Analysis Overview
SHA256
33aed805e114f04f73f867fdb7cf904e15447aa47f74e094c024c9b18c217fe6
Threat Level: Known bad
The file 33aed805e114f04f73f867fdb7cf904e15447aa47f74e094c024c9b18c217fe6 was found to be: Known bad.
Malicious Activity Summary
Modifies Windows Defender Real-time Protection settings
RisePro
RedLine payload
PrivateLoader
SmokeLoader
RedLine
Downloads MZ/PE file
.NET Reactor proctector
Reads user/profile data of local email clients
Windows security modification
Executes dropped EXE
Reads user/profile data of web browsers
Drops startup file
Adds Run key to start application
Checks installed software on the system
Looks up external IP address via web service
Accesses Microsoft Outlook profiles
Drops file in System32 directory
AutoIT Executable
Program crash
Enumerates physical storage devices
Unsigned PE
Suspicious use of SendNotifyMessage
outlook_office_path
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
outlook_win_path
Creates scheduled task(s)
Enumerates system info in registry
Suspicious use of FindShellTrayWindow
Checks processor information in registry
Runs net.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious behavior: MapViewOfSection
Checks SCSI registry key(s)
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2023-12-12 00:38
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2023-12-12 00:38
Reported
2023-12-12 00:40
Platform
win10v2004-20231127-en
Max time kernel
71s
Max time network
100s
Command Line
Signatures
Modifies Windows Defender Real-time Protection settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableIOAVProtection = "1" | C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\3Yh20yP.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableOnAccessProtection = "1" | C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\3Yh20yP.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableRealtimeMonitoring = "1" | C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\3Yh20yP.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableScanOnRealtimeEnable = "1" | C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\3Yh20yP.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection | C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\3Yh20yP.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableBehaviorMonitoring = "1" | C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\3Yh20yP.exe | N/A |
PrivateLoader
RedLine
RedLine payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
RisePro
SmokeLoader
Downloads MZ/PE file
.NET Reactor proctector
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FANBooster131.lnk | C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1GN18rb6.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\nB6gu44.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Kr2Nk72.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\SQ3TV37.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1GN18rb6.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\3Yh20yP.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4qJ029WZ.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5ng0zR7.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7Nz8NY09.exe | N/A |
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Windows security modification
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Features | C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\3Yh20yP.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows Defender\Features\TamperProtection = "0" | C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\3Yh20yP.exe | N/A |
Accesses Microsoft Outlook profiles
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-2037190880-819243489-950462038-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1GN18rb6.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2037190880-819243489-950462038-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1GN18rb6.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2037190880-819243489-950462038-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1GN18rb6.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup2 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP002.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Kr2Nk72.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup3 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP003.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\SQ3TV37.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2037190880-819243489-950462038-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MaxLoonaFest131 = "C:\\Users\\Admin\\AppData\\Local\\MaxLoonaFest131\\MaxLoonaFest131.exe" | C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1GN18rb6.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\33aed805e114f04f73f867fdb7cf904e15447aa47f74e094c024c9b18c217fe6.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\nB6gu44.exe | N/A |
Checks installed software on the system
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
AutoIT Executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\System32\GroupPolicy | C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1GN18rb6.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\GroupPolicy\gpt.ini | C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1GN18rb6.exe | N/A |
| File created | C:\Windows\System32\GroupPolicy\Machine\Registry.pol | C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1GN18rb6.exe | N/A |
| File opened for modification | C:\Windows\System32\GroupPolicy\GPT.INI | C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1GN18rb6.exe | N/A |
| File opened for modification | C:\Windows\System32\GroupPolicy | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5ng0zR7.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\GroupPolicy\gpt.ini | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5ng0zR7.exe | N/A |
| File opened for modification | C:\Windows\System32\GroupPolicy\Machine\Registry.pol | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5ng0zR7.exe | N/A |
| File opened for modification | C:\Windows\System32\GroupPolicy\GPT.INI | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5ng0zR7.exe | N/A |
Enumerates physical storage devices
Program crash
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4qJ029WZ.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4qJ029WZ.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4qJ029WZ.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1GN18rb6.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1GN18rb6.exe | N/A |
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Runs net.exe
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1GN18rb6.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1GN18rb6.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\3Yh20yP.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\3Yh20yP.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\3Yh20yP.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4qJ029WZ.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4qJ029WZ.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: MapViewOfSection
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4qJ029WZ.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\3Yh20yP.exe | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
outlook_office_path
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-2037190880-819243489-950462038-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1GN18rb6.exe | N/A |
outlook_win_path
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-2037190880-819243489-950462038-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1GN18rb6.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\33aed805e114f04f73f867fdb7cf904e15447aa47f74e094c024c9b18c217fe6.exe
"C:\Users\Admin\AppData\Local\Temp\33aed805e114f04f73f867fdb7cf904e15447aa47f74e094c024c9b18c217fe6.exe"
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\nB6gu44.exe
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\nB6gu44.exe
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Kr2Nk72.exe
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Kr2Nk72.exe
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\SQ3TV37.exe
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\SQ3TV37.exe
C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1GN18rb6.exe
C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1GN18rb6.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -s WPDBusEnum
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s fhsvc
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /f /RU "Admin" /tr "C:\ProgramData\OfficeTrackerNMP131\OfficeTrackerNMP131.exe" /tn "OfficeTrackerNMP131 HR" /sc HOURLY /rl HIGHEST
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /f /RU "Admin" /tr "C:\ProgramData\OfficeTrackerNMP131\OfficeTrackerNMP131.exe" /tn "OfficeTrackerNMP131 LG" /sc ONLOGON /rl HIGHEST
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 3608 -ip 3608
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3608 -s 1820
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 3608 -ip 3608
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3608 -s 1828
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 3608 -ip 3608
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3608 -s 1856
C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\3Yh20yP.exe
C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\3Yh20yP.exe
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4qJ029WZ.exe
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4qJ029WZ.exe
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5ng0zR7.exe
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5ng0zR7.exe
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7Nz8NY09.exe
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7Nz8NY09.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff98f6c46f8,0x7ff98f6c4708,0x7ff98f6c4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x144,0x174,0x7ff98f6c46f8,0x7ff98f6c4708,0x7ff98f6c4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff98f6c46f8,0x7ff98f6c4708,0x7ff98f6c4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x174,0x178,0x17c,0x150,0x180,0x7ff98f6c46f8,0x7ff98f6c4708,0x7ff98f6c4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff98f6c46f8,0x7ff98f6c4708,0x7ff98f6c4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,5994895325614359886,14095569812190321911,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,5994895325614359886,14095569812190321911,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,14601913148608587645,5412505835845961888,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2884 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,14601913148608587645,5412505835845961888,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=3 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2900 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff98f6c46f8,0x7ff98f6c4708,0x7ff98f6c4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,14601913148608587645,5412505835845961888,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3508 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,14601913148608587645,5412505835845961888,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3496 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,14601913148608587645,5412505835845961888,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3896 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,10293378502278978339,4705313938204423282,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,14601913148608587645,5412505835845961888,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3428 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,5049390155496688028,16797316299185368031,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 /prefetch:3
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,14601913148608587645,5412505835845961888,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4056 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff98f6c46f8,0x7ff98f6c4708,0x7ff98f6c4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,14601913148608587645,5412505835845961888,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4268 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,14601913148608587645,5412505835845961888,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4048 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,14601913148608587645,5412505835845961888,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4528 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff98f6c46f8,0x7ff98f6c4708,0x7ff98f6c4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,14601913148608587645,5412505835845961888,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,14601913148608587645,5412505835845961888,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,14601913148608587645,5412505835845961888,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff98f6c46f8,0x7ff98f6c4708,0x7ff98f6c4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff98f6c46f8,0x7ff98f6c4708,0x7ff98f6c4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,14601913148608587645,5412505835845961888,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6432 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,14601913148608587645,5412505835845961888,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6248 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,14601913148608587645,5412505835845961888,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4020 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,14601913148608587645,5412505835845961888,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6052 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,14601913148608587645,5412505835845961888,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,14601913148608587645,5412505835845961888,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7548 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,14601913148608587645,5412505835845961888,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7548 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,14601913148608587645,5412505835845961888,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5912 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,14601913148608587645,5412505835845961888,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7124 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,14601913148608587645,5412505835845961888,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7820 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,14601913148608587645,5412505835845961888,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7492 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\3081.exe
C:\Users\Admin\AppData\Local\Temp\3081.exe
C:\Users\Admin\AppData\Local\Temp\6B58.exe
C:\Users\Admin\AppData\Local\Temp\6B58.exe
C:\Users\Admin\AppData\Local\Temp\InstallSetup9.exe
"C:\Users\Admin\AppData\Local\Temp\InstallSetup9.exe"
C:\Users\Admin\AppData\Local\Temp\toolspub2.exe
"C:\Users\Admin\AppData\Local\Temp\toolspub2.exe"
C:\Users\Admin\AppData\Local\Temp\Broom.exe
C:\Users\Admin\AppData\Local\Temp\Broom.exe
C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe
"C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe"
C:\Users\Admin\AppData\Local\Temp\tuc3.exe
"C:\Users\Admin\AppData\Local\Temp\tuc3.exe"
C:\Users\Admin\AppData\Local\Temp\is-BS56Q.tmp\tuc3.tmp
"C:\Users\Admin\AppData\Local\Temp\is-BS56Q.tmp\tuc3.tmp" /SL5="$701A8,8423542,54272,C:\Users\Admin\AppData\Local\Temp\tuc3.exe"
C:\Users\Admin\AppData\Local\Temp\latestX.exe
"C:\Users\Admin\AppData\Local\Temp\latestX.exe"
C:\Users\Admin\AppData\Local\Temp\7E16.exe
C:\Users\Admin\AppData\Local\Temp\7E16.exe
C:\Program Files (x86)\xrecode3\xrecode3.exe
"C:\Program Files (x86)\xrecode3\xrecode3.exe" -i
C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\system32\schtasks.exe" /Query
C:\Users\Admin\AppData\Local\Temp\854B.exe
C:\Users\Admin\AppData\Local\Temp\854B.exe
C:\Program Files (x86)\xrecode3\xrecode3.exe
"C:\Program Files (x86)\xrecode3\xrecode3.exe" -s
C:\Windows\SysWOW64\net.exe
"C:\Windows\system32\net.exe" helpmsg 1
C:\Users\Admin\AppData\Local\Temp\89FF.exe
C:\Users\Admin\AppData\Local\Temp\89FF.exe
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 3.181.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.136.104.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 193.233.132.51:50500 | tcp | |
| US | 8.8.8.8:53 | 17.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ipinfo.io | udp |
| US | 34.117.59.81:443 | ipinfo.io | tcp |
| US | 8.8.8.8:53 | 51.132.233.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.59.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.128.231.4.in-addr.arpa | udp |
| US | 193.233.132.51:50500 | tcp | |
| US | 8.8.8.8:53 | ipinfo.io | udp |
| US | 34.117.59.81:443 | ipinfo.io | tcp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | twitter.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| BE | 64.233.166.84:443 | accounts.google.com | tcp |
| US | 104.244.42.65:443 | twitter.com | tcp |
| US | 8.8.8.8:53 | store.steampowered.com | udp |
| IE | 163.70.147.35:443 | www.facebook.com | tcp |
| GB | 104.103.202.103:443 | steamcommunity.com | tcp |
| US | 92.123.241.50:443 | store.steampowered.com | tcp |
| US | 8.8.8.8:53 | www.epicgames.com | udp |
| BE | 64.233.166.84:443 | accounts.google.com | udp |
| US | 44.196.86.250:443 | www.epicgames.com | tcp |
| US | 8.8.8.8:53 | 65.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.166.233.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.147.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.202.103.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.241.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.paypal.com | udp |
| US | 151.101.1.21:443 | www.paypal.com | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 172.217.169.46:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | 250.86.196.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.239.225.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | store.akamai.steamstatic.com | udp |
| GB | 104.77.160.200:443 | store.akamai.steamstatic.com | tcp |
| GB | 104.77.160.200:443 | store.akamai.steamstatic.com | tcp |
| GB | 104.77.160.200:443 | store.akamai.steamstatic.com | tcp |
| US | 8.8.8.8:53 | 227.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static.xx.fbcdn.net | udp |
| IE | 163.70.147.23:443 | static.xx.fbcdn.net | tcp |
| IE | 163.70.147.23:443 | static.xx.fbcdn.net | tcp |
| IE | 163.70.147.23:443 | static.xx.fbcdn.net | tcp |
| US | 8.8.8.8:53 | tracking.epicgames.com | udp |
| US | 8.8.8.8:53 | static-assets-prod.unrealengine.com | udp |
| US | 52.203.233.59:443 | tracking.epicgames.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| BE | 13.225.239.46:443 | static-assets-prod.unrealengine.com | tcp |
| BE | 13.225.239.46:443 | static-assets-prod.unrealengine.com | tcp |
| GB | 172.217.169.46:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| FR | 216.58.204.68:443 | www.google.com | tcp |
| GB | 172.217.169.54:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | 200.160.77.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.147.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.239.225.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.233.203.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 54.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.x.com | udp |
| US | 8.8.8.8:53 | abs.twimg.com | udp |
| US | 8.8.8.8:53 | api.twitter.com | udp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 104.244.42.130:443 | api.twitter.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 172.64.150.242:443 | api.x.com | tcp |
| US | 8.8.8.8:53 | video.twimg.com | udp |
| US | 8.8.8.8:53 | t.co | udp |
| US | 8.8.8.8:53 | pbs.twimg.com | udp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| GB | 199.232.56.158:443 | video.twimg.com | tcp |
| US | 104.244.42.197:443 | t.co | tcp |
| US | 93.184.220.70:443 | pbs.twimg.com | tcp |
| US | 8.8.8.8:53 | community.akamai.steamstatic.com | udp |
| US | 8.8.8.8:53 | www.paypalobjects.com | udp |
| GB | 104.77.160.221:443 | community.akamai.steamstatic.com | tcp |
| GB | 104.77.160.221:443 | community.akamai.steamstatic.com | tcp |
| GB | 104.77.160.221:443 | community.akamai.steamstatic.com | tcp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 8.8.8.8:53 | 141.21.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 242.150.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.56.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 221.160.77.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.220.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static.ads-twitter.com | udp |
| GB | 199.232.56.157:443 | static.ads-twitter.com | tcp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 8.8.8.8:53 | 42.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.56.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | facebook.com | udp |
| US | 8.8.8.8:53 | fbcdn.net | udp |
| IE | 163.70.147.35:443 | fbcdn.net | tcp |
| US | 8.8.8.8:53 | fbsbx.com | udp |
| US | 8.8.8.8:53 | c.paypal.com | udp |
| US | 8.8.8.8:53 | www.recaptcha.net | udp |
| GB | 142.250.200.3:443 | www.recaptcha.net | tcp |
| US | 8.8.8.8:53 | 3.200.250.142.in-addr.arpa | udp |
| US | 192.55.233.1:443 | tcp | |
| US | 8.8.8.8:53 | t.paypal.com | udp |
| US | 151.101.1.35:443 | t.paypal.com | tcp |
| GB | 142.250.200.3:443 | www.recaptcha.net | udp |
| US | 192.55.233.1:443 | tcp | |
| US | 8.8.8.8:53 | b.stats.paypal.com | udp |
| US | 64.4.245.84:443 | b.stats.paypal.com | tcp |
| US | 8.8.8.8:53 | 35.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.245.4.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dub.stats.paypal.com | udp |
| US | 64.4.245.84:443 | dub.stats.paypal.com | tcp |
| FR | 216.58.204.68:443 | www.google.com | udp |
| US | 8.8.8.8:53 | c6.paypal.com | udp |
| GB | 104.77.160.200:443 | store.akamai.steamstatic.com | tcp |
| GB | 104.77.160.200:443 | store.akamai.steamstatic.com | tcp |
| GB | 104.77.160.200:443 | store.akamai.steamstatic.com | tcp |
| US | 8.8.8.8:53 | sentry.io | udp |
| US | 35.186.247.156:443 | sentry.io | tcp |
| RU | 81.19.131.34:80 | 81.19.131.34 | tcp |
| US | 8.8.8.8:53 | 156.247.186.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 34.131.19.81.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | tcp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| RU | 185.172.128.19:80 | 185.172.128.19 | tcp |
| US | 8.8.8.8:53 | 238.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.128.172.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.steampowered.com | udp |
| GB | 104.103.202.103:443 | api.steampowered.com | tcp |
| FR | 185.221.198.96:80 | 185.221.198.96 | tcp |
| US | 8.8.8.8:53 | 96.198.221.185.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\nB6gu44.exe
| MD5 | 1f2fc7af940bef8238a49d7d653b7617 |
| SHA1 | 57910a5978a3be99885c1dbb8228d91e56b80575 |
| SHA256 | 0e750224b738ef2d29961888216aee17e70d96e503b95545b9e78c812103faf0 |
| SHA512 | 72e69291a95f82af04f985d6d2763be44c6adcac47120bdd26fda25e13edb531150e7b11555e17d29b5527edadaf565d02a64e7b0d6e6fd46cafd31936acd915 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\nB6gu44.exe
| MD5 | 982dad34cc9b1f23304a5c01920b8816 |
| SHA1 | 19155210974ead82c14d9a47726b0d8794c52eea |
| SHA256 | fb623d37025a51390428585bd24964cdc57c1af74ede7ab2edfba4717b1c5ea8 |
| SHA512 | cf1b28e46513789b3f857c350b152b62dce7cfab64aeafca3e02b82c275acf667b2a9265f07e11d1a8c97411b50506c7ad331851e310ef5dbd9dd3f88f1d1d45 |
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Kr2Nk72.exe
| MD5 | 62b6663d3abff384919de48149186b59 |
| SHA1 | 70ebc98c14757dcd367156d7a08ef6f446bbd77c |
| SHA256 | f24ea3a116b9a9f562ec59634201d6adc0395b5d928cbb40b5bf02777ec37151 |
| SHA512 | 0221412893d6000570ba510efbd3fe31763e158feca87a4174e803249849037436219566df986112bd4fd9b1ad296d5d8ada5aa6ea2f0851f4bf9076a7e1e06e |
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Kr2Nk72.exe
| MD5 | 8eb334374355b426071ed512c6cb3eef |
| SHA1 | 4fa789f8b6ddc00b47d72759f1bd39b1822d52b1 |
| SHA256 | 46d9b7a0d62fcc5a88722f141da00568079ebb408ea6e7a61ab7debcd15a1240 |
| SHA512 | f1754dddbfea71fd396795a89c5ad4ef0771dca8d69b587175c87a75b61ce2071350b80dde66c317832d5ff5acd16c80dcc12b48a7cbc3a7dce9d2f42cd960c5 |
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\SQ3TV37.exe
| MD5 | 5787e529811ff703799fddffc49b8697 |
| SHA1 | 1b0934ba27b8be36a7a544cb457ae100ec64c992 |
| SHA256 | 6cdd6b4f4479597c952a4c369501388a410d29eda19ffa8d5675eb3a6aa2e694 |
| SHA512 | 387c8123b269bf257e26517a276a6b6d11d536bc745d1d3914a12305fbf629d2438de96116690e70788f8b71027216c508f83d472a7bcaf58cfa6cba3fcc1b9c |
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\SQ3TV37.exe
| MD5 | 7313b94e532bf299cce6db5eb89b4215 |
| SHA1 | 56bf4fc8e32b62d6fb5b70a2cdbf1b0cb7c5a931 |
| SHA256 | b06167825c7f08d95bb71763b5f5064ddb682477595d9d153c5b2a70b445e603 |
| SHA512 | ec2a3fc9be6a42a10162d1eac7a3ff5bf5fc3ed4043f22c079182b3de7785b21612ec854f28133bc2eb0b5d395825c3f295f33a621f954a6f66fb37b9515bdb0 |
C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1GN18rb6.exe
| MD5 | dceb886221af903f0f492b2030764e07 |
| SHA1 | 00bee30c5ee5576f65f432a92f2c293d1841f5f4 |
| SHA256 | 50a838621fdfb82a3e67f91f25cef3e5469ebbe6a71b10155f79694e35a74382 |
| SHA512 | 8fec393b9ccd8689d3e99d6fc736632b81fd07b0331058a0dc3ee47b0fa20d9179fbe8266ef63118b323c82b0f481426cbcbc67e1d1f730991f9c7be9009d6e0 |
C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1GN18rb6.exe
| MD5 | dcea3ce795b368d927921a84ae80274a |
| SHA1 | c993a5807666f77a6b2b76807cb3c83761758297 |
| SHA256 | 070965ba8f60d22c6e8a6c672e0c57485ec53125193c7e5f0ba508b3bb16ffa3 |
| SHA512 | 153b52aa1f9a8da903820e267d2f99d2103eb393b78c027597872deeb687ef9984675c4a5ec128d019180a8a3d8acb53ad8f7d03edc3b5e094fbc2db0892f6d7 |
memory/3608-29-0x0000000002650000-0x0000000002724000-memory.dmp
memory/3608-30-0x0000000002730000-0x00000000028C5000-memory.dmp
memory/3608-31-0x0000000000400000-0x000000000090B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\FANBooster131\FANBooster131.exe
| MD5 | cca2babf22722d42883aa897e3bed8eb |
| SHA1 | f86b306f1716bfa3b2c9696930c756fb2b9eabd8 |
| SHA256 | efbf367f505064f1edfd769388b6a3410516680eefe8838079f05a6e4e601f0e |
| SHA512 | 67b10850335fa15ef0151b97671e7671c5664813f07c7afb179b47010675968598e97d02de8ba779d546d6369b794e98b512f25b4df9ec90dc48b1e562f78017 |
C:\Users\Admin\AppData\Local\Temp\grandUIA9Bra2e2ZjwnIy\information.txt
| MD5 | 183d60ec48d768d937e46190b25c8b86 |
| SHA1 | 4646be2a0d34caa773efa81c54f42d75a16d1f63 |
| SHA256 | 8e5ce77364aa0b5f7f7e9179a7963a714ebe8ac853fa685b7c90654ad0be13a9 |
| SHA512 | 41c61629ed9008ed2844c63dbff41f802f2ae4482d6a876a5db6ba9885401ab6a6e06b8209d17b37470953ee3f4b8ec1fa6d701272abdcf30ad0ef20449577ed |
memory/3608-108-0x0000000000400000-0x000000000090B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\3Yh20yP.exe
| MD5 | 9db0040eadb583495203845d5fcd1dcb |
| SHA1 | c23a9b2277846dca6e0af2fc81b93e104a5f1d7d |
| SHA256 | 205ca1621054dc723f66aa2afbd73298591acfd5f18c751a3a1763e76a7ef7c7 |
| SHA512 | 12a3a5fedd43e013a5225dfb81c3383451ab7c5db0b1f28637d50b68f33aee7f7e98931869b1a91598e9868253d41c78857778123ffc8f1d152ad986a75cf705 |
memory/4032-112-0x0000000002380000-0x000000000239C000-memory.dmp
memory/4032-113-0x00000000744A0000-0x0000000074C50000-memory.dmp
memory/4032-114-0x0000000004B60000-0x0000000004B70000-memory.dmp
memory/4032-115-0x0000000004B60000-0x0000000004B70000-memory.dmp
memory/4032-116-0x0000000004B70000-0x0000000005114000-memory.dmp
memory/4032-117-0x0000000002440000-0x000000000245A000-memory.dmp
memory/4032-119-0x00000000744A0000-0x0000000074C50000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\4qJ029WZ.exe
| MD5 | 37bb4515f1d4bb55bac850b890d25da3 |
| SHA1 | 1321492166e42f29fb3d561e178106d7cda985b0 |
| SHA256 | 427265d40ef6306770a9ccf28a7d478e79d3f8e4a21c8f84ecbc48ff62baf77a |
| SHA512 | e346e3a179d3209c5a4d1f38ff248987872d0495c41eb4d0fea888d6d16f5ec205f9dc0261ca0ef5134738a815ab944ed569531897aee403f1a2da1a90404ca9 |
memory/1420-123-0x0000000000400000-0x000000000040B000-memory.dmp
memory/3392-124-0x0000000003130000-0x0000000003146000-memory.dmp
memory/1420-125-0x0000000000400000-0x000000000040B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\5ng0zR7.exe
| MD5 | e8787eb7e3e319f7bcf0a40a560cc55b |
| SHA1 | 86b2497bf24894a3e55a877fc1008d2c47ee5dfc |
| SHA256 | a5f975ce435368727680a8d1d657b27af8640e879ae64c4d3f97280ce92b42f7 |
| SHA512 | fb272c699c8002412ddfd859353792d15df4b6967a744f7e184801215b1b0a7a64cccf5583b2c590c14cc1dc459105dda9a96a4a757349e437b2425eba831598 |
C:\Windows\System32\GroupPolicy\Machine\Registry.pol
| MD5 | cdfd60e717a44c2349b553e011958b85 |
| SHA1 | 431136102a6fb52a00e416964d4c27089155f73b |
| SHA256 | 0ee08da4da3e4133e1809099fc646468e7156644c9a772f704b80e338015211f |
| SHA512 | dfea0d0b3779059e64088ea9a13cd6b076d76c64db99fa82e6612386cae5cda94a790318207470045ef51f0a410b400726ba28cb6ecb6972f081c532e558d6a8 |
C:\Windows\SysWOW64\GroupPolicy\gpt.ini
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Temp\rise131M9Asphalt.tmp
| MD5 | c444cb5e3e6ea4a1f6b06b85e47dc14a |
| SHA1 | a303d230ec2e863df158c2d03aaaa62dd5626288 |
| SHA256 | 8fd7a4784225bce221b811a0e881da9a528e10146117424c77f56ab9bd6c2fc0 |
| SHA512 | 1889d8fc0a23b95b8717756606cce06bba642624632eeb0f04292eb1fc9222030e7a2280f4cd7822cb6b7d0e899f31b36d97a4c0f66a4416277990406549ea9b |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FANBooster131.lnk
| MD5 | 9e4fa64948966e685e69fa57d71bdcd0 |
| SHA1 | 4104727ca524a74f505f37c5a012b0d851fcd41a |
| SHA256 | 6f5d884729ff88b905d9f387ee60dfa606c038226515c79b627e726b57c6f6d9 |
| SHA512 | 79cd66e1187d4f2e08aeda04ff72790c10c040fef74c8e9de06ae86dba99b52ab19f0a0bf0d1da3ef0cf273c75b0f8026fbda0d6cec9c639fc06bf39e4f891ce |
C:\Windows\System32\GroupPolicy\GPT.INI
| MD5 | 7cc972a3480ca0a4792dc3379a763572 |
| SHA1 | f72eb4124d24f06678052706c542340422307317 |
| SHA256 | 02ad5d151250848f2cc4b650a351505aa58ac13c50da207cc06295c123ddf5e5 |
| SHA512 | ff5f320356e59eaf8f2b7c5a2668541252221be2d9701006fcc64ce802e66eeaf6ecf316d925258eb12ee5b8b7df4f8da075e9524badc0024b55fae639d075b7 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7Nz8NY09.exe
| MD5 | 2f13f77bb68563d9de0cd8c12cc1cccb |
| SHA1 | 95b7355001afe080aa8de09671a1ae4f07b0d9e8 |
| SHA256 | 290914a4b424312f4dbc59903438146ed3d67ce019f8909ddf8cf94af1cb420b |
| SHA512 | d250f9885a97924ab7e2a34526602d71563433780c3d86f41cb7b06887831e27473ddca5c16c1e81f8e9f6103f8abb08df17d96e0678f277151ba7decb4cd1b9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | fcd8bb32c04fa99657007efde87bbbc2 |
| SHA1 | ce575cef42840e731c9834e27efa02efa0c57a6b |
| SHA256 | 2e3fecfa2023e8f7b14c40277a60b0c781659ae240a32ae2521f7fa0f000744f |
| SHA512 | b87bece2e0850f523206684c555cf80b348f794d51e8e0f7cf9c0ef054fc103885145acde9698dc363e8162aeaa4495a180825836e3fb92d4a3220f3359f57c9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | e5c27b4a4d5a3c9c60ba18cb867266e3 |
| SHA1 | dea55f1d4cdc831f943f4e56f4f8e9a926777600 |
| SHA256 | 860ed0acc83eb0096cc8911725e2c631ff879ad8c35854577651af502c4b69c9 |
| SHA512 | 56eda28e9c61e8081dadc220d23e7bb3320a9ba557eb7511d17a3d2836aa61f301d1d714a3d611eedd7c4b91886c790af7366b01acdb3b637f3dc4fb024f3f6b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 1449c4c27e49909c5c0e4cad14248c6a |
| SHA1 | 153e2eff9338a007283df3397882f6a8c4ce3781 |
| SHA256 | e072aa928a6d59f04b3ce4f7f061528fede4899626de5ddb80140037b263fac5 |
| SHA512 | 0e0891042a8024a0d34ca96ba99807fcb97a60fa9ff0436ff3b136d2f71f9f1bfa2bc6154b9b321814dda14f47f4ccfeb561dc6f77ee07767ece3be21380abf4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 0131c64d75954a93e680b15946425732 |
| SHA1 | 917f7d7ed905d3b6c0e472c11124ecea3fc388d5 |
| SHA256 | 25d79df5187d74c5e75e442d77e8ef0613f5827fac468f3df5472c2b281bc811 |
| SHA512 | 31638a6023c1e3c0e627e4cebb4836bbeda872fc29c266bef9934866c1241de62fd2605d82831e3c92e5294ee32751fac446bb1fcc9ef53077e52d640768db2f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 156571adc8018153caab623a1ff14d12 |
| SHA1 | 87acefa9cba437b97b885959fb3d5417df59c3e1 |
| SHA256 | 6fabb41d3dc5e7b9d1310cc167123abc02eed6c771b967043e91743c0fd91a8a |
| SHA512 | 8e14346860a5768fe1bfff61efc93cf57653897eda63798b54b7acd61eaa2968852e66048e364af3e563657ac49175aa6b3bcbb2b721abb9454edbf12fe0a60b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\b2b38380-5702-4439-952b-d49d3c79a5d2.tmp
| MD5 | 355ca05607f6875dd7ac490b4e9ceb19 |
| SHA1 | 8829097710fb56a4325a2243b0ef9dd037644ea7 |
| SHA256 | e48ae40999bfa698e33d3c0dafcb340b797bcd71a79a6f343e3b8bb238439d8e |
| SHA512 | ad786e49055f1431bdf4f38353ea420669c7ef515ad0beb667d65b89db2d91bd331e4439a1d43e3fe232d6510623a1507a12139347058e554fb9aa5cdea18d6f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002
| MD5 | 923a543cc619ea568f91b723d9fb1ef0 |
| SHA1 | 6f4ade25559645c741d7327c6e16521e43d7e1f9 |
| SHA256 | bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd |
| SHA512 | a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003
| MD5 | 7d75a9eb3b38b5dd04b8a7ce4f1b87cc |
| SHA1 | 68f598c84936c9720c5ffd6685294f5c94000dff |
| SHA256 | 6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7 |
| SHA512 | cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d
| MD5 | 909324d9c20060e3e73a7b5ff1f19dd8 |
| SHA1 | feea7790740db1e87419c8f5920859ea0234b76b |
| SHA256 | dfc749d2afefe484d9aa9f8f06d461ad104a0ca9b75b46abfaaddda64a5e9278 |
| SHA512 | b64d2dce1f9a185fbb8a32adc1ff402d8045d379600bf3f9154bbde18303610f18af9fce258442db1e621ecf10b77aafe99cffedfcbe2a1490056c50cc42d0f9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e
| MD5 | d55250dc737ef207ba326220fff903d1 |
| SHA1 | cbdc4af13a2ca8219d5c0b13d2c091a4234347c6 |
| SHA256 | d3e913618a52fe57ab4320e62a5ace58a699d6bce8187164e198abe3279726fd |
| SHA512 | 13adff61e2cfa25dc535eba9d63209b7e7e9bd29fc4d6c868b057df7f680aa66ef5783a0e82a8367185debf7f6fe5bae89adc0770daff5317d2e16db5ad3ab39 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 252a7a185db7fe915bf0315ebc54d242 |
| SHA1 | e3898710e250d0ffc86e3125932dab68fa10bb74 |
| SHA256 | 30d6bda1140f5add506342ccfb1eaecb775858c9459c47ab282d4e036a920dcd |
| SHA512 | dccc44c64791a65356eb59e5e2cfd9223862dd68bb3c1b7bb1ca81750e2e99ba73527c4183868e05d07431b5f5d2e2dabf0a62e745550532c0a875541b70d203 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6c13ac31f0dcb94de9c3f0c487975cc9 |
| SHA1 | a942ec8a6f0ff477147034132fc690032fc909a8 |
| SHA256 | 721c12ba2d38f08fd3fcb0ddff0cea8419d2b6a496b03983c6f5bc05faa61ede |
| SHA512 | c215903cfbe31a5a7528483671b93bd2fbcd5c5ae55df4a0762dc00a6daa88e72a6529139a45de70ed3b4141352019bc8c106f04acb34e796a646608510f199c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | e30738d93d6789672ce8e1c4bfe275a8 |
| SHA1 | ce2195ec1f2e3830b9a106a9dc8d7fa5397d10fc |
| SHA256 | 7d60046d1238ff11bdf616d83c212ad6866a7cc630ee9be8580050dee7f74832 |
| SHA512 | e39c9590f558477a1b823de555bf27542a725566d8bd839a1c493459444d49d755445d8ff34f59681ede12a8e654c5a7fc34b6008c9abcfd65d09f6b1b523a65 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029
| MD5 | b3ba9decc3bb52ed5cca8158e05928a9 |
| SHA1 | 19d045a3fbccbf788a29a4dba443d9ccf5a12fb0 |
| SHA256 | 8bd1b2afcbe2fa046b0937197f1b2f393ef821ff89331f99754b9006f0114df4 |
| SHA512 | 86a86d370e96fa29c0c1d12991c2287936b400830869ff7b5abe4de6f32db2df782b626d724496cd6de27f8cbd32101ba34cbcd4c650ef11afa26bc048d68529 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 925652d79f564bc2cf335359094cea11 |
| SHA1 | be62e0576d796f2cb92198320dce15c8a8f02b80 |
| SHA256 | 1d95976664eadaf016b0bd2559efa8a8138d7b8f35c544c02bc67addd418cd9c |
| SHA512 | d6cdea604251fdc5a116f2032d6063b34d383fdb44564f20332161e2e66f14c973a62ee7c38513161f57ae25b8470790348355e6b91b37632b7a400524624a51 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe584e98.TMP
| MD5 | 38b4e17d217c8ac6d055df5ee80eef0e |
| SHA1 | dc89b0480135c9333de9c203adc9cea257c81f3d |
| SHA256 | 67ec0a48f690a138e86d17129ea4b6a420c0aa934151127c5cacd2bda501ea3f |
| SHA512 | 3a34c56fe3ff3f47ec14fddfb22c3da70c668d8408c5f477c0543df60ae1d405cbb319ba2e776c02b950fbc3c49c857dd4ba25a10fba0244f6abf8fd270c4af3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 50c2fdb2c813b4fcd58a83535a9a7c1e |
| SHA1 | d96c8e4bb69184d1a660826ef66956ad6d111cc8 |
| SHA256 | 38ebccdac57376c1c25a6fab8e6192af5d6ca563de713d8211145e37ad91b38c |
| SHA512 | 633668a083bb3c15365eedda61939761c82ad7e0b31871aa8915396dc4aca3cc32d5279e88bba651f7d96a373d96892add90c94e7db1615b013e937499343e77 |
memory/1856-637-0x0000000000C40000-0x0000000000C41000-memory.dmp
memory/1116-639-0x0000000000400000-0x0000000000414000-memory.dmp
memory/5664-655-0x00000000020C0000-0x00000000020C1000-memory.dmp
memory/6824-777-0x0000000000D90000-0x0000000001284000-memory.dmp
memory/5444-781-0x0000000000680000-0x00000000006BC000-memory.dmp
memory/6824-788-0x0000000005B60000-0x0000000005BF2000-memory.dmp
memory/6824-791-0x0000000005DA0000-0x0000000005E3C000-memory.dmp
memory/2716-792-0x0000000000400000-0x0000000000785000-memory.dmp
memory/2716-794-0x0000000000400000-0x0000000000785000-memory.dmp
memory/6824-796-0x0000000005D30000-0x0000000005D3A000-memory.dmp
C:\ProgramData\SpaceRacesEX\SpaceRacesEX.exe
| MD5 | ec1a1024a0e0afc9a84f620562e8e466 |
| SHA1 | d6abda3e6ad1a9bdf0df41bb1b6b1ff2802d8970 |
| SHA256 | b526a29d8684ace2de8b81947cf35dbd8aa1fcdc4ef2b97c8650c5ca67d87cca |
| SHA512 | 4fed5898fb38d9733bb7c9da3339ebb554d21c065b6c88d4c51951bd05a5025fbe164fada7c949884a23a93c1ff1fca9442da141a118d35f3f3fb24f54570ef6 |
memory/2716-798-0x0000000000400000-0x0000000000785000-memory.dmp
memory/6824-776-0x0000000074D00000-0x00000000754B0000-memory.dmp
memory/6824-808-0x0000000005EE0000-0x0000000005EF0000-memory.dmp
memory/5444-811-0x0000000074D00000-0x00000000754B0000-memory.dmp
memory/2860-813-0x0000000000C50000-0x0000000000C8C000-memory.dmp
memory/564-814-0x0000000000400000-0x0000000000785000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | ab5896fac1234d0ea4b3a5aeadc1bc81 |
| SHA1 | a5dcb756d8e9cf0a4f316512386815ced850034d |
| SHA256 | a99e5280b0d47c035724182c33484ea4d2cb184d910fc8efd29064af6c482489 |
| SHA512 | c0a9f08a8bfb231015ca816347e41c8bd3d4c1e6f8a78fb36de287332ba9a4a04140870139a072d48b80afc7a1b5815ed4fb4d05047ad44d777c9ebc1858089d |
memory/5444-816-0x0000000007280000-0x0000000007290000-memory.dmp
memory/2860-817-0x0000000074D00000-0x00000000754B0000-memory.dmp