Analysis Overview
SHA256
a1d0f879aa5023488075c93718c6bac17d2056269fe3822c901d2b908bc13bbf
Threat Level: Known bad
The file ba2c77718bd6b44abb313b86974e99e8.exe was found to be: Known bad.
Malicious Activity Summary
Mystic
RedLine payload
RedLine
Detect Mystic stealer payload
Executes dropped EXE
Accesses cryptocurrency files/wallets, possible credential harvesting
Adds Run key to start application
Suspicious use of SetThreadContext
AutoIT Executable
Detected potential entity reuse from brand paypal.
Enumerates physical storage devices
Program crash
Unsigned PE
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
Suspicious use of FindShellTrayWindow
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Enumerates system info in registry
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2023-11-11 08:01
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2023-11-11 08:01
Reported
2023-11-11 08:03
Platform
win10v2004-20231020-en
Max time kernel
152s
Max time network
158s
Command Line
Signatures
Detect Mystic stealer payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Mystic
RedLine
RedLine payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\hC8bO21.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\SZ7Ah27.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3pC909ct.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4UR5OX4.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5FW01ia.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6RO860.exe | N/A |
Accesses cryptocurrency files/wallets, possible credential harvesting
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup2 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP002.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\SZ7Ah27.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\ba2c77718bd6b44abb313b86974e99e8.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\hC8bO21.exe | N/A |
AutoIT Executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Detected potential entity reuse from brand paypal.
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 5376 set thread context of 8140 | N/A | C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4UR5OX4.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
| PID 6076 set thread context of 4436 | N/A | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5FW01ia.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
| PID 6556 set thread context of 7140 | N/A | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6RO860.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: 33 | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\ba2c77718bd6b44abb313b86974e99e8.exe
"C:\Users\Admin\AppData\Local\Temp\ba2c77718bd6b44abb313b86974e99e8.exe"
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\hC8bO21.exe
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\hC8bO21.exe
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\SZ7Ah27.exe
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\SZ7Ah27.exe
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3pC909ct.exe
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3pC909ct.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffe691146f8,0x7ffe69114708,0x7ffe69114718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffe691146f8,0x7ffe69114708,0x7ffe69114718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x16c,0x170,0x174,0x148,0x178,0x7ffe691146f8,0x7ffe69114708,0x7ffe69114718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffe691146f8,0x7ffe69114708,0x7ffe69114718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffe691146f8,0x7ffe69114708,0x7ffe69114718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffe691146f8,0x7ffe69114708,0x7ffe69114718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffe691146f8,0x7ffe69114708,0x7ffe69114718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffe691146f8,0x7ffe69114708,0x7ffe69114718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffe691146f8,0x7ffe69114708,0x7ffe69114718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffe691146f8,0x7ffe69114708,0x7ffe69114718
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4UR5OX4.exe
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4UR5OX4.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1964,15823140390664180254,9989339329743429320,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1976 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2216,6266466388116079681,10810989983637303049,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2216,6266466388116079681,10810989983637303049,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1932 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2216,6266466388116079681,10810989983637303049,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2472 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,15398071092313119759,9987282529966210051,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,15398071092313119759,9987282529966210051,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,14938814807567369445,11358381684278707818,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,14938814807567369445,11358381684278707818,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,14837953084727603059,1582937938127470933,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1964,15823140390664180254,9989339329743429320,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2360 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,14837953084727603059,1582937938127470933,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2180,16968010092116873043,5954333295136617108,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,16968010092116873043,5954333295136617108,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,6266466388116079681,10810989983637303049,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,10845124361649145723,15288924644414477369,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,10845124361649145723,15288924644414477369,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,6266466388116079681,10810989983637303049,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,4454760340887961797,4662975924019338118,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,4454760340887961797,4662975924019338118,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,6266466388116079681,10810989983637303049,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,6266466388116079681,10810989983637303049,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3852 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,6266466388116079681,10810989983637303049,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4132 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,6266466388116079681,10810989983637303049,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4352 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1568,12438056894548535319,1448150091202852392,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,6266466388116079681,10810989983637303049,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4644 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,6266466388116079681,10810989983637303049,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4856 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,6266466388116079681,10810989983637303049,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,6266466388116079681,10810989983637303049,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,6266466388116079681,10810989983637303049,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,6266466388116079681,10810989983637303049,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8244 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,6266466388116079681,10810989983637303049,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8552 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,6266466388116079681,10810989983637303049,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8572 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,6266466388116079681,10810989983637303049,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8268 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,6266466388116079681,10810989983637303049,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8960 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5FW01ia.exe
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5FW01ia.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,6266466388116079681,10810989983637303049,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3628 /prefetch:1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 8140 -ip 8140
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2216,6266466388116079681,10810989983637303049,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4108 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2216,6266466388116079681,10810989983637303049,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4108 /prefetch:8
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8140 -s 540
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2216,6266466388116079681,10810989983637303049,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6828 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2f8 0x498
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6RO860.exe
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6RO860.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2216,6266466388116079681,10810989983637303049,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=10132 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,6266466388116079681,10810989983637303049,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4824 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 76.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.136.104.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 39.142.81.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.128.231.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.175.53.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.epicgames.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | store.steampowered.com | udp |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| NL | 104.85.0.101:443 | store.steampowered.com | tcp |
| US | 18.205.121.43:443 | www.epicgames.com | tcp |
| NL | 157.240.247.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 23.222.49.98:443 | steamcommunity.com | tcp |
| NL | 23.222.49.98:443 | steamcommunity.com | tcp |
| US | 8.8.8.8:53 | twitter.com | udp |
| NL | 142.250.179.141:443 | accounts.google.com | tcp |
| NL | 142.250.179.141:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | 101.0.85.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.247.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.121.205.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.paypal.com | udp |
| US | 104.244.42.65:443 | twitter.com | tcp |
| US | 104.244.42.65:443 | twitter.com | tcp |
| US | 8.8.8.8:53 | 98.49.222.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 141.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.42.244.104.in-addr.arpa | udp |
| US | 151.101.1.21:443 | www.paypal.com | tcp |
| US | 151.101.1.21:443 | www.paypal.com | tcp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.1.101.151.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 142.179.250.142.in-addr.arpa | udp |
| NL | 142.250.179.141:443 | accounts.google.com | tcp |
| NL | 142.250.179.141:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.39.65.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static.xx.fbcdn.net | udp |
| US | 157.240.5.10:443 | static.xx.fbcdn.net | tcp |
| US | 157.240.5.10:443 | static.xx.fbcdn.net | tcp |
| US | 157.240.5.10:443 | static.xx.fbcdn.net | tcp |
| US | 8.8.8.8:53 | 10.5.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.paypalobjects.com | udp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 8.8.8.8:53 | abs.twimg.com | udp |
| US | 8.8.8.8:53 | api.twitter.com | udp |
| US | 8.8.8.8:53 | pbs.twimg.com | udp |
| US | 104.244.42.66:443 | api.twitter.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 8.8.8.8:53 | t.co | udp |
| NL | 199.232.148.159:443 | pbs.twimg.com | tcp |
| US | 8.8.8.8:53 | video.twimg.com | udp |
| US | 68.232.34.217:443 | video.twimg.com | tcp |
| US | 104.244.42.69:443 | t.co | tcp |
| US | 8.8.8.8:53 | 66.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.148.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 141.21.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.34.232.68.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.221.229.192.in-addr.arpa | udp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| DE | 172.217.23.214:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | 214.23.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.208.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| NL | 142.251.36.34:443 | googleads.g.doubleclick.net | tcp |
| NL | 142.251.36.34:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 34.36.251.142.in-addr.arpa | udp |
| DE | 172.217.23.214:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | 208.194.73.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| US | 173.194.69.132:443 | yt3.ggpht.com | tcp |
| US | 173.194.69.132:443 | yt3.ggpht.com | tcp |
| US | 173.194.69.132:443 | yt3.ggpht.com | tcp |
| US | 173.194.69.132:443 | yt3.ggpht.com | tcp |
| US | 173.194.69.132:443 | yt3.ggpht.com | tcp |
| US | 173.194.69.132:443 | yt3.ggpht.com | tcp |
| US | 8.8.8.8:53 | i3.ytimg.com | udp |
| GB | 216.58.208.110:443 | i3.ytimg.com | tcp |
| GB | 216.58.208.110:443 | i3.ytimg.com | tcp |
| US | 8.8.8.8:53 | 132.69.194.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.208.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| NL | 142.251.36.6:443 | static.doubleclick.net | tcp |
| NL | 142.250.179.170:443 | jnn-pa.googleapis.com | tcp |
| NL | 142.250.179.170:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | 158.240.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| NL | 142.251.36.14:443 | play.google.com | tcp |
| NL | 142.251.36.14:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 14.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| NL | 142.251.36.14:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 104.116.69.13.in-addr.arpa | udp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 8.8.8.8:53 | youtube.com | udp |
| NL | 216.58.214.14:443 | youtube.com | tcp |
| US | 8.8.8.8:53 | 14.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | numpersb.fun | udp |
| US | 8.8.8.8:53 | killredls.pw | udp |
| US | 8.8.8.8:53 | static.ads-twitter.com | udp |
| NL | 199.232.148.157:443 | static.ads-twitter.com | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 8.8.8.8:53 | 157.148.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.209.67.172.in-addr.arpa | udp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 8.8.8.8:53 | facebook.com | udp |
| US | 157.240.5.35:443 | facebook.com | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 8.8.8.8:53 | 35.5.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| NL | 157.240.201.35:443 | www.facebook.com | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 8.8.8.8:53 | 35.201.240.157.in-addr.arpa | udp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 8.8.8.8:53 | fbcdn.net | udp |
| US | 157.240.5.35:443 | fbcdn.net | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 192.55.233.1:443 | tcp | |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 192.55.233.1:443 | tcp | |
| US | 8.8.8.8:53 | c.paypal.com | udp |
| US | 8.8.8.8:53 | www.recaptcha.net | udp |
| NL | 172.217.168.227:443 | www.recaptcha.net | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 8.8.8.8:53 | fbsbx.com | udp |
| US | 8.8.8.8:53 | 227.168.217.172.in-addr.arpa | udp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 104.244.42.66:443 | api.twitter.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\hC8bO21.exe
| MD5 | a6663585a20dd82a04535b9a96228518 |
| SHA1 | 21231978e6e815675ebfc72ed544e90a227b0375 |
| SHA256 | 8c8ed0eaec15c8e8c8d8e3053d72547077d96064de06acd82ed5d7f7e079644f |
| SHA512 | eea1db7cd6478ea4d0bb416c93bf6e93b8aa0c37741b8b58b1455e80b1ee571bb085f7ad5c5c1dbaf4a79bd39bd42eb4377a3259281fcc55c144dd73cc5f902f |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\hC8bO21.exe
| MD5 | a6663585a20dd82a04535b9a96228518 |
| SHA1 | 21231978e6e815675ebfc72ed544e90a227b0375 |
| SHA256 | 8c8ed0eaec15c8e8c8d8e3053d72547077d96064de06acd82ed5d7f7e079644f |
| SHA512 | eea1db7cd6478ea4d0bb416c93bf6e93b8aa0c37741b8b58b1455e80b1ee571bb085f7ad5c5c1dbaf4a79bd39bd42eb4377a3259281fcc55c144dd73cc5f902f |
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\SZ7Ah27.exe
| MD5 | e00b13768d63db914f7b5594f0c69ab2 |
| SHA1 | 5f4fde767445490c6a27ea99431ac1852dd14745 |
| SHA256 | f93a129ea237310def03e0c32c67c47b9393f765359e19ee074a950ab19f9f20 |
| SHA512 | 3d5e42f3c9321873534b62fdf1a2daba3b86b14a91e73d488f71ef121ba4c9709e75f782496095097452ffdb0b209db8d7a9b323b9506db8548eb0baa84dd6d2 |
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\SZ7Ah27.exe
| MD5 | e00b13768d63db914f7b5594f0c69ab2 |
| SHA1 | 5f4fde767445490c6a27ea99431ac1852dd14745 |
| SHA256 | f93a129ea237310def03e0c32c67c47b9393f765359e19ee074a950ab19f9f20 |
| SHA512 | 3d5e42f3c9321873534b62fdf1a2daba3b86b14a91e73d488f71ef121ba4c9709e75f782496095097452ffdb0b209db8d7a9b323b9506db8548eb0baa84dd6d2 |
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3pC909ct.exe
| MD5 | 0ef9edc509096c96ca9e7c5a46e1aebc |
| SHA1 | 6bf41873594bf97c5e6e25f4545bea82b0b50a3b |
| SHA256 | c31dc86665ec4718ef06733b113e9fed3e0a2ab2f8bcb27549ca4ff997df1bc6 |
| SHA512 | b6f39aa8c5361685c0367cf16d741fb587b1bf6c229c4f1f4a62de1736d079280f9f77b8e308670672c4500aba1889b2ad5d131cb9073a780548da774c2c321e |
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3pC909ct.exe
| MD5 | 0ef9edc509096c96ca9e7c5a46e1aebc |
| SHA1 | 6bf41873594bf97c5e6e25f4545bea82b0b50a3b |
| SHA256 | c31dc86665ec4718ef06733b113e9fed3e0a2ab2f8bcb27549ca4ff997df1bc6 |
| SHA512 | b6f39aa8c5361685c0367cf16d741fb587b1bf6c229c4f1f4a62de1736d079280f9f77b8e308670672c4500aba1889b2ad5d131cb9073a780548da774c2c321e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6f9bc20747520b37b3f22c169195824e |
| SHA1 | de0472972d51b2d9419ff0d714706bef0c6f81d8 |
| SHA256 | a176ef484b676f39eaefe30f33df548ef0e4e3b34c4651ac3fb4351404d288b0 |
| SHA512 | 179e5be96746cfbcc9483de68527d96464f3ce6cb09dc4b5e546a93c5e1dad36ab842a4cdfa336169af4ca459bdc42a2cac72e577699a455ffb7efd9c1c80f11 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6f9bc20747520b37b3f22c169195824e |
| SHA1 | de0472972d51b2d9419ff0d714706bef0c6f81d8 |
| SHA256 | a176ef484b676f39eaefe30f33df548ef0e4e3b34c4651ac3fb4351404d288b0 |
| SHA512 | 179e5be96746cfbcc9483de68527d96464f3ce6cb09dc4b5e546a93c5e1dad36ab842a4cdfa336169af4ca459bdc42a2cac72e577699a455ffb7efd9c1c80f11 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6f9bc20747520b37b3f22c169195824e |
| SHA1 | de0472972d51b2d9419ff0d714706bef0c6f81d8 |
| SHA256 | a176ef484b676f39eaefe30f33df548ef0e4e3b34c4651ac3fb4351404d288b0 |
| SHA512 | 179e5be96746cfbcc9483de68527d96464f3ce6cb09dc4b5e546a93c5e1dad36ab842a4cdfa336169af4ca459bdc42a2cac72e577699a455ffb7efd9c1c80f11 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6f9bc20747520b37b3f22c169195824e |
| SHA1 | de0472972d51b2d9419ff0d714706bef0c6f81d8 |
| SHA256 | a176ef484b676f39eaefe30f33df548ef0e4e3b34c4651ac3fb4351404d288b0 |
| SHA512 | 179e5be96746cfbcc9483de68527d96464f3ce6cb09dc4b5e546a93c5e1dad36ab842a4cdfa336169af4ca459bdc42a2cac72e577699a455ffb7efd9c1c80f11 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6f9bc20747520b37b3f22c169195824e |
| SHA1 | de0472972d51b2d9419ff0d714706bef0c6f81d8 |
| SHA256 | a176ef484b676f39eaefe30f33df548ef0e4e3b34c4651ac3fb4351404d288b0 |
| SHA512 | 179e5be96746cfbcc9483de68527d96464f3ce6cb09dc4b5e546a93c5e1dad36ab842a4cdfa336169af4ca459bdc42a2cac72e577699a455ffb7efd9c1c80f11 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6f9bc20747520b37b3f22c169195824e |
| SHA1 | de0472972d51b2d9419ff0d714706bef0c6f81d8 |
| SHA256 | a176ef484b676f39eaefe30f33df548ef0e4e3b34c4651ac3fb4351404d288b0 |
| SHA512 | 179e5be96746cfbcc9483de68527d96464f3ce6cb09dc4b5e546a93c5e1dad36ab842a4cdfa336169af4ca459bdc42a2cac72e577699a455ffb7efd9c1c80f11 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6f9bc20747520b37b3f22c169195824e |
| SHA1 | de0472972d51b2d9419ff0d714706bef0c6f81d8 |
| SHA256 | a176ef484b676f39eaefe30f33df548ef0e4e3b34c4651ac3fb4351404d288b0 |
| SHA512 | 179e5be96746cfbcc9483de68527d96464f3ce6cb09dc4b5e546a93c5e1dad36ab842a4cdfa336169af4ca459bdc42a2cac72e577699a455ffb7efd9c1c80f11 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6dded92ec95cf9f22410bdeac841a00d |
| SHA1 | 83c32c23d53c59d654868f0b2a5c6be0a46249c2 |
| SHA256 | 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e |
| SHA512 | e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6dded92ec95cf9f22410bdeac841a00d |
| SHA1 | 83c32c23d53c59d654868f0b2a5c6be0a46249c2 |
| SHA256 | 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e |
| SHA512 | e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6dded92ec95cf9f22410bdeac841a00d |
| SHA1 | 83c32c23d53c59d654868f0b2a5c6be0a46249c2 |
| SHA256 | 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e |
| SHA512 | e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6dded92ec95cf9f22410bdeac841a00d |
| SHA1 | 83c32c23d53c59d654868f0b2a5c6be0a46249c2 |
| SHA256 | 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e |
| SHA512 | e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6dded92ec95cf9f22410bdeac841a00d |
| SHA1 | 83c32c23d53c59d654868f0b2a5c6be0a46249c2 |
| SHA256 | 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e |
| SHA512 | e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6dded92ec95cf9f22410bdeac841a00d |
| SHA1 | 83c32c23d53c59d654868f0b2a5c6be0a46249c2 |
| SHA256 | 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e |
| SHA512 | e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6dded92ec95cf9f22410bdeac841a00d |
| SHA1 | 83c32c23d53c59d654868f0b2a5c6be0a46249c2 |
| SHA256 | 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e |
| SHA512 | e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6dded92ec95cf9f22410bdeac841a00d |
| SHA1 | 83c32c23d53c59d654868f0b2a5c6be0a46249c2 |
| SHA256 | 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e |
| SHA512 | e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6dded92ec95cf9f22410bdeac841a00d |
| SHA1 | 83c32c23d53c59d654868f0b2a5c6be0a46249c2 |
| SHA256 | 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e |
| SHA512 | e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6dded92ec95cf9f22410bdeac841a00d |
| SHA1 | 83c32c23d53c59d654868f0b2a5c6be0a46249c2 |
| SHA256 | 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e |
| SHA512 | e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6dded92ec95cf9f22410bdeac841a00d |
| SHA1 | 83c32c23d53c59d654868f0b2a5c6be0a46249c2 |
| SHA256 | 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e |
| SHA512 | e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6dded92ec95cf9f22410bdeac841a00d |
| SHA1 | 83c32c23d53c59d654868f0b2a5c6be0a46249c2 |
| SHA256 | 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e |
| SHA512 | e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6dded92ec95cf9f22410bdeac841a00d |
| SHA1 | 83c32c23d53c59d654868f0b2a5c6be0a46249c2 |
| SHA256 | 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e |
| SHA512 | e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6dded92ec95cf9f22410bdeac841a00d |
| SHA1 | 83c32c23d53c59d654868f0b2a5c6be0a46249c2 |
| SHA256 | 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e |
| SHA512 | e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8 |
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4UR5OX4.exe
| MD5 | 53e53441ccf57c4514c76a1e6edd03e1 |
| SHA1 | 332f92ef37ddb9572426ceefd0102e85ddfebf5d |
| SHA256 | eb293f0994af49eb78b6c5e7f76db249e92ec1d7cfa2d917dcfe14a379d09e02 |
| SHA512 | 37ab83beeebc5fc38cba8c158e6ca7b743cb10c017ab5b72bb7189bf12f72818106b835749228bf897ebbe47effb853140cc1e8018b7d79e71add01def3956b0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6dded92ec95cf9f22410bdeac841a00d |
| SHA1 | 83c32c23d53c59d654868f0b2a5c6be0a46249c2 |
| SHA256 | 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e |
| SHA512 | e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6dded92ec95cf9f22410bdeac841a00d |
| SHA1 | 83c32c23d53c59d654868f0b2a5c6be0a46249c2 |
| SHA256 | 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e |
| SHA512 | e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6dded92ec95cf9f22410bdeac841a00d |
| SHA1 | 83c32c23d53c59d654868f0b2a5c6be0a46249c2 |
| SHA256 | 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e |
| SHA512 | e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8 |
\??\pipe\LOCAL\crashpad_796_KEXHGDVLRINVDWSC
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6dded92ec95cf9f22410bdeac841a00d |
| SHA1 | 83c32c23d53c59d654868f0b2a5c6be0a46249c2 |
| SHA256 | 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e |
| SHA512 | e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8 |
\??\pipe\LOCAL\crashpad_1588_DPBSBBCALUXDETNN
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
\??\pipe\LOCAL\crashpad_1448_UHPYYATXJQQJEYBU
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6dded92ec95cf9f22410bdeac841a00d |
| SHA1 | 83c32c23d53c59d654868f0b2a5c6be0a46249c2 |
| SHA256 | 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e |
| SHA512 | e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6dded92ec95cf9f22410bdeac841a00d |
| SHA1 | 83c32c23d53c59d654868f0b2a5c6be0a46249c2 |
| SHA256 | 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e |
| SHA512 | e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8 |
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4UR5OX4.exe
| MD5 | 53e53441ccf57c4514c76a1e6edd03e1 |
| SHA1 | 332f92ef37ddb9572426ceefd0102e85ddfebf5d |
| SHA256 | eb293f0994af49eb78b6c5e7f76db249e92ec1d7cfa2d917dcfe14a379d09e02 |
| SHA512 | 37ab83beeebc5fc38cba8c158e6ca7b743cb10c017ab5b72bb7189bf12f72818106b835749228bf897ebbe47effb853140cc1e8018b7d79e71add01def3956b0 |
\??\pipe\LOCAL\crashpad_3020_JVZMKWNCRZXHZBUA
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
\??\pipe\LOCAL\crashpad_2456_NDSSGPUPHNWWNVKM
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
\??\pipe\LOCAL\crashpad_1832_DYPLBUOILJUCOQLY
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6dded92ec95cf9f22410bdeac841a00d |
| SHA1 | 83c32c23d53c59d654868f0b2a5c6be0a46249c2 |
| SHA256 | 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e |
| SHA512 | e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8 |
\??\pipe\LOCAL\crashpad_4876_LKRBDXOAIEFQNMIS
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6dded92ec95cf9f22410bdeac841a00d |
| SHA1 | 83c32c23d53c59d654868f0b2a5c6be0a46249c2 |
| SHA256 | 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e |
| SHA512 | e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 80e6d5a8a76be326bc6a377d710a3a3a |
| SHA1 | d0436c4452a95c31ba2c348f579f06667815c090 |
| SHA256 | e2da29faabb16450733436a9f07274d3fbe4460450a5653db87d28799767b303 |
| SHA512 | b6873ba53e76c75d8bc0b87fd84943d4edb1535137fe062c0a6e0aa0161bfb3d2036c702bb19e2f5c23bb9b8ca571789ba0c0efb6a7f1260a14026b86aa2ed57 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 7d01cbecbf90c519bbe619c570c86f36 |
| SHA1 | 28384185c10f3d1beb2ea7f5040bf54faf8438f9 |
| SHA256 | f25b16f135d2415f434fe2ea5f352425236ca9e097b4c24d43cb45859c7b3ecf |
| SHA512 | 26401c338051083b8e16b3eaece650f62fdb36eeeeeff95cdc15cda7914149f32f3a18e7f6208e0bec4022a56457cc8dd24204acf0e1eafccdb7102bf54fbbd3 |
\??\pipe\LOCAL\crashpad_1320_KQCXFMMMBOBUUFOJ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 6ea56cb76fa676c4a40fa590b63daa4f |
| SHA1 | fea7248990f73e2fa67141d6332c03cbcf51d1f2 |
| SHA256 | 1caba7d81019ed1be7733ebe5af2d4bbd47f7d16ad9de53f6d316173250071e2 |
| SHA512 | 943deabb6e506ea57311a31109aef602891886d6c3995df3e1a715a94b6c2d4c816b10f4217acccfbc8006df8700f50e9a3138b203172e9f476d59220e8d1de6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 6ea56cb76fa676c4a40fa590b63daa4f |
| SHA1 | fea7248990f73e2fa67141d6332c03cbcf51d1f2 |
| SHA256 | 1caba7d81019ed1be7733ebe5af2d4bbd47f7d16ad9de53f6d316173250071e2 |
| SHA512 | 943deabb6e506ea57311a31109aef602891886d6c3995df3e1a715a94b6c2d4c816b10f4217acccfbc8006df8700f50e9a3138b203172e9f476d59220e8d1de6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | c9b8f10fe509a81b1df667dfddbb2fe5 |
| SHA1 | 141dba681da093c0ab1025a5ec4b2df5064b1a56 |
| SHA256 | 932dfc9f17608177adbe6db94cce474f586a41d4aac75e0661fdc9814446266c |
| SHA512 | a82ff128022d4c76198fecbc2379a26566355908e8df9fe1c265acbf793764cdb69bbecdb7cb69a817870d468f3a324e0e37ff9d1156643b84d33e89be3efb11 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\7f0806ad-10b3-4e1a-a6a3-696cc878b7f5.tmp
| MD5 | 5b23d2c0d41452f983cdcdce078e941f |
| SHA1 | 449e91dc08e117b96beba447cb5889accc6e8ab5 |
| SHA256 | 2cd254068cf5f6ffaa46480911a73ee117e047bcfce78bc4094b9d83abf01234 |
| SHA512 | 6f7de32b5448a3363cc4870591278bf145bf2c0535a640c13b1ab8cce43a24c25a7f3106270112984c036b26c4e4b033b8f24b86ec0e2a8b7e377214585abb78 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | c9b8f10fe509a81b1df667dfddbb2fe5 |
| SHA1 | 141dba681da093c0ab1025a5ec4b2df5064b1a56 |
| SHA256 | 932dfc9f17608177adbe6db94cce474f586a41d4aac75e0661fdc9814446266c |
| SHA512 | a82ff128022d4c76198fecbc2379a26566355908e8df9fe1c265acbf793764cdb69bbecdb7cb69a817870d468f3a324e0e37ff9d1156643b84d33e89be3efb11 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 3024b9b9f6d86e09515096048cd8bb8b |
| SHA1 | c1f896c81a87d2bac007542596696bf8fdce4f49 |
| SHA256 | 21bc818263d38dee27fa12dda44b5c7b087a64d7063fa34fd6af51bf08dc6282 |
| SHA512 | f823766a80bca42b99a22b7f608a77725e7d699735d3511697dcbfb0ac3157b83ad29623e4c05d37bc1cc0777af218913a91b013ea83e77887fd20f46ad8aab5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 3024b9b9f6d86e09515096048cd8bb8b |
| SHA1 | c1f896c81a87d2bac007542596696bf8fdce4f49 |
| SHA256 | 21bc818263d38dee27fa12dda44b5c7b087a64d7063fa34fd6af51bf08dc6282 |
| SHA512 | f823766a80bca42b99a22b7f608a77725e7d699735d3511697dcbfb0ac3157b83ad29623e4c05d37bc1cc0777af218913a91b013ea83e77887fd20f46ad8aab5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 3e854040534792cad3b0187c095e8b57 |
| SHA1 | 0d139f081ebde203371ba05846eb04b180d4bf08 |
| SHA256 | 25f7dbd377e59ee91a03ff9e4bab02a54915f94f85a0c0fe6bfc16ed49c67036 |
| SHA512 | 216a96ee6420eecf674b6c336cbb48275a88571f597961ad52682c23960a339d5edd6d7dc0b3609151960a128c6d861356815303d764cc4f4132c302a8a6b45b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 3e854040534792cad3b0187c095e8b57 |
| SHA1 | 0d139f081ebde203371ba05846eb04b180d4bf08 |
| SHA256 | 25f7dbd377e59ee91a03ff9e4bab02a54915f94f85a0c0fe6bfc16ed49c67036 |
| SHA512 | 216a96ee6420eecf674b6c336cbb48275a88571f597961ad52682c23960a339d5edd6d7dc0b3609151960a128c6d861356815303d764cc4f4132c302a8a6b45b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 80e6d5a8a76be326bc6a377d710a3a3a |
| SHA1 | d0436c4452a95c31ba2c348f579f06667815c090 |
| SHA256 | e2da29faabb16450733436a9f07274d3fbe4460450a5653db87d28799767b303 |
| SHA512 | b6873ba53e76c75d8bc0b87fd84943d4edb1535137fe062c0a6e0aa0161bfb3d2036c702bb19e2f5c23bb9b8ca571789ba0c0efb6a7f1260a14026b86aa2ed57 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 7d01cbecbf90c519bbe619c570c86f36 |
| SHA1 | 28384185c10f3d1beb2ea7f5040bf54faf8438f9 |
| SHA256 | f25b16f135d2415f434fe2ea5f352425236ca9e097b4c24d43cb45859c7b3ecf |
| SHA512 | 26401c338051083b8e16b3eaece650f62fdb36eeeeeff95cdc15cda7914149f32f3a18e7f6208e0bec4022a56457cc8dd24204acf0e1eafccdb7102bf54fbbd3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6dded92ec95cf9f22410bdeac841a00d |
| SHA1 | 83c32c23d53c59d654868f0b2a5c6be0a46249c2 |
| SHA256 | 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e |
| SHA512 | e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 80e6d5a8a76be326bc6a377d710a3a3a |
| SHA1 | d0436c4452a95c31ba2c348f579f06667815c090 |
| SHA256 | e2da29faabb16450733436a9f07274d3fbe4460450a5653db87d28799767b303 |
| SHA512 | b6873ba53e76c75d8bc0b87fd84943d4edb1535137fe062c0a6e0aa0161bfb3d2036c702bb19e2f5c23bb9b8ca571789ba0c0efb6a7f1260a14026b86aa2ed57 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 3e854040534792cad3b0187c095e8b57 |
| SHA1 | 0d139f081ebde203371ba05846eb04b180d4bf08 |
| SHA256 | 25f7dbd377e59ee91a03ff9e4bab02a54915f94f85a0c0fe6bfc16ed49c67036 |
| SHA512 | 216a96ee6420eecf674b6c336cbb48275a88571f597961ad52682c23960a339d5edd6d7dc0b3609151960a128c6d861356815303d764cc4f4132c302a8a6b45b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | c9b8f10fe509a81b1df667dfddbb2fe5 |
| SHA1 | 141dba681da093c0ab1025a5ec4b2df5064b1a56 |
| SHA256 | 932dfc9f17608177adbe6db94cce474f586a41d4aac75e0661fdc9814446266c |
| SHA512 | a82ff128022d4c76198fecbc2379a26566355908e8df9fe1c265acbf793764cdb69bbecdb7cb69a817870d468f3a324e0e37ff9d1156643b84d33e89be3efb11 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 5b23d2c0d41452f983cdcdce078e941f |
| SHA1 | 449e91dc08e117b96beba447cb5889accc6e8ab5 |
| SHA256 | 2cd254068cf5f6ffaa46480911a73ee117e047bcfce78bc4094b9d83abf01234 |
| SHA512 | 6f7de32b5448a3363cc4870591278bf145bf2c0535a640c13b1ab8cce43a24c25a7f3106270112984c036b26c4e4b033b8f24b86ec0e2a8b7e377214585abb78 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 3c038d39caa3d4ef04bcedab7d97babe |
| SHA1 | af1f59ee451eec78c391769e7a1f91a02bdffdf1 |
| SHA256 | 583947162e6c29f61e2d0bd0b999ab16a2697715deb650ca7b48aca0e7e84628 |
| SHA512 | eb330fc2fc28e5468b83d0c810057e7ebe833e6d52649d15155b4b353ba3ccb5a6069f93ba8321de9fae0693631559bbeb5a227cb1ed5796c23ed928c45c948f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 3c038d39caa3d4ef04bcedab7d97babe |
| SHA1 | af1f59ee451eec78c391769e7a1f91a02bdffdf1 |
| SHA256 | 583947162e6c29f61e2d0bd0b999ab16a2697715deb650ca7b48aca0e7e84628 |
| SHA512 | eb330fc2fc28e5468b83d0c810057e7ebe833e6d52649d15155b4b353ba3ccb5a6069f93ba8321de9fae0693631559bbeb5a227cb1ed5796c23ed928c45c948f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 5b23d2c0d41452f983cdcdce078e941f |
| SHA1 | 449e91dc08e117b96beba447cb5889accc6e8ab5 |
| SHA256 | 2cd254068cf5f6ffaa46480911a73ee117e047bcfce78bc4094b9d83abf01234 |
| SHA512 | 6f7de32b5448a3363cc4870591278bf145bf2c0535a640c13b1ab8cce43a24c25a7f3106270112984c036b26c4e4b033b8f24b86ec0e2a8b7e377214585abb78 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 7d01cbecbf90c519bbe619c570c86f36 |
| SHA1 | 28384185c10f3d1beb2ea7f5040bf54faf8438f9 |
| SHA256 | f25b16f135d2415f434fe2ea5f352425236ca9e097b4c24d43cb45859c7b3ecf |
| SHA512 | 26401c338051083b8e16b3eaece650f62fdb36eeeeeff95cdc15cda7914149f32f3a18e7f6208e0bec4022a56457cc8dd24204acf0e1eafccdb7102bf54fbbd3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\a2d851d2-03b5-48ef-9faa-3456a324f277.tmp
| MD5 | b04a372385b4fba0362e094fa9070231 |
| SHA1 | af2c133eedfcfd85f19f640343e0e882b5f54d76 |
| SHA256 | 85a96074bb95cb8699b6fa3cc2cfb83cdaba3ede7e2d7ab7cd32f28077e4c99c |
| SHA512 | 17e16256cd772c57f4c9e69134712e28eafad1c8318a8c9c8d7ff6456dcf50a6377741f4bb692379538276c087944ee3ad96b8600c78257711bdba9067d77c63 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
memory/8140-303-0x0000000000400000-0x0000000000433000-memory.dmp
memory/8140-307-0x0000000000400000-0x0000000000433000-memory.dmp
memory/8140-306-0x0000000000400000-0x0000000000433000-memory.dmp
memory/8140-309-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | f07014dd5fe7c659ecb98fac1c732000 |
| SHA1 | 30385304a5ec64e3d405f95b2f4e0cb53c217a02 |
| SHA256 | 5afb9ff969d0f8d70876da7f23e0c703729b3f96176bb46e9e446e0a70574e13 |
| SHA512 | 3ebfe4c31d3c3780d364c8bc12e466120351e29195c4d98a603c7f57f3ef990ea72e6cfe28513a75df45d024d31709da4f476c27aefbde6b00b8a6ab2fd3d961 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
| MD5 | 7c7a884c27be53d355b4578a97955087 |
| SHA1 | 9a340123c7ec6c33072281bca624d9e4d772c98c |
| SHA256 | a14d1527c4249b23a04c91f94dc4eda45ce4b570c1105618e4cef02f1b46ba87 |
| SHA512 | 256738439163501557d6985ab082d866436ef5a70e7a1d10dae308ba50ed818223510311c0f3ce6e37f5573e154e87eb88087aba2a775d9869ce46b17bcfc7c4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
| MD5 | 55540a230bdab55187a841cfe1aa1545 |
| SHA1 | 363e4734f757bdeb89868efe94907774a327695e |
| SHA256 | d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb |
| SHA512 | c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e32470c1a381941aa7c90a90aeba2227 |
| SHA1 | 938ae0f9b95aebe9e8819217b9b869bc17df3a68 |
| SHA256 | f973743d989648fb25be3b457392ecc6e71086242d1faa2d1f976b5da6a69d9e |
| SHA512 | efbf6480017aa9172652854a9193bfac18ea1ead191903202ce14fe913a96f5edc586b57e895b079504a762678d07b813c5996e833d11eb49d6d8873aaaf2856 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1f758e7103d394ddb8127474c441db39 |
| SHA1 | 81dbd44d0f01f93759ef483e2c554d11b50c85a3 |
| SHA256 | c448ff34ddf10befed70df47aee1913b5a5b355b85816ee5a2148c2f7e498c0c |
| SHA512 | 864fe5c7d6ba5e276a050f3c52132c90fa5c806d46bb6b675cc95c7d1451cc19037ee0d4c569372cf3daa4192293cb1321623d6c5116e373d040b6bb474ebf95 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 4406feb16c9c62ff74a410bc4fa78aa2 |
| SHA1 | 7a4dbcbe61e34e57f4662afedbbbfe672f96d86b |
| SHA256 | 55b85903406c6dcbfb49829731310329a20aa24c79666519c848f2bc333a1ed7 |
| SHA512 | 63897465b6182c77df81bb2d5d428bc14fdad02d2015ac81b30101a750028ce92f67f7d58510246fe9eb98f37cd9aae53ee0c83ff71593d6e6cb4b38cf6efa24 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | a987ed1a2f3b84cd7d8641fe9781c047 |
| SHA1 | 14399f0a2186cb623d284921446dcc797e41ca20 |
| SHA256 | f16cde5f04146840627168e66afa21b830d185d728f2ca8ac1acd2c4b78cf037 |
| SHA512 | c6d24b3b83ab0c45b3c9543158f6c48fed82c25591304e69fea48c5c82f0f7a8859a5b3968a6128103c253b233628f4b292809aec9f8398beee104c6097f8cd9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | e05436aebb117e9919978ca32bbcefd9 |
| SHA1 | 97b2af055317952ce42308ea69b82301320eb962 |
| SHA256 | cc9bd0953e70356e31a957ad9a9b1926f5e2a9f6a297cdef303ac693a2a86b7f |
| SHA512 | 11328e9514ffaa3c1eab84fae06595d75c8503bd5601adfd806182d46065752885a871b738439b356d1bb2c1ac71fc81e9d46bd2d0daa1b2ba0f40543bf952b9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 33b7ac277f7a35da2bf50a965e58c5f2 |
| SHA1 | 7a30f4ba22035c6b9b132921d9ab4cde8cf86f97 |
| SHA256 | 69b294494b758ec12758f2dda276d1b4aa320a0cef5f0c8f481d5c0cb3d1c77b |
| SHA512 | 17a268c2abe285902a7e9a3264b916e50563eb7492a2f57e4f15211dda1491f06e8487e1d265237a48367114cf1d08098f0743001be42f506bc3852df68140f3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 1f1e6590a09d963c2fe06b8a7b749501 |
| SHA1 | 0717452af1b3f17b584163d154835fa9d03ce4cd |
| SHA256 | 6be0d387db82854dc81b20a26a3c2969c39a35c08b8a31c71fd45f55a6bac9ee |
| SHA512 | fa751e173721be198db23c8f69c3c69d1d7efca3abec1ddbfaf9ddf5521518fca3c96556d229ee34fef74300761d0a5cecf13040b547127e3a370eb1b752b9ae |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | b93a23241fe3a14b9720d3159cc87f89 |
| SHA1 | 380a37144266953142b346b8f875f83e3c5ef440 |
| SHA256 | d645510f87f1e70ca7d704d867a4db77ef7350df2c0d1c26439c2b2e2836f6e9 |
| SHA512 | f9e3a2078bf5518d2bcf188a7f336fb9dfde2256612420745b261ce00f95883b4dc69affdb8f60f56cbe1d9e7fbef42f5d7185113aa6c9a3c1dd4f0442e85d84 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | e35b4174ef66f2b9d25ad4517f97a1de |
| SHA1 | b553d205cc291876cd5597330dcb6ce41cac171b |
| SHA256 | e92881dd6a974b2c310abb8d41abbbf4b88c7036ec82876479df0c79c62b1041 |
| SHA512 | 29bbfc7bec177abf00a973e57413e8f9e6e06826d45b434aaf286a275da7e55535408ba03a6196380b1a8e9bd5492b5fb8a97b4d798aea558f6242ec020a1f65 |
memory/4436-610-0x0000000000400000-0x000000000043C000-memory.dmp
memory/7140-630-0x0000000000400000-0x0000000000488000-memory.dmp
memory/7140-631-0x0000000000400000-0x0000000000488000-memory.dmp
memory/7140-642-0x0000000000400000-0x0000000000488000-memory.dmp
memory/7140-644-0x0000000000400000-0x0000000000488000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | f180edb800e9d8948d378d16a23c6e19 |
| SHA1 | a57c85fe26dd28b5150377b9c7726f9a3f3f1e74 |
| SHA256 | 241131bd5f0d351713e4428bc48d9298c771a4b90e0fbee7fc64a404967bd5ce |
| SHA512 | 985f28f83a6a04b6e8ad049ba72270a900ecb0d2933916521b8286953347068750c8e7b4335d0a4ef6b5a9f039e412e7c169a724c9981513b5655825b5240528 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe599aee.TMP
| MD5 | 44a1285da06fc80a88a38fa6eb4eba94 |
| SHA1 | 5a8195700d73f2a36678d2e071d3e82acd31a162 |
| SHA256 | 53c79d278b5633e5970673c156a0d1df9f09a71717d5ab2486ad73fd46519760 |
| SHA512 | 4b9e429466f8729735294fc85e90b2cef83e3d5989f24d4485ceae4dba4a9af7bec143a3f47f40aff24a6719309bad18fbb5a7b0ddc0c087060f0662f205dea6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | bc1f44643fdc65f733a92a01c59e3dad |
| SHA1 | 9d9e40ea2d936cb4bb2a6a0e5e0060be79664c66 |
| SHA256 | 60583ccb0626d7aaa4b69efb226650f8828bcabeca5c94777969e4e1d6a4eaf2 |
| SHA512 | e001f79f7efd24351ebed5e061dad09b2eff758bbc28e6f369ca139360b7ffba97348b6fa75f42f0cd3ef2e677a035ce401bddaff4c396e3761ed741234850d1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe59a7df.TMP
| MD5 | bef38a8bfb51ea7a392a654337e8568d |
| SHA1 | 359ad8ba68801e152181683fa14070c78d316d95 |
| SHA256 | 5ea6d9e7e414650866979607a632a76274e211c7a1417aa9c9d4d9f5cb4ffc1d |
| SHA512 | 214e84f3a429c1a9afbb86e89663f287ef4b0e5cc21c0c8fad11279f1a7143888fcbd359d65f68e72f5e28481afdaa0742879b844d5a4d4b11be979be7b4b8d0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\f97d75a5-8669-4c61-81a6-1358d8d87cdb\index-dir\the-real-index~RFe59b888.TMP
| MD5 | 7790775a1ef0d329d9c2f7f6ecc0505a |
| SHA1 | 1475f06e193edf2738e2f81e00261938dcb1f565 |
| SHA256 | 2d7eacc0fde0896a24657383758da82da9ae07b3e11258dd89e0dcea4543be95 |
| SHA512 | 0550cf7b199f7b1786dba70768e4df7143dbc535f8d5f871d53618711b7f1d6c96099caa93e94d6895f492758a3937581bdc5b4de34c161f2a9b94bf85336882 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\f97d75a5-8669-4c61-81a6-1358d8d87cdb\index-dir\the-real-index
| MD5 | 73696a53139574a111c69ec618718f4b |
| SHA1 | 4c5fe8ce6856c967490a336954385fe8730483b1 |
| SHA256 | fbbed346ad2aaebbccab62b9fcafd3a9d7a5c8a7f4f3a04d20b38ae718a0392b |
| SHA512 | d5335e316d616328a3f0e6e96b7a09fa8242bbad8f0486175edf20e9c686481cd15bc0e5a9d84cc8bc3f460a736923db54af13fd8a71bee66db4a979e6a167db |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 6183ee8a4bbd39692aea73233ab1fe24 |
| SHA1 | 47bd823b6c0343439d3bf765339381b7fff177dd |
| SHA256 | 386ef6a57bffb76266adeb1ede733b8253ed5d3bc3dc8b60492a510fa697dfcc |
| SHA512 | eb02ef33c6f3a8cbe49a7ad041eaf47d900f8e0399406b4eae1527de684bf98e50f9d2524ff8991e7a4d5fb375e98c2d27cc52e5f8ddc36a7ab00b9dfc65d781 |
memory/4436-816-0x0000000074420000-0x0000000074BD0000-memory.dmp
memory/4436-817-0x0000000007CC0000-0x0000000008264000-memory.dmp
memory/4436-880-0x00000000077F0000-0x0000000007882000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | bac8532c69ef7883525810dd8c218adb |
| SHA1 | 540be0275aa0e80846471d50d919647d6e6cd12f |
| SHA256 | 7bf937f7c2b3667119f93080bbdfc57f06a27719efb9236535fca5c5cf7cde27 |
| SHA512 | fc16a6818355f745675e0279e7e18104d3a949d484deca49e3e09af6f21d1343453118fff548711dae965e2b68ce050b69972bef58c888b58ad5b19f14470775 |