Analysis Overview
SHA256
4b2567e126deaae728bb8f7410acf809d452cb288556d6386761ed6bd0ab7092
Threat Level: Known bad
The file 4b2567e126deaae728bb8f7410acf809d452cb288556d6386761ed6bd0ab7092 was found to be: Known bad.
Malicious Activity Summary
SmokeLoader
Glupteba payload
PrivateLoader
RedLine
ZGRat
RisePro
Glupteba
RedLine payload
Detect ZGRat V1
Downloads MZ/PE file
Reads user/profile data of web browsers
Reads user/profile data of local email clients
Executes dropped EXE
Drops startup file
Checks installed software on the system
Accesses Microsoft Outlook profiles
Looks up external IP address via web service
Adds Run key to start application
Detected potential entity reuse from brand paypal.
AutoIT Executable
Drops file in System32 directory
Program crash
Unsigned PE
Enumerates physical storage devices
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious behavior: MapViewOfSection
Runs net.exe
Suspicious use of AdjustPrivilegeToken
outlook_win_path
Checks processor information in registry
Checks SCSI registry key(s)
Creates scheduled task(s)
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
outlook_office_path
Suspicious use of FindShellTrayWindow
Enumerates system info in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2023-12-11 20:41
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2023-12-11 20:41
Reported
2023-12-11 20:43
Platform
win10v2004-20231127-en
Max time kernel
102s
Max time network
149s
Command Line
Signatures
Detect ZGRat V1
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Glupteba
Glupteba payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
PrivateLoader
RedLine
RedLine payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
RisePro
SmokeLoader
ZGRat
Downloads MZ/PE file
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FANBooster131.lnk | C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1Pl00IA3.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\vM6GX94.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\HN6RX08.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1Pl00IA3.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3KP02BR.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\4UE472pj.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6yQ7rz3.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\438C.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\EA7B.exe | N/A |
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Accesses Microsoft Outlook profiles
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-3455265224-196869244-2056873367-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1Pl00IA3.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-3455265224-196869244-2056873367-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1Pl00IA3.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-3455265224-196869244-2056873367-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1Pl00IA3.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\vM6GX94.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup2 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP002.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\HN6RX08.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3455265224-196869244-2056873367-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MaxLoonaFest131 = "C:\\Users\\Admin\\AppData\\Local\\MaxLoonaFest131\\MaxLoonaFest131.exe" | C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1Pl00IA3.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\4b2567e126deaae728bb8f7410acf809d452cb288556d6386761ed6bd0ab7092.exe | N/A |
Checks installed software on the system
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
AutoIT Executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Detected potential entity reuse from brand paypal.
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SysWOW64\GroupPolicy\gpt.ini | C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1Pl00IA3.exe | N/A |
| File created | C:\Windows\System32\GroupPolicy\Machine\Registry.pol | C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1Pl00IA3.exe | N/A |
| File opened for modification | C:\Windows\System32\GroupPolicy\GPT.INI | C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1Pl00IA3.exe | N/A |
| File opened for modification | C:\Windows\System32\GroupPolicy | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\4UE472pj.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\GroupPolicy\gpt.ini | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\4UE472pj.exe | N/A |
| File opened for modification | C:\Windows\System32\GroupPolicy\Machine\Registry.pol | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\4UE472pj.exe | N/A |
| File opened for modification | C:\Windows\System32\GroupPolicy\GPT.INI | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\4UE472pj.exe | N/A |
| File opened for modification | C:\Windows\System32\GroupPolicy | C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1Pl00IA3.exe | N/A |
Enumerates physical storage devices
Program crash
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3KP02BR.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3KP02BR.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3KP02BR.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1Pl00IA3.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1Pl00IA3.exe | N/A |
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Runs net.exe
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1Pl00IA3.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1Pl00IA3.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3KP02BR.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3KP02BR.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: MapViewOfSection
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3KP02BR.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
outlook_office_path
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-3455265224-196869244-2056873367-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1Pl00IA3.exe | N/A |
outlook_win_path
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-3455265224-196869244-2056873367-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1Pl00IA3.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\4b2567e126deaae728bb8f7410acf809d452cb288556d6386761ed6bd0ab7092.exe
"C:\Users\Admin\AppData\Local\Temp\4b2567e126deaae728bb8f7410acf809d452cb288556d6386761ed6bd0ab7092.exe"
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\vM6GX94.exe
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\vM6GX94.exe
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\HN6RX08.exe
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\HN6RX08.exe
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1Pl00IA3.exe
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1Pl00IA3.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s fhsvc
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -s WPDBusEnum
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /f /RU "Admin" /tr "C:\ProgramData\OfficeTrackerNMP131\OfficeTrackerNMP131.exe" /tn "OfficeTrackerNMP131 HR" /sc HOURLY /rl HIGHEST
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /f /RU "Admin" /tr "C:\ProgramData\OfficeTrackerNMP131\OfficeTrackerNMP131.exe" /tn "OfficeTrackerNMP131 LG" /sc ONLOGON /rl HIGHEST
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 3900 -ip 3900
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3900 -s 1764
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 3900 -ip 3900
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3900 -s 1648
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 3900 -ip 3900
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3900 -s 1784
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3KP02BR.exe
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3KP02BR.exe
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\4UE472pj.exe
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\4UE472pj.exe
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6yQ7rz3.exe
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6yQ7rz3.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x148,0x174,0x7ffbcfad46f8,0x7ffbcfad4708,0x7ffbcfad4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffbcfad46f8,0x7ffbcfad4708,0x7ffbcfad4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x178,0x17c,0x180,0x154,0x184,0x7ffbcfad46f8,0x7ffbcfad4708,0x7ffbcfad4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffbcfad46f8,0x7ffbcfad4708,0x7ffbcfad4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffbcfad46f8,0x7ffbcfad4708,0x7ffbcfad4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffbcfad46f8,0x7ffbcfad4708,0x7ffbcfad4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffbcfad46f8,0x7ffbcfad4708,0x7ffbcfad4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffbcfad46f8,0x7ffbcfad4708,0x7ffbcfad4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1468,13963853540128500629,2371164633235449847,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2640 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1468,13963853540128500629,2371164633235449847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1468,13963853540128500629,2371164633235449847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1480,8613278051019126857,10887450588934170071,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1480,8613278051019126857,10887450588934170071,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,10376579496793643516,4121941524612681640,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,10376579496793643516,4121941524612681640,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1468,13963853540128500629,2371164633235449847,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2632 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1468,13963853540128500629,2371164633235449847,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2432 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,5865719417677972598,8491361404126525722,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,5865719417677972598,8491361404126525722,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,13957387568850513345,16499738654839327407,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,13957387568850513345,16499738654839327407,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1468,13963853540128500629,2371164633235449847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3868 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1468,13963853540128500629,2371164633235449847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2628 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffbcfad46f8,0x7ffbcfad4708,0x7ffbcfad4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1552,16974284212282246721,11035974039180240128,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2100 /prefetch:3
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1468,13963853540128500629,2371164633235449847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4240 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1468,13963853540128500629,2371164633235449847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4436 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,16568065484316256290,9674892850859786866,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1468,13963853540128500629,2371164633235449847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4592 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffbcfad46f8,0x7ffbcfad4708,0x7ffbcfad4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1468,13963853540128500629,2371164633235449847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1468,13963853540128500629,2371164633235449847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1468,13963853540128500629,2371164633235449847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1468,13963853540128500629,2371164633235449847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1468,13963853540128500629,2371164633235449847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6560 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1468,13963853540128500629,2371164633235449847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6416 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1468,13963853540128500629,2371164633235449847,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4264 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1468,13963853540128500629,2371164633235449847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4288 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1468,13963853540128500629,2371164633235449847,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7464 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1468,13963853540128500629,2371164633235449847,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7464 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1468,13963853540128500629,2371164633235449847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7664 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1468,13963853540128500629,2371164633235449847,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7652 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1468,13963853540128500629,2371164633235449847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6788 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\438C.exe
C:\Users\Admin\AppData\Local\Temp\438C.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1468,13963853540128500629,2371164633235449847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7712 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\EA7B.exe
C:\Users\Admin\AppData\Local\Temp\EA7B.exe
C:\Users\Admin\AppData\Local\Temp\InstallSetup9.exe
"C:\Users\Admin\AppData\Local\Temp\InstallSetup9.exe"
C:\Users\Admin\AppData\Local\Temp\toolspub2.exe
"C:\Users\Admin\AppData\Local\Temp\toolspub2.exe"
C:\Users\Admin\AppData\Local\Temp\Broom.exe
C:\Users\Admin\AppData\Local\Temp\Broom.exe
C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe
"C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe"
C:\Users\Admin\AppData\Local\Temp\tuc3.exe
"C:\Users\Admin\AppData\Local\Temp\tuc3.exe"
C:\Users\Admin\AppData\Local\Temp\is-F7R1N.tmp\tuc3.tmp
"C:\Users\Admin\AppData\Local\Temp\is-F7R1N.tmp\tuc3.tmp" /SL5="$60200,8423542,54272,C:\Users\Admin\AppData\Local\Temp\tuc3.exe"
C:\Users\Admin\AppData\Local\Temp\latestX.exe
"C:\Users\Admin\AppData\Local\Temp\latestX.exe"
C:\Program Files (x86)\xrecode3\xrecode3.exe
"C:\Program Files (x86)\xrecode3\xrecode3.exe" -i
C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\system32\schtasks.exe" /Query
C:\Program Files (x86)\xrecode3\xrecode3.exe
"C:\Program Files (x86)\xrecode3\xrecode3.exe" -s
C:\Windows\SysWOW64\net.exe
"C:\Windows\system32\net.exe" helpmsg 1
C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 helpmsg 1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1468,13963853540128500629,2371164633235449847,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4932 /prefetch:8
C:\Users\Admin\AppData\Local\Temp\toolspub2.exe
"C:\Users\Admin\AppData\Local\Temp\toolspub2.exe"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Users\Admin\AppData\Local\Temp\34E3.exe
C:\Users\Admin\AppData\Local\Temp\34E3.exe
C:\Users\Admin\AppData\Local\Temp\3A05.exe
C:\Users\Admin\AppData\Local\Temp\3A05.exe
Network
| Country | Destination | Domain | Proto |
| NL | 8.238.23.119:80 | tcp | |
| US | 8.8.8.8:53 | 59.128.231.4.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.159.190.20.in-addr.arpa | udp |
| US | 193.233.132.51:50500 | tcp | |
| US | 8.8.8.8:53 | ipinfo.io | udp |
| US | 34.117.59.81:443 | ipinfo.io | tcp |
| US | 8.8.8.8:53 | 180.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.132.233.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.59.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.53.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 167.109.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.136.104.51.in-addr.arpa | udp |
| US | 193.233.132.51:50500 | tcp | |
| US | 8.8.8.8:53 | ipinfo.io | udp |
| US | 34.117.59.81:443 | ipinfo.io | tcp |
| US | 8.8.8.8:53 | 146.78.124.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | store.steampowered.com | udp |
| BE | 64.233.166.84:443 | accounts.google.com | tcp |
| IE | 163.70.147.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | twitter.com | udp |
| US | 8.8.8.8:53 | www.paypal.com | udp |
| US | 92.123.241.50:443 | store.steampowered.com | tcp |
| US | 104.244.42.193:443 | twitter.com | tcp |
| US | 151.101.1.21:443 | www.paypal.com | tcp |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| US | 8.8.8.8:53 | www.epicgames.com | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 23.214.154.77:443 | steamcommunity.com | tcp |
| US | 44.196.86.250:443 | www.epicgames.com | tcp |
| FR | 216.58.201.110:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | 35.147.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.166.233.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.241.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.154.214.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 250.86.196.44.in-addr.arpa | udp |
| BE | 64.233.166.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 110.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.10.230.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 182.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | community.akamai.steamstatic.com | udp |
| GB | 104.77.160.220:443 | community.akamai.steamstatic.com | tcp |
| GB | 104.77.160.220:443 | community.akamai.steamstatic.com | tcp |
| GB | 104.77.160.220:443 | community.akamai.steamstatic.com | tcp |
| US | 8.8.8.8:53 | api.x.com | udp |
| US | 8.8.8.8:53 | api.twitter.com | udp |
| US | 8.8.8.8:53 | abs.twimg.com | udp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 104.244.42.194:443 | api.twitter.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 8.8.8.8:53 | t.co | udp |
| US | 8.8.8.8:53 | video.twimg.com | udp |
| US | 104.18.37.14:443 | api.x.com | tcp |
| US | 8.8.8.8:53 | pbs.twimg.com | udp |
| US | 192.229.220.133:443 | video.twimg.com | tcp |
| US | 192.229.233.50:443 | pbs.twimg.com | tcp |
| US | 104.244.42.5:443 | t.co | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 8.8.8.8:53 | 35.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 220.160.77.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 141.21.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.37.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.220.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.233.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 216.58.204.68:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | tracking.epicgames.com | udp |
| US | 8.8.8.8:53 | static-assets-prod.unrealengine.com | udp |
| US | 52.203.233.59:443 | tracking.epicgames.com | tcp |
| GB | 13.224.81.88:443 | static-assets-prod.unrealengine.com | tcp |
| GB | 13.224.81.88:443 | static-assets-prod.unrealengine.com | tcp |
| US | 8.8.8.8:53 | static.ads-twitter.com | udp |
| GB | 199.232.56.157:443 | static.ads-twitter.com | tcp |
| FR | 216.58.201.110:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | 68.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.81.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.233.203.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.56.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 172.217.169.22:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | 22.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | store.akamai.steamstatic.com | udp |
| US | 8.8.8.8:53 | www.paypalobjects.com | udp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| GB | 104.77.160.200:443 | store.akamai.steamstatic.com | tcp |
| GB | 104.77.160.200:443 | store.akamai.steamstatic.com | tcp |
| GB | 104.77.160.200:443 | store.akamai.steamstatic.com | tcp |
| US | 8.8.8.8:53 | 25.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.160.77.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static.xx.fbcdn.net | udp |
| IE | 163.70.147.23:443 | static.xx.fbcdn.net | tcp |
| IE | 163.70.147.23:443 | static.xx.fbcdn.net | tcp |
| IE | 163.70.147.23:443 | static.xx.fbcdn.net | tcp |
| US | 8.8.8.8:53 | 23.147.70.163.in-addr.arpa | udp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 8.8.8.8:53 | facebook.com | udp |
| US | 8.8.8.8:53 | fbcdn.net | udp |
| IE | 163.70.147.35:443 | fbcdn.net | tcp |
| RU | 81.19.131.34:80 | 81.19.131.34 | tcp |
| US | 8.8.8.8:53 | www.recaptcha.net | udp |
| GB | 142.250.200.3:443 | www.recaptcha.net | tcp |
| US | 8.8.8.8:53 | fbsbx.com | udp |
| GB | 142.250.200.3:443 | www.recaptcha.net | tcp |
| RU | 185.172.128.19:80 | 185.172.128.19 | tcp |
| US | 8.8.8.8:53 | 34.131.19.81.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | tcp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 238.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.128.172.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | c.paypal.com | udp |
| GB | 104.77.160.220:443 | store.akamai.steamstatic.com | tcp |
| GB | 104.77.160.220:443 | store.akamai.steamstatic.com | tcp |
| GB | 104.77.160.220:443 | store.akamai.steamstatic.com | tcp |
| GB | 142.250.200.3:443 | www.recaptcha.net | udp |
| US | 192.55.233.1:443 | tcp | |
| US | 192.55.233.1:443 | tcp | |
| US | 8.8.8.8:53 | b.stats.paypal.com | udp |
| US | 64.4.245.84:443 | b.stats.paypal.com | tcp |
| US | 8.8.8.8:53 | t.paypal.com | udp |
| US | 151.101.1.35:443 | t.paypal.com | tcp |
| US | 8.8.8.8:53 | 84.245.4.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dub.stats.paypal.com | udp |
| US | 64.4.245.84:443 | dub.stats.paypal.com | tcp |
| US | 64.4.245.84:443 | dub.stats.paypal.com | tcp |
| FR | 216.58.204.68:443 | www.google.com | udp |
| US | 8.8.8.8:53 | sentry.io | udp |
| US | 8.8.8.8:53 | login.steampowered.com | udp |
| GB | 23.214.154.77:443 | login.steampowered.com | tcp |
| US | 35.186.247.156:443 | sentry.io | tcp |
| US | 8.8.8.8:53 | c6.paypal.com | udp |
| US | 151.101.1.35:443 | c6.paypal.com | tcp |
| GB | 104.77.160.200:443 | store.akamai.steamstatic.com | tcp |
| GB | 104.77.160.200:443 | store.akamai.steamstatic.com | tcp |
| GB | 104.77.160.200:443 | store.akamai.steamstatic.com | tcp |
| US | 8.8.8.8:53 | 156.247.186.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.steampowered.com | udp |
| GB | 23.214.154.77:443 | api.steampowered.com | tcp |
| GB | 13.224.81.88:443 | static-assets-prod.unrealengine.com | tcp |
| US | 104.244.42.194:443 | api.twitter.com | tcp |
| US | 8.8.8.8:53 | 178.178.17.96.in-addr.arpa | udp |
| US | 35.186.247.156:443 | sentry.io | udp |
| US | 8.8.8.8:53 | talon-website-prod.ecosec.on.epicgames.com | udp |
| US | 172.64.146.120:443 | talon-website-prod.ecosec.on.epicgames.com | tcp |
| US | 8.8.8.8:53 | 120.146.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | talon-service-prod.ecosec.on.epicgames.com | udp |
| US | 172.64.146.120:443 | talon-service-prod.ecosec.on.epicgames.com | tcp |
| US | 172.64.146.120:443 | talon-service-prod.ecosec.on.epicgames.com | tcp |
| US | 8.8.8.8:53 | js.hcaptcha.com | udp |
| US | 104.19.219.90:443 | js.hcaptcha.com | tcp |
| US | 8.8.8.8:53 | 90.219.19.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | rr5---sn-aigl6nsd.googlevideo.com | udp |
| GB | 74.125.105.42:443 | rr5---sn-aigl6nsd.googlevideo.com | tcp |
| US | 8.8.8.8:53 | 42.105.125.74.in-addr.arpa | udp |
| FR | 185.221.198.96:80 | 185.221.198.96 | tcp |
| GB | 74.125.105.42:443 | rr5---sn-aigl6nsd.googlevideo.com | tcp |
| GB | 74.125.105.42:443 | rr5---sn-aigl6nsd.googlevideo.com | tcp |
| GB | 74.125.105.42:443 | rr5---sn-aigl6nsd.googlevideo.com | tcp |
| US | 8.8.8.8:53 | 96.198.221.185.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\vM6GX94.exe
| MD5 | 92e7444dd38bbe2c3906e04c7dfef87e |
| SHA1 | 53ef0f843e94ed8d7aa83eed9bbfd6ae69852de9 |
| SHA256 | f0a6b1277b7cf2e407ba105552880bd928e98a0f488d94a044eb650cac500646 |
| SHA512 | 1cd11e64ccab077491346871f516e14cc2bed1c3d00283a482c1f1a4b93f22e2758752775e84ae8c51c0977abce28a2b897ff800c7c275beab05e50c9789ba5e |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\vM6GX94.exe
| MD5 | c5c7512b821b09e5c9c209ce7503f0c0 |
| SHA1 | 161d1578af442b40c631012d3b5d5caf23dc4ed2 |
| SHA256 | 04d0d9a5d0b93884fcc9734af0b74b84eba0f185262052307041ce0d032a2e28 |
| SHA512 | 1c2737ed96dbc7d96d25d75264f0e530eaba43336ccfbb5106d9ed66b1ccc3fe131ae4c4c176e9fa4b79e30f570fe5031260bd6b94c97e4ade86b76ce6532312 |
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\HN6RX08.exe
| MD5 | ccc11b9092e39045c4cf83b58154ccd9 |
| SHA1 | 5d137c284e5cac060964ded7fea80c37c7f126f4 |
| SHA256 | 053b675a3a4ea50d395b72d2e2eea1f4dcce3d9f11f73e006cf40cc829c14373 |
| SHA512 | b354866cb2830aee97c909ae44006ef5085c6d9c11729462cc69d5dd2c6e884233684e31a934ea0bca4aaf22218e7a090f8bee78bfdfbd44fb2a833159b51458 |
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1Pl00IA3.exe
| MD5 | 9155e0a4fee8b18b5fc4145fa11a712d |
| SHA1 | 2048a687263982b9e2b803dece2ceaa7f647d906 |
| SHA256 | db4eff26385d005e214425eb2a2604e589f4cd3d25712eaa2e16348bf0f5bba9 |
| SHA512 | 979352e1f718d3db0ee51d1042e535eb3d2d8531303e051a3b2e709e4523a0f4869c8556eb8854f070d3f603371d68f6add1f4129abf3d829a46aa83889557c2 |
memory/3900-22-0x00000000025A0000-0x0000000002672000-memory.dmp
memory/3900-23-0x0000000002720000-0x00000000028B5000-memory.dmp
memory/3900-24-0x0000000000400000-0x0000000000908000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\grandUIASGyVf09fuD_rV\information.txt
| MD5 | 135c317dcf2008f6fb8d60a05daf9465 |
| SHA1 | 0b9d9193c21629f0858cc2a27e3df1bd0bbe7100 |
| SHA256 | 8d9f084a827b60a165e0b201d3f9d64a32156ba54c70080a1835ce9e060e7e70 |
| SHA512 | 3c39bb309141ecb0652d044ff18ad1579f30620da7333b2afbceb20fa7abf791f744f89953cc8b16554980803baed9952281d4690b8477b87d24198052ed8806 |
memory/3900-101-0x0000000000400000-0x0000000000908000-memory.dmp
memory/3900-102-0x0000000002720000-0x00000000028B5000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3KP02BR.exe
| MD5 | 9de5f0bfd27e7a29cc43674b8bfd67a3 |
| SHA1 | e2eb1a129d48db6580dce0152f88f27efb8f408a |
| SHA256 | b7639cfe6d29c97325351b6e1e7ed17f939a207f87a6cb9890951393237b782e |
| SHA512 | 212cfe5ba7a47c8b91a4f28397f3d5903c9f1c901ad0bbb7e4a1e7ff8b259e965a9ad947bfb0f82e2519ac6ff73dd8b8aac41f85380c63844df97b0dd55eb9ef |
memory/4040-106-0x0000000000400000-0x000000000040B000-memory.dmp
memory/3200-107-0x0000000008030000-0x0000000008046000-memory.dmp
memory/4040-108-0x0000000000400000-0x000000000040B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\4UE472pj.exe
| MD5 | 376804352b6a2f4301fb8e4a61d34950 |
| SHA1 | edf9b73308caf2899729037b18d66f2ef81a14ad |
| SHA256 | 94784d5dd079b766f78a6cfb02d40d8ab15d7e4748db72d8eececaa3b8e9948a |
| SHA512 | 3d1fc6a2dc04461e875afe7aea2d16291cf04cb3ee3503c706c13903307dfb5fc47c29bc43a5d879425e94c92940233d70f76fc47a2c20491067c078bb55f87e |
C:\Windows\SysWOW64\GroupPolicy\gpt.ini
| MD5 | ec3584f3db838942ec3669db02dc908e |
| SHA1 | 8dceb96874d5c6425ebb81bfee587244c89416da |
| SHA256 | 77c7c10b4c860d5ddf4e057e713383e61e9f21bcf0ec4cfbbc16193f2e28f340 |
| SHA512 | 35253883bb627a49918e7415a6ba6b765c86b516504d03a1f4fd05f80902f352a7a40e2a67a6d1b99a14b9b79dab82f3ac7a67c512ccf6701256c13d0096855e |
C:\Users\Admin\AppData\Local\Temp\rise131M9Asphalt.tmp
| MD5 | 9e04ac0dd37eeed1887aa67955a044e4 |
| SHA1 | 18f04ad74cc482fd8c6e3a6d3bf3a4b90ed7488f |
| SHA256 | 2074c1b75115cd440689a92b197ca5fa01984914475a160b1c311a285988c7a6 |
| SHA512 | 1d7b90ce79fccfc7cfff9495a51612e73eb2e1529b7ddc5ad1d7e29067ca5a14b3cb8f7c002920600a9705a4f94bf7f1d221c89a6a5fcf74443475b3a8e8005c |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FANBooster131.lnk
| MD5 | 003e35fa862124d36fd81a0876ce016f |
| SHA1 | d3d9deefc549c55a23fc52265082c1bf1dddfac5 |
| SHA256 | b66ccf8138c7812ad7e2940ae45ca8ea7588483ea9f8fd566c98ba0503d4566e |
| SHA512 | d0f718c3fc53091d669b26613bfff09728e26e530459c74aa483083879303ae57c515fd370b95a4c36eaae6c383cbc3595bcc9b39658416ee25d49152ae5d01d |
C:\Windows\System32\GroupPolicy\GPT.INI
| MD5 | 7cc972a3480ca0a4792dc3379a763572 |
| SHA1 | f72eb4124d24f06678052706c542340422307317 |
| SHA256 | 02ad5d151250848f2cc4b650a351505aa58ac13c50da207cc06295c123ddf5e5 |
| SHA512 | ff5f320356e59eaf8f2b7c5a2668541252221be2d9701006fcc64ce802e66eeaf6ecf316d925258eb12ee5b8b7df4f8da075e9524badc0024b55fae639d075b7 |
C:\Windows\System32\GroupPolicy\Machine\Registry.pol
| MD5 | cdfd60e717a44c2349b553e011958b85 |
| SHA1 | 431136102a6fb52a00e416964d4c27089155f73b |
| SHA256 | 0ee08da4da3e4133e1809099fc646468e7156644c9a772f704b80e338015211f |
| SHA512 | dfea0d0b3779059e64088ea9a13cd6b076d76c64db99fa82e6612386cae5cda94a790318207470045ef51f0a410b400726ba28cb6ecb6972f081c532e558d6a8 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6yQ7rz3.exe
| MD5 | 5e23d21b75af63c49f84af26f148bfd6 |
| SHA1 | ad41a68c20d60423522c6fd4242fcf3337cc51f4 |
| SHA256 | 5d6aeae4d8b462cc39b8078a75e92a49e9e7db21a506c4703f918ef262511019 |
| SHA512 | 995830415f32b23377bc164f0239c16c9f976445ea95506de782d936722e492d765fa2c5827a04660c2384d722e2e41a43714871e59c43274c66abba4dc7f5f0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 38c73375cadbfed84fc3b8973f3bb346 |
| SHA1 | 0bc038a4cb1075be034fa7a7e3221b228cea9df1 |
| SHA256 | dbb92682ded8ca0718490b2cae6caf28ce3c4799bee40c4df40f06a7fa02b158 |
| SHA512 | 236713a89124755326876489f3c2163d74e9270f3a5b69a7303450ddc929ae35eae22754967968e3cd45c7436c57e8d4ba9ea10124333cf24725e122f361752d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a556bb6f129e6bd2dcfb5e29b7483f3c |
| SHA1 | 54f04d95d772d4837334739544f6871c10f24110 |
| SHA256 | c88e30f34c1dd579de34700a10a25c92e55f09b47be34ef7742a01aea47f222c |
| SHA512 | 405908519a2b51c42c380ebb160557fb551bbec0c015c7a6fa61acc01eaa32a6ae20895aeaa1879a4aea3b0cc6ec1754d30610a3e343105a0ea4350156a6fb2d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | a3a05ab8b46e8b58bdf2db9b73041474 |
| SHA1 | 3d5f70be0fc73fa265683e2181acdc142e29ac80 |
| SHA256 | dfa92195b477cb8867a0a5cf609964dcf13d0599823c0f42400c5fbb74f5bb55 |
| SHA512 | 87651461edac955c27f9c8bb76f2f528e625540c7091239df9bd831d48d3ac430aa82933803be43c8cb4e6468838570304f609203f78ab7ee628d159aff18d88 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 730ee155d0814cdab46d2dc563bf8a04 |
| SHA1 | e99940aa4510804e1e03675e53efddcbc4e8335b |
| SHA256 | 1f99013f41d877ec2d4d47ef7f758db3e7ee1cefd49294854a0c44482052eea2 |
| SHA512 | 848a533e9f0070d1c0c9aa2c8ff4bfa3d76515e7663126822edd04ec7c0747e48bc4771072b9ab6f636d2a263a0785f1b2f4fc259c374091b8e615d9de6ea992 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | ec69d6513790e01f7df98a0e50d213a7 |
| SHA1 | 4e3846b96c1f4ca07d274eb7cc2ad8c8bbdbd9e7 |
| SHA256 | 22fa2a91c65f733ae5b7399e6b6d97db494508d2312aa545525dcfbb158116cf |
| SHA512 | 730b5a26da431f9a7a0250b25e4263aa2453b2c6fd68aa66a2808e43bbda638d24bf49fc29302f096a640f87ba6bdf83e5e1e0e22b2e05ac3ef0f7d941daf7c8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | a243e0bfdc1df364bd10d66501ce0980 |
| SHA1 | c1fe416f59c1914f5cb2399832bdf207b4572c65 |
| SHA256 | 2ecf92aec7f20557f19368dda73dcd5f790a2a457702235a3a482dc872ab5ff5 |
| SHA512 | 453e17296df7d9c3cfe8cb285c08b1776e48426cfa352cc2a87c14ce4254aceae999890728e521ed862ccd106dd58460d2c82deb4e701b1b63a17ca875bf0c6d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | d65aa3f43ce3813a580521cc57cdd936 |
| SHA1 | 859effd9dc7e284f1664ec7a444d3aa2bc39f2e0 |
| SHA256 | a2a726115a18379679545981d1c5046c4ca1c9a331ba9f481a5833805d62b7b7 |
| SHA512 | 99430ea2db4b08cf2bc6e49fcbe17d9e68cfdfc6f53e4fbf233ae92df04c1ca308de36267aa29394fa8d7af373560ed40b6394c14d49401b92a8474bc8e255ab |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | c75944dbd1389d6d040db3b0aa20a86c |
| SHA1 | 6b88a9899b77cb485d2b558289fff241c51ba12c |
| SHA256 | b2aaa48374160d03fe02144373049663f921414c303eedb808f621f81d7d05c9 |
| SHA512 | c23d97de04e4ac1fd7a944a20abf7c0d016c404b3b5bbcdfbc120e061f409a35bebb29e74c7d06ebca1de4ef05888437857263edc0b4a583456862aac2d4c685 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 67aee034513fd1c0be58b0d71e28e147 |
| SHA1 | f26f56209e4615c17b448f35caf2d069cf5092ab |
| SHA256 | 1b503f9f5437ebef96a88f2ac838e077e2677fc00d925477bb4be6c767947651 |
| SHA512 | 5ce61e2761de2e3b9bacb4148f4c6ce7d8cfab14fc364d6387c29c617d761a3b0c3f0f4e80bf00e927411835deaa1706be4ee91c019e19e4add4fca89609bf0a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | f9d53138c69eb6b34a7d3b2025d6b07c |
| SHA1 | bdea7e1da04b4b976295629db86963e3e2277fb1 |
| SHA256 | e8166bd75e489c96c47aec697e936ec4b19533af1fcd47dcbd5e35c1b28c6387 |
| SHA512 | 8c8b7cefe5bd6b5273ecd29910ff75abd29f4f0ec9c63c405e28add7bf914acbe2e5a8a31650affa69ec9bff905b48d368d7454c827951a1d2b274f97a491983 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | bf5792c9859889b5d2d168379ca4ae89 |
| SHA1 | 68a32103d67bc2f96de87a0acf82a5d0c3ad2f0a |
| SHA256 | c8afb6a6409a91d0f118aea37fa7a63d99b437857e634d29a013ecd8679e6351 |
| SHA512 | 641349d5153d8ebfdfb4a8ba5351389d98d1d5b6d70ee5e7544b2248d8cdc2dc087caa713f9c805a2f715015058b93aaaf205fd41aabad29e4c72421a8e93ceb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | aa3db81e5ed16930c40f0a83dd947008 |
| SHA1 | 594657b7812f4eb6b515b885f6004c366f38d1cf |
| SHA256 | becaf8dcc2fd6c3fade9787edc3848cc901fd0690a4b9e1dd29ca24e1449bd71 |
| SHA512 | faef7417672e0919285c95e480226b82d7272a5057ed8342557bd995631d5332f497b82ffd1f5577d37e8972ef4b30c6441974b2197df1dc19bb1a4cf907e4c2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004
| MD5 | 923a543cc619ea568f91b723d9fb1ef0 |
| SHA1 | 6f4ade25559645c741d7327c6e16521e43d7e1f9 |
| SHA256 | bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd |
| SHA512 | a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006
| MD5 | 7d75a9eb3b38b5dd04b8a7ce4f1b87cc |
| SHA1 | 68f598c84936c9720c5ffd6685294f5c94000dff |
| SHA256 | 6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7 |
| SHA512 | cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c
| MD5 | 909324d9c20060e3e73a7b5ff1f19dd8 |
| SHA1 | feea7790740db1e87419c8f5920859ea0234b76b |
| SHA256 | dfc749d2afefe484d9aa9f8f06d461ad104a0ca9b75b46abfaaddda64a5e9278 |
| SHA512 | b64d2dce1f9a185fbb8a32adc1ff402d8045d379600bf3f9154bbde18303610f18af9fce258442db1e621ecf10b77aafe99cffedfcbe2a1490056c50cc42d0f9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d
| MD5 | d55250dc737ef207ba326220fff903d1 |
| SHA1 | cbdc4af13a2ca8219d5c0b13d2c091a4234347c6 |
| SHA256 | d3e913618a52fe57ab4320e62a5ace58a699d6bce8187164e198abe3279726fd |
| SHA512 | 13adff61e2cfa25dc535eba9d63209b7e7e9bd29fc4d6c868b057df7f680aa66ef5783a0e82a8367185debf7f6fe5bae89adc0770daff5317d2e16db5ad3ab39 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f0d9144ddeec5f84f2333f131c07ae51 |
| SHA1 | 1723559e893eb47a6f3f2b4594b33e9dae5fb6c6 |
| SHA256 | 91a9ef41922ebc38042397486cdfbfb6e10a2681cc90dd85561eb532928af7a8 |
| SHA512 | 89ea83e6f3f6747a61d72ba8a48c857d6e60167e346a63b04e321bf1759f6eb6782d6308411e1fa568dcaf885a9dd9c4859d9cf130d2dce94ae346434d22aa16 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 681f31385e8c6ff0c4d01af5312f55a6 |
| SHA1 | 8001901a84775846e9492bbb85f7ec1691c0caee |
| SHA256 | 509c736b5b00f15b3302a0eca458a0ef76dc8f1800c1311a193ba4e86af32535 |
| SHA512 | dea39c5021db07144220df1c11ef0b2e53d26874afcafc0a3ecf90002adb99dc52473a6d3435e9f6175ad574b4df25274221070bfe7c3620623f29bd2ee68eb2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe586cfd.TMP
| MD5 | 3e4bceebd97618f561f475e684f009c2 |
| SHA1 | fd969d1054359f5673ed22a45d39a2f0bd0db39e |
| SHA256 | 3b336dc9c070239837ade8e7de958a57f2dedc7f0ffa3abd8912f4dde11444b0 |
| SHA512 | 18666988ad5c168012c7e13a9e212c42fcf9285cf2f5aea76d5aae2b2dc820e791911173d55fb98fbf842a190113b0e04f7151aa88a8d564bcf13f8b8da8d678 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000039
| MD5 | b3ba9decc3bb52ed5cca8158e05928a9 |
| SHA1 | 19d045a3fbccbf788a29a4dba443d9ccf5a12fb0 |
| SHA256 | 8bd1b2afcbe2fa046b0937197f1b2f393ef821ff89331f99754b9006f0114df4 |
| SHA512 | 86a86d370e96fa29c0c1d12991c2287936b400830869ff7b5abe4de6f32db2df782b626d724496cd6de27f8cbd32101ba34cbcd4c650ef11afa26bc048d68529 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | f901acbad4b11d555642e47cd9006961 |
| SHA1 | d057088eee812362d0614ed2d0e9ad14fdcab7b0 |
| SHA256 | e03b3c8b7a0c06291e144737dcfb4e0093e9cb9b4f89323cde0f23067f573683 |
| SHA512 | f314a870a87ac9b5c4c9bae15c39d089800960a39aabcf6e03cbba37f47f18d5eaedb7b33a67a84e603bae73db24794c189314d7591cf0ec1aa49c0be0969a64 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ef75966c9a2e035194abd26a8b67282c |
| SHA1 | a6953596aab029e11e79bbe346e3a3feb79a10e2 |
| SHA256 | bae3218f4dd0da8545d6d7dfb5fd841d42167bfd3730607c6a00557978f29b88 |
| SHA512 | 3b35d34e24ef21971f525b2c25fd2f625e45594d8ed2b11c199fb5304477025dfc708e8dbc0c7ffa8cac5e9ca52b69c9d55e7e7efceb4851c90b31facf3db235 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | c910894625c0f4724d02dd62a740c7c3 |
| SHA1 | a5c52c6a72fee8af672606f8ff99048bbc7fa982 |
| SHA256 | 34e96da8239d3ad3bbfdc490bd46502f9ed5f4568ad2a2c9932212c7f00be7c7 |
| SHA512 | 62033414b84ebd13bc218054fca506d30e92aa5c24cab2e50d83ad90b7246c8e05dbc5ef527100c90fcb58a7ee2a5da79862d90b30b16dbabfa8896bcac2d54c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4d578b3854517f3b1835adea721225a8 |
| SHA1 | c1318e0f18306a944fdcb9064ffb3a908d69b896 |
| SHA256 | 886d5a1d08a6e125b0e8146ba7e17ff3eb6cffa5bd0f969be82266a62a1553f9 |
| SHA512 | 4f96d4725d633dd37f26eabcfb14399248db59b2d7cd2ef84f3e2af9e05c0239258329cfd143a9a10c2df0a8bd3b96b6d5c50742f0fde138d0640747e7b745a8 |
memory/3916-1059-0x0000000074AE0000-0x0000000075290000-memory.dmp
memory/3916-1060-0x0000000000630000-0x0000000001AE6000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | acc503c88f34d9d7c2cc48de850b11cc |
| SHA1 | 1d657cbf8e2b1243fe9c9805ef907307bc957f54 |
| SHA256 | 42a3ade4b7d6bddf8b711b2b84872c4a39350b85e391581d24af3f59a38837a5 |
| SHA512 | 7d00a2f5a4fe7f9e59453a0814db0a2da1d6b97d7b72a1f3268788bda1584413a42eac421027854c81de574c3e935a720a4cce5438587db8ac1468805ede7049 |
C:\Users\Admin\AppData\Local\Temp\InstallSetup9.exe
| MD5 | bde52aea142d29663126c28702f6ded9 |
| SHA1 | ce673d1dca7c24bec2946d660a1c7bf0b1cd54c9 |
| SHA256 | f5fa038d731a347b7a8685c01413ae0bd8559253ea4968b310cf2df6130e31fc |
| SHA512 | 4a6153ff1b4c8b9677eba038dd27949b3cbe135d86739d9c72b2a150a9ffbb2bcd29317ca4ae756187568102103acbeb18f35f904e2c37e6f59c4015bd12e92a |
C:\Users\Admin\AppData\Local\Temp\toolspub2.exe
| MD5 | 99645d4fb49d38ef42eda77a2f3b9d8f |
| SHA1 | 895a1c02cd5cf48652080c4fc8aaf26022e06bb9 |
| SHA256 | 9d3038c60204675dbc2fc9e0fd5f776eb7e2412d8720cb71c8fef872799b2601 |
| SHA512 | 035dd1910a13fcaa1b4911f5b9aa3c3fa3ab720f74ed8083ca3d2e6ccb2cf23707af9e8274696231e9d4d6650a0a6fc1e21140eb38fbfbf771e4f5f83321a1b8 |
C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe
| MD5 | a4542b70eb044b317ca2731ff6233d19 |
| SHA1 | a1bb10e671d0ae68eab9e304b34b493585e81e7b |
| SHA256 | 4d97a7ff95ecd7498b9f64851c4b271ddbf357c898ea7073079c2f471d635a86 |
| SHA512 | e4144e8d26b3f1ccedc2aa1803a473f125cb84a23235d6e846a1559765da0b89fd2861cf4611adca1dba5656a7ce943a49d2cd624f849b5613ed6262a97a9f9c |
memory/7712-1102-0x0000000000AD0000-0x0000000000AD1000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\tuc3.exe
| MD5 | f6b2ebbe7bf90687955c2b9e4baf1ba0 |
| SHA1 | 144162b351f03f81e873399affd3d32d6172b5ac |
| SHA256 | ab1575d85c7a6aedc32032f78f3c74f5974c523b3419fd091147f742fdd32aee |
| SHA512 | 50affd1ea83e90ae3a4cd0a9f1436e957553df3a4a3a3d4540e5e9fe3ac60345bec18dbce0fdfbf06631b0a784601ea5a013933288d30215e684861e3522ff85 |
memory/4452-1112-0x0000000000400000-0x0000000000414000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\latestX.exe
| MD5 | 6c5992eb89c81891b2d50b9cf1be7d6d |
| SHA1 | 2d84cd7cb7d616bb178edd838e3af86308cb4540 |
| SHA256 | 15ba93bed1dbc5295e3f73584b196b983a1e509648b9f5be3b20b001ef9b61ab |
| SHA512 | 775df2e75c8ada04526d2479c6c650866c9b2019560362aa41468cd5a8d5c4231c3a5dae934523b63be30b7c83bc3c2882eee5cc1b419c705658bbc28b16e48a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 196261a5b77a9d46f8e20837e2b9a0b3 |
| SHA1 | 3c7789c6c0004247e5a5029d1cd48d2ad258567a |
| SHA256 | bb62fe2123e79ac363b4b2d14d74bf73962c34d515f27f37a9210a873b30a1ae |
| SHA512 | 4c7aa7a2a63c5559f34d60edda535c23e91e6d3642b46e932ec1e3904de60a5a097c7c2918386e34473e16b4d2bcae4312bb886f6c9c20d34dda2f0ffc2ddfc4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58fd56.TMP
| MD5 | 4a3b00353211f06aec28879ad65b0666 |
| SHA1 | 22fab3a4d5feceb355c3ede8155e2f20c616f128 |
| SHA256 | 49e7054b53c6f96c7fdda86185090e8ebbff9bd1d168a54e8811c64612e952f0 |
| SHA512 | 780daff255b6296dba5318765e34a2176774e4ace09fe32152c3d951d0ff8de0200925db6773af2c1a0d94291e43b433258f7cf3d4f7992d51e5273f4d7871bc |
memory/6136-1143-0x0000000000730000-0x0000000000731000-memory.dmp
memory/3916-1145-0x0000000074AE0000-0x0000000075290000-memory.dmp
memory/7276-1272-0x0000000000400000-0x0000000000785000-memory.dmp
memory/7276-1273-0x0000000000400000-0x0000000000785000-memory.dmp
C:\ProgramData\SpaceRacesEX\SpaceRacesEX.exe
| MD5 | 8c2adc7c2619aa88b7a7b37a48db6afd |
| SHA1 | 2bc1e3fbdb27f6b35157f13503bdb4b408b320e5 |
| SHA256 | 2e424127d1c2046ac90c87f4a5a673fe47b8668ad89f0187078954652c366b1b |
| SHA512 | ec74416a839828e30ed3ddaab7ec79d38d57045d30eb4026b725b026b255c7dd5d2cab154b47010d2120109d9a313c3e5c4c27f56f45f61f28111576baf14425 |
memory/7276-1277-0x0000000000400000-0x0000000000785000-memory.dmp
memory/5176-1283-0x0000000000400000-0x0000000000785000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 75a8381ca52d9e96f3ca67e3fee132ba |
| SHA1 | 48d44060efa953a9dcc73bab180df267875a5da7 |
| SHA256 | 73f41c02867b9445581c3c8e7fbbfae5a1d79e1848737a9e9438a920d6e3679a |
| SHA512 | a84d04f17affd0d06b4825dd5f5d7ab5d70b0a4352118093da9de1d98991351f1fc1bc276c43911c2cecb9f4972fa6ee85bdf01b514d384a7c33c7af9b91c919 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 48199035eb6bb2739ef7129c221ac55d |
| SHA1 | 2417ced1959991b75af6e042fc849b279761b568 |
| SHA256 | bf531aa4c9eb23420b97a52b14529f2ae871fdbaf414a6f2f82fcab2f97c02f8 |
| SHA512 | 6e1abc005b017807e65fd5a08b66bace3a616ee60b1611e9459ad222d7c54191f33c8bf8af42a0f57841f1f9c76cef2c2bd2ba6a754aeacbe4d64363f020d77b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe59166c.TMP
| MD5 | 831b42e81f9e287030da37b1145e4e56 |
| SHA1 | 716a4cca508c20673b8c901430b4ff0255c43360 |
| SHA256 | eb961d3b65379132bbacc69f9548c2afbc16b2e86f4b47214ac2b9c7ddcb4c22 |
| SHA512 | 26a69345183ab30bf83c2afc4677702669277c3325d283db28209cb01176d26e592e4df52f0a7ee4f8327a3d51408f4a71b7906ddca3a0304444e7f0ae74b58c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt
| MD5 | 1f432d8d053a66d1e3b1ea9b2c26e660 |
| SHA1 | db7c515e178e7314789f26e5bc03879ee76ebe19 |
| SHA256 | 99ba7a515d090463d871c740ea47c7fd69f4f3e60edae81b03931731c17ef889 |
| SHA512 | e081684e286ea732e76315798ce288d2e2c0e97939215c47f2751e72cb01ecf91272bbf4985bdc4f3365dbe82c7bf52dbe5b7570d17e9492b7987c1ace367bc8 |
memory/4904-1308-0x0000000002970000-0x0000000002D69000-memory.dmp
memory/4904-1309-0x0000000002D70000-0x000000000365B000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 22204af39f176756cf47b2b9e3ac3440 |
| SHA1 | e2c6aa91ce9a2afe51bf3388aabb4aaab5e28193 |
| SHA256 | 2c11d889f95a8f7e5be8a6bc18ccb5259daffba365be339b8c68f9aa900c9a68 |
| SHA512 | a71086d8561d504a3d5d5496c1e4403518759de25ce50c6d0416b82954d29ae7cd1b08cee3f78ba7db26e8b31e7ccbe97b95592ab9d74c11cb459bf2b6524a63 |
memory/4904-1319-0x0000000000400000-0x0000000000D1C000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | b163b1a9c6c156b1c8e30e147ca0c173 |
| SHA1 | 467804cb5d2cee2a71416d277077cc4a7498f8fe |
| SHA256 | 57d0c157b5ed1dbd60f45ca6cc769b492898a61a1c1e969e637418625ec62f98 |
| SHA512 | 33bc0b188956a2b4873c6e5e9870569a001749ec3b0dc0d799ec1df2b2a3c5cdf6cef5d0139298a197bfa47eb75ab7dbe274f03af2c5308a4ebd5da8bd223a11 |
memory/7712-1329-0x0000000000AD0000-0x0000000000AD1000-memory.dmp
memory/6192-1331-0x0000000000820000-0x0000000000829000-memory.dmp
memory/6092-1332-0x0000000000400000-0x0000000000409000-memory.dmp
memory/6192-1330-0x0000000000960000-0x0000000000A60000-memory.dmp
memory/4452-1333-0x0000000000400000-0x0000000000414000-memory.dmp
memory/6092-1334-0x0000000000400000-0x0000000000409000-memory.dmp
memory/6136-1338-0x0000000000730000-0x0000000000731000-memory.dmp
memory/6668-1340-0x0000000074180000-0x0000000074930000-memory.dmp
memory/6668-1341-0x0000000004E40000-0x0000000004E50000-memory.dmp
memory/6668-1342-0x0000000005480000-0x0000000005AA8000-memory.dmp
memory/6668-1343-0x0000000004E40000-0x0000000004E50000-memory.dmp
memory/6668-1339-0x0000000002C70000-0x0000000002CA6000-memory.dmp
memory/6668-1344-0x00000000053B0000-0x00000000053D2000-memory.dmp
memory/6668-1345-0x0000000005BA0000-0x0000000005C06000-memory.dmp
memory/6668-1346-0x0000000005C10000-0x0000000005C76000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_tfgl2z4m.upp.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/6668-1356-0x0000000005D80000-0x00000000060D4000-memory.dmp
memory/6668-1360-0x0000000006270000-0x000000000628E000-memory.dmp
memory/6668-1361-0x00000000062C0000-0x000000000630C000-memory.dmp
memory/3232-1365-0x0000000074180000-0x0000000074930000-memory.dmp
memory/3232-1364-0x0000000000140000-0x0000000000634000-memory.dmp
memory/3232-1366-0x00000000055B0000-0x0000000005B54000-memory.dmp
memory/3232-1367-0x0000000004F10000-0x0000000004FA2000-memory.dmp
memory/3232-1368-0x0000000005230000-0x00000000052CC000-memory.dmp
memory/5176-1369-0x0000000000400000-0x0000000000785000-memory.dmp
memory/3232-1370-0x0000000005180000-0x0000000005190000-memory.dmp
memory/3232-1371-0x0000000004FE0000-0x0000000004FEA000-memory.dmp
memory/6668-1374-0x00000000067F0000-0x0000000006834000-memory.dmp
memory/3200-1388-0x00000000009F0000-0x0000000000A06000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 3fb08a0ae4290780831f201b439668dc |
| SHA1 | 6a337541bb71b9bf8d9a3886dbd86b57dde95145 |
| SHA256 | 1e26a4015f6bcdaf9af469b84e7088dfa1bf22f80f3e6b34e21a89e9ec32c0bc |
| SHA512 | 70fc3f95252f6aa5d4517565f81985aea64c94bd24c8932cd52f2412c8e53936c555ed30b951557bce19cb699683f35cbc390105109e4933a5c95988ff08235b |
memory/4904-1394-0x0000000002970000-0x0000000002D69000-memory.dmp
memory/6092-1391-0x0000000000400000-0x0000000000409000-memory.dmp
memory/2744-1397-0x00000000004A0000-0x00000000004DC000-memory.dmp
memory/2744-1396-0x0000000074180000-0x0000000074930000-memory.dmp
memory/4904-1398-0x0000000002D70000-0x000000000365B000-memory.dmp