Analysis Overview
SHA256
b6185d4f3621b9c2db9498a6ff4d18367efd3589fd49ec5d2a92c2814c4d7c84
Threat Level: Known bad
The file dd4cccedd56718598764a96494e85a9b.exe was found to be: Known bad.
Malicious Activity Summary
Mystic
Detect Mystic stealer payload
RedLine payload
RedLine
Executes dropped EXE
Accesses cryptocurrency files/wallets, possible credential harvesting
Adds Run key to start application
Suspicious use of SetThreadContext
Detected potential entity reuse from brand paypal.
AutoIT Executable
Unsigned PE
Program crash
Enumerates physical storage devices
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious use of FindShellTrayWindow
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2023-11-11 06:26
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2023-11-11 06:26
Reported
2023-11-11 06:29
Platform
win10v2004-20231020-en
Max time kernel
167s
Max time network
183s
Command Line
Signatures
Detect Mystic stealer payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Mystic
RedLine
RedLine payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\hL4we43.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Ni4iJ17.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Sh090qe.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4jv9Oy0.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5vJ31zG.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6vq649.exe | N/A |
Accesses cryptocurrency files/wallets, possible credential harvesting
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\dd4cccedd56718598764a96494e85a9b.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\hL4we43.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup2 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP002.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Ni4iJ17.exe | N/A |
AutoIT Executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Detected potential entity reuse from brand paypal.
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 3692 set thread context of 888 | N/A | C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4jv9Oy0.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
| PID 2216 set thread context of 5924 | N/A | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5vJ31zG.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
| PID 1608 set thread context of 3896 | N/A | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6vq649.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\dd4cccedd56718598764a96494e85a9b.exe
"C:\Users\Admin\AppData\Local\Temp\dd4cccedd56718598764a96494e85a9b.exe"
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\hL4we43.exe
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\hL4we43.exe
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Ni4iJ17.exe
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Ni4iJ17.exe
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Sh090qe.exe
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Sh090qe.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x144,0x174,0x7ffc058646f8,0x7ffc05864708,0x7ffc05864718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x16c,0x170,0x174,0x148,0x178,0x7ffc058646f8,0x7ffc05864708,0x7ffc05864718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffc058646f8,0x7ffc05864708,0x7ffc05864718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x16c,0x170,0x174,0x148,0x178,0x7ffc058646f8,0x7ffc05864708,0x7ffc05864718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x178,0x17c,0x180,0x154,0x184,0x7ffc058646f8,0x7ffc05864708,0x7ffc05864718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffc058646f8,0x7ffc05864708,0x7ffc05864718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1468,16338818299269543918,5580039240746414806,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2184,2677211757354638725,5852491385611794118,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2340 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffc058646f8,0x7ffc05864708,0x7ffc05864718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2184,2677211757354638725,5852491385611794118,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2620 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,2677211757354638725,5852491385611794118,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2280 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1468,16338818299269543918,5580039240746414806,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2176,10819807568153812328,6838026724058008377,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,10819807568153812328,6838026724058008377,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,2677211757354638725,5852491385611794118,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,2677211757354638725,5852491385611794118,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,1085761703609666383,8851151107559979171,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,1085761703609666383,8851151107559979171,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,2677211757354638725,5852491385611794118,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3892 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x16c,0x170,0x174,0x148,0x178,0x7ffc058646f8,0x7ffc05864708,0x7ffc05864718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,2677211757354638725,5852491385611794118,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4092 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,10812840369372736971,17041786716531528256,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2112 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,2677211757354638725,5852491385611794118,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4240 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,2677211757354638725,5852491385611794118,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4548 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,2677211757354638725,5852491385611794118,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4500 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,2677211757354638725,5852491385611794118,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffc058646f8,0x7ffc05864708,0x7ffc05864718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,2677211757354638725,5852491385611794118,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffc058646f8,0x7ffc05864708,0x7ffc05864718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,2677211757354638725,5852491385611794118,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6248 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,2677211757354638725,5852491385611794118,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5944 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4jv9Oy0.exe
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4jv9Oy0.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,2677211757354638725,5852491385611794118,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7616 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,2677211757354638725,5852491385611794118,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7632 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,2677211757354638725,5852491385611794118,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8752 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,2677211757354638725,5852491385611794118,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8768 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,2677211757354638725,5852491385611794118,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9500 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,2677211757354638725,5852491385611794118,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8096 /prefetch:1
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,2677211757354638725,5852491385611794118,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9984 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,2677211757354638725,5852491385611794118,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9984 /prefetch:8
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5vJ31zG.exe
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5vJ31zG.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 888 -ip 888
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 888 -s 540
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6vq649.exe
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6vq649.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,2677211757354638725,5852491385611794118,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,2677211757354638725,5852491385611794118,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6688 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,2677211757354638725,5852491385611794118,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6968 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,2677211757354638725,5852491385611794118,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6532 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 138.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.252.72.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.128.231.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 39.142.81.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| NL | 157.240.247.35:443 | www.facebook.com | tcp |
| NL | 157.240.247.35:443 | www.facebook.com | tcp |
| NL | 142.250.179.141:443 | accounts.google.com | tcp |
| NL | 142.250.179.141:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | 141.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.247.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.240.127.40.in-addr.arpa | udp |
| NL | 23.222.49.98:443 | steamcommunity.com | tcp |
| NL | 23.222.49.98:443 | steamcommunity.com | tcp |
| US | 8.8.8.8:53 | store.steampowered.com | udp |
| US | 8.8.8.8:53 | www.paypal.com | udp |
| US | 8.8.8.8:53 | www.epicgames.com | udp |
| US | 8.8.8.8:53 | twitter.com | udp |
| US | 18.234.15.50:443 | www.epicgames.com | tcp |
| US | 18.234.15.50:443 | www.epicgames.com | tcp |
| NL | 104.85.0.101:443 | store.steampowered.com | tcp |
| NL | 104.85.0.101:443 | store.steampowered.com | tcp |
| US | 151.101.1.21:443 | www.paypal.com | tcp |
| US | 151.101.1.21:443 | www.paypal.com | tcp |
| US | 104.244.42.65:443 | twitter.com | tcp |
| US | 104.244.42.65:443 | twitter.com | tcp |
| US | 8.8.8.8:53 | 98.49.222.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.0.85.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.15.234.18.in-addr.arpa | udp |
| NL | 142.250.179.141:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | abs.twimg.com | udp |
| US | 8.8.8.8:53 | api.twitter.com | udp |
| US | 8.8.8.8:53 | pbs.twimg.com | udp |
| US | 104.244.42.194:443 | api.twitter.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 93.184.220.70:443 | pbs.twimg.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | t.co | udp |
| US | 8.8.8.8:53 | video.twimg.com | udp |
| NL | 199.232.148.158:443 | video.twimg.com | tcp |
| US | 104.244.42.197:443 | t.co | tcp |
| US | 8.8.8.8:53 | 15.39.65.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 141.21.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.220.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.148.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static.xx.fbcdn.net | udp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 8.8.8.8:53 | community.akamai.steamstatic.com | udp |
| US | 157.240.5.10:443 | static.xx.fbcdn.net | tcp |
| US | 157.240.5.10:443 | static.xx.fbcdn.net | tcp |
| US | 157.240.5.10:443 | static.xx.fbcdn.net | tcp |
| NL | 23.72.252.160:443 | community.akamai.steamstatic.com | tcp |
| NL | 23.72.252.160:443 | community.akamai.steamstatic.com | tcp |
| NL | 23.72.252.160:443 | community.akamai.steamstatic.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| NL | 88.221.25.153:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | 10.5.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 174.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 160.252.72.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | store.akamai.steamstatic.com | udp |
| NL | 23.72.252.176:443 | store.akamai.steamstatic.com | tcp |
| NL | 23.72.252.176:443 | store.akamai.steamstatic.com | tcp |
| NL | 23.72.252.176:443 | store.akamai.steamstatic.com | tcp |
| US | 8.8.8.8:53 | 153.25.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 176.252.72.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| NL | 142.250.179.182:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | 182.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.paypalobjects.com | udp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 8.8.8.8:53 | 25.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tracking.epicgames.com | udp |
| US | 8.8.8.8:53 | static-assets-prod.unrealengine.com | udp |
| US | 34.195.142.151:443 | tracking.epicgames.com | tcp |
| US | 18.239.36.105:443 | static-assets-prod.unrealengine.com | tcp |
| US | 18.239.36.105:443 | static-assets-prod.unrealengine.com | tcp |
| US | 8.8.8.8:53 | 138.175.53.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.208.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.36.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static.ads-twitter.com | udp |
| NL | 199.232.148.157:443 | static.ads-twitter.com | tcp |
| US | 8.8.8.8:53 | 151.142.195.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.148.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.39.251.142.in-addr.arpa | udp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| NL | 142.251.36.14:443 | play.google.com | tcp |
| NL | 142.251.36.14:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 14.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | facebook.com | udp |
| US | 157.240.5.35:443 | facebook.com | tcp |
| US | 8.8.8.8:53 | 35.5.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.twitter.com | udp |
| US | 104.244.42.130:443 | api.twitter.com | tcp |
| US | 104.244.42.130:443 | api.twitter.com | tcp |
| US | 104.244.42.130:443 | api.twitter.com | tcp |
| US | 8.8.8.8:53 | 130.42.244.104.in-addr.arpa | udp |
| NL | 142.250.179.141:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | fbcdn.net | udp |
| US | 157.240.5.35:443 | fbcdn.net | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 8.8.8.8:53 | www.recaptcha.net | udp |
| NL | 172.217.168.227:443 | www.recaptcha.net | tcp |
| US | 8.8.8.8:53 | c.paypal.com | udp |
| US | 192.55.233.1:443 | tcp | |
| US | 192.55.233.1:443 | tcp | |
| US | 8.8.8.8:53 | b.stats.paypal.com | udp |
| US | 64.4.245.84:443 | b.stats.paypal.com | tcp |
| US | 8.8.8.8:53 | t.paypal.com | udp |
| US | 151.101.1.35:443 | t.paypal.com | tcp |
| US | 8.8.8.8:53 | 227.168.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.245.4.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | fbsbx.com | udp |
| US | 8.8.8.8:53 | numpersb.fun | udp |
| US | 8.8.8.8:53 | killredls.pw | udp |
| US | 8.8.8.8:53 | sentry.io | udp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 35.186.247.156:443 | sentry.io | tcp |
| US | 8.8.8.8:53 | static-assets-prod.unrealengine.com | udp |
| US | 18.239.36.105:443 | static-assets-prod.unrealengine.com | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 8.8.8.8:53 | 38.209.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.247.186.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| NL | 172.217.168.227:443 | www.recaptcha.net | udp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 8.8.8.8:53 | c6.paypal.com | udp |
| US | 8.8.8.8:53 | dub.stats.paypal.com | udp |
| US | 64.4.245.84:443 | dub.stats.paypal.com | tcp |
| US | 8.8.8.8:53 | rr5---sn-q4flrn7r.googlevideo.com | udp |
| US | 209.85.165.106:443 | rr5---sn-q4flrn7r.googlevideo.com | tcp |
| US | 209.85.165.106:443 | rr5---sn-q4flrn7r.googlevideo.com | tcp |
| US | 8.8.8.8:53 | 12.173.189.20.in-addr.arpa | udp |
| US | 209.85.165.106:443 | rr5---sn-q4flrn7r.googlevideo.com | tcp |
| US | 209.85.165.106:443 | rr5---sn-q4flrn7r.googlevideo.com | tcp |
| US | 209.85.165.106:443 | rr5---sn-q4flrn7r.googlevideo.com | tcp |
| US | 209.85.165.106:443 | rr5---sn-q4flrn7r.googlevideo.com | tcp |
| US | 8.8.8.8:53 | 106.165.85.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.steampowered.com | udp |
| NL | 23.222.49.98:443 | api.steampowered.com | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| NL | 142.251.36.14:443 | play.google.com | udp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 8.8.8.8:53 | community.akamai.steamstatic.com | udp |
| NL | 23.72.252.169:443 | community.akamai.steamstatic.com | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| NL | 172.217.168.227:443 | www.recaptcha.net | udp |
| US | 8.8.8.8:53 | 169.252.72.23.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\hL4we43.exe
| MD5 | 4279c92a65e263ae262cc37c78c6e46f |
| SHA1 | 2195870cc219be70e47ef9fb5bcd565bf99f4a1b |
| SHA256 | e044d1ed465a33b639d0a6dc678e4acfdd0d70aaeaff8485436937ba7fedc02e |
| SHA512 | 81265be61a41af00ad0a282d71d0eaab73e56e6a9ccb6be71c8bbadfad7d7ac4979e8bd41cfc009282908959038c555eee8199f4e3d925da2f8c2bf0a44f8493 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\hL4we43.exe
| MD5 | 4279c92a65e263ae262cc37c78c6e46f |
| SHA1 | 2195870cc219be70e47ef9fb5bcd565bf99f4a1b |
| SHA256 | e044d1ed465a33b639d0a6dc678e4acfdd0d70aaeaff8485436937ba7fedc02e |
| SHA512 | 81265be61a41af00ad0a282d71d0eaab73e56e6a9ccb6be71c8bbadfad7d7ac4979e8bd41cfc009282908959038c555eee8199f4e3d925da2f8c2bf0a44f8493 |
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Ni4iJ17.exe
| MD5 | 88bd386d8809fef93abc6960847efb6a |
| SHA1 | 7739cae14e89193f5c01eb696b942d87af698c9d |
| SHA256 | 455692eb29e6f24ebe0bc09ea2e17fab0bf01374dc588aa6c71201eb538581e6 |
| SHA512 | 5cfb24703b40380e60b917e5fefe700716295328fde56244a2f1798d01e5d78d53c988720d3fefa4b1879ab5b09f4071e421d245c1bb8e5f8c6aff7f54b5d3d9 |
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Ni4iJ17.exe
| MD5 | 88bd386d8809fef93abc6960847efb6a |
| SHA1 | 7739cae14e89193f5c01eb696b942d87af698c9d |
| SHA256 | 455692eb29e6f24ebe0bc09ea2e17fab0bf01374dc588aa6c71201eb538581e6 |
| SHA512 | 5cfb24703b40380e60b917e5fefe700716295328fde56244a2f1798d01e5d78d53c988720d3fefa4b1879ab5b09f4071e421d245c1bb8e5f8c6aff7f54b5d3d9 |
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Sh090qe.exe
| MD5 | 154b9c582ad67db801d1a3ea545e57ac |
| SHA1 | 76bc3a501e3a069c97c3133d4ae3fee1bfe1798f |
| SHA256 | 8708b7de2d71a6c142881da5b7a7e5e674daabf2bcba343d3bb03f2140dc8ca7 |
| SHA512 | 41090e1da0a43b095711b96d5c999613851e32459bc5125217e4e7add21852355ee5fb84de331279b972045bffbcdc9deec5f8e2ebcea73c4241bd2e9adb66e4 |
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Sh090qe.exe
| MD5 | 154b9c582ad67db801d1a3ea545e57ac |
| SHA1 | 76bc3a501e3a069c97c3133d4ae3fee1bfe1798f |
| SHA256 | 8708b7de2d71a6c142881da5b7a7e5e674daabf2bcba343d3bb03f2140dc8ca7 |
| SHA512 | 41090e1da0a43b095711b96d5c999613851e32459bc5125217e4e7add21852355ee5fb84de331279b972045bffbcdc9deec5f8e2ebcea73c4241bd2e9adb66e4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 777424efaa0b7dc4020fed63a05319cf |
| SHA1 | f4ff37d51b7dd7a46606762c1531644b8fbc99c7 |
| SHA256 | 30d13502553b37ca0221b08f834e49be44ba9b9c2bbb032dded6e3ab3f0480d5 |
| SHA512 | 7e61eab7b512ac99d2c5a5c4140bf0e27e638eb02235cd32364f0d43ee0784e2d8ac212d06a082c1dce9f61c63b507cb8feb17efffbd1954b617208740f72ad9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 777424efaa0b7dc4020fed63a05319cf |
| SHA1 | f4ff37d51b7dd7a46606762c1531644b8fbc99c7 |
| SHA256 | 30d13502553b37ca0221b08f834e49be44ba9b9c2bbb032dded6e3ab3f0480d5 |
| SHA512 | 7e61eab7b512ac99d2c5a5c4140bf0e27e638eb02235cd32364f0d43ee0784e2d8ac212d06a082c1dce9f61c63b507cb8feb17efffbd1954b617208740f72ad9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 777424efaa0b7dc4020fed63a05319cf |
| SHA1 | f4ff37d51b7dd7a46606762c1531644b8fbc99c7 |
| SHA256 | 30d13502553b37ca0221b08f834e49be44ba9b9c2bbb032dded6e3ab3f0480d5 |
| SHA512 | 7e61eab7b512ac99d2c5a5c4140bf0e27e638eb02235cd32364f0d43ee0784e2d8ac212d06a082c1dce9f61c63b507cb8feb17efffbd1954b617208740f72ad9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 483924abaaa7ce1345acd8547cfe77f4 |
| SHA1 | 4190d880b95d9506385087d6c2f5434f0e9f63e8 |
| SHA256 | 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684 |
| SHA512 | e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 483924abaaa7ce1345acd8547cfe77f4 |
| SHA1 | 4190d880b95d9506385087d6c2f5434f0e9f63e8 |
| SHA256 | 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684 |
| SHA512 | e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 483924abaaa7ce1345acd8547cfe77f4 |
| SHA1 | 4190d880b95d9506385087d6c2f5434f0e9f63e8 |
| SHA256 | 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684 |
| SHA512 | e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 483924abaaa7ce1345acd8547cfe77f4 |
| SHA1 | 4190d880b95d9506385087d6c2f5434f0e9f63e8 |
| SHA256 | 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684 |
| SHA512 | e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 483924abaaa7ce1345acd8547cfe77f4 |
| SHA1 | 4190d880b95d9506385087d6c2f5434f0e9f63e8 |
| SHA256 | 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684 |
| SHA512 | e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 483924abaaa7ce1345acd8547cfe77f4 |
| SHA1 | 4190d880b95d9506385087d6c2f5434f0e9f63e8 |
| SHA256 | 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684 |
| SHA512 | e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 483924abaaa7ce1345acd8547cfe77f4 |
| SHA1 | 4190d880b95d9506385087d6c2f5434f0e9f63e8 |
| SHA256 | 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684 |
| SHA512 | e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 483924abaaa7ce1345acd8547cfe77f4 |
| SHA1 | 4190d880b95d9506385087d6c2f5434f0e9f63e8 |
| SHA256 | 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684 |
| SHA512 | e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 483924abaaa7ce1345acd8547cfe77f4 |
| SHA1 | 4190d880b95d9506385087d6c2f5434f0e9f63e8 |
| SHA256 | 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684 |
| SHA512 | e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 483924abaaa7ce1345acd8547cfe77f4 |
| SHA1 | 4190d880b95d9506385087d6c2f5434f0e9f63e8 |
| SHA256 | 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684 |
| SHA512 | e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 483924abaaa7ce1345acd8547cfe77f4 |
| SHA1 | 4190d880b95d9506385087d6c2f5434f0e9f63e8 |
| SHA256 | 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684 |
| SHA512 | e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 483924abaaa7ce1345acd8547cfe77f4 |
| SHA1 | 4190d880b95d9506385087d6c2f5434f0e9f63e8 |
| SHA256 | 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684 |
| SHA512 | e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310 |
\??\pipe\LOCAL\crashpad_4752_RDLUXABEURNDQZQX
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
\??\pipe\LOCAL\crashpad_1584_BYZGSWMDYVVRCQVV
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
\??\pipe\LOCAL\crashpad_2560_WCTMJTYUHENFUOGO
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 483924abaaa7ce1345acd8547cfe77f4 |
| SHA1 | 4190d880b95d9506385087d6c2f5434f0e9f63e8 |
| SHA256 | 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684 |
| SHA512 | e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 483924abaaa7ce1345acd8547cfe77f4 |
| SHA1 | 4190d880b95d9506385087d6c2f5434f0e9f63e8 |
| SHA256 | 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684 |
| SHA512 | e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 0aabb9f93180212aa7a918fc7a46d190 |
| SHA1 | 7da81c451a940fe67ab3d6382c1fe653e7528c5f |
| SHA256 | 4fa4efaff31344e074ee23ac23a8b623ca8e49485cb7efa545ea4d088957a8dd |
| SHA512 | e0d6562e609194766788f57fd32308a4f5490e5b6f3bc854945e814027f78609010a4aa53459211c11198bc1c9887d1162d0000ada980dfcc9da787c0c16109a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 4c71f617613a9af0888b9d262d7b2a70 |
| SHA1 | 490608e22e855d1dd119a0428ed8faba8bccd63b |
| SHA256 | c3dbf4b700e55a8c630066284fa3c064a32d999063765d14c4b9869ffdc33636 |
| SHA512 | 9e99dac4745312e01e3301888d6170ebfe6de80d80a59e45da0acfd0471b3586ff0e56d79edcfc8e475dcef55bf6212694fbbd921629ac903eebd5cc3afa97e6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 4c71f617613a9af0888b9d262d7b2a70 |
| SHA1 | 490608e22e855d1dd119a0428ed8faba8bccd63b |
| SHA256 | c3dbf4b700e55a8c630066284fa3c064a32d999063765d14c4b9869ffdc33636 |
| SHA512 | 9e99dac4745312e01e3301888d6170ebfe6de80d80a59e45da0acfd0471b3586ff0e56d79edcfc8e475dcef55bf6212694fbbd921629ac903eebd5cc3afa97e6 |
\??\pipe\LOCAL\crashpad_4724_WORIXAQWQBHRRDNM
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 483924abaaa7ce1345acd8547cfe77f4 |
| SHA1 | 4190d880b95d9506385087d6c2f5434f0e9f63e8 |
| SHA256 | 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684 |
| SHA512 | e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 4e8338eac7bdb1cc355448d8cda2b469 |
| SHA1 | 07ede850e63946d265d29734de02c86120092f65 |
| SHA256 | 3fee6084887c84bc9b0e4764e84c41fc0655cf4db6463bf67975ded6b10fef5a |
| SHA512 | f0b571a87a893f67e341d82650f5e3cfa1854cea647fe46639603287630f22cf2337c70a4c2d10377327b83a78acc54f7b921e6f4429f9b9ccc081ce5e32e2e5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 0aabb9f93180212aa7a918fc7a46d190 |
| SHA1 | 7da81c451a940fe67ab3d6382c1fe653e7528c5f |
| SHA256 | 4fa4efaff31344e074ee23ac23a8b623ca8e49485cb7efa545ea4d088957a8dd |
| SHA512 | e0d6562e609194766788f57fd32308a4f5490e5b6f3bc854945e814027f78609010a4aa53459211c11198bc1c9887d1162d0000ada980dfcc9da787c0c16109a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 483924abaaa7ce1345acd8547cfe77f4 |
| SHA1 | 4190d880b95d9506385087d6c2f5434f0e9f63e8 |
| SHA256 | 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684 |
| SHA512 | e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 4e8338eac7bdb1cc355448d8cda2b469 |
| SHA1 | 07ede850e63946d265d29734de02c86120092f65 |
| SHA256 | 3fee6084887c84bc9b0e4764e84c41fc0655cf4db6463bf67975ded6b10fef5a |
| SHA512 | f0b571a87a893f67e341d82650f5e3cfa1854cea647fe46639603287630f22cf2337c70a4c2d10377327b83a78acc54f7b921e6f4429f9b9ccc081ce5e32e2e5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 1efa1bcf3e3cba82cfe496c9fccf2396 |
| SHA1 | 25b612a9febf63e848d867e2f3491e43659e3bdb |
| SHA256 | 43e206b8012ee80f0f16a847385868be88dc128c2fb64269b7dd94c91fde12b5 |
| SHA512 | 1c5d2dfeea5be8e1ecfa63b32dad89361b18f55958574cf23b8f98bfc07385646b24f2a21de50449ed65698bacb40ff3145db32cdb092ad3e5839fc014b77472 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 1efa1bcf3e3cba82cfe496c9fccf2396 |
| SHA1 | 25b612a9febf63e848d867e2f3491e43659e3bdb |
| SHA256 | 43e206b8012ee80f0f16a847385868be88dc128c2fb64269b7dd94c91fde12b5 |
| SHA512 | 1c5d2dfeea5be8e1ecfa63b32dad89361b18f55958574cf23b8f98bfc07385646b24f2a21de50449ed65698bacb40ff3145db32cdb092ad3e5839fc014b77472 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 4c71f617613a9af0888b9d262d7b2a70 |
| SHA1 | 490608e22e855d1dd119a0428ed8faba8bccd63b |
| SHA256 | c3dbf4b700e55a8c630066284fa3c064a32d999063765d14c4b9869ffdc33636 |
| SHA512 | 9e99dac4745312e01e3301888d6170ebfe6de80d80a59e45da0acfd0471b3586ff0e56d79edcfc8e475dcef55bf6212694fbbd921629ac903eebd5cc3afa97e6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 483924abaaa7ce1345acd8547cfe77f4 |
| SHA1 | 4190d880b95d9506385087d6c2f5434f0e9f63e8 |
| SHA256 | 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684 |
| SHA512 | e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310 |
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4jv9Oy0.exe
| MD5 | 3f6ddc42a61598fc3ecfc2627d247fb4 |
| SHA1 | b3609bdbb4782e98a6b3d2528e026236fdc11b16 |
| SHA256 | d937198c9718747d7311c54056f136011a8fe8cb5b0999b0487041aff1ce6325 |
| SHA512 | 3ee8e895feffe82d8caa3128a36dcda40bf042ecb9d22a755b8d0dfc442a82cc4328b82e51347443d5fa7306b5b7f556eec69be96a7f88a9105339b86c53733e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 483924abaaa7ce1345acd8547cfe77f4 |
| SHA1 | 4190d880b95d9506385087d6c2f5434f0e9f63e8 |
| SHA256 | 9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684 |
| SHA512 | e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8e66aeeefeb87a1137537c5445e8566c |
| SHA1 | 0932451252fee65c08f457d650137bb77f761246 |
| SHA256 | 8096e5507e7a890f7a1b0823b0d7c5008fe224fa37fb6f75c5ee12c358857789 |
| SHA512 | a8ce8b91ff4b5b06f7928d6da57195732a9bd7706b2e7108bea1cdaa8ae247e88f6204b3cef3284bf9e4d39092fe39c6e60618ecd01d13d2d5aae6d9f1064f7e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 0aabb9f93180212aa7a918fc7a46d190 |
| SHA1 | 7da81c451a940fe67ab3d6382c1fe653e7528c5f |
| SHA256 | 4fa4efaff31344e074ee23ac23a8b623ca8e49485cb7efa545ea4d088957a8dd |
| SHA512 | e0d6562e609194766788f57fd32308a4f5490e5b6f3bc854945e814027f78609010a4aa53459211c11198bc1c9887d1162d0000ada980dfcc9da787c0c16109a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
| MD5 | 55540a230bdab55187a841cfe1aa1545 |
| SHA1 | 363e4734f757bdeb89868efe94907774a327695e |
| SHA256 | d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb |
| SHA512 | c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
| MD5 | e945942d2751628b66f30f1045c2572b |
| SHA1 | 3b88e505d8b2c35b49bec0c2e060dde7b7a8d1c1 |
| SHA256 | dbe9bb8034a2d61abc8f8e39a14e7d4327c77039a9953eb2bb036f8c8eba31ca |
| SHA512 | be45984de45da3d389a6d5d657e66d675e749b2c1de3f212b114cfb985c82eff3b8a5c1fada7dbe47b391fc87f911af1e501a95a1240a0a286cf653d99f2180a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 4e8338eac7bdb1cc355448d8cda2b469 |
| SHA1 | 07ede850e63946d265d29734de02c86120092f65 |
| SHA256 | 3fee6084887c84bc9b0e4764e84c41fc0655cf4db6463bf67975ded6b10fef5a |
| SHA512 | f0b571a87a893f67e341d82650f5e3cfa1854cea647fe46639603287630f22cf2337c70a4c2d10377327b83a78acc54f7b921e6f4429f9b9ccc081ce5e32e2e5 |
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4jv9Oy0.exe
| MD5 | 3f6ddc42a61598fc3ecfc2627d247fb4 |
| SHA1 | b3609bdbb4782e98a6b3d2528e026236fdc11b16 |
| SHA256 | d937198c9718747d7311c54056f136011a8fe8cb5b0999b0487041aff1ce6325 |
| SHA512 | 3ee8e895feffe82d8caa3128a36dcda40bf042ecb9d22a755b8d0dfc442a82cc4328b82e51347443d5fa7306b5b7f556eec69be96a7f88a9105339b86c53733e |
\??\pipe\LOCAL\crashpad_4592_ADKKBMCKOWEDFBSJ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 1efa1bcf3e3cba82cfe496c9fccf2396 |
| SHA1 | 25b612a9febf63e848d867e2f3491e43659e3bdb |
| SHA256 | 43e206b8012ee80f0f16a847385868be88dc128c2fb64269b7dd94c91fde12b5 |
| SHA512 | 1c5d2dfeea5be8e1ecfa63b32dad89361b18f55958574cf23b8f98bfc07385646b24f2a21de50449ed65698bacb40ff3145db32cdb092ad3e5839fc014b77472 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 61886c92be16af2250797a86d36a2f3d |
| SHA1 | 951477d1ddbdf724e975675ac67e2e1731353f52 |
| SHA256 | ba0ca20d157118c7bca9b6a29322631b61f3c2baaf49026037dbb8f8b27c5e8c |
| SHA512 | 8b9d00da1fb7aacd4b5dd9b10b9ca471905232593da0bb118d564686cd7b29681ce01d0463aa5e3b88428145ed9882c58c030d39bfaf33fd2e897f60de97d00d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0129abe6db14550107f0ea0b3243d577 |
| SHA1 | 33801edf9670ef095666bcdfb21a79dd59f4484c |
| SHA256 | 00974866684dde7ab12ae66f6001a4699dabad50b8bdbb42818a63ea447db2b9 |
| SHA512 | 165fa9fe44e173e5d97b95cc01362d84a721446559d8182885f8b3e5c2e2cfe41e3dc12b124a92fee599d044186eb26c7cc331bfa41165c1ecad8b947f12214b |
memory/888-291-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | 1c706d53e85fb5321a8396d197051531 |
| SHA1 | 0d92aa8524fb1d47e7ee5d614e58a398c06141a4 |
| SHA256 | 80c44553381f37e930f1c82a1dc2e77acd7b955ec0dc99d090d5bd6b32c3c932 |
| SHA512 | d43867392c553d4afffa45a1b87a74e819964011fb1226ee54e23a98fc63ca80e266730cec6796a2afa435b1ea28aed72c55eae1ae5d31ec778f53be3e2162fc |
memory/888-300-0x0000000000400000-0x0000000000433000-memory.dmp
memory/888-301-0x0000000000400000-0x0000000000433000-memory.dmp
memory/888-303-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5vJ31zG.exe
| MD5 | fbc6d505bc02bc28d6fcd297f4b0cb46 |
| SHA1 | a41685f43afbe5e70bdebab0e11f33163ccab625 |
| SHA256 | 0af97937dbbff4a2d6b2d22ace166ed480807b1d59f08f12e998bb2b1a17749e |
| SHA512 | c2816d951a7021a0554782a5c053588daf08d5ba5825ea14c8e47306fb0ee2cbac93302e1dd04fb4cedf5f8ecc5c74d4c21f61c8070a114f3957d5e84c7474af |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 64d8e94dc45a431035c41920fcdea436 |
| SHA1 | 291e2dde10c64c8c9908db2a927a8cba6f688864 |
| SHA256 | e5a6b513e8fbb49da37cd90b11bcaa64bbf8a6ca8cdc90e249befa33bbcbcb38 |
| SHA512 | c45882a3c2081842971b5c5c6b7d6e265537dc468e8037cf3fffd448ae682c14b46e4b1a695354d42d4f470cad0efaa38cdfdbe026a0b8fa503ee7c82ef6ef21 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018
| MD5 | fdbf5bcfbb02e2894a519454c232d32f |
| SHA1 | 5e225710e9560458ac032ab80e24d0f3cb81b87a |
| SHA256 | d9315d0678ac213bbe2c1de27528f82fd40dbff160f5a0c19850f891da29ea1c |
| SHA512 | 9eb86ebb1b50074df9bd94f7660df6f362b5a46411b35ce820740f629f8ef77f0b49a95c5550441a7db2b2638f0ed3d0204cb8f8c76391c05401506833b8c916 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 1162fbee5980a614b0a856ca1fbf4cdf |
| SHA1 | e124a50c801e20133a00329c27ab564ca06c2ea8 |
| SHA256 | a161bf57e6ee2f2450a7d9e7072a54ddf6a93576a656354e93d70a374448853b |
| SHA512 | 3f7c150f747ce7d723ef95349276ad090785ee07e72878359d6630f60d9120c4734324d8e0c0ba3124b1c0fe4dd3391fe963bf182b95e0f5d041dab8f22d9722 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58a39e.TMP
| MD5 | 32ec65798eb524aec3a4957f4053a165 |
| SHA1 | 575d07956c87d33f9d046bd30bf437acb3cf8d53 |
| SHA256 | 9a307140a5c3a33afcef44e07077c8bbcfe75f0f432d1eba16d3be3de97ded7b |
| SHA512 | 70ca6781ab590a2b33c605240429b2b5826390503a8dda854405b8fdefb28ae936f2b55f5bb7b5ea78d238a6fecda483bfbadeff1e025e86b83528c22eaa9765 |
memory/5924-490-0x0000000000400000-0x000000000043C000-memory.dmp
memory/3896-503-0x0000000000400000-0x0000000000488000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 8941538daaacb56613d83398f9ec81c1 |
| SHA1 | 1c81cf8916af369981583ecf0a1ed98dcaafde2f |
| SHA256 | 18fc3d79fed806908eb9aaa41ca01ec2ab3e5f22acfbc31e9edb4e1228ff404b |
| SHA512 | ba570c7d43964489431d2d768ac5ff635ab45d43a3f26720275fa12a30430250b2d38a76f8992c03963a74e0863ee72b519335461e86d2203108f1081754eed6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 41d4ef8eaaceec67b4b12e561490facb |
| SHA1 | 99c702426dbf997815758711801910e4b955b0fe |
| SHA256 | 7ee15b45af5fb71a87942fa92b2eeb7ffd4bec6885fad55b01ccbf4fc14e0d81 |
| SHA512 | a15a40d79cc79b1957882f15eb13356506421a62bb3e3452375b3c8773adf858a4c8d1aa209258c06e716865caa260a342d991cae2f8453f0c213de5b0688741 |
memory/3896-541-0x0000000000400000-0x0000000000488000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | c9f64a3a1482c52f24acb0729e0d9d28 |
| SHA1 | c608651d2ab855740da6781f2807d89fce74a2ae |
| SHA256 | d9ba87277b1334975e657ecb42a4854985228d5ccff1935cd8eba8423641b664 |
| SHA512 | b60611e0b29d3bf0b86ff1e5f84fec09a61fe9ada9fcae9f392480d08f47251ed01b5866101407a3b0c518da952e7a9b0efe2fd49a954536e4ec65f108f39630 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | b9d0af6fbf7deff2c882c2a52ab9d288 |
| SHA1 | 9a063233163689e33be0034d6ab4c700775066a6 |
| SHA256 | af1995fc60843fbeaf2b91158dc1d000293f59d5db4a4e6b72128ec07422313b |
| SHA512 | 2839ef0d932e1f49df018bc52a7c455ab07fca2d1b4d2945050e5e835ddc867e6af44b1abd7ddd33d7ff65e27df1b4855adee96709ac3603405a261ec04b4760 |
memory/3896-582-0x0000000000400000-0x0000000000488000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 7a2830f261eba121b29d93c86ff9346c |
| SHA1 | a82bfb6ec3ee326f74eaf70785bd2f1fb8a481ef |
| SHA256 | f7ab9f48df07e7668e5e78b046d432bd2b60318dcc15338d3dfcb2d55109e63a |
| SHA512 | 5606c47f8db2211a5632bb8fe8788a8ddb4d430534f70b10379f304a4173445b7ade631a9b2d88dcb10dbfdeb3a32e004e4a9a1a0286dffecb0ecab8329b44be |
memory/3896-596-0x0000000000400000-0x0000000000488000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 0207c37f1ad8110abe1d5e6cfe0b2bff |
| SHA1 | 5da010b04613378282eba45e0074b0b7e60e3d48 |
| SHA256 | 049a4456806be34e45292d414cd9fe512ae81b8dfe8993706f32627c8f36e7b4 |
| SHA512 | 4940e8ff14de5e3868837e7b9d2fdb3e2267a8c17ba513203eab9c7ec123b1753286585e21d4291891477ea5b50c539a800fb91c8f46a772c53bfeba86192685 |
memory/5924-645-0x0000000073EC0000-0x0000000074670000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | ab2f49aaae7b782076721be704de8da5 |
| SHA1 | a7902f1a0b3ccc95a8e074ed657b72dc596710d8 |
| SHA256 | 55dd10f3b806e27529e97311464ae372f6b8b436eda0833dd3f972cde7c8146f |
| SHA512 | 11ffff9b6825fdf0cc6340219e0eb033f63e08b5c8c53ac67bc48355dada8bbf8fbd40ceb35dca0db340f72386b6ca0a86f2d7e758b63a2cda6e619f9ff77de5 |
memory/5924-659-0x0000000007A80000-0x0000000008024000-memory.dmp
memory/5924-669-0x0000000007570000-0x0000000007602000-memory.dmp
memory/5924-689-0x0000000073EC0000-0x0000000074670000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1481612aa714882a344326d452df053f |
| SHA1 | 1439cacf5ade3d98874c52e3de8e17611500154f |
| SHA256 | 402fa71b00333b978a0a8d85e51cad76bf9988e0e1dd8a779ff6fff0782fa60c |
| SHA512 | 26787a900d7540b427e8ff1d74ba7a9af25bc97282730215c6cf7d5b8061564034a918115dea22f283342de82279d4483d6a03cb9e3bd3adb96cea99ce147ffa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 37931e6fe325e2bf6dceff7ae13fbd35 |
| SHA1 | 398eef8e1246eaf33187a143571300cdb8c916c1 |
| SHA256 | ccd200f96836cc3ac88e8c99ae2e685766d260f1f7c83b5b85d07c57946cf1cf |
| SHA512 | bdcddceabea477840e9ae1bd5a8d0bb2c05fc435222a311334b05b6902a99d7c904ed7d559499825ee1e7db709cb3db678559f5a27d796157272f1b895bab1f4 |