Analysis Overview
SHA256
b04c3e7e79afab30b03cef5cbbaaddcea0b840156ffb84a6abd1e0b91e0a2a5d
Threat Level: Known bad
The file b382da86a6f436a30fec38e5c87c02608cc9a7f3b0605bf8335f76f6eb94d83b was found to be: Known bad.
Malicious Activity Summary
PrivateLoader
SmokeLoader
RisePro
Loads dropped DLL
Executes dropped EXE
Drops startup file
Adds Run key to start application
AutoIT Executable
Detected potential entity reuse from brand paypal.
Drops file in System32 directory
Unsigned PE
Program crash
Enumerates physical storage devices
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SendNotifyMessage
Creates scheduled task(s)
Suspicious use of FindShellTrayWindow
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Enumerates system info in registry
Suspicious use of UnmapMainImage
Checks SCSI registry key(s)
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2023-12-12 04:48
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2023-12-12 04:48
Reported
2023-12-12 04:51
Platform
win7-20231130-en
Max time kernel
149s
Max time network
150s
Command Line
Signatures
PrivateLoader
RisePro
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FANBooster131.lnk | C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1TY31zg9.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\oR3ny00.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\kj3qv78.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1TY31zg9.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\b382da86a6f436a30fec38e5c87c02608cc9a7f3b0605bf8335f76f6eb94d83b.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\oR3ny00.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\oR3ny00.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\kj3qv78.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\kj3qv78.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\kj3qv78.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1TY31zg9.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1TY31zg9.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\b382da86a6f436a30fec38e5c87c02608cc9a7f3b0605bf8335f76f6eb94d83b.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\oR3ny00.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup2 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP002.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\kj3qv78.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2185821622-4133679102-1697169727-1000\Software\Microsoft\Windows\CurrentVersion\Run\MaxLoonaFest131 = "C:\\Users\\Admin\\AppData\\Local\\MaxLoonaFest131\\MaxLoonaFest131.exe" | C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1TY31zg9.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\System32\GroupPolicy\Machine\Registry.pol | C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1TY31zg9.exe | N/A |
| File opened for modification | C:\Windows\System32\GroupPolicy\GPT.INI | C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1TY31zg9.exe | N/A |
| File opened for modification | C:\Windows\System32\GroupPolicy | C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1TY31zg9.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\GroupPolicy\gpt.ini | C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1TY31zg9.exe | N/A |
Enumerates physical storage devices
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\b382da86a6f436a30fec38e5c87c02608cc9a7f3b0605bf8335f76f6eb94d83b.exe
"C:\Users\Admin\AppData\Local\Temp\b382da86a6f436a30fec38e5c87c02608cc9a7f3b0605bf8335f76f6eb94d83b.exe"
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\oR3ny00.exe
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\oR3ny00.exe
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1TY31zg9.exe
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1TY31zg9.exe
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\kj3qv78.exe
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\kj3qv78.exe
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /f /RU "Admin" /tr "C:\ProgramData\OfficeTrackerNMP131\OfficeTrackerNMP131.exe" /tn "OfficeTrackerNMP131 HR" /sc HOURLY /rl HIGHEST
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /f /RU "Admin" /tr "C:\ProgramData\OfficeTrackerNMP131\OfficeTrackerNMP131.exe" /tn "OfficeTrackerNMP131 LG" /sc ONLOGON /rl HIGHEST
Network
| Country | Destination | Domain | Proto |
| US | 193.233.132.51:50500 | tcp | |
| US | 193.233.132.51:50500 | tcp | |
| US | 193.233.132.51:50500 | tcp | |
| US | 193.233.132.51:50500 | tcp | |
| US | 193.233.132.51:50500 | tcp | |
| US | 193.233.132.51:50500 | tcp | |
| US | 193.233.132.51:50500 | tcp | |
| US | 193.233.132.51:50500 | tcp |
Files
\Users\Admin\AppData\Local\Temp\IXP000.TMP\oR3ny00.exe
| MD5 | 99c4c19c2a694ce4d7d3e9680f89c18e |
| SHA1 | c55c339eb4ce31a56c5c1a449f3aa5091f61f0e3 |
| SHA256 | ba9ab7212843c980f3b5d4b5c94f07c74da1934a912fae651bf895ca643350b4 |
| SHA512 | c7825faba7a3f0669edd1b11580f4cdc76798e6cafdb430defec4cfd19046bffc2cf11ef4dcd7c7abd6b2c3dafd78b3f643ca36630173ff4d7ed5bb0389ca44e |
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\kj3qv78.exe
| MD5 | 70b58527b249c824f9875d4f8f0147d0 |
| SHA1 | f0bcba476c1f5ed64eb22f5c6513c0387a30ad29 |
| SHA256 | dbc5abab26b610856fa85798f37ee7614a720ea1bdb13081d2b59d1d18527233 |
| SHA512 | 5b56f5c9e634ed612443e4ffd413597cb98677dbf586a9cb1c6be3cc8fd1f022062635090f6182b6bb7add48bf424818cf56a663927a164f6ed611986658e4e3 |
\Users\Admin\AppData\Local\Temp\IXP001.TMP\kj3qv78.exe
| MD5 | b7801da3cada87019ed81bc3cfe3f9c6 |
| SHA1 | 0502bb41a8da7c3914e3e01fc04d61592ad9386f |
| SHA256 | 9b23e54d6490085b1015f01c2336a774fb9656b7a91af948cc9a0caedf42fb39 |
| SHA512 | 1453fbf22fca1c798ac93fb58c9c8b4672f448e26b7e97c02ba7eaaeb898bc70a5ffd13b5e6539f96961eec2bafbeff77066057ba2b37739917b8dab6f9b374b |
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\kj3qv78.exe
| MD5 | bebac7c80929e2199a8365ce4cb55ed1 |
| SHA1 | ba326e48a4e28333e26a0d088fb8f3d24235b471 |
| SHA256 | e850960f8f41565b9cb1513349cccdfc8e79df01ba01734fc01c1a406819d6d6 |
| SHA512 | 542333bf63cc7e2241c64e4469a7bb95288ef88cab3cf528d3a009ea6fb67e8499d020a4d4ffd3d0df32f8264ea8cde24ae4706eebf52cba17b2611ee15e9dea |
\Users\Admin\AppData\Local\Temp\IXP002.TMP\1TY31zg9.exe
| MD5 | a79cb70c3d2d609705f33acbbcb35c2c |
| SHA1 | 26e97f5add1aa2f8069402592d9742b42fbfcf79 |
| SHA256 | 05e7ef10e1a8711030e3906f11c0cf7443f5276dbb372a9c79d23da53727fb23 |
| SHA512 | ed8bdc98ee4c605e65404b08e1dc5367a1b6c4e88da513ef1dc1260dcdd440e20f4540982d113cbddd18dc140c9fe6274ca963377bb60c1ceee59ab2a51e51d8 |
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1TY31zg9.exe
| MD5 | 7da70d49ac37344aebcf885889309d39 |
| SHA1 | 920e3821f659765667550556a88b19053da9833e |
| SHA256 | bc3c528d250a558f8dd8de59d9df4a1f4d189e30abe1a8c075082735522a8643 |
| SHA512 | f72e6701bf3e8bf369a2b856bb3a22b3c397aaf0933fabcff6a3dd3eb74808debe6c4f2e32fe804658b7f32312f008a8ca58983bf8faa4a2b170c20da5afd3e2 |
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1TY31zg9.exe
| MD5 | 74329a977c69f2d6ce5b6fab3371b26c |
| SHA1 | 9d197a2abf2d4e3afea8edd0f8d475baf1da1d9f |
| SHA256 | 1706cb59c685bb1a518e5ee89db75e4c5fef06f1b247a02caf42ce1115f092a2 |
| SHA512 | 69749c13286fa5e140d0ba8cca047aa0e2163c2c4399c340d88ca9cf2e6879ae771d0f81d85cb441667b86850ad12feff730afa3357522c5618c57fb6c382c26 |
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1TY31zg9.exe
| MD5 | 3caea7ac751409c0f52941fa190a0459 |
| SHA1 | 6d7df45bed688eb4e96d675eeedc2199481b25f3 |
| SHA256 | 04dcbeeb50c368ed3d933ec09730380d8206fea2b8b4dd8c1ad32efe93f36e96 |
| SHA512 | 7731bfc9104e8e26cf8eafa283889c6d5d930fe865bcd0647a04e88b28a88c511333a1fdd595d1378aa7def6266cb9ab2c5db5dbcf2d66911493d203b4eb3875 |
\Users\Admin\AppData\Local\Temp\IXP002.TMP\1TY31zg9.exe
| MD5 | 757f906124e8d9130ac16112bc56ab57 |
| SHA1 | c275b6320757abcd436df823e76deab65a530a14 |
| SHA256 | 92fe3df46437679080fb264cfb7b216a120309fef8e578ad3bbbf98363cca5eb |
| SHA512 | 78882acd27aa05b1937dbe6d8488ea6a686bb61c040c8844b06b218f147c149ffa036c098a40cf2a999262eda1bf103d7507d565729b857bb587935047c81b1b |
\Users\Admin\AppData\Local\Temp\IXP002.TMP\1TY31zg9.exe
| MD5 | e473d9b999b9aaeede823633d7345264 |
| SHA1 | f24942074a84f097013aeb9e00a9f1bba0e646a2 |
| SHA256 | 2b2c932fbd5092d5c11cba23b606cad5dc5f5c3af726c5abeece7ccc10479548 |
| SHA512 | 36f587261900eb9807525e290bd57fbb9e62c9520b0310506a946f5a341247d080a5c5b3ed26bdec77d2e106d35c6957eeb74d7a325c6e42ae8d7b017b921f9d |
\Users\Admin\AppData\Local\Temp\IXP001.TMP\kj3qv78.exe
| MD5 | 4a3555ae849c665c0e593a72fb3e9955 |
| SHA1 | 8a306a9f74a332c9a6e3b152d8e62785f594fd0b |
| SHA256 | f059294531d7c9be2a3d2dbbb3d458915d3cfa6bb617dc354c15a14d2a0ce6c5 |
| SHA512 | 61d2080b74c2c74749f70eb60911425b851d02df4f0e55155bde9c6bcd7bca5af7e8838f7a1fc5bef8e7831720479c3d84eb39b6284df290c46f47bf2fe64bd2 |
\Users\Admin\AppData\Local\Temp\IXP000.TMP\oR3ny00.exe
| MD5 | 76e3339741b01e5f9f8f8fcef05f281e |
| SHA1 | 57219ea780b5d9255eb856b095ca565f88304d52 |
| SHA256 | 8f4b4341434b81ec2c403ce1dfd9c1cf2e2959d9c1f42232f96e9bc1fea47edb |
| SHA512 | 46c5ed6430513dbd8fc11e57528373effe3c5a8c99e592c9757433d5c85cb104260a6ba70cd0d2e58a99e7434645a779826ec6986007caa497a6c5632182ac37 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\oR3ny00.exe
| MD5 | 510281aaf6dee7a4249d98bfd25db3eb |
| SHA1 | 12ccd36fa00eac099b1735e7052d540ef71d3afb |
| SHA256 | 04a6515a5af9cbd31b482f2b9c608708d268f0b5c64f3da96891348ca9b9da92 |
| SHA512 | 2d79330af1c0ca047fdf33592a22c990d3908020c3ca616c99ed9fca6378ef9d035511ca41e98bc56c1842d422fab999e11b0219aab6a12b72bbffa5fde57df1 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\oR3ny00.exe
| MD5 | adfb4b4f6304eab7f1bd120029668e5c |
| SHA1 | 3589edd2e54fb7daa0d1b94e53979c08034c25eb |
| SHA256 | 4bbc52bcbea0608d65e4a2dfa2e5b020a39e8774ea03172c6ed811f1592fcd5b |
| SHA512 | b13dd8c2d9d2e46c2138063ef1b048f100bdcaa6d10d6286ff129f00d0fe4c7e79fb64bda565f4833c4aec49219522d7208d384bbe204c5c2612c0618d93bbd4 |
memory/2908-33-0x0000000002700000-0x00000000027CB000-memory.dmp
memory/2908-34-0x0000000002700000-0x00000000027CB000-memory.dmp
memory/2908-35-0x00000000027D0000-0x0000000002965000-memory.dmp
memory/2908-43-0x0000000000400000-0x0000000000908000-memory.dmp
\Users\Admin\AppData\Local\Temp\FANBooster131\FANBooster131.exe
| MD5 | 7c6728a54d6d9d28104c9e63d33ae47a |
| SHA1 | 65d84ef3aa998fc4b446302e25c6434047b7da2c |
| SHA256 | 045a34b8dbbf4eaffa06bab9c944e2d3843b24e73c634642f4cae8828735f9b1 |
| SHA512 | 7519b6f6330292bec84edb49b09d7fc9b16e330f9023a8220596c24c7839f0cec0a45d1c930fde19a3858452fac38290370e3fde35041126a74f01330da41de4 |
memory/2908-51-0x0000000000400000-0x0000000000908000-memory.dmp
memory/2908-52-0x00000000027D0000-0x0000000002965000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2023-12-12 04:48
Reported
2023-12-12 04:51
Platform
win10v2004-20231127-en
Max time kernel
153s
Max time network
156s
Command Line
Signatures
PrivateLoader
RisePro
SmokeLoader
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\oR3ny00.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\kj3qv78.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1TY31zg9.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3nC48Vv.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\4Yg507bR.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6Uu3ED7.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\b382da86a6f436a30fec38e5c87c02608cc9a7f3b0605bf8335f76f6eb94d83b.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\oR3ny00.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup2 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP002.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\kj3qv78.exe | N/A |
AutoIT Executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Detected potential entity reuse from brand paypal.
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1TY31zg9.exe |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\4Yg507bR.exe |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3nC48Vv.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3nC48Vv.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3nC48Vv.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3nC48Vv.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3nC48Vv.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: MapViewOfSection
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3nC48Vv.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of UnmapMainImage
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\b382da86a6f436a30fec38e5c87c02608cc9a7f3b0605bf8335f76f6eb94d83b.exe
"C:\Users\Admin\AppData\Local\Temp\b382da86a6f436a30fec38e5c87c02608cc9a7f3b0605bf8335f76f6eb94d83b.exe"
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\oR3ny00.exe
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\oR3ny00.exe
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\kj3qv78.exe
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\kj3qv78.exe
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1TY31zg9.exe
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1TY31zg9.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 1592 -ip 1592
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1592 -s 632
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3nC48Vv.exe
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3nC48Vv.exe
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\4Yg507bR.exe
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\4Yg507bR.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 4144 -ip 4144
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4144 -s 608
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6Uu3ED7.exe
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6Uu3ED7.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x16c,0x170,0x174,0x148,0x178,0x7fff19b446f8,0x7fff19b44708,0x7fff19b44718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7fff19b446f8,0x7fff19b44708,0x7fff19b44718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7fff19b446f8,0x7fff19b44708,0x7fff19b44718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7fff19b446f8,0x7fff19b44708,0x7fff19b44718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7fff19b446f8,0x7fff19b44708,0x7fff19b44718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7fff19b446f8,0x7fff19b44708,0x7fff19b44718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7fff19b446f8,0x7fff19b44708,0x7fff19b44718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x84,0x16c,0x7fff19b446f8,0x7fff19b44708,0x7fff19b44718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7fff19b446f8,0x7fff19b44708,0x7fff19b44718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7fff19b446f8,0x7fff19b44708,0x7fff19b44718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,5747996681981409494,4554770919684477117,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,8377005773930595084,17738863247681011987,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,5747996681981409494,4554770919684477117,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,8377005773930595084,17738863247681011987,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,10007660865944489708,17464568666789840264,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,10007660865944489708,17464568666789840264,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,1472081695434753538,17157748974154309803,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,1472081695434753538,17157748974154309803,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,839795633518278672,3514023208850757686,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,839795633518278672,3514023208850757686,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,8377005773930595084,17738863247681011987,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1468,18200337598355312956,15234244180633474596,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1468,18200337598355312956,15234244180633474596,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,3762772305351290841,17058082060331673399,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,3762772305351290841,17058082060331673399,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,6134722261490435395,5914231634753445249,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,6134722261490435395,5914231634753445249,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1832,8645596334096709533,5861987586367555021,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1832,8645596334096709533,5861987586367555021,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,8377005773930595084,17738863247681011987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,8377005773930595084,17738863247681011987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2200,12683298696804192781,5739533448483614880,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,12683298696804192781,5739533448483614880,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2204 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,8377005773930595084,17738863247681011987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2912 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,8377005773930595084,17738863247681011987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4076 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,8377005773930595084,17738863247681011987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4016 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,8377005773930595084,17738863247681011987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4396 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,8377005773930595084,17738863247681011987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4632 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,8377005773930595084,17738863247681011987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4936 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,8377005773930595084,17738863247681011987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2464 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,8377005773930595084,17738863247681011987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,8377005773930595084,17738863247681011987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,8377005773930595084,17738863247681011987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6388 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,8377005773930595084,17738863247681011987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6472 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,8377005773930595084,17738863247681011987,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7392 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,8377005773930595084,17738863247681011987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7372 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,8377005773930595084,17738863247681011987,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8668 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,8377005773930595084,17738863247681011987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8644 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,8377005773930595084,17738863247681011987,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9088 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,8377005773930595084,17738863247681011987,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9088 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,8377005773930595084,17738863247681011987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7672 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,8377005773930595084,17738863247681011987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8584 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2148,8377005773930595084,17738863247681011987,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7008 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,8377005773930595084,17738863247681011987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7304 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 85.177.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.53.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.200:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 59.128.231.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | store.steampowered.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 92.123.241.50:443 | store.steampowered.com | tcp |
| BE | 64.233.166.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | www.paypal.com | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 157.240.221.35:443 | www.facebook.com | tcp |
| US | 151.101.1.21:443 | www.paypal.com | tcp |
| GB | 142.250.179.238:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| GB | 104.103.202.103:443 | steamcommunity.com | tcp |
| US | 8.8.8.8:53 | 50.241.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.221.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.166.233.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.epicgames.com | udp |
| US | 8.8.8.8:53 | twitter.com | udp |
| US | 52.2.196.137:443 | www.epicgames.com | tcp |
| US | 104.244.42.193:443 | twitter.com | tcp |
| BE | 64.233.166.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 238.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.202.103.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.196.2.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.10.230.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | abs.twimg.com | udp |
| US | 8.8.8.8:53 | api.twitter.com | udp |
| US | 8.8.8.8:53 | api.x.com | udp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 8.8.8.8:53 | static.ads-twitter.com | udp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 104.18.37.14:443 | api.x.com | tcp |
| US | 104.244.42.66:443 | api.twitter.com | tcp |
| US | 8.8.8.8:53 | pbs.twimg.com | udp |
| US | 8.8.8.8:53 | t.co | udp |
| US | 8.8.8.8:53 | video.twimg.com | udp |
| GB | 151.101.60.157:443 | static.ads-twitter.com | tcp |
| US | 104.244.42.69:443 | t.co | tcp |
| US | 192.229.220.133:443 | video.twimg.com | tcp |
| US | 192.229.233.50:443 | pbs.twimg.com | tcp |
| US | 8.8.8.8:53 | analytics.twitter.com | udp |
| US | 8.8.8.8:53 | 194.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 141.21.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.37.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.60.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.220.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.233.229.192.in-addr.arpa | udp |
| US | 104.244.42.195:443 | analytics.twitter.com | tcp |
| US | 8.8.8.8:53 | 195.42.244.104.in-addr.arpa | udp |
| US | 104.244.42.66:443 | api.twitter.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 217.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | store.akamai.steamstatic.com | udp |
| GB | 104.77.160.200:443 | store.akamai.steamstatic.com | tcp |
| GB | 104.77.160.200:443 | store.akamai.steamstatic.com | tcp |
| GB | 104.77.160.200:443 | store.akamai.steamstatic.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| GB | 96.17.179.205:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | appleid.cdn-apple.com | udp |
| GB | 2.19.148.40:443 | appleid.cdn-apple.com | tcp |
| US | 8.8.8.8:53 | 200.160.77.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.179.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.148.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.200.250.142.in-addr.arpa | udp |
| RU | 81.19.131.34:80 | tcp | |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 216.58.204.68:443 | www.google.com | tcp |
| GB | 142.250.179.238:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | 68.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 142.250.187.246:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | 246.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static.xx.fbcdn.net | udp |
| IE | 163.70.147.23:443 | static.xx.fbcdn.net | tcp |
| IE | 163.70.147.23:443 | static.xx.fbcdn.net | tcp |
| IE | 163.70.147.23:443 | static.xx.fbcdn.net | tcp |
| US | 8.8.8.8:53 | www.paypalobjects.com | udp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 8.8.8.8:53 | 25.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.147.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tracking.epicgames.com | udp |
| US | 8.8.8.8:53 | static-assets-prod.unrealengine.com | udp |
| US | 52.203.233.59:443 | tracking.epicgames.com | tcp |
| GB | 13.224.81.67:443 | static-assets-prod.unrealengine.com | tcp |
| GB | 13.224.81.67:443 | static-assets-prod.unrealengine.com | tcp |
| US | 8.8.8.8:53 | facebook.com | udp |
| IE | 163.70.147.35:443 | facebook.com | tcp |
| US | 8.8.8.8:53 | fbcdn.net | udp |
| IE | 163.70.147.35:443 | fbcdn.net | tcp |
| US | 8.8.8.8:53 | fbsbx.com | udp |
| US | 8.8.8.8:53 | 67.81.224.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.233.203.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.147.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | community.akamai.steamstatic.com | udp |
| GB | 104.77.160.221:443 | community.akamai.steamstatic.com | tcp |
| GB | 104.77.160.221:443 | community.akamai.steamstatic.com | tcp |
| GB | 104.77.160.221:443 | community.akamai.steamstatic.com | tcp |
| US | 8.8.8.8:53 | 221.160.77.104.in-addr.arpa | udp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | tcp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 42.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.recaptcha.net | udp |
| GB | 142.250.200.3:443 | www.recaptcha.net | tcp |
| US | 8.8.8.8:53 | c.paypal.com | udp |
| US | 8.8.8.8:53 | 3.200.250.142.in-addr.arpa | udp |
| GB | 142.250.200.3:443 | www.recaptcha.net | udp |
| US | 192.55.233.1:443 | tcp | |
| RU | 81.19.131.34:80 | tcp | |
| US | 192.55.233.1:443 | tcp | |
| US | 8.8.8.8:53 | t.paypal.com | udp |
| US | 151.101.1.35:443 | t.paypal.com | tcp |
| US | 8.8.8.8:53 | 35.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | b.stats.paypal.com | udp |
| US | 64.4.245.84:443 | b.stats.paypal.com | tcp |
| US | 8.8.8.8:53 | 84.245.4.64.in-addr.arpa | udp |
| FR | 216.58.204.68:443 | www.google.com | udp |
| GB | 104.77.160.200:443 | store.akamai.steamstatic.com | tcp |
| GB | 104.77.160.200:443 | store.akamai.steamstatic.com | tcp |
| GB | 104.77.160.200:443 | store.akamai.steamstatic.com | tcp |
| GB | 104.77.160.221:443 | community.akamai.steamstatic.com | tcp |
| US | 8.8.8.8:53 | dub.stats.paypal.com | udp |
| US | 64.4.245.84:443 | dub.stats.paypal.com | tcp |
| US | 8.8.8.8:53 | c6.paypal.com | udp |
| US | 151.101.1.35:443 | c6.paypal.com | tcp |
| US | 8.8.8.8:53 | login.steampowered.com | udp |
| GB | 104.103.202.103:443 | login.steampowered.com | tcp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sentry.io | udp |
| US | 35.186.247.156:443 | sentry.io | tcp |
| US | 8.8.8.8:53 | 156.247.186.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.steampowered.com | udp |
| GB | 104.103.202.103:443 | api.steampowered.com | tcp |
| GB | 13.224.81.67:443 | static-assets-prod.unrealengine.com | tcp |
| US | 8.8.8.8:53 | talon-website-prod.ecosec.on.epicgames.com | udp |
| US | 104.18.41.136:443 | talon-website-prod.ecosec.on.epicgames.com | tcp |
| US | 8.8.8.8:53 | 136.41.18.104.in-addr.arpa | udp |
| US | 35.186.247.156:443 | sentry.io | udp |
| US | 8.8.8.8:53 | talon-service-prod.ecosec.on.epicgames.com | udp |
| US | 104.18.41.136:443 | talon-service-prod.ecosec.on.epicgames.com | tcp |
| US | 104.18.41.136:443 | talon-service-prod.ecosec.on.epicgames.com | tcp |
| US | 8.8.8.8:53 | js.hcaptcha.com | udp |
| US | 104.19.219.90:443 | js.hcaptcha.com | tcp |
| US | 8.8.8.8:53 | 90.219.19.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | newassets.hcaptcha.com | udp |
| US | 8.8.8.8:53 | api.hcaptcha.com | udp |
| BE | 64.233.166.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | youtube.com | udp |
| GB | 142.250.178.14:443 | youtube.com | tcp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| GB | 142.250.179.234:443 | jnn-pa.googleapis.com | tcp |
| GB | 142.250.179.234:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | 234.179.250.142.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\oR3ny00.exe
| MD5 | aa0463911372af33b434c9d204b15f64 |
| SHA1 | 35c55555c532c2bf7c9759eef5203ef997fc2605 |
| SHA256 | 37242cde1eaddbce780c119e10d981a32bb545213368219e1d92c06bef9aaaa7 |
| SHA512 | 6871d81fcef63a406feed362d56efd24ee638d9a84d0242d6665a63d63234cdd164c50878d76f41623917302a54818f9a8aa722f5e5087bd201dd701b2cbf790 |
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\kj3qv78.exe
| MD5 | 1f11da83022d54f32498aa927af66f9e |
| SHA1 | 96ddd2101b82d98b63d83e8b22709571a5ce6814 |
| SHA256 | 7c0aed8b9c8d11a93ec16b198d2d3ec7de5b143173e1a66a27c412070fdd0e3c |
| SHA512 | 618516734c69fc2cae1270a923993795943667c26b19c6730a2aa6c932de66e0787352926a8e3ec203864d3a630c81576703a5bdcf72dfc9997b2d86fe7c197c |
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1TY31zg9.exe
| MD5 | 34ed5c1d6025faea6589b6ffe8a6cbfe |
| SHA1 | dc4ce914fde07e1498baa71b22641262fdfd75d1 |
| SHA256 | f940673a1d027ad343e8532b4215a4de8ada801bcd9d3ac2f449c8d9ff8d889e |
| SHA512 | 3bd237fe5538c4b7183d025a4d9433a80627dc887fb9117a0a5bbe755e8cec38d85435d67e8b02de21bfba217eae518614bb46eb3bb0fa8ddfc9b137164c4c57 |
memory/1592-22-0x00000000025D0000-0x00000000026A5000-memory.dmp
memory/1592-23-0x00000000026B0000-0x0000000002845000-memory.dmp
memory/1592-24-0x0000000000400000-0x0000000000908000-memory.dmp
memory/1592-26-0x00000000026B0000-0x0000000002845000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3nC48Vv.exe
| MD5 | 3d225e1e30b7ac1a3c50a43a2f015320 |
| SHA1 | 4635f54030341a9077ef1b37409b226a86cc1af1 |
| SHA256 | c7dab0b1f7e3b6114fa016cbf4f4cae3e752cccbd1bc1f0fce734805b20ea753 |
| SHA512 | f7cea178c797284e29dd3b6d72600c9e818d2963dcc7c5cf6e7e38fd13dbfc9cbf65990173216141759fca13b63e236b89d2025dcfceab2602608528cc1411ba |
memory/2944-30-0x0000000000400000-0x000000000040B000-memory.dmp
memory/3364-31-0x0000000000CA0000-0x0000000000CB6000-memory.dmp
memory/2944-33-0x0000000000400000-0x000000000040B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\4Yg507bR.exe
| MD5 | 93e5f80d3c5c8c59b4edd1198db1c727 |
| SHA1 | 9a428a07f42071c2346dfbb4cd6535a6bc2372d1 |
| SHA256 | cd57cce8ebb63ac29ef9da088cf530d325a662b6208df0b67df57c4baebb49fb |
| SHA512 | 462e81fd3c12e3c87db4f3a0d25509780c2d593340307d0a0586eb3b075e2834c00f642840e1a1b47742033c50d270d80d22ba17882886c163d51fff3462d7e1 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6Uu3ED7.exe
| MD5 | 0f51534e350d66ab72f4a32471d28bee |
| SHA1 | 54e47499538c6843dcb7a7e275daa3ccc8a97b6d |
| SHA256 | 5a067b8e370db1819b466087c0af8eec66747a1937c1a331fb929bab5e99532d |
| SHA512 | 7bfe9f2158d2d13eaee3e505aaf2ad9306527c70aa0af25ab60e81f29591d8a62f9c4cf79ae2ebf2606466fe4dcd4940b7dafb9c0a96be8f4499b562b1467a23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 5990c020b2d5158c9e2f12f42d296465 |
| SHA1 | dcb52612d301824d3a7fdfd0ea20c3fcfbb7a1b4 |
| SHA256 | 2f33956ce5a0bb01abb3c0fee9a321c8f8f7abcf1d7535800bf25f1dc44b1643 |
| SHA512 | 9efb70c4922365967c5fa7e89967e21eede96979a149e027099da786cd8b198d4e81bb3bf2b39c8d65a8796c5d72ca79241e66fc69e2502fdec8a0c5f230412c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 208a234643c411e1b919e904ee20115e |
| SHA1 | 400b6e6860953f981bfe4716c345b797ed5b2b5b |
| SHA256 | af80020ae43388bbd3db31c75aade369d489a30a933574dea19163e094d5f458 |
| SHA512 | 2779b96325234c836cbb91820ee332ed56c15b534ec0c7770b322a5c03849ec3ee67b0ec7978e1fab563eeed1cea96f5155d7b942702555d9352ff6711a548d2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 5e68de194b76c113339e8c02b4676379 |
| SHA1 | 0eeb021c17f1f61eda78c65267762fbe37b19315 |
| SHA256 | 1c091b18bc8644a42205f178a76f6149ec2cd5706f188a7cc6be2aa386584c0d |
| SHA512 | 9866b75d88896c6f3fc840afa774bd9d991a78b871cc0aacdd062a507af9f724dcec7023175bc76a7508e763f76fed13571a8d479914ba9d90562d9fa796a8ff |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 470949a02f0956ed1fa78d9db7e2bfed |
| SHA1 | a043a220480e033dd179a1c5416c815dd1ed54d7 |
| SHA256 | 6d1913926bc30facbb8d9602396d0c8f5cb7492b495734073edd45cb9be9037f |
| SHA512 | 89ad839e452f27a6d5e17e6475131d7777d0c54502a7b7f559ba085177be53d2113218bc2f432c0506b419543f24baba3dbc1509c626b0061cf941986369517b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\599664d9-e2a0-42c9-bc55-8a1ca583a010.tmp
| MD5 | 9c93b0b61910c44c603eaa94313887d0 |
| SHA1 | bfca1489037c0a434eef3f62bd678bad0c7ad4c6 |
| SHA256 | 904ad43f9c1dc2d979584cc619d5a4709754bff9eb52ead4a00638f52b0f7a34 |
| SHA512 | f04492c264dc21244b8a88e6854419e1f1407a2e3ce8bcda4df8f0a00bb5b416975921a1fb62d3c1a069b7f618cf272a06d3dc3661cc8f6bfc2e88258036b517 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 89a56ff011844d8d62505e9246755e0b |
| SHA1 | d463b77241b99382903d5516bcd51ee48fc9ee85 |
| SHA256 | 64cffd20f5a887866bbb8ef12146593f65ab4e317c2ca3e588cc1c1e4718ca00 |
| SHA512 | 5ad082cc878670b0dbc64823e37ef941dff0bfbd32b78f230dd19368e76d583bd7c62761d38d47361bdb75bce18a28aba68d07808e0776b205d6ccb567d7b55d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | f12f6be85f9ad2689c797e6b056e91a2 |
| SHA1 | f52403a98d0f1ad9fe711ecd8fa40218972a548a |
| SHA256 | b78636c4057c21c01e0985b71e8e7e783770968e6799d861ae68bcf909c56881 |
| SHA512 | d1588305f3f45771282ce21523599b18ab14736446f695946cda5fc656bf62d6503c44d2ac1ed778900e368369dd2a4b84896251a411d5a06008e652546a2f05 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | b55b14e265b51b70e726b1a00d23d69a |
| SHA1 | ca756fa52ff2c439dcb77dcfe8390e4b8b9bde8f |
| SHA256 | 0d0238eb297c7312ca460eb4a20bcc8914eca1d2f2bd458872c884f339cd319c |
| SHA512 | 2f5a7d03a387b910abe51b165a554f2f7ee79bd0c69875ceeee69dac14f29ff1165994a0f82c4d465709c884d715a5e8a9b5e7b948692903faccf6d467d51d76 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | eef31444bac398929ffc605b1258b70a |
| SHA1 | 0ff3115010a1a81ad3302de790996259ab3019dc |
| SHA256 | 87e4c310568288d3aefec165d8a4bc0db1bbca9ba911a1c5f70eec62fa68c568 |
| SHA512 | 73bc85b8093e453a2a2c149cd9124350e87aaecbd9208d4025c7842c873b00dbcebe3f59a53aef6a203a588303b47ec5c4c0e2cf781f679c49c14b4275f89942 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | b45e4070df3e1f5a8fa6277e84030b25 |
| SHA1 | 19dbcc4f8e69fc9dc76bdeb5e451df7ad5d1222f |
| SHA256 | ae040f89ffc2c21259453d9ad404920dc0afc851bbc963a4bffb47889f5e5af0 |
| SHA512 | f4371d28c150a5b4d7cb21ce739470407dab10ce4e34e21657d7a2c6e5ec68619e8b1ecd22e27dc52975276f5406f84729c17992ddea5e334ab7d7413fd7f5fb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\15d6c9f6-9192-45e6-9547-b06185a5aee2.tmp
| MD5 | 486c15007a2ae84f156b15ed04d8fa8e |
| SHA1 | 94d649edfa4db562fe2f8af7052d1b36cf952ded |
| SHA256 | af7e4c3c009dc24b7467ac3228f262fde17ee9bc65ace2e4dc7ece27a95a19c4 |
| SHA512 | 68a789830b50d7665e40d718d8470d499dc9043449cf5d410d28d8c82f2eadf2a868eca18b27a3a9c625f5fd35a681a1a460420dc157aaa4838dd5e77530bb2a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7482f64180a626a6f77755f8a5d7d020 |
| SHA1 | 7e05fe68f6e7ad401d8e592219c10f54ff448585 |
| SHA256 | 14cbedb35218482a3296eb5939a291fbad771f110a12b53c8e9278c02fe969b5 |
| SHA512 | 39299372c98b364cce45e6cbdf8fa205aa31ff6bec7928a6425cb8d14b31c034ef99213ab87f50a4dbf204ef50db2bc8bd1029b0d8765f3b4eae5f18d6500c6e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 85f9590dce11032aa729808073fb7af3 |
| SHA1 | 287f0b09f38fbe9afce24242d7b200b4ed151464 |
| SHA256 | 2d58612b3b011f013396afd1163059d5207da408532610196f753a74cff367d6 |
| SHA512 | 9ee58003e8734f316aee57e7736b4f341399b9dc1edab28c09b9a800e3a6b7f3d4e41c8353a9f640ec3616935f83befc6baa5ab3e3c830bdd5faae13dfe5a97d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 80ace3be3b9ba7a13d74b82e0f7e410c |
| SHA1 | eab4ca75f58aee2ab7f76d1f439555434023fa82 |
| SHA256 | 29d038090ea791c94bda6d58b5ed8eef65b3d2c87d28f3efc65c895539ad791a |
| SHA512 | cf1409c25043d0b67fb3df6d04f6d6c67c6a399772c74f2350f14947397ba78b0dd3d4a5c365364f0516fb677de732eb8095161a10ce988277edc4e3a4ba367a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | 5a6206a3489650bf4a9c3ce44a428126 |
| SHA1 | 3137a909ef8b098687ec536c57caa1bacc77224b |
| SHA256 | 0a9e623c6df237c02a585539bffb8249de48949c6d074fe0aaf43063731a3e28 |
| SHA512 | 980da83c3142bf08433ec1770a2ec5f5560daf3ee680466f89beae8290e921c0db677489daad055fbc1f196388f8bc4f60e050600381f860b06d330062440a78 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | acb5b784a0d4024430d8fac3f3e6b928 |
| SHA1 | 0409cda88468c02c8becc446394bceef77949e60 |
| SHA256 | 269bb471ea1f6e709aefceeb1e02edcff1dc20562c993850c2d844d7d39dc631 |
| SHA512 | 2e08ef9ebb9b795147952dae9c6b036d599cc532e7d62f500d16af65251309aed79f2798ba022554699d97fa8495f5ac2e0084b541d73530ae0d1297f1d0215d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe594ba5.TMP
| MD5 | 7ce30a4cb6530f9dd9c8365d8d338528 |
| SHA1 | 9f5b53b18567542b073cfd08a606554b6dad9801 |
| SHA256 | 18c5e1484d991bb7e85f17b45b97ff848feeedc4a5956b7ae83c5b11734e366c |
| SHA512 | 74d7eb1ec2cbc8db7be57f50ef022ed7991c7cec9984393dd1f76a16b338d1920553463e3b86d043029453d5584ea665c0650519cac873e9469472bad18deb85 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | ca1b151bac2216a792e92cf131f0f1d5 |
| SHA1 | 996c7d367ee6575dcb9ab387b5df0dc842627575 |
| SHA256 | ca58736d4123f823814e3575b65ede6bb73049b9e5fac33d557a48e63ec98538 |
| SHA512 | 21bfc0732ed5d635a179371fca67c467bfe16b818d011ce19af046590e96f3e1341d930b9581116e71bab8f0b9fea6584646dbdc394973bdd86f05fe051d7468 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022
| MD5 | 923a543cc619ea568f91b723d9fb1ef0 |
| SHA1 | 6f4ade25559645c741d7327c6e16521e43d7e1f9 |
| SHA256 | bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd |
| SHA512 | a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025
| MD5 | 7d75a9eb3b38b5dd04b8a7ce4f1b87cc |
| SHA1 | 68f598c84936c9720c5ffd6685294f5c94000dff |
| SHA256 | 6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7 |
| SHA512 | cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe59555a.TMP
| MD5 | 4d225b6ab2e2d89e00981860ac58fd57 |
| SHA1 | d659ccbdd63a1ef46acea9eb127a665925a60cc6 |
| SHA256 | 29981af3e0cb6eb26a584687c048b3481c7a16be0a6f8f48f272c2f30aa32438 |
| SHA512 | af5389a501f629cd98681bdc59697e692d38d09652b20f2079b610cd7c2cb071c52a777c28dcc10229697092c63866f8ea31798174f86017f7d6d1b41fc6f4fa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 7b018b889613bcbd9c8b51b2872bbf9a |
| SHA1 | bad37d95932602aec979ebb622c2d090d1298d6a |
| SHA256 | 8fffd54879cd35a5305e339d6bf76aba45211a0d92f8a6eb20bc7be8c0383df5 |
| SHA512 | 87761f5db3684caa8526f35f8a3aec8b9a485373433837cb173ad5ba01acae45740fe4f635f862262ac861f0130724de3e7b08b24f1a5e0f63e104c4b7cc8a2d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000056
| MD5 | 909324d9c20060e3e73a7b5ff1f19dd8 |
| SHA1 | feea7790740db1e87419c8f5920859ea0234b76b |
| SHA256 | dfc749d2afefe484d9aa9f8f06d461ad104a0ca9b75b46abfaaddda64a5e9278 |
| SHA512 | b64d2dce1f9a185fbb8a32adc1ff402d8045d379600bf3f9154bbde18303610f18af9fce258442db1e621ecf10b77aafe99cffedfcbe2a1490056c50cc42d0f9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000057
| MD5 | d55250dc737ef207ba326220fff903d1 |
| SHA1 | cbdc4af13a2ca8219d5c0b13d2c091a4234347c6 |
| SHA256 | d3e913618a52fe57ab4320e62a5ace58a699d6bce8187164e198abe3279726fd |
| SHA512 | 13adff61e2cfa25dc535eba9d63209b7e7e9bd29fc4d6c868b057df7f680aa66ef5783a0e82a8367185debf7f6fe5bae89adc0770daff5317d2e16db5ad3ab39 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 23c77d6cdde16ac37f26bc243eb08d21 |
| SHA1 | 1d6d185f47a1fd9ab7e2e1da25465fc6b6fd9fec |
| SHA256 | f85b27fccf01689c63d42124f88ca54aae3a2a9a5ec11fe69e6d8be54636e0f6 |
| SHA512 | a7e1770439d7a0f8aae5a535474efd1bc4e77655353d89f67d3cc7d071299a63828f5ecdef7bb3d64592c51e9fba9d8ba20aeca04155e3fd599562671c8fc2e7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt
| MD5 | a94e418c5aec8df613b546e687507b1d |
| SHA1 | 153efce08b231c3de822dc72af45f063a7872ef4 |
| SHA256 | 815cbeb4ccd394ed6ada6c825987e22afdc880eef1b1fb301bdd334f39ecc363 |
| SHA512 | 2474da8c2ef45fe55e30154318cc9415c2e93677091a1ef6bba896475c8bc1d245b96a14a63cd856e8bbe3b91d7aec114e835e2c7a90a23d7aaf8a0de1cb2947 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005c
| MD5 | b3ba9decc3bb52ed5cca8158e05928a9 |
| SHA1 | 19d045a3fbccbf788a29a4dba443d9ccf5a12fb0 |
| SHA256 | 8bd1b2afcbe2fa046b0937197f1b2f393ef821ff89331f99754b9006f0114df4 |
| SHA512 | 86a86d370e96fa29c0c1d12991c2287936b400830869ff7b5abe4de6f32db2df782b626d724496cd6de27f8cbd32101ba34cbcd4c650ef11afa26bc048d68529 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 784d650421b560297303d60dfed13d73 |
| SHA1 | c11bcd14f146ab3f7b4a4184442c9f146bbf7b19 |
| SHA256 | 7b7e422e24b30338d8462105fa324cda45ada8f6bdce207a13a97f345ebd549c |
| SHA512 | acb8687760d57f0cceeac55317cca37b3e2e0b98d0c48365dd7d16ab9f3d254eee4ea81b17b37188f94f3df18fabe28ef075edf8f25f619377e1c95fed341cb7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 750d5fb7eed736fe78fe91023dd98a46 |
| SHA1 | 92a389f6ccde6654dc16573980579f156bd7e21f |
| SHA256 | 8c2794d8ff0b7b1893a1b701c5a31197c9443d49c3376f9523876e22a186f1ae |
| SHA512 | e8edb3048748dcffff0f93bee6690e4d6274185893fa2016e36ef2ef3eea0cd413ed8b812c285ae095225114dd1d2140f3d200b1bf38bd16d02ff64d5125aa8e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 80e0f1e25fd143d3c23782022443f925 |
| SHA1 | 1eaedcb8f9d88192bd52cbb148c15a60bd9e42ea |
| SHA256 | f56c5556d490dcd0f803c56d4d83148ee8fbacf565b0b90e318d56e1cfb69ef4 |
| SHA512 | 3fe774a30c59f2ae506f219aef0b9eba47ab876ac9ee88467ab6889887c1dae825e1581e8a92dd5d03929603f3a6f090a1c34226c29cffddcc7ba8cd33cc5fe7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 269545f3384d8518d6021d2bcd9d952b |
| SHA1 | aec0ad8dbc0801c546aafe694cef77b013918a2d |
| SHA256 | 9a20b75305e73997c4daddfa043d1c757836286a2e515a60c2b972c6bd286d20 |
| SHA512 | 7f99a0cef282faa4e5aa11aee61fc5372849b0e7847f50a9b3d8205653cbac3ac6abcf6882dbe5ae823e9a618c395abcb756b7c50bc6416723fd10a7c89d2480 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 599ffa169095642bb101299ed6941807 |
| SHA1 | cb6075d883fb8e60fb82cba0d5a41cb6ff618945 |
| SHA256 | 8f61da07b2abb134d601d74fc376a73917324c9248e6d6ca75238eabf2285798 |
| SHA512 | e5d46f7816252ed29d520f1ade43211c93106d1b70313bae281fa3c2728e5c704c2567753acf2e2384338233a7f7a3c6c002494244aa7dbd5862753a919b45c8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | eca280de5d14659aebf8cba2982fd703 |
| SHA1 | 8f8f9843a930282cbaa63240ec69ac21f5d8e51a |
| SHA256 | d3128b30ee61e71f1b4bad4de7dae452870ccef2e283a61070d7ff9cee052481 |
| SHA512 | 625eb12b338a1bb4ebaa89d7fbe723c74e6d67ba4affeb982db110a7369ac3d44ec0a4c42c87cdd5436e82f98ded3cf85591a7b5d2775828bc4ae172c37c7745 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | e5e238484efb65dd018506d8dd827a94 |
| SHA1 | 9bce99b29b6548f59448974dbd7ff413465b282a |
| SHA256 | e4381c1669f14013fd577952bf2e4e85ad3604f4f78105db20fd017c14965f75 |
| SHA512 | 315830e47e95f876ee97ea228b3fa84955fd5373c8abd438cb43bce8534571916df0a505c282cf90d25b3f80b06b78c6385554ea5c8e037a82d17c9ff9ca1b09 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\bae34c61-2bfa-41ff-982d-0bf7e49aed15\index-dir\the-real-index~RFe59d2f6.TMP
| MD5 | 0f4d962b61e8e88a5b828f9c9dc0446f |
| SHA1 | 7fc7b2c48dffcb47865942fcf7e139dbc69b5856 |
| SHA256 | a7771ce2e8d3b368923b505c042e7d30e7351b7fb4047c017c9e70c7b654ae8c |
| SHA512 | c08c34ea01b95b7cd81888fc09556bc0df0aeb5d0c68e20f2baf91112853fa2abbbf55e3a449a9245573165a3168b8c967ace5c390b8af5a846e672f2e8f5b4e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\bae34c61-2bfa-41ff-982d-0bf7e49aed15\index-dir\the-real-index
| MD5 | 181445e5b42ac2331658615661faf669 |
| SHA1 | cd423c8db3ac18c9f9947589dc8100fa64870c27 |
| SHA256 | 973c7594fb05dfa653f712c4f32a3b1a78aa7791118901e780fe8571a95851fb |
| SHA512 | fe472f540739ab0daca6dfa59d1022faaf5fa4d94c6d201847026bc7508ac2eed8f7586e693e89648de9bd56bab6b49e95402f04ede8a1d7dc983dba27c99254 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt
| MD5 | 7393f703adad12b41211cee6ae629d4c |
| SHA1 | 15195edc1f9d7241d207d6e0c754db07a5c1e5aa |
| SHA256 | ec1a587468638e3a2f64728c75688cc604b5f3ba4b5cc73756146af3833f5d59 |
| SHA512 | 1af04d799eea6e311043b94bb3d77827728df505fb55ea6e7eaec7ce3f318d950e5cdc919cad3f13438368f4de208513877cc49c2a1f08d8f7b5a00df11fad05 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | c355b166b57548c838aae9d369e2c25d |
| SHA1 | 894fe112e6714f0b685bec08feb5c8e4fc3d17f7 |
| SHA256 | 85d7d253e65d1beeb55e7847e1ba87f186f5e1755363c22a242317e0ee8e6501 |
| SHA512 | 9dd37ee0079472fd4c51a504dd3478d428ff06c1fe1ccd3848ab91bae128db6077558172e65ea8a66d24d2df49bdbac496848fb69756f193a397d46baa06a669 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4ffb3eb8cfa0bb147c0c3c988204b4ab |
| SHA1 | fb063c44afc15c07c9833707b32b574ee3923a96 |
| SHA256 | f1ef42ad2198d90501b579d26be5fe261f468487438042fee224b2a4092c7403 |
| SHA512 | c60a638a0aa06003d9d4bd0dc16c5b3e6a5da6861d53feb3e90f5784b9933a21cff7aa04425c0ef5055984b6ccd10da97422751ab987d2ad40c6b032daa77afb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 7c43664813e164c5be7f2b504ecb2854 |
| SHA1 | a0c5ff2dae2dad4ecb8a2e590a3dd5ba852f64a0 |
| SHA256 | 906beb320bb234f2cd85dd46f05c7580c4db340c24d03ba2163e3d1dc0b9b262 |
| SHA512 | 49f0830b8064f48ff58c8f4f05edf67149e353092b4360bdc4f95f1cdc3ebe2560d2ec75d42f9df0e6751d9d0ae43b2f183afe1fcc193aab00bcd9e47cf8e79c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | ffd14658db9a623b71ab301c2800994a |
| SHA1 | adda3f294ab87006b8c97b8555698b60469381b4 |
| SHA256 | 410d271eb5a940da959758bafa5e0b5146b7724349026a92b649a06ec5326788 |
| SHA512 | 2514e0bf9b54d3c0ce1dff9da9141e9e079228a31fc1d0a276e9f9b24b392d25f4a4ac69fa4ceffda607f250e8600514b927e1e11063f21057b4f23ce91fe685 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 4227b7a686c964dc9618e4823520d952 |
| SHA1 | 0f53001b4af25f46206c471c305aed410dfa1422 |
| SHA256 | 311f274457fcab190a2c8b0a84b8d97986c372c9e67e0dab0045c9edf6356fba |
| SHA512 | 19b9f5132fe637b9478960568696c8e2e24c68d86fa9a8357722601897f43fa0ed142c44f23845e7fc510bd09f0470b934eb33e8ed43f222991436db2b580480 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | c07405d203bbc58275aa2ae2527405f9 |
| SHA1 | f2608df48d7d8a1c3fc82fd14337386712252d45 |
| SHA256 | efeb153e38cb9033fd51abc50ba0752b2b83ff67a8585e0168d38a592f58953a |
| SHA512 | 2d1edb68bf77521a2fe70e74fedd880ba02cb16f4cffeb8815da90d15b234dcc5e14a778350c6fce3fae1773f414a1b3f938ca492dc0a208b21473ce8303f250 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 8bb12c5e3b41f936ed70a963cbf4dd78 |
| SHA1 | a1beddd301b38f11575bcbb759db3029dd3e9af1 |
| SHA256 | 33a24dc79f2a709c6fbf571743a1d74b2a37594026425092e3e941751c487f3c |
| SHA512 | b40331f4c986d72dda5f169559bcf928160b1ef3038ddc529bf9dbdbe372dfcb73d7c456cad5fd5be8937c97cc8e6331436256076177e77d9c233fc1bd989a25 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 229a0d58ea050fcabaf8bca5f5a7f427 |
| SHA1 | f9af4ccb477f8c868698dc5fc927df3c1cb51384 |
| SHA256 | 0d8c9b1853e3c9ee15132200f7e2bcb11a516b37c11fd3cc7e6c94bdfd5ef0f2 |
| SHA512 | 1c4f8efa6deb8b20d7c3cc947fe64134d100d2210fe9199e87a06d46e4fe93789ac85d7221fe4debd6a9e560c4132157fd360e3fdbfdecd13bf74cb8fb586e71 |