.232.68.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.208.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static.xx.fbcdn.net | udp |
| US | 157.240.5.10:443 | static.xx.fbcdn.net | tcp |
| US | 157.240.5.10:443 | static.xx.fbcdn.net | tcp |
| US | 157.240.5.10:443 | static.xx.fbcdn.net | tcp |
| US | 8.8.8.8:53 | 10.5.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.179.250.142.in-addr.arpa | udp |
| NL | 104.85.0.101:443 | store.steampowered.com | tcp |
| NL | 104.85.0.101:443 | store.steampowered.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\rG8mK88.exe
| MD5 | 73c2ebb34df36e61fd19c654642cfe6b |
| SHA1 | 18b85d4374fdca675f4bd29692a005da58692ffe |
| SHA256 | 3741ec097aea79e32bd819ee58b12c0ad85002e836ac3631d1797ab51e655ff9 |
| SHA512 | 0cdc5b710fffd2b9e53c7b653cfed462d21f7b5a185388804b72b1ae4cc64980284e7d8fa7d49c14872e3aed3cf639887a3270cf0072f08fa4650f14bc113f47 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\rG8mK88.exe
| MD5 | 73c2ebb34df36e61fd19c654642cfe6b |
| SHA1 | 18b85d4374fdca675f4bd29692a005da58692ffe |
| SHA256 | 3741ec097aea79e32bd819ee58b12c0ad85002e836ac3631d1797ab51e655ff9 |
| SHA512 | 0cdc5b710fffd2b9e53c7b653cfed462d21f7b5a185388804b72b1ae4cc64980284e7d8fa7d49c14872e3aed3cf639887a3270cf0072f08fa4650f14bc113f47 |
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\sX1EJ28.exe
| MD5 | ee5a3bda6aa5b07219ea2db663a1019b |
| SHA1 | 19a0368167b23739863da06b89f3dd56ce4a7f71 |
| SHA256 | c94180f824f108206b039ac6f43279af3afd8c1dbf92aa665c1259a2e88e5ad4 |
| SHA512 | f53fe3fa79829e927c6bcb95093e4c4c466fdc7bb3caf2cecf493d93e8fa769866c21ac639580a681619d654f8335fa8cf829377d62243be992bdd1cc7f370db |
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\sX1EJ28.exe
| MD5 | ee5a3bda6aa5b07219ea2db663a1019b |
| SHA1 | 19a0368167b23739863da06b89f3dd56ce4a7f71 |
| SHA256 | c94180f824f108206b039ac6f43279af3afd8c1dbf92aa665c1259a2e88e5ad4 |
| SHA512 | f53fe3fa79829e927c6bcb95093e4c4c466fdc7bb3caf2cecf493d93e8fa769866c21ac639580a681619d654f8335fa8cf829377d62243be992bdd1cc7f370db |
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3TN107US.exe
| MD5 | 4c8a590f38952df00263b502601581af |
| SHA1 | da91394214298bf392ad0fd4ca6d325e7e920d42 |
| SHA256 | f5faa92aac63c6b9777cfe4204a92c326665d30aa8312b4310a42145a8acc1c6 |
| SHA512 | 3bd80ec855cdd0aee201a91891e00d0e43a1ed7c7cba9b9ebfd0362b87b20c3a580f3ad54d07af8575587d2ce7af502a893a08d43fc042e0b0a677c6b017fd6d |
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3TN107US.exe
| MD5 | 4c8a590f38952df00263b502601581af |
| SHA1 | da91394214298bf392ad0fd4ca6d325e7e920d42 |
| SHA256 | f5faa92aac63c6b9777cfe4204a92c326665d30aa8312b4310a42145a8acc1c6 |
| SHA512 | 3bd80ec855cdd0aee201a91891e00d0e43a1ed7c7cba9b9ebfd0362b87b20c3a580f3ad54d07af8575587d2ce7af502a893a08d43fc042e0b0a677c6b017fd6d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ed1059501887ca58bf7183147bc7e9bd |
| SHA1 | 2f3fae395180943a637a4ae1d3a4b374b5a13a42 |
| SHA256 | 1292a748aa1f19560e5a5faee5d5c8d8e69fd5ebd83fb10451b8d213d085cd89 |
| SHA512 | d1f3897075f8c30c35ffd1aed9d60345eb924f362d50c5b35352a4e6a51cee770cb0b37394eb81d593644edf3fcb9c1b576f7db499226a9468e5b5f530dc734b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ed1059501887ca58bf7183147bc7e9bd |
| SHA1 | 2f3fae395180943a637a4ae1d3a4b374b5a13a42 |
| SHA256 | 1292a748aa1f19560e5a5faee5d5c8d8e69fd5ebd83fb10451b8d213d085cd89 |
| SHA512 | d1f3897075f8c30c35ffd1aed9d60345eb924f362d50c5b35352a4e6a51cee770cb0b37394eb81d593644edf3fcb9c1b576f7db499226a9468e5b5f530dc734b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ed1059501887ca58bf7183147bc7e9bd |
| SHA1 | 2f3fae395180943a637a4ae1d3a4b374b5a13a42 |
| SHA256 | 1292a748aa1f19560e5a5faee5d5c8d8e69fd5ebd83fb10451b8d213d085cd89 |
| SHA512 | d1f3897075f8c30c35ffd1aed9d60345eb924f362d50c5b35352a4e6a51cee770cb0b37394eb81d593644edf3fcb9c1b576f7db499226a9468e5b5f530dc734b |
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4IW3fg8.exe
| MD5 | b3ce354edb895bb87b53a344bca9c915 |
| SHA1 | 64d64820920298bfe5d37a13de1976b1767aea24 |
| SHA256 | 099c4386f5ae6860e0426cf85b3320e110de83d6b4a523b39ad45235cc5c3f77 |
| SHA512 | 0ca3371dd3b1852138ba625f5451972b0f5c6ade805ec4f686aea8312c5c182424b533a2eaa1f43619f1037ce5831c9d777c9d14769e94d7cabb66bb0a0b0e62 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ed1059501887ca58bf7183147bc7e9bd |
| SHA1 | 2f3fae395180943a637a4ae1d3a4b374b5a13a42 |
| SHA256 | 1292a748aa1f19560e5a5faee5d5c8d8e69fd5ebd83fb10451b8d213d085cd89 |
| SHA512 | d1f3897075f8c30c35ffd1aed9d60345eb924f362d50c5b35352a4e6a51cee770cb0b37394eb81d593644edf3fcb9c1b576f7db499226a9468e5b5f530dc734b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ed1059501887ca58bf7183147bc7e9bd |
| SHA1 | 2f3fae395180943a637a4ae1d3a4b374b5a13a42 |
| SHA256 | 1292a748aa1f19560e5a5faee5d5c8d8e69fd5ebd83fb10451b8d213d085cd89 |
| SHA512 | d1f3897075f8c30c35ffd1aed9d60345eb924f362d50c5b35352a4e6a51cee770cb0b37394eb81d593644edf3fcb9c1b576f7db499226a9468e5b5f530dc734b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ed1059501887ca58bf7183147bc7e9bd |
| SHA1 | 2f3fae395180943a637a4ae1d3a4b374b5a13a42 |
| SHA256 | 1292a748aa1f19560e5a5faee5d5c8d8e69fd5ebd83fb10451b8d213d085cd89 |
| SHA512 | d1f3897075f8c30c35ffd1aed9d60345eb924f362d50c5b35352a4e6a51cee770cb0b37394eb81d593644edf3fcb9c1b576f7db499226a9468e5b5f530dc734b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ed1059501887ca58bf7183147bc7e9bd |
| SHA1 | 2f3fae395180943a637a4ae1d3a4b374b5a13a42 |
| SHA256 | 1292a748aa1f19560e5a5faee5d5c8d8e69fd5ebd83fb10451b8d213d085cd89 |
| SHA512 | d1f3897075f8c30c35ffd1aed9d60345eb924f362d50c5b35352a4e6a51cee770cb0b37394eb81d593644edf3fcb9c1b576f7db499226a9468e5b5f530dc734b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ed1059501887ca58bf7183147bc7e9bd |
| SHA1 | 2f3fae395180943a637a4ae1d3a4b374b5a13a42 |
| SHA256 | 1292a748aa1f19560e5a5faee5d5c8d8e69fd5ebd83fb10451b8d213d085cd89 |
| SHA512 | d1f3897075f8c30c35ffd1aed9d60345eb924f362d50c5b35352a4e6a51cee770cb0b37394eb81d593644edf3fcb9c1b576f7db499226a9468e5b5f530dc734b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ed1059501887ca58bf7183147bc7e9bd |
| SHA1 | 2f3fae395180943a637a4ae1d3a4b374b5a13a42 |
| SHA256 | 1292a748aa1f19560e5a5faee5d5c8d8e69fd5ebd83fb10451b8d213d085cd89 |
| SHA512 | d1f3897075f8c30c35ffd1aed9d60345eb924f362d50c5b35352a4e6a51cee770cb0b37394eb81d593644edf3fcb9c1b576f7db499226a9468e5b5f530dc734b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ed1059501887ca58bf7183147bc7e9bd |
| SHA1 | 2f3fae395180943a637a4ae1d3a4b374b5a13a42 |
| SHA256 | 1292a748aa1f19560e5a5faee5d5c8d8e69fd5ebd83fb10451b8d213d085cd89 |
| SHA512 | d1f3897075f8c30c35ffd1aed9d60345eb924f362d50c5b35352a4e6a51cee770cb0b37394eb81d593644edf3fcb9c1b576f7db499226a9468e5b5f530dc734b |
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4IW3fg8.exe
| MD5 | b3ce354edb895bb87b53a344bca9c915 |
| SHA1 | 64d64820920298bfe5d37a13de1976b1767aea24 |
| SHA256 | 099c4386f5ae6860e0426cf85b3320e110de83d6b4a523b39ad45235cc5c3f77 |
| SHA512 | 0ca3371dd3b1852138ba625f5451972b0f5c6ade805ec4f686aea8312c5c182424b533a2eaa1f43619f1037ce5831c9d777c9d14769e94d7cabb66bb0a0b0e62 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8f30b8232b170bdbc7d9c741c82c4a73 |
| SHA1 | 9abfca17624e13728bd7fa6547e7e26e0695d411 |
| SHA256 | 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb |
| SHA512 | 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8f30b8232b170bdbc7d9c741c82c4a73 |
| SHA1 | 9abfca17624e13728bd7fa6547e7e26e0695d411 |
| SHA256 | 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb |
| SHA512 | 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8f30b8232b170bdbc7d9c741c82c4a73 |
| SHA1 | 9abfca17624e13728bd7fa6547e7e26e0695d411 |
| SHA256 | 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb |
| SHA512 | 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8f30b8232b170bdbc7d9c741c82c4a73 |
| SHA1 | 9abfca17624e13728bd7fa6547e7e26e0695d411 |
| SHA256 | 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb |
| SHA512 | 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8f30b8232b170bdbc7d9c741c82c4a73 |
| SHA1 | 9abfca17624e13728bd7fa6547e7e26e0695d411 |
| SHA256 | 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb |
| SHA512 | 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8f30b8232b170bdbc7d9c741c82c4a73 |
| SHA1 | 9abfca17624e13728bd7fa6547e7e26e0695d411 |
| SHA256 | 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb |
| SHA512 | 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8f30b8232b170bdbc7d9c741c82c4a73 |
| SHA1 | 9abfca17624e13728bd7fa6547e7e26e0695d411 |
| SHA256 | 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb |
| SHA512 | 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8f30b8232b170bdbc7d9c741c82c4a73 |
| SHA1 | 9abfca17624e13728bd7fa6547e7e26e0695d411 |
| SHA256 | 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb |
| SHA512 | 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8f30b8232b170bdbc7d9c741c82c4a73 |
| SHA1 | 9abfca17624e13728bd7fa6547e7e26e0695d411 |
| SHA256 | 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb |
| SHA512 | 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8f30b8232b170bdbc7d9c741c82c4a73 |
| SHA1 | 9abfca17624e13728bd7fa6547e7e26e0695d411 |
| SHA256 | 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb |
| SHA512 | 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8f30b8232b170bdbc7d9c741c82c4a73 |
| SHA1 | 9abfca17624e13728bd7fa6547e7e26e0695d411 |
| SHA256 | 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb |
| SHA512 | 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8f30b8232b170bdbc7d9c741c82c4a73 |
| SHA1 | 9abfca17624e13728bd7fa6547e7e26e0695d411 |
| SHA256 | 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb |
| SHA512 | 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8f30b8232b170bdbc7d9c741c82c4a73 |
| SHA1 | 9abfca17624e13728bd7fa6547e7e26e0695d411 |
| SHA256 | 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb |
| SHA512 | 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be |
\??\pipe\LOCAL\crashpad_2620_OAIYLQVGXGQCJATF
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
\??\pipe\LOCAL\crashpad_3740_QBAYNQPCCIBDIDPQ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
\??\pipe\LOCAL\crashpad_1220_MWNAMXREIYLFPOZB
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
\??\pipe\LOCAL\crashpad_2144_VGNEGJUVZOPUNOYO
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
\??\pipe\LOCAL\crashpad_4368_FQYPGDTIUENNNWMA
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
\??\pipe\LOCAL\crashpad_2320_JSSPTCSDUIWEFPIC
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
\??\pipe\LOCAL\crashpad_532_CHZILFFVYKQCBJWY
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
\??\pipe\LOCAL\crashpad_2944_KCELVNPKZZVIFHJO
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
\??\pipe\LOCAL\crashpad_1208_AAKUQAJFMVEXSTYL
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8f30b8232b170bdbc7d9c741c82c4a73 |
| SHA1 | 9abfca17624e13728bd7fa6547e7e26e0695d411 |
| SHA256 | 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb |
| SHA512 | 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8f30b8232b170bdbc7d9c741c82c4a73 |
| SHA1 | 9abfca17624e13728bd7fa6547e7e26e0695d411 |
| SHA256 | 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb |
| SHA512 | 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8f30b8232b170bdbc7d9c741c82c4a73 |
| SHA1 | 9abfca17624e13728bd7fa6547e7e26e0695d411 |
| SHA256 | 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb |
| SHA512 | 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8f30b8232b170bdbc7d9c741c82c4a73 |
| SHA1 | 9abfca17624e13728bd7fa6547e7e26e0695d411 |
| SHA256 | 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb |
| SHA512 | 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8f30b8232b170bdbc7d9c741c82c4a73 |
| SHA1 | 9abfca17624e13728bd7fa6547e7e26e0695d411 |
| SHA256 | 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb |
| SHA512 | 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8f30b8232b170bdbc7d9c741c82c4a73 |
| SHA1 | 9abfca17624e13728bd7fa6547e7e26e0695d411 |
| SHA256 | 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb |
| SHA512 | 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8f30b8232b170bdbc7d9c741c82c4a73 |
| SHA1 | 9abfca17624e13728bd7fa6547e7e26e0695d411 |
| SHA256 | 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb |
| SHA512 | 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8f30b8232b170bdbc7d9c741c82c4a73 |
| SHA1 | 9abfca17624e13728bd7fa6547e7e26e0695d411 |
| SHA256 | 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb |
| SHA512 | 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8f30b8232b170bdbc7d9c741c82c4a73 |
| SHA1 | 9abfca17624e13728bd7fa6547e7e26e0695d411 |
| SHA256 | 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb |
| SHA512 | 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8f30b8232b170bdbc7d9c741c82c4a73 |
| SHA1 | 9abfca17624e13728bd7fa6547e7e26e0695d411 |
| SHA256 | 0916f816feace92a097267171f8aa8f944074530574a7aa1f9f0334899dfa3eb |
| SHA512 | 587d973b13b97c5b92621c776c18348a13ef451ccda32977baa529de33e47a27e7920a57fe7c4d0b2f0e4a8a3bca5c62cc5798cf97f19556028f88afb38b37be |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 4b297a1c5c8d6538c4230874796e3e8f |
| SHA1 | 351c3cd05e135af5362afd613f6ed2fcdaf8c707 |
| SHA256 | 1533222d4abff6b2854916f268ba71e7a0063ae108873eeecabbd63df9a7be63 |
| SHA512 | dba99bad4e9da5441e9d928b3e696d9245d3e6f458426f597a63adbd238dd705f467ccf7ec9379ad29ab6cae7c8be9ef2b38f5df7ddb2f3f7ef35930bffc72b9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 4b297a1c5c8d6538c4230874796e3e8f |
| SHA1 | 351c3cd05e135af5362afd613f6ed2fcdaf8c707 |
| SHA256 | 1533222d4abff6b2854916f268ba71e7a0063ae108873eeecabbd63df9a7be63 |
| SHA512 | dba99bad4e9da5441e9d928b3e696d9245d3e6f458426f597a63adbd238dd705f467ccf7ec9379ad29ab6cae7c8be9ef2b38f5df7ddb2f3f7ef35930bffc72b9 |
memory/7220-189-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\5fe9c5fc-646c-42eb-851b-e674805085b1.tmp
| MD5 | 70c059d35593cb01c1c346fc3a273ae7 |
| SHA1 | 28a1b53afc17e83eaee40d2ec4c3c66aac7b7e72 |
| SHA256 | 49c2d855cba25315a0bfbc1eff0872e9a9d6fc063b4c289e7e8e716b289515c1 |
| SHA512 | 594520aad0d20853876f6c89199550ea515386eb85c6de3f36ca39c9f511f7d083db9a2ac754be0404c52897bda432428316bbfac7ab62540df198985f9ca235 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\15d09e86-5e8f-43fb-ba5c-275216ed436f.tmp
| MD5 | 5b7cee9a92ade3f6c062102dc56b4143 |
| SHA1 | 670dc27b07e2f4d7284a54c54c5d27868e26fba3 |
| SHA256 | 5c00f28f718e40e5cc9362145f1a3515a1b4f91159c09e0418e7cafbc667b65e |
| SHA512 | 57e68e62b4d7e666e6990a566e7d524e97ee891c18b8a87cf072976ba9f76162f0415b1f20b5474addfe49ac95505cbe7acee176dc3c1de63d31fc5fef4d49dc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | f84485a122fbc24a1337ab6dab676e98 |
| SHA1 | 3834e18314c973636abda38ef971e9602b293e0a |
| SHA256 | e5b7ee921552518aa60449aae7fe4f22f4b770016e8a1ed3df84526aa269b55c |
| SHA512 | 3819036c3cfe9dac98773a6b3c9eeb8063e1894976e721c87c243ef60f98e7b1366eeaa4bad97bd82800c2b07429efa10925b0b4e84ee877b6c6cdce891937e6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | f84485a122fbc24a1337ab6dab676e98 |
| SHA1 | 3834e18314c973636abda38ef971e9602b293e0a |
| SHA256 | e5b7ee921552518aa60449aae7fe4f22f4b770016e8a1ed3df84526aa269b55c |
| SHA512 | 3819036c3cfe9dac98773a6b3c9eeb8063e1894976e721c87c243ef60f98e7b1366eeaa4bad97bd82800c2b07429efa10925b0b4e84ee877b6c6cdce891937e6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 7bc5dd970a6fa81f1e9b9f80b34732cb |
| SHA1 | 5d3a9cdf24e3bd1d5b3694e3c87c9f5aaeca910e |
| SHA256 | adf93339827c6c7e362b1c5a54c18a7e70625458171055d525ce0e5b74f626f2 |
| SHA512 | 165691c9ce412c1832e6d5335857b7b865d81aa1733ce2afc56a91c26dc594bc407803ebd888007cb436a9d905b4a553c581e154c7ae0385420cfe22d06bac7c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 7bc5dd970a6fa81f1e9b9f80b34732cb |
| SHA1 | 5d3a9cdf24e3bd1d5b3694e3c87c9f5aaeca910e |
| SHA256 | adf93339827c6c7e362b1c5a54c18a7e70625458171055d525ce0e5b74f626f2 |
| SHA512 | 165691c9ce412c1832e6d5335857b7b865d81aa1733ce2afc56a91c26dc594bc407803ebd888007cb436a9d905b4a553c581e154c7ae0385420cfe22d06bac7c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 4b297a1c5c8d6538c4230874796e3e8f |
| SHA1 | 351c3cd05e135af5362afd613f6ed2fcdaf8c707 |
| SHA256 | 1533222d4abff6b2854916f268ba71e7a0063ae108873eeecabbd63df9a7be63 |
| SHA512 | dba99bad4e9da5441e9d928b3e696d9245d3e6f458426f597a63adbd238dd705f467ccf7ec9379ad29ab6cae7c8be9ef2b38f5df7ddb2f3f7ef35930bffc72b9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 70c059d35593cb01c1c346fc3a273ae7 |
| SHA1 | 28a1b53afc17e83eaee40d2ec4c3c66aac7b7e72 |
| SHA256 | 49c2d855cba25315a0bfbc1eff0872e9a9d6fc063b4c289e7e8e716b289515c1 |
| SHA512 | 594520aad0d20853876f6c89199550ea515386eb85c6de3f36ca39c9f511f7d083db9a2ac754be0404c52897bda432428316bbfac7ab62540df198985f9ca235 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 5b7cee9a92ade3f6c062102dc56b4143 |
| SHA1 | 670dc27b07e2f4d7284a54c54c5d27868e26fba3 |
| SHA256 | 5c00f28f718e40e5cc9362145f1a3515a1b4f91159c09e0418e7cafbc667b65e |
| SHA512 | 57e68e62b4d7e666e6990a566e7d524e97ee891c18b8a87cf072976ba9f76162f0415b1f20b5474addfe49ac95505cbe7acee176dc3c1de63d31fc5fef4d49dc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 37dbc9fbc76262c8c1015c2bd7cc9b28 |
| SHA1 | 4afc4b1ba91a114f3c4ebb4e2994b8ab68410a73 |
| SHA256 | c05d5509598a344cbefc208a265e958788b9adca89db1072f9ac48db68a3fd07 |
| SHA512 | dbab1cbc39620f2a976ac8b3a45acd01e8cd6c33381f3d7246d6ac3a936b058cb0f127f5df9e6021ca5f22607a9f31d964d153e8ebd85d92ca52dc5547a9a779 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 37dbc9fbc76262c8c1015c2bd7cc9b28 |
| SHA1 | 4afc4b1ba91a114f3c4ebb4e2994b8ab68410a73 |
| SHA256 | c05d5509598a344cbefc208a265e958788b9adca89db1072f9ac48db68a3fd07 |
| SHA512 | dbab1cbc39620f2a976ac8b3a45acd01e8cd6c33381f3d7246d6ac3a936b058cb0f127f5df9e6021ca5f22607a9f31d964d153e8ebd85d92ca52dc5547a9a779 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 311c0a2148e5a585d98b6e0a922e67c1 |
| SHA1 | 373e4681fc96d1128b47830bbdb0de9723ee7355 |
| SHA256 | d646d212135e5880a74cf4e996e9973b21d40a6205e708f1266dbc34ba743034 |
| SHA512 | 9888d5662a2030195cd6d3d030ae5ded7cf44cc721f53d1b8bb707acee13e9e450541afd3fcb24ea886376dacc6d26185e405442496c336b66967263b68624c9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 311c0a2148e5a585d98b6e0a922e67c1 |
| SHA1 | 373e4681fc96d1128b47830bbdb0de9723ee7355 |
| SHA256 | d646d212135e5880a74cf4e996e9973b21d40a6205e708f1266dbc34ba743034 |
| SHA512 | 9888d5662a2030195cd6d3d030ae5ded7cf44cc721f53d1b8bb707acee13e9e450541afd3fcb24ea886376dacc6d26185e405442496c336b66967263b68624c9 |
memory/7220-266-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 7bc5dd970a6fa81f1e9b9f80b34732cb |
| SHA1 | 5d3a9cdf24e3bd1d5b3694e3c87c9f5aaeca910e |
| SHA256 | adf93339827c6c7e362b1c5a54c18a7e70625458171055d525ce0e5b74f626f2 |
| SHA512 | 165691c9ce412c1832e6d5335857b7b865d81aa1733ce2afc56a91c26dc594bc407803ebd888007cb436a9d905b4a553c581e154c7ae0385420cfe22d06bac7c |
memory/7220-267-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\51fe8c82-ac99-4230-863d-c6f361d2931f.tmp
| MD5 | cbc6700ec0b2ee4f6d072f2c39b8ab21 |
| SHA1 | 33884c348fd2d493fc81f29c9f1899b21b235eec |
| SHA256 | aabc24a1c42e546dd3d70ab95e3387a4cef2bdced950069def79472dd61cbcef |
| SHA512 | a7f85304f51755c0e489418790d2fdb3180b6a0e720345fbb7524e25533a708117cf17efb33857b105f8d5e627c3bdfb68dc4a64f3afd29c10cd46e704848a07 |
memory/7220-269-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | cbc6700ec0b2ee4f6d072f2c39b8ab21 |
| SHA1 | 33884c348fd2d493fc81f29c9f1899b21b235eec |
| SHA256 | aabc24a1c42e546dd3d70ab95e3387a4cef2bdced950069def79472dd61cbcef |
| SHA512 | a7f85304f51755c0e489418790d2fdb3180b6a0e720345fbb7524e25533a708117cf17efb33857b105f8d5e627c3bdfb68dc4a64f3afd29c10cd46e704848a07 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 311c0a2148e5a585d98b6e0a922e67c1 |
| SHA1 | 373e4681fc96d1128b47830bbdb0de9723ee7355 |
| SHA256 | d646d212135e5880a74cf4e996e9973b21d40a6205e708f1266dbc34ba743034 |
| SHA512 | 9888d5662a2030195cd6d3d030ae5ded7cf44cc721f53d1b8bb707acee13e9e450541afd3fcb24ea886376dacc6d26185e405442496c336b66967263b68624c9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 2ca51a6aba13a47d79405bf22f7099f3 |
| SHA1 | ad57fab1d74b30d974b2f2283460543324083d42 |
| SHA256 | 4ab9c9c40c59c8c0035c942756fe454d3b0111d673f1e51d3b9c1c22837680e4 |
| SHA512 | 93dc58d62d9d3cea12a0675159b049a38eafb25a329ab5030f13fdb902d25bba91776f190e9194244fe88e2ec38d2a49962c5137cf75ce0cb8899d6cdd5878b2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\8849e5b7-65d4-47f8-b822-88eb50a733d8.tmp
| MD5 | d5255d862496796a0b7733def1ef6b8e |
| SHA1 | c01a0d21d4df6947c0af3d862b51cf9d39bf36eb |
| SHA256 | 02e7cee9154accce0f5fcd671763438c0c615c15fe2227140c549ab4331eb345 |
| SHA512 | 20f1b1b47d38940e89b34bf118ae86815b7377f96994345b66abe6ced068b3a577c726de67892bb5efc15edc6e5a61c958898125fa475ecd445e87668d8ee2c6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7203b5d3afead631acdc7e9b43b60b3e |
| SHA1 | 611aed4533011883924ae5454306ad60f1cac39c |
| SHA256 | e92a4c2d24219f536c32ebb80b66c098171dafd4e96b2c8e714805cf32112ce3 |
| SHA512 | 1b4156aa86005ec0ae30424ebf1967533b10ec8c6700ecf0c4aeb021c820f5d8d15a544ebec094b5135c6a985aa34096981443cba0d662a1e63cc9251928ea79 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
memory/6024-425-0x0000000000400000-0x000000000043C000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 30f48c9a492e3e4ec5ed91dcd25b6674 |
| SHA1 | 94291d84e6eae4deeb910e773b554f123a71a807 |
| SHA256 | 9dcc0e58b4fe9cd031f03298ea1e1988f0a7449beffbb7fc56c4da5993c863dd |
| SHA512 | 139bfa0a3eae9b4f87515dabb7fd19553a0324bab715f2c807f0c38fe5830b39b60805a48ec21b99dfeec04a159d08e8c75fe55529f749a3d3ac68502b3b95b1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | b4f6b4684a6349449274acafc082e734 |
| SHA1 | bb068703fc67421739d222330558799162a164ed |
| SHA256 | 5901b718d8db0bb062f1feb90b6a1fbbc67e3a62ad42ae28ce915644894ebb80 |
| SHA512 | ba6323b684afa38afc7b6d761553fb1374e878e9112bdeebde88750ea77a2903ff37c6c77260074e182b2f85ad6c058d961828cbb904036368a1ee5a67070f5e |