Analysis Overview
SHA256
de467edc11197b650495794ae6040c5a2fdc068b94ba263d8b85e097aeaf5a45
Threat Level: Known bad
The file de467edc11197b650495794ae6040c5a2fdc068b94ba263d8b85e097aeaf5a45 was found to be: Known bad.
Malicious Activity Summary
SmokeLoader
RisePro
Glupteba payload
Glupteba
RedLine
Lumma Stealer
RedLine payload
Detect Lumma Stealer payload V4
PrivateLoader
Modifies Windows Firewall
Downloads MZ/PE file
Stops running service(s)
Drops startup file
Executes dropped EXE
UPX packed file
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Looks up external IP address via web service
Accesses Microsoft Outlook profiles
Adds Run key to start application
Checks installed software on the system
AutoIT Executable
Detected potential entity reuse from brand paypal.
Drops file in System32 directory
Launches sc.exe
Unsigned PE
Program crash
Enumerates physical storage devices
Suspicious use of SendNotifyMessage
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: MapViewOfSection
Suspicious use of FindShellTrayWindow
Checks processor information in registry
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Checks SCSI registry key(s)
Suspicious behavior: EnumeratesProcesses
outlook_office_path
Creates scheduled task(s)
Runs net.exe
outlook_win_path
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2023-12-11 11:37
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2023-12-11 11:37
Reported
2023-12-11 11:39
Platform
win10v2004-20231130-en
Max time kernel
94s
Max time network
113s
Command Line
Signatures
Detect Lumma Stealer payload V4
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Glupteba
Glupteba payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Lumma Stealer
PrivateLoader
RedLine
RedLine payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
RisePro
SmokeLoader
Downloads MZ/PE file
Modifies Windows Firewall
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\netsh.exe | N/A |
Stops running service(s)
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FANBooster131.lnk | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1ex55EV6.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\zk9KH26.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1ex55EV6.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\4RE961hS.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6CQ2ui2.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\C2F2.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\FDAA.exe | N/A |
Reads user/profile data of local email clients
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Accesses Microsoft Outlook profiles
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-1791582586-1997866593-3795608343-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1ex55EV6.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-1791582586-1997866593-3795608343-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1ex55EV6.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-1791582586-1997866593-3795608343-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1ex55EV6.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\de467edc11197b650495794ae6040c5a2fdc068b94ba263d8b85e097aeaf5a45.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\zk9KH26.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1791582586-1997866593-3795608343-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MaxLoonaFest131 = "C:\\Users\\Admin\\AppData\\Local\\MaxLoonaFest131\\MaxLoonaFest131.exe" | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1ex55EV6.exe | N/A |
Checks installed software on the system
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
AutoIT Executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Detected potential entity reuse from brand paypal.
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\System32\GroupPolicy\Machine\Registry.pol | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1ex55EV6.exe | N/A |
| File opened for modification | C:\Windows\System32\GroupPolicy\GPT.INI | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1ex55EV6.exe | N/A |
| File opened for modification | C:\Windows\System32\GroupPolicy | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1ex55EV6.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\GroupPolicy\gpt.ini | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1ex55EV6.exe | N/A |
Launches sc.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\sc.exe | N/A |
| N/A | N/A | C:\Windows\System32\sc.exe | N/A |
| N/A | N/A | C:\Windows\System32\sc.exe | N/A |
| N/A | N/A | C:\Windows\System32\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\System32\sc.exe | N/A |
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1ex55EV6.exe |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\toolspub2.exe |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\4RE961hS.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\4RE961hS.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\4RE961hS.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1ex55EV6.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1ex55EV6.exe | N/A |
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SYSTEM32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Runs net.exe
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1ex55EV6.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1ex55EV6.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\4RE961hS.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\4RE961hS.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: MapViewOfSection
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\4RE961hS.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
outlook_office_path
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-1791582586-1997866593-3795608343-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1ex55EV6.exe | N/A |
outlook_win_path
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-1791582586-1997866593-3795608343-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1ex55EV6.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\de467edc11197b650495794ae6040c5a2fdc068b94ba263d8b85e097aeaf5a45.exe
"C:\Users\Admin\AppData\Local\Temp\de467edc11197b650495794ae6040c5a2fdc068b94ba263d8b85e097aeaf5a45.exe"
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\zk9KH26.exe
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\zk9KH26.exe
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1ex55EV6.exe
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1ex55EV6.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -s WPDBusEnum
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s fhsvc
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /f /RU "Admin" /tr "C:\ProgramData\OfficeTrackerNMP131\OfficeTrackerNMP131.exe" /tn "OfficeTrackerNMP131 HR" /sc HOURLY /rl HIGHEST
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /f /RU "Admin" /tr "C:\ProgramData\OfficeTrackerNMP131\OfficeTrackerNMP131.exe" /tn "OfficeTrackerNMP131 LG" /sc ONLOGON /rl HIGHEST
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 2056 -ip 2056
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2056 -s 1748
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\4RE961hS.exe
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\4RE961hS.exe
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6CQ2ui2.exe
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6CQ2ui2.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ff816a046f8,0x7ff816a04708,0x7ff816a04718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff816a046f8,0x7ff816a04708,0x7ff816a04718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ff816a046f8,0x7ff816a04708,0x7ff816a04718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ff816a046f8,0x7ff816a04708,0x7ff816a04718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ff816a046f8,0x7ff816a04708,0x7ff816a04718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1468,1659633939047932405,7752221518880547189,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1468,1659633939047932405,7752221518880547189,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1960 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1468,1659633939047932405,7752221518880547189,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1468,1659633939047932405,7752221518880547189,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ff816a046f8,0x7ff816a04708,0x7ff816a04718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1468,1659633939047932405,7752221518880547189,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2764 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1972,15041163726368064053,9046179397997270093,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1972,15041163726368064053,9046179397997270093,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,9851319791803160604,13220318299227704379,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,9851319791803160604,13220318299227704379,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1468,1659633939047932405,7752221518880547189,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3884 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2032,1871465259947647754,10634109299959296233,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ff816a046f8,0x7ff816a04708,0x7ff816a04718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1468,1659633939047932405,7752221518880547189,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4064 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1468,1659633939047932405,7752221518880547189,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4288 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1468,1659633939047932405,7752221518880547189,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4460 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,3277959915616250110,9078328901939952144,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x144,0x174,0x7ff816a046f8,0x7ff816a04708,0x7ff816a04718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1468,1659633939047932405,7752221518880547189,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1468,1659633939047932405,7752221518880547189,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1468,1659633939047932405,7752221518880547189,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ff816a046f8,0x7ff816a04708,0x7ff816a04718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1468,1659633939047932405,7752221518880547189,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3048 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1468,1659633939047932405,7752221518880547189,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6396 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ff816a046f8,0x7ff816a04708,0x7ff816a04718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1468,1659633939047932405,7752221518880547189,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6572 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1468,1659633939047932405,7752221518880547189,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6684 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1468,1659633939047932405,7752221518880547189,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1468,1659633939047932405,7752221518880547189,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7092 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1468,1659633939047932405,7752221518880547189,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7524 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1468,1659633939047932405,7752221518880547189,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7536 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1468,1659633939047932405,7752221518880547189,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7928 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1468,1659633939047932405,7752221518880547189,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7928 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1468,1659633939047932405,7752221518880547189,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8116 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1468,1659633939047932405,7752221518880547189,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8044 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1468,1659633939047932405,7752221518880547189,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7564 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1468,1659633939047932405,7752221518880547189,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\C2F2.exe
C:\Users\Admin\AppData\Local\Temp\C2F2.exe
C:\Users\Admin\AppData\Local\Temp\FDAA.exe
C:\Users\Admin\AppData\Local\Temp\FDAA.exe
C:\Users\Admin\AppData\Local\Temp\InstallSetup9.exe
"C:\Users\Admin\AppData\Local\Temp\InstallSetup9.exe"
C:\Users\Admin\AppData\Local\Temp\toolspub2.exe
"C:\Users\Admin\AppData\Local\Temp\toolspub2.exe"
C:\Users\Admin\AppData\Local\Temp\Broom.exe
C:\Users\Admin\AppData\Local\Temp\Broom.exe
C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe
"C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe"
C:\Users\Admin\AppData\Local\Temp\tuc3.exe
"C:\Users\Admin\AppData\Local\Temp\tuc3.exe"
C:\Users\Admin\AppData\Local\Temp\is-DM117.tmp\tuc3.tmp
"C:\Users\Admin\AppData\Local\Temp\is-DM117.tmp\tuc3.tmp" /SL5="$102D2,8423542,54272,C:\Users\Admin\AppData\Local\Temp\tuc3.exe"
C:\Users\Admin\AppData\Local\Temp\5C9.exe
C:\Users\Admin\AppData\Local\Temp\5C9.exe
C:\Users\Admin\AppData\Local\Temp\latestX.exe
"C:\Users\Admin\AppData\Local\Temp\latestX.exe"
C:\Program Files (x86)\xrecode3\xrecode3.exe
"C:\Program Files (x86)\xrecode3\xrecode3.exe" -i
C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\system32\schtasks.exe" /Query
C:\Program Files (x86)\xrecode3\xrecode3.exe
"C:\Program Files (x86)\xrecode3\xrecode3.exe" -s
C:\Windows\SysWOW64\net.exe
"C:\Windows\system32\net.exe" helpmsg 1
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 helpmsg 1
C:\Users\Admin\AppData\Local\Temp\toolspub2.exe
"C:\Users\Admin\AppData\Local\Temp\toolspub2.exe"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe
"C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 7824 -ip 7824
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7824 -s 328
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Windows\system32\netsh.exe
netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes
C:\Windows\system32\cmd.exe
C:\Windows\Sysnative\cmd.exe /C "netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Windows\rss\csrss.exe
C:\Windows\rss\csrss.exe
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Windows\SYSTEM32\schtasks.exe
schtasks /delete /tn ScheduledUpdate /f
C:\Windows\SYSTEM32\schtasks.exe
schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR "C:\Windows\rss\csrss.exe" /TN csrss /F
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe
C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe taskmgr.exe C:\Users\Admin\AppData\Local\Temp\csrss\injector\NtQuerySystemInformationHook.dll
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramFiles) -Force
C:\Users\Admin\AppData\Local\Temp\80F6.exe
C:\Users\Admin\AppData\Local\Temp\80F6.exe
C:\Windows\System32\sc.exe
sc stop wuauserv
C:\Windows\System32\sc.exe
sc stop WaaSMedicSvc
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c powercfg /x -hibernate-timeout-ac 0 & powercfg /x -hibernate-timeout-dc 0 & powercfg /x -standby-timeout-ac 0 & powercfg /x -standby-timeout-dc 0
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#nvjdnn#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /ru 'System' /tn 'GoogleUpdateTaskMachineQC' /tr '''C:\Program Files\Google\Chrome\updater.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Program Files\Google\Chrome\updater.exe') -Trigger (New-ScheduledTaskTrigger -AtStartup) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'GoogleUpdateTaskMachineQC' -User 'System' -RunLevel 'Highest' -Force; }
C:\Windows\System32\powercfg.exe
powercfg /x -hibernate-timeout-dc 0
C:\Windows\System32\powercfg.exe
powercfg /x -standby-timeout-dc 0
C:\Windows\System32\powercfg.exe
powercfg /x -standby-timeout-ac 0
C:\Windows\System32\powercfg.exe
powercfg /x -hibernate-timeout-ac 0
C:\Program Files\Google\Chrome\updater.exe
"C:\Program Files\Google\Chrome\updater.exe"
C:\Windows\System32\schtasks.exe
C:\Windows\System32\schtasks.exe /run /tn "GoogleUpdateTaskMachineQC"
C:\Windows\System32\sc.exe
sc stop dosvc
C:\Windows\System32\sc.exe
sc stop bits
C:\Windows\System32\sc.exe
sc stop UsoSvc
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop bits & sc stop dosvc
C:\Windows\SYSTEM32\schtasks.exe
schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR "C:\Windows\rss\csrss.exe" /TN csrss /F
C:\Windows\windefender.exe
"C:\Windows\windefender.exe"
C:\Windows\windefender.exe
C:\Windows\windefender.exe
C:\Windows\SysWOW64\sc.exe
sc sdset WinDefender D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPLOCRSDRCWDWO;;;BA)(D;;WPDT;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
C:\Windows\SysWOW64\cmd.exe
cmd.exe /C sc sdset WinDefender D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPLOCRSDRCWDWO;;;BA)(D;;WPDT;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
C:\Windows\system32\reg.exe
reg add "HKEY_CURRENT_USER\Software\clicker\key" /v primary /t REG_DWORD /d 1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\98F3.bat" "
C:\Windows\system32\reg.exe
reg add "HKEY_CURRENT_USER\Software\clicker\key" /v primary /t REG_DWORD /d 1
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\9B36.bat" "
C:\Users\Admin\AppData\Local\Temp\A4CD.exe
C:\Users\Admin\AppData\Local\Temp\A4CD.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
C:\Users\Admin\AppData\Local\Temp\B131.exe
C:\Users\Admin\AppData\Local\Temp\B131.exe
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.194.73.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 193.233.132.51:50500 | tcp | |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.200:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 173.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.181.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ipinfo.io | udp |
| US | 34.117.59.81:443 | ipinfo.io | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.132.233.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 81.59.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.240.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| IE | 163.70.147.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| BE | 64.233.166.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | store.steampowered.com | udp |
| GB | 104.103.202.103:443 | steamcommunity.com | tcp |
| US | 8.8.8.8:53 | www.epicgames.com | udp |
| US | 2.17.5.46:443 | store.steampowered.com | tcp |
| US | 8.8.8.8:53 | twitter.com | udp |
| US | 35.168.119.175:443 | www.epicgames.com | tcp |
| US | 104.244.42.129:443 | twitter.com | tcp |
| US | 8.8.8.8:53 | www.paypal.com | udp |
| BE | 64.233.166.84:443 | accounts.google.com | udp |
| US | 192.229.221.25:443 | www.paypal.com | tcp |
| US | 8.8.8.8:53 | 35.147.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.166.233.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.202.103.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.5.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 129.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.119.168.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 142.250.179.238:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | 238.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.10.230.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static.xx.fbcdn.net | udp |
| IE | 163.70.147.23:443 | static.xx.fbcdn.net | tcp |
| IE | 163.70.147.23:443 | static.xx.fbcdn.net | tcp |
| IE | 163.70.147.23:443 | static.xx.fbcdn.net | tcp |
| GB | 142.250.179.238:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | www.paypalobjects.com | udp |
| GB | 172.217.16.246:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | community.akamai.steamstatic.com | udp |
| GB | 104.77.160.221:443 | community.akamai.steamstatic.com | tcp |
| GB | 104.77.160.221:443 | community.akamai.steamstatic.com | tcp |
| GB | 104.77.160.221:443 | community.akamai.steamstatic.com | tcp |
| US | 8.8.8.8:53 | abs.twimg.com | udp |
| US | 8.8.8.8:53 | api.x.com | udp |
| US | 8.8.8.8:53 | api.twitter.com | udp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 104.244.42.2:443 | api.twitter.com | tcp |
| US | 104.18.37.14:443 | api.x.com | tcp |
| US | 8.8.8.8:53 | pbs.twimg.com | udp |
| US | 8.8.8.8:53 | video.twimg.com | udp |
| US | 8.8.8.8:53 | t.co | udp |
| US | 68.232.34.217:443 | video.twimg.com | tcp |
| US | 104.244.42.197:443 | t.co | tcp |
| US | 192.229.233.50:443 | pbs.twimg.com | tcp |
| US | 8.8.8.8:53 | tracking.epicgames.com | udp |
| US | 8.8.8.8:53 | static-assets-prod.unrealengine.com | udp |
| GB | 104.77.160.221:443 | community.akamai.steamstatic.com | tcp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| GB | 13.224.81.88:443 | static-assets-prod.unrealengine.com | tcp |
| GB | 13.224.81.88:443 | static-assets-prod.unrealengine.com | tcp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| GB | 104.77.160.221:443 | community.akamai.steamstatic.com | tcp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 8.8.8.8:53 | 35.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.147.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 221.160.77.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 246.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 141.21.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.37.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.34.232.68.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.233.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.81.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | store.akamai.steamstatic.com | udp |
| GB | 104.77.160.200:443 | store.akamai.steamstatic.com | tcp |
| GB | 104.77.160.200:443 | store.akamai.steamstatic.com | tcp |
| GB | 104.77.160.200:443 | store.akamai.steamstatic.com | tcp |
| US | 8.8.8.8:53 | static.ads-twitter.com | udp |
| GB | 151.101.60.157:443 | static.ads-twitter.com | tcp |
| US | 8.8.8.8:53 | www.recaptcha.net | udp |
| GB | 142.250.200.3:443 | www.recaptcha.net | tcp |
| US | 54.87.226.161:443 | tracking.epicgames.com | tcp |
| GB | 151.101.60.157:443 | static.ads-twitter.com | tcp |
| US | 8.8.8.8:53 | 200.160.77.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.226.87.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.60.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 216.58.204.68:443 | www.google.com | tcp |
| GB | 142.250.200.3:443 | www.recaptcha.net | udp |
| US | 8.8.8.8:53 | facebook.com | udp |
| US | 8.8.8.8:53 | fbcdn.net | udp |
| FR | 216.58.204.68:443 | www.google.com | udp |
| IE | 163.70.147.35:443 | fbcdn.net | tcp |
| US | 8.8.8.8:53 | fbsbx.com | udp |
| GB | 104.77.160.221:443 | community.akamai.steamstatic.com | tcp |
| GB | 104.77.160.221:443 | community.akamai.steamstatic.com | tcp |
| GB | 104.77.160.221:443 | community.akamai.steamstatic.com | tcp |
| US | 8.8.8.8:53 | c.paypal.com | udp |
| US | 151.101.1.21:443 | c.paypal.com | tcp |
| US | 192.55.233.1:443 | tcp | |
| US | 192.55.233.1:443 | tcp | |
| US | 8.8.8.8:53 | b.stats.paypal.com | udp |
| US | 8.8.8.8:53 | t.paypal.com | udp |
| US | 64.4.245.84:443 | b.stats.paypal.com | tcp |
| US | 151.101.1.35:443 | t.paypal.com | tcp |
| US | 64.4.245.84:443 | b.stats.paypal.com | tcp |
| US | 151.101.1.35:443 | t.paypal.com | tcp |
| US | 8.8.8.8:53 | 21.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.245.4.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dub.stats.paypal.com | udp |
| US | 64.4.245.84:443 | dub.stats.paypal.com | tcp |
| US | 8.8.8.8:53 | sentry.io | udp |
| US | 35.186.247.156:443 | sentry.io | tcp |
| GB | 104.77.160.200:443 | store.akamai.steamstatic.com | tcp |
| GB | 104.77.160.200:443 | store.akamai.steamstatic.com | tcp |
| GB | 104.77.160.200:443 | store.akamai.steamstatic.com | tcp |
| US | 8.8.8.8:53 | 156.247.186.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | login.steampowered.com | udp |
| GB | 104.103.202.103:443 | login.steampowered.com | tcp |
| US | 8.8.8.8:53 | c6.paypal.com | udp |
| US | 151.101.1.35:443 | c6.paypal.com | tcp |
| GB | 13.224.81.88:443 | static-assets-prod.unrealengine.com | tcp |
| US | 8.8.8.8:53 | api.steampowered.com | udp |
| GB | 104.103.202.103:443 | api.steampowered.com | tcp |
| US | 8.8.8.8:53 | talon-website-prod.ecosec.on.epicgames.com | udp |
| US | 172.64.146.120:443 | talon-website-prod.ecosec.on.epicgames.com | tcp |
| US | 104.244.42.2:443 | api.twitter.com | tcp |
| US | 104.244.42.2:443 | api.twitter.com | tcp |
| US | 8.8.8.8:53 | talon-service-prod.ecosec.on.epicgames.com | udp |
| US | 172.64.146.120:443 | talon-service-prod.ecosec.on.epicgames.com | tcp |
| US | 8.8.8.8:53 | 120.146.64.172.in-addr.arpa | udp |
| US | 172.64.146.120:443 | talon-service-prod.ecosec.on.epicgames.com | tcp |
| US | 8.8.8.8:53 | js.hcaptcha.com | udp |
| US | 104.19.218.90:443 | js.hcaptcha.com | tcp |
| US | 8.8.8.8:53 | 90.218.19.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | newassets.hcaptcha.com | udp |
| US | 8.8.8.8:53 | api2.hcaptcha.com | udp |
| US | 8.8.8.8:53 | 86.23.85.13.in-addr.arpa | udp |
| US | 35.186.247.156:443 | sentry.io | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| RU | 81.19.131.34:80 | 81.19.131.34 | tcp |
| US | 8.8.8.8:53 | 34.131.19.81.in-addr.arpa | udp |
| RU | 185.172.128.19:80 | 185.172.128.19 | tcp |
| US | 8.8.8.8:53 | 217.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.128.172.185.in-addr.arpa | udp |
| MD | 176.123.7.190:32927 | tcp | |
| US | 8.8.8.8:53 | 190.7.123.176.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bda89b24-6cee-4005-a2e0-e3796a81a581.uuid.myfastupdate.org | udp |
| US | 8.8.8.8:53 | 110.201.58.216.in-addr.arpa | udp |
| FR | 216.58.201.110:443 | www.youtube.com | tcp |
| BE | 64.233.166.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | udp | |
| US | 172.67.212.188:443 | tcp | |
| US | 8.8.8.8:53 | udp | |
| RU | 212.193.52.24:80 | host-host-file8.com | tcp |
| US | 8.8.8.8:53 | 188.212.67.172.in-addr.arpa | udp |
| US | 52.111.227.13:443 | tcp | |
| RU | 212.193.52.24:80 | host-host-file8.com | tcp |
| RU | 212.193.52.24:80 | host-host-file8.com | tcp |
| RU | 212.193.52.24:80 | host-host-file8.com | tcp |
| US | 8.8.8.8:53 | edarululoom.com | udp |
| US | 172.67.167.33:443 | edarululoom.com | tcp |
| RU | 212.193.52.24:80 | host-host-file8.com | tcp |
| BG | 185.82.216.111:443 | tcp | |
| RU | 212.193.52.24:80 | host-host-file8.com | tcp |
| US | 8.8.8.8:53 | 33.167.67.172.in-addr.arpa | udp |
| RU | 212.193.52.24:80 | host-host-file8.com | tcp |
| US | 38.47.221.193:34368 | tcp | |
| US | 8.8.8.8:53 | brusuax.com | udp |
| MX | 187.211.38.89:80 | brusuax.com | tcp |
| US | 8.8.8.8:53 | castlesideopwas.pw | udp |
| US | 172.67.181.75:80 | castlesideopwas.pw | tcp |
| US | 8.8.8.8:53 | dayfarrichjwclik.fun | udp |
| US | 104.21.80.57:80 | dayfarrichjwclik.fun | tcp |
| US | 8.8.8.8:53 | neighborhoodfeelsa.fun | udp |
| US | 8.8.8.8:53 | 89.38.211.187.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.181.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.80.21.104.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\zk9KH26.exe
| MD5 | 813d7c15e474f2fa0b6da3cec21cfc56 |
| SHA1 | 5fda2bd9898f6d5b78f12cbedb5d4ff7e449e5f4 |
| SHA256 | 78cccdeaf186e95329c7d6ef33fa6c75a902fe1df6ad5a9660cf243da247ef9f |
| SHA512 | a90b6268d6a86edd3a33d7b06306bf338b6bf70c0c99dbd504e97fa5d209fd673b4e539cdae1a03c2553b011f797957c1bba2abb6a0bd2f742eaa16397fd66ee |
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1ex55EV6.exe
| MD5 | 49978c36dffc7e0286f937b85e5f2ac4 |
| SHA1 | 371d10434f075ed69940dfe06175b198034e2aeb |
| SHA256 | bc8980fadb03c98ebaa6d5ffbca1e02fc9127dd29fa1417a21b76e0c93e4d6cf |
| SHA512 | ad9b71a6ae4cba4d45b728c0cbcbb71dcaf5a7716550af608f65a96ed9b6cec6a77a0e552ddf4d78ef7389db229bfc84e86ae70b52557c7e42e541e279a2fe14 |
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1ex55EV6.exe
| MD5 | defde562d11f57c9b85a9ea63d234416 |
| SHA1 | 1b7a17a0690a9a3186cfd629829be920224bced9 |
| SHA256 | d8fa60e51344b48cfa43ca7b1e716d73b8f2e35b222621bda4f88bed73c2537b |
| SHA512 | b48fb8afe799a6c8eea668a13aae9ffde6641483fa33386164ad557850b55f7bdbc2489c9178ac57abece8e7feb76943b229a08f7d03d537f76af1c52f526bec |
C:\Users\Admin\AppData\Local\Temp\FANBooster131\FANBooster131.exe
| MD5 | e8098cd7dc45e5e2691c06dbffce0040 |
| SHA1 | f91a15b5cb59554d969be77b791dd0934a06e4b0 |
| SHA256 | 7d8c8f8c442a1ef4d0e15eb47aa7e2cad125b222f40275ce0a6463a9c481c615 |
| SHA512 | b699cb70fec1f9db0df8a2dc886e1e9ed345dc89e994c26873a8a08d50cb8813e5a001085a3d6133393d5937e01079a92325eca45d43d890de7fa19a2e7c7ee0 |
C:\Users\Admin\AppData\Local\Temp\grandUIAu7v6oFL12mJNP\information.txt
| MD5 | 739748b443c93c2582d5758fd1cdc7f0 |
| SHA1 | 44a0a7e9bd8929ca09caf7fd30719bcd7adfa29d |
| SHA256 | 2622867088b7a21599e69acb09e3c22c4dd14dbae58fb9e0d8d182b492f6146e |
| SHA512 | fdcd159e5b2aae88231d72c46a3ef23680d3ffc174132a088f9f3098a1ba3022d1d44eb6abaaf9b5676006a95af9ab8d268dedde433979c5d9c81aac95b8d838 |
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\4RE961hS.exe
| MD5 | 2bbb2b2526e88710349627e1d5b0d68f |
| SHA1 | f8ba0c75eadbaf87aeef86002d522ad842bfade1 |
| SHA256 | 79f029fe296877fe7d3d7bb2fadc5f62df8437915163ac637b1eb914d9143ad2 |
| SHA512 | 4548e5437200ca3998fa016a5ed3c9fc32aa5e0708347d570145f91560a0a0c11c94f12962dc5f1eee2889d453e905bab77131ad4698171fdbb88d87ebaf99ee |
memory/1036-92-0x0000000000400000-0x000000000040B000-memory.dmp
memory/3252-94-0x0000000004CF0000-0x0000000004D06000-memory.dmp
memory/1036-95-0x0000000000400000-0x000000000040B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6CQ2ui2.exe
| MD5 | bc29401ffa644c4361faaa05b1368725 |
| SHA1 | 6956f26b91ca666d4cd13b88ac4d2d3435f9b196 |
| SHA256 | 8c7fd26b40b7e2cbcd90ad1a358c937d9b7605e0cf2d06a692f48265de0dbd72 |
| SHA512 | b40011261e30389e1a3d63c21d0fd0035ec84221dadc5e07e31757324578083bd34f1e814d6a616418aaef20c10d0e19587613e6b5f9693c7e67ae84c2665490 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ae3f322db2ce5486f67f63ed1970430b |
| SHA1 | eebcc22e1f1f217e9f5078d0f02575cbb78bc731 |
| SHA256 | 296fd26e4db2fc68e1334ac6fc98cf92881c28cc2403a794b7062e8b4d7e5383 |
| SHA512 | 856ca2456edb93baf561026ed21a738f7319c4d300bf272ad7e78e56418593569997e14145e518a04ec4a44fe85421c2d69768dde400f86dff076f3630466b3d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 330c53ed8d8829bd4caf2c392a894f6b |
| SHA1 | dc4f3eea00d78949be4aded712fcbfe85e6b06a5 |
| SHA256 | bbca8b0343812fb9db9b3c59655a18772c7c40bc77f497b89067a82d5e4ce8a5 |
| SHA512 | 37674d84e4ea2079e8fe9bc45b0ea8fd93ffc8d206547835e4211046ad310ba3e5a397cf444b17a4322f9513cbd91bd92c0b106776b879cb0388ca9386ebd44d |
\??\pipe\LOCAL\crashpad_1016_EKXBKQARJESFABCH
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | aca56aeff40b02a573f0b8e2c873cc6c |
| SHA1 | ddd0c491cc69b54562a357b241008fa0621bbdaa |
| SHA256 | eb7d6f7f1a2b3e9f26c389adb502a1971deedf4718caa3cc083c74d0340a9ba2 |
| SHA512 | 9c6a123e44a774467ec1efe6e342178a8044bde7b9163dcfa5b60d9448dfe7060e4236734530089fb85b844e2631eb0b1436d63b492d0fc02e11db2c81c5cbd9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\65812af9-034b-40fb-b058-cef0bdcad878.tmp
| MD5 | 895647e364308798bf0c5e75f1b59a06 |
| SHA1 | 3121b1230d0d6f8496d03058cc2c38d966715d9b |
| SHA256 | 04f9a4e4e4c8d926d16734dc8f0a79e974a2f487862c73e4e8bb2e787e37a61c |
| SHA512 | 767416c59cefb526457856a83f2fb9fd390a0d2269a4ada5ea0618aafd1e390aa224752980129d9852858619c105074a8a8f18fb2955d83ed52681b449a1bef1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | d86d8be162a400581737c0d735a83ebf |
| SHA1 | ff2cbec1dfd18dbcda02844d73c557e600400164 |
| SHA256 | e95e1ce9e8c462f5ad440cf134d80011af6a254f9dc0ee79dbffddc6ecfe02c0 |
| SHA512 | 216704d03b10adaef89f16309f2225e5f6d675d71149052b0fb3d8ebdc6dfb7270b09c4de1eb2a908cf3017407bd7f8e5ec7b2a08d8667259beed535861a40ef |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 0c57fd3fee8f3b082e025b0dfd893186 |
| SHA1 | 6b7718f479d53c288022cad5c11a4015d6c4c699 |
| SHA256 | 9e7098b884624413ce2e1a28e872c079f5f949c537b1532c702187d1ed016f04 |
| SHA512 | 81a5a54f583cd825d8324ba28d719c15708de040ed0f1c17868a0b6ab2464f0da5678bf3afaec2f8522fda444ff83c9d89e56077661e90e27926ddd92cc244fd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 01f2357e071457e7d24be283c8577243 |
| SHA1 | 8ed778dd23aa5bf8feff14381e77e15148908c60 |
| SHA256 | 7e4f7b2094db136f248c08f065949cf991ef7a0a27dbd2b58134d82e08e61221 |
| SHA512 | 2617825073145f946314e5d5d24e87b5674f56d1b9b970891ac6bcaa5f3f17a49f3538f8cd92e9f1396b2c5c77858c2fc8ff13606c555303992a3c6904b4bb8e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002
| MD5 | 923a543cc619ea568f91b723d9fb1ef0 |
| SHA1 | 6f4ade25559645c741d7327c6e16521e43d7e1f9 |
| SHA256 | bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd |
| SHA512 | a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003
| MD5 | 7d75a9eb3b38b5dd04b8a7ce4f1b87cc |
| SHA1 | 68f598c84936c9720c5ffd6685294f5c94000dff |
| SHA256 | 6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7 |
| SHA512 | cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e
| MD5 | 909324d9c20060e3e73a7b5ff1f19dd8 |
| SHA1 | feea7790740db1e87419c8f5920859ea0234b76b |
| SHA256 | dfc749d2afefe484d9aa9f8f06d461ad104a0ca9b75b46abfaaddda64a5e9278 |
| SHA512 | b64d2dce1f9a185fbb8a32adc1ff402d8045d379600bf3f9154bbde18303610f18af9fce258442db1e621ecf10b77aafe99cffedfcbe2a1490056c50cc42d0f9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025
| MD5 | d55250dc737ef207ba326220fff903d1 |
| SHA1 | cbdc4af13a2ca8219d5c0b13d2c091a4234347c6 |
| SHA256 | d3e913618a52fe57ab4320e62a5ace58a699d6bce8187164e198abe3279726fd |
| SHA512 | 13adff61e2cfa25dc535eba9d63209b7e7e9bd29fc4d6c868b057df7f680aa66ef5783a0e82a8367185debf7f6fe5bae89adc0770daff5317d2e16db5ad3ab39 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030
| MD5 | b3ba9decc3bb52ed5cca8158e05928a9 |
| SHA1 | 19d045a3fbccbf788a29a4dba443d9ccf5a12fb0 |
| SHA256 | 8bd1b2afcbe2fa046b0937197f1b2f393ef821ff89331f99754b9006f0114df4 |
| SHA512 | 86a86d370e96fa29c0c1d12991c2287936b400830869ff7b5abe4de6f32db2df782b626d724496cd6de27f8cbd32101ba34cbcd4c650ef11afa26bc048d68529 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 0e2d6918877d8045995271d7ad6e1c3e |
| SHA1 | 046a7f8e15f16eece087a87a9cafecc0384a33e8 |
| SHA256 | f1009b7fbf891e28ff29bc81dad3b9fea8003ac64347cb84124d36eab5ac7b39 |
| SHA512 | b0c9fb25db7ac2e90c166f67a5cbfde40b063503929abcdceaab729dc2a69aabce739842cafa10f4c4db73074b25cfc7309b4a0f1f4dcd5180cd55a973259fb7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1f7c4777b14d1468a3b655f3d2d00d6f |
| SHA1 | c0990c757fafc7644faaecdc5102c0c58e83ac8a |
| SHA256 | a871c0ccbf7585e6b6e08ad45168449f9edcf92804a1f3874225fbb517321fca |
| SHA512 | 85853e0b2603f56a83c1e313fde937e66920d29456df83538fed1a547c508b4e87b1623c40cf60a41388f13985815ffc3452ad11fed88a6824ec5195c238d6d1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | 642c1320fd78c859c77e459a2ce6b373 |
| SHA1 | 9381494b4b82068a5ee6d144f93874c3c2e7a2ad |
| SHA256 | a83b29b24ebf01b390239fc578d820ff596c2be395f86bb6f1b0868fca3dbef9 |
| SHA512 | 891913c52311da6946a48c3034730b9e7c4c9ca1541fa477dadf8203b85ea4c8b7dd60b7c63eeea8b19716d71fc11777020a77a45270f2ab1e0109e2bc7ea083 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | b0569ef5e835c15cfb2e927ed66bb0e6 |
| SHA1 | aa9d7e4e602304112e30f3890a06d864017f3ca1 |
| SHA256 | e163f1e07f509a9b1b09939c4ce1fcd4bac740b58cfd4dab79a33f3b39eadb20 |
| SHA512 | cf9c774388d86a863c656bba98c34b12fc5f0b3063ba660d21716120c645f5d29fdef9e98c55a9b3540c5cd7dbf8c04852ecfabae1431f2d2d5be8aa7642109f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt
| MD5 | a06fbab767b9684664802be6ec7e2059 |
| SHA1 | 4f2ace35ea7c7f8e37b3aabe790ed00a19a7c967 |
| SHA256 | c3c4e3f7895bbd3349ec6a4ac42b888576b72f68a1122be10842d0a9ba2b3cff |
| SHA512 | 38c5ba8116b347c7d0a61d9244a6c9abb90b36dfcca53f6a7d8e0228491a70c936e948daaaa4c2a8c15e9d2571b70b3fd1270b0e8e66f874076a58f217d892f9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | ce80998a8e70dd0518e6f7b0740b1372 |
| SHA1 | d2d719b057ec4769d8a355d186347f9cad76c7a4 |
| SHA256 | 0d22979111b0b55d1731546aa7b5ec9c3a7ee89e40d02d90fb0849fa93cb1916 |
| SHA512 | b91d02593cd64339b554c6142b88979345de6b025c1b1fbf572f22ea2acb5c847a90d6b0f4ce5696a461cd9281b50370de1ab9ca84f7c95f4b03b15957769809 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | f1d534b49d9ab4157d39dbf4915e9f44 |
| SHA1 | d7d6e664793603edbec8accedebd964f638dae15 |
| SHA256 | 339ccfdb3f3eac799af5115f2a591a0191e766da5b08fcbd5e75e269bc04002c |
| SHA512 | d79c892e19e072adf63a2926a80daebd71b7f4f9614845131465e495657b34f1282e77a4733e45e96a35243d07b54c77a165a5ca2c27027b0b62f0cd57c3e4d5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | efa7b84df20b07cb81d82080052e76c9 |
| SHA1 | fe9fe2de6e61e5157d37bb4a3418397301af7172 |
| SHA256 | 8b02ab28ee738647ccc93c47e607c2993eeb859497984219f51edcd6b4e72591 |
| SHA512 | 39ee7e2fc0cdf24205cf80f54a22f663c1febf571657229822c05ccad1db86c76941b61f368411e35667c69d82cf782d288a24ed575cef05118407dd404bc337 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ceaa.TMP
| MD5 | 4a1c279d5e32ea3f8654136edd14f1dd |
| SHA1 | f50374234a53d8793d708c95ccb1cd02f771f3d2 |
| SHA256 | 67f429447eef503b927aafe7597694e090eb48032c6650b7be8bf6b072f6cf68 |
| SHA512 | 001b4e6b5f29277e2218cb087c15948739c3c178e75f9b39df4a4476ffd15377ca98f40e63869dece718746efd70ea6a258ff2ac2eb3923078eccfdb9855e8e0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 321ed9713a2c5a22e83a39f353bdedea |
| SHA1 | 02b8ef6f4d674b04e8a64e4702244e3fe0e9c975 |
| SHA256 | 1df9e0cabe107a1d8e7a52d927b90fadc63037e81c4808966d53275bfce957b6 |
| SHA512 | 4f6b9f181bf3a58e7776c8831178e473200b7b60ce1bafea47c25ee462d174fec519fc453615780fd443cb1727572480a16757aa4ae19cb072c52f514386b3c5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | f30b35efcbcf09096ed73d2d7427a95e |
| SHA1 | a025dc514df7e93f55b785364ed038ac2debe5d0 |
| SHA256 | 9f9c8a32ba9c46a690ae3a0eab8d3dc3be496f57b01029dfc979a999d4f9246b |
| SHA512 | 748192f050a16046937729466f3acfbfa35ca269c0dceb7280f9e56b790a5c3a7bebb0a2eb12aed114f5d0fb2991ef2fb066968252806d27def083e3666ae0f7 |
memory/8928-2000-0x0000000074ED0000-0x0000000075680000-memory.dmp
memory/8928-2001-0x0000000000AD0000-0x0000000001F86000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\InstallSetup9.exe
| MD5 | 32ad1d195dc5bf377f714c1330ac7b03 |
| SHA1 | 80b8edd26b107e694f0f7d65f8501c227f62ae54 |
| SHA256 | 9a16c04d5dad18c89f958f775bf51ec742e858957cef934af8e352197e2ab3a4 |
| SHA512 | 794c62ca2dfd3e75fcd64a74fca8c950ca8d8828731499cb8ff0f8b41036597676548fe75b961e364302622bae3c45c0a03a5a7f4e037be9530257d99ea1f639 |
C:\Users\Admin\AppData\Local\Temp\toolspub2.exe
| MD5 | cde750f39f58f1ec80ef41ce2f4f1db9 |
| SHA1 | 942ea40349b0e5af7583fd34f4d913398a9c3b96 |
| SHA256 | 0a434be25f55f27ce0adbdfb08efeac1da01125b3e9194a94669bc7e9c6fe094 |
| SHA512 | c181faacbef70f8a91606943470af50cfd443958c48601051371ff5d9bf66bb9ec794571b05a347a7f5776f06484dc007f535591d2f5e1c57e3c0ee04f3e9580 |
C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe
| MD5 | 97857b682fbd25572567923a48cb7de0 |
| SHA1 | a681efe0d020e02a331f4fcb658ae2741490299e |
| SHA256 | f1e1f51815b26f458fb494039c83cc3aab432d196783007df8ead21e98d6cd49 |
| SHA512 | 4db956e0395e1380dd61ea00b691ad29c27bf1dde01b11841efc5afb6ffdeca5f947fdd8afb77b1c1153ec194f377cd19ff807e7927fd715b8868ceaad8414c1 |
memory/9116-2025-0x0000000000B50000-0x0000000000B51000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\tuc3.exe
| MD5 | 83138bcea53e80f99fce2ccd596fc765 |
| SHA1 | f4402f0f47d463ed80aad2e4f2ccd04a40c5216c |
| SHA256 | 26eabb8069642cd796212952ec0ac2eff79263127edaac0a426cc190534a1997 |
| SHA512 | fb8478d2741c3d711925200e234ddbcf31fac041427f71ae85aba7a394159484cc57e23a23af400569dd28c63dd7612f0fc464228825b372874051af742b905e |
memory/5512-2035-0x0000000000400000-0x0000000000414000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\latestX.exe
| MD5 | 0a37a3a90cfb91616e691e0fc43c6935 |
| SHA1 | 8856cde21bfa020f66f2ab88488e654e3bf55b67 |
| SHA256 | 847e87ea60f29c92315b23ee001343aa369f161ab515ad0156b7614e00da0400 |
| SHA512 | 84b1b2974c6d0e7c85d04c646bb329ee80aae13db6d6a6e12054459772a090bc128c70a3e2fd1f5675a9f8d1490677c93c00740b4eb3f61ff4d269a6d8c823fb |
memory/5044-2049-0x0000000074ED0000-0x0000000075680000-memory.dmp
memory/5044-2048-0x0000000000910000-0x000000000094C000-memory.dmp
memory/8928-2050-0x0000000074ED0000-0x0000000075680000-memory.dmp
memory/4240-2054-0x0000000000530000-0x0000000000531000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 5ad428bd2543bc2c66337369861f7172 |
| SHA1 | 1160d607c037dd73cd8ea593d6e6059528702aec |
| SHA256 | 321d3515f6e830159c295726a65ae2169a4e2c4476b891c155051a97509ed346 |
| SHA512 | 5a0fad96b127d67c7d476afc5fe61bcd29eb067a5272d5b95e058728da833a217ecfd2eee74e5cfc72350e232befea5989c14866cfa98e22e944b639bf4d49a3 |
memory/5044-2151-0x0000000007B90000-0x0000000008134000-memory.dmp
memory/5044-2167-0x00000000076C0000-0x0000000007752000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | c7860d115c58073999774e32c14a0723 |
| SHA1 | 07dae2aa2c588a6a26cde271ccb2049a2b327ad2 |
| SHA256 | 1a757a5b2f761f72dd5891d1b6fc3e1beb17fc4a5c02b2dd0a7be1f9f8cb4fb1 |
| SHA512 | 01be774098d246ef2196b02f263c8d0764f883c4f1db183444e297f137e982353fcb1d7fdfa8ec38a38601b291ea62c7d0f757a9c57e8e909369cdcb51d7eabd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5807cb.TMP
| MD5 | 75ce5091d359c4edcd9eed9b42f34f12 |
| SHA1 | 86d16e4e1b8e83811023b536f9ea02c6e4a20e40 |
| SHA256 | 8c73bbe81ce0c0738093e37dba8728df62ef73fd0bc482e48aac4e5c119ce0f9 |
| SHA512 | b3359e9ac01e46e0614069dac33e9f4ea3a78aa329af886b1094ea7105a9139ff59ee4ab608259a1bebf3b14b86d434c639ad929e53aab8088871905f380a768 |
memory/5044-2201-0x0000000007920000-0x0000000007930000-memory.dmp
memory/5044-2204-0x0000000004B30000-0x0000000004B3A000-memory.dmp
memory/5044-2211-0x0000000008760000-0x0000000008D78000-memory.dmp
memory/7572-2212-0x0000000000400000-0x0000000000785000-memory.dmp
memory/5044-2213-0x0000000008140000-0x000000000824A000-memory.dmp
memory/7572-2209-0x0000000000400000-0x0000000000785000-memory.dmp
memory/5044-2217-0x00000000078C0000-0x000000000790C000-memory.dmp
memory/5044-2215-0x0000000007930000-0x000000000796C000-memory.dmp
memory/5044-2214-0x0000000007890000-0x00000000078A2000-memory.dmp
memory/7628-2218-0x0000000000400000-0x0000000000785000-memory.dmp
memory/7628-2220-0x0000000000400000-0x0000000000785000-memory.dmp
memory/9116-2224-0x0000000000B50000-0x0000000000B51000-memory.dmp
memory/9152-2223-0x0000000002B40000-0x0000000002F3B000-memory.dmp
memory/9152-2225-0x0000000002F40000-0x000000000382B000-memory.dmp
memory/9152-2226-0x0000000000400000-0x0000000000D1C000-memory.dmp
memory/5512-2227-0x0000000000400000-0x0000000000414000-memory.dmp
memory/5044-2228-0x0000000074ED0000-0x0000000075680000-memory.dmp
memory/4240-2232-0x0000000000530000-0x0000000000531000-memory.dmp
memory/7824-2233-0x0000000000400000-0x0000000000409000-memory.dmp
memory/7824-2231-0x0000000000400000-0x0000000000409000-memory.dmp
memory/9072-2229-0x0000000000A70000-0x0000000000B70000-memory.dmp
memory/5044-2234-0x0000000007920000-0x0000000007930000-memory.dmp
memory/9072-2230-0x0000000000A40000-0x0000000000A49000-memory.dmp
memory/7916-2235-0x0000000002460000-0x0000000002496000-memory.dmp
memory/7916-2236-0x0000000074ED0000-0x0000000075680000-memory.dmp
memory/7916-2239-0x0000000002450000-0x0000000002460000-memory.dmp
memory/7916-2240-0x0000000004D90000-0x0000000004DB2000-memory.dmp
memory/7916-2238-0x0000000005010000-0x0000000005638000-memory.dmp
memory/7916-2241-0x00000000056B0000-0x0000000005716000-memory.dmp
memory/7916-2242-0x0000000005720000-0x0000000005786000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_an15jahy.5tp.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/7916-2237-0x0000000002450000-0x0000000002460000-memory.dmp
memory/7916-2252-0x0000000005A00000-0x0000000005D54000-memory.dmp
memory/7916-2253-0x0000000005D80000-0x0000000005D9E000-memory.dmp
memory/7916-2254-0x00000000062C0000-0x0000000006304000-memory.dmp
memory/7916-2255-0x0000000007090000-0x0000000007106000-memory.dmp
memory/7916-2256-0x0000000007790000-0x0000000007E0A000-memory.dmp
memory/7916-2257-0x0000000007130000-0x000000000714A000-memory.dmp
memory/7916-2258-0x00000000072F0000-0x0000000007322000-memory.dmp
memory/7916-2260-0x0000000071AB0000-0x0000000071AFC000-memory.dmp
memory/7916-2262-0x000000006CEE0000-0x000000006D234000-memory.dmp
memory/7916-2261-0x000000007FB00000-0x000000007FB10000-memory.dmp
memory/7916-2272-0x0000000007330000-0x000000000734E000-memory.dmp
memory/9152-2275-0x0000000002B40000-0x0000000002F3B000-memory.dmp
memory/7916-2276-0x0000000002450000-0x0000000002460000-memory.dmp
memory/7916-2277-0x0000000007440000-0x000000000744A000-memory.dmp
memory/7916-2274-0x0000000007350000-0x00000000073F3000-memory.dmp
memory/7628-2273-0x0000000000400000-0x0000000000785000-memory.dmp
memory/7916-2278-0x0000000007500000-0x0000000007596000-memory.dmp
memory/7628-2259-0x0000000000400000-0x0000000000785000-memory.dmp
memory/7916-2279-0x0000000007460000-0x0000000007471000-memory.dmp
memory/7916-2280-0x00000000074A0000-0x00000000074AE000-memory.dmp
memory/7916-2281-0x00000000074B0000-0x00000000074C4000-memory.dmp
memory/7916-2282-0x00000000075A0000-0x00000000075BA000-memory.dmp
memory/7916-2283-0x00000000074E0000-0x00000000074E8000-memory.dmp
memory/3252-2287-0x0000000003490000-0x00000000034A6000-memory.dmp
memory/7824-2291-0x0000000000400000-0x0000000000409000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 28675fc273a1ba1138da532fd8e3f8dd |
| SHA1 | 109adb6a824b96c10ee8567c9f74d2dc5546febc |
| SHA256 | 5887a9261c1fb6dfbd6907331444d90870f7617d6c991426af3f40d1e0ae0cae |
| SHA512 | bf29574eecc565a22628c4082e6dc95f0bbef8e859bbaf99d59717441706f1a887eb415006593868fa69e2586cd38096fb54d795d50f2e3ea387c2e1c23628a5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\aa96b87e-2741-4638-83a7-ca2a9a55514f\index-dir\temp-index
| MD5 | b80af6dd8eff064a950c2097bd15a645 |
| SHA1 | aa587c43c46fc07667dfbcfaa5ab0d3a5fb739f0 |
| SHA256 | 363579770864d5148db9ce3cf53c9966c70a766dd081988e26062fb6ae1502c3 |
| SHA512 | c6f16100c4b553f2436ef8a3c23dffde6547b79747947a699132ed8667e39fb923d5b03c64f287b96f50d8e8deb900f746c829a9da57cc37e59894371bb966ee |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt
| MD5 | f1031c89767c42c13f0af3c693d15b10 |
| SHA1 | 0ec35dd3231da77a9ab69e48317237a005ab57c7 |
| SHA256 | eacbb4c0e15593d5fcaa00f7c850e4c9570b64abe4a6cda5fe32c86236569901 |
| SHA512 | f903d8c40d4ae66bdcf80b96be08609e11e6821043baf4993a33c5018882ecc04da0cebac161445ef8b1af3ce9baea7e866f660f0efdc806201661427ed99bf0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\aa96b87e-2741-4638-83a7-ca2a9a55514f\index-dir\the-real-index~RFe583cd5.TMP
| MD5 | 268161c7969442c90b07990aedcd90dc |
| SHA1 | 7216f58431d423387f8ca08b5f3ee9de26a33148 |
| SHA256 | e3fd91500e8163b177741b5e081c82a65ae21f0189f817935c739ccd76059ac1 |
| SHA512 | 0c70e8bec412761d7881e5eaff1094fb405dd0e392666138a13076a55f9d92a08a96bee0779fb484a4c47bca2cea396d460a0a1f827118c47c3973e6cca79a50 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 1c5bf7963740954166861ee78d170702 |
| SHA1 | 92814988e9b4347bd59782621aa084f0c644c785 |
| SHA256 | 6deb3e3aee670048ecd25b0f840b983ac00199216e4b0c859794ef215d10d587 |
| SHA512 | efd8079539fcdd99f2670c3ee864aa441e8cce2267b8210364baa2d96986b45347c032a05d95e013f16e9b9846e6fe5bfb72ce6e9dbb7212b7b589c6e566c243 |
memory/8328-2438-0x0000000000400000-0x0000000000D1C000-memory.dmp
memory/5952-2578-0x00007FF7FCBA0000-0x00007FF7FD141000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | f3400ee1c3910207cc1ef833475732cd |
| SHA1 | 7c90f994b0bb2fbb0a887bc2e50eebf0e3ec687a |
| SHA256 | 15caae1fd429b145a36698a02acfe58b91fe48f3fd79afab723e6bc48a5b2070 |
| SHA512 | 24b06e39bcc7eb6e3f409c10f4a0fe6235d1850b71684e50587742fd56c4324f7556f77e4a8947af97b186657eefc0048b23e63d42932c02d52310df4bddb638 |
memory/6648-2613-0x0000000000400000-0x00000000008DF000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | da600f8df20f0c7bba7a18688a2b2b21 |
| SHA1 | 1a88e3c096b9156b2956079e36c111311c2cdfda |
| SHA256 | 1a8aa47c24cfc960fb059e584b778585af660c988e950f13f9806ab55197cd7e |
| SHA512 | 9802ec07234d0389e4d7d4adf17145a8391b68557e793051af7193a42d412fc4631868e43fdb7b147c9689028a49e82adfd9ab53423993fcbfbc620ce6a7040f |
C:\Users\Admin\AppData\Local\Temp\9B36.bat
| MD5 | 55cc761bf3429324e5a0095cab002113 |
| SHA1 | 2cc1ef4542a4e92d4158ab3978425d517fafd16d |
| SHA256 | d6cceb3c71b80403364bf142f2fa4624ee0be36a49bac25ed45a497cf1ce9c3a |
| SHA512 | 33f9f5cad22d291077787c7df510806e4ac31f453d288712595af6debe579fabed6cdf4662e46e6fa94de135b161e739f55cfae05c36c87af85ed6a6ad1c9155 |
memory/6688-2650-0x0000000000400000-0x000000000047E000-memory.dmp
memory/6688-2652-0x0000000000400000-0x000000000047E000-memory.dmp
memory/6688-2653-0x0000000000400000-0x000000000047E000-memory.dmp