Analysis Overview
SHA256
033ce95b4642598f17181c3cfd35e07532a16fec52375484803b79b62cf9c65d
Threat Level: Known bad
The file 033ce95b4642598f17181c3cfd35e07532a16fec52375484803b79b62cf9c65d was found to be: Known bad.
Malicious Activity Summary
RisePro
SmokeLoader
Detect Lumma Stealer payload V4
Detected Djvu ransomware
PrivateLoader
DcRat
Djvu Ransomware
Lumma Stealer
Downloads MZ/PE file
Modifies file permissions
Drops startup file
Executes dropped EXE
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Deletes itself
Checks computer location settings
Looks up external IP address via web service
Adds Run key to start application
Accesses Microsoft Outlook profiles
Checks installed software on the system
AutoIT Executable
Suspicious use of SetThreadContext
Detected potential entity reuse from brand paypal.
Drops file in System32 directory
Program crash
Enumerates physical storage devices
Unsigned PE
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Creates scheduled task(s)
Suspicious use of UnmapMainImage
Checks SCSI registry key(s)
outlook_win_path
Suspicious use of WriteProcessMemory
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Uses Task Scheduler COM API
outlook_office_path
Suspicious use of SendNotifyMessage
Suspicious use of FindShellTrayWindow
Enumerates system info in registry
Suspicious behavior: MapViewOfSection
Checks processor information in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2023-12-13 01:38
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2023-12-13 01:38
Reported
2023-12-13 01:40
Platform
win10v2004-20231127-en
Max time kernel
150s
Max time network
155s
Command Line
Signatures
DcRat
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\033ce95b4642598f17181c3cfd35e07532a16fec52375484803b79b62cf9c65d.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2013768333-4045878716-2922883000-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SysHelper = "\"C:\\Users\\Admin\\AppData\\Local\\fb6eff3a-e323-4d9f-83d9-03b8ee3ef521\\E521.exe\" --AutoStart" | C:\Users\Admin\AppData\Local\Temp\E521.exe | N/A |
Detect Lumma Stealer payload V4
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Detected Djvu ransomware
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Djvu Ransomware
Lumma Stealer
PrivateLoader
RisePro
SmokeLoader
Downloads MZ/PE file
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-2013768333-4045878716-2922883000-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\E521.exe | N/A |
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FANBooster131.lnk | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2Mg8373.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\E521.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\E521.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\E521.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\E521.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\F5CC.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ja9MQ57.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Um41Rf4.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2Mg8373.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7wd5pG26.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\jeajsia | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\jeajsia | N/A |
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Accesses Microsoft Outlook profiles
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-2013768333-4045878716-2922883000-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2Mg8373.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2013768333-4045878716-2922883000-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2Mg8373.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-2013768333-4045878716-2922883000-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2Mg8373.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2013768333-4045878716-2922883000-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SysHelper = "\"C:\\Users\\Admin\\AppData\\Local\\fb6eff3a-e323-4d9f-83d9-03b8ee3ef521\\E521.exe\" --AutoStart" | C:\Users\Admin\AppData\Local\Temp\E521.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\F5CC.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ja9MQ57.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2013768333-4045878716-2922883000-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MaxLoonaFest131 = "C:\\Users\\Admin\\AppData\\Local\\MaxLoonaFest131\\MaxLoonaFest131.exe" | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2Mg8373.exe | N/A |
Checks installed software on the system
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | api.2ip.ua | N/A | N/A |
| N/A | api.2ip.ua | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
AutoIT Executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Detected potential entity reuse from brand paypal.
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\System32\GroupPolicy | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2Mg8373.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\GroupPolicy\gpt.ini | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2Mg8373.exe | N/A |
| File created | C:\Windows\System32\GroupPolicy\Machine\Registry.pol | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2Mg8373.exe | N/A |
| File opened for modification | C:\Windows\System32\GroupPolicy\GPT.INI | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2Mg8373.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 2488 set thread context of 3860 | N/A | C:\Users\Admin\AppData\Local\Temp\033ce95b4642598f17181c3cfd35e07532a16fec52375484803b79b62cf9c65d.exe | C:\Users\Admin\AppData\Local\Temp\033ce95b4642598f17181c3cfd35e07532a16fec52375484803b79b62cf9c65d.exe |
| PID 1028 set thread context of 8 | N/A | C:\Users\Admin\AppData\Local\Temp\E521.exe | C:\Users\Admin\AppData\Local\Temp\E521.exe |
| PID 4100 set thread context of 1408 | N/A | C:\Users\Admin\AppData\Local\Temp\E521.exe | C:\Users\Admin\AppData\Local\Temp\E521.exe |
| PID 5032 set thread context of 1384 | N/A | C:\Users\Admin\AppData\Roaming\jeajsia | C:\Users\Admin\AppData\Roaming\jeajsia |
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\E521.exe |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2Mg8373.exe |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7wd5pG26.exe |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\033ce95b4642598f17181c3cfd35e07532a16fec52375484803b79b62cf9c65d.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\033ce95b4642598f17181c3cfd35e07532a16fec52375484803b79b62cf9c65d.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\033ce95b4642598f17181c3cfd35e07532a16fec52375484803b79b62cf9c65d.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Roaming\jeajsia | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Roaming\jeajsia | N/A |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Roaming\jeajsia | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2Mg8373.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2Mg8373.exe | N/A |
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\033ce95b4642598f17181c3cfd35e07532a16fec52375484803b79b62cf9c65d.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\033ce95b4642598f17181c3cfd35e07532a16fec52375484803b79b62cf9c65d.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: MapViewOfSection
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\033ce95b4642598f17181c3cfd35e07532a16fec52375484803b79b62cf9c65d.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\jeajsia | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of UnmapMainImage
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
outlook_office_path
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-2013768333-4045878716-2922883000-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2Mg8373.exe | N/A |
outlook_win_path
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-2013768333-4045878716-2922883000-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2Mg8373.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\033ce95b4642598f17181c3cfd35e07532a16fec52375484803b79b62cf9c65d.exe
"C:\Users\Admin\AppData\Local\Temp\033ce95b4642598f17181c3cfd35e07532a16fec52375484803b79b62cf9c65d.exe"
C:\Users\Admin\AppData\Local\Temp\033ce95b4642598f17181c3cfd35e07532a16fec52375484803b79b62cf9c65d.exe
"C:\Users\Admin\AppData\Local\Temp\033ce95b4642598f17181c3cfd35e07532a16fec52375484803b79b62cf9c65d.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\D0EC.bat" "
C:\Windows\system32\reg.exe
reg add "HKEY_CURRENT_USER\Software\clicker\key" /v primary /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\E521.exe
C:\Users\Admin\AppData\Local\Temp\E521.exe
C:\Users\Admin\AppData\Local\Temp\E521.exe
C:\Users\Admin\AppData\Local\Temp\E521.exe
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Users\Admin\AppData\Local\fb6eff3a-e323-4d9f-83d9-03b8ee3ef521" /deny *S-1-1-0:(OI)(CI)(DE,DC)
C:\Users\Admin\AppData\Local\Temp\E521.exe
"C:\Users\Admin\AppData\Local\Temp\E521.exe" --Admin IsNotAutoStart IsNotTask
C:\Users\Admin\AppData\Local\Temp\E521.exe
"C:\Users\Admin\AppData\Local\Temp\E521.exe" --Admin IsNotAutoStart IsNotTask
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 1408 -ip 1408
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1408 -s 568
C:\Users\Admin\AppData\Local\Temp\F5CC.exe
C:\Users\Admin\AppData\Local\Temp\F5CC.exe
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ja9MQ57.exe
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ja9MQ57.exe
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Um41Rf4.exe
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Um41Rf4.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x144,0x174,0x7fff535f46f8,0x7fff535f4708,0x7fff535f4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7fff535f46f8,0x7fff535f4708,0x7fff535f4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x14c,0x170,0x7fff535f46f8,0x7fff535f4708,0x7fff535f4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x14c,0x16c,0x7fff535f46f8,0x7fff535f4708,0x7fff535f4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7fff535f46f8,0x7fff535f4708,0x7fff535f4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7fff535f46f8,0x7fff535f4708,0x7fff535f4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7fff535f46f8,0x7fff535f4708,0x7fff535f4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x144,0x174,0x7fff535f46f8,0x7fff535f4708,0x7fff535f4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,4447946078368859798,6325748589152534130,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1976,12060759296371759813,76880810976692341,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1968,6207617103694942793,7234828070374252782,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,2674167083798641804,15963619099388881450,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,2674167083798641804,15963619099388881450,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,4447946078368859798,6325748589152534130,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2696 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1968,6207617103694942793,7234828070374252782,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1984 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,4447946078368859798,6325748589152534130,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1984,11484408056293323259,16850089396883985186,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2432 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1984,11484408056293323259,16850089396883985186,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1996 /prefetch:2
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,4447946078368859798,6325748589152534130,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2176,17963123020035663457,6369049871419578103,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,17963123020035663457,6369049871419578103,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1976,12060759296371759813,76880810976692341,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7fff535f46f8,0x7fff535f4708,0x7fff535f4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,4447946078368859798,6325748589152534130,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x144,0x174,0x7fff535f46f8,0x7fff535f4708,0x7fff535f4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,4447946078368859798,6325748589152534130,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3668 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,4447946078368859798,6325748589152534130,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4272 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2Mg8373.exe
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2Mg8373.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,4447946078368859798,6325748589152534130,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3920 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,11128717620380130097,8399782826560661502,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,11128717620380130097,8399782826560661502,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /f /RU "Admin" /tr "C:\ProgramData\OfficeTrackerNMP131\OfficeTrackerNMP131.exe" /tn "OfficeTrackerNMP131 HR" /sc HOURLY /rl HIGHEST
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,4447946078368859798,6325748589152534130,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4248 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,4447946078368859798,6325748589152534130,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4600 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,4447946078368859798,6325748589152534130,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4824 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,4447946078368859798,6325748589152534130,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -s WPDBusEnum
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s fhsvc
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /f /RU "Admin" /tr "C:\ProgramData\OfficeTrackerNMP131\OfficeTrackerNMP131.exe" /tn "OfficeTrackerNMP131 LG" /sc ONLOGON /rl HIGHEST
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,4447946078368859798,6325748589152534130,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,4447946078368859798,6325748589152534130,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,4447946078368859798,6325748589152534130,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6492 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,4447946078368859798,6325748589152534130,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6716 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,4447946078368859798,6325748589152534130,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6960 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,4447946078368859798,6325748589152534130,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6928 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,4447946078368859798,6325748589152534130,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7752 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,4447946078368859798,6325748589152534130,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7752 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,4447946078368859798,6325748589152534130,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6872 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,4447946078368859798,6325748589152534130,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7552 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,4447946078368859798,6325748589152534130,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7620 /prefetch:1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 6912 -ip 6912
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6912 -s 1776
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7wd5pG26.exe
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7wd5pG26.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 6568 -ip 6568
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6568 -s 1008
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,4447946078368859798,6325748589152534130,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7336 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2072,4447946078368859798,6325748589152534130,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7344 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,4447946078368859798,6325748589152534130,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8180 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Users\Admin\AppData\Roaming\jeajsia
C:\Users\Admin\AppData\Roaming\jeajsia
C:\Users\Admin\AppData\Roaming\jeajsia
C:\Users\Admin\AppData\Roaming\jeajsia
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 147.177.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.128.231.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | host-file-host6.com | udp |
| US | 8.8.8.8:53 | host-host-file8.com | udp |
| RU | 212.193.52.24:80 | host-host-file8.com | tcp |
| RU | 212.193.52.24:80 | host-host-file8.com | tcp |
| RU | 212.193.52.24:80 | host-host-file8.com | tcp |
| RU | 212.193.52.24:80 | host-host-file8.com | tcp |
| RU | 212.193.52.24:80 | host-host-file8.com | tcp |
| RU | 212.193.52.24:80 | host-host-file8.com | tcp |
| RU | 212.193.52.24:80 | host-host-file8.com | tcp |
| RU | 212.193.52.24:80 | host-host-file8.com | tcp |
| US | 8.8.8.8:53 | 24.52.193.212.in-addr.arpa | udp |
| RU | 212.193.52.24:80 | host-host-file8.com | tcp |
| RU | 212.193.52.24:80 | host-host-file8.com | tcp |
| RU | 212.193.52.24:80 | host-host-file8.com | tcp |
| RU | 212.193.52.24:80 | host-host-file8.com | tcp |
| RU | 212.193.52.24:80 | host-host-file8.com | tcp |
| RU | 212.193.52.24:80 | host-host-file8.com | tcp |
| RU | 212.193.52.24:80 | host-host-file8.com | tcp |
| US | 8.8.8.8:53 | brusuax.com | udp |
| BA | 109.175.29.39:80 | brusuax.com | tcp |
| US | 8.8.8.8:53 | 39.29.175.109.in-addr.arpa | udp |
| RU | 212.193.52.24:80 | host-host-file8.com | tcp |
| RU | 212.193.52.24:80 | host-host-file8.com | tcp |
| RU | 212.193.52.24:80 | host-host-file8.com | tcp |
| RU | 212.193.52.24:80 | host-host-file8.com | tcp |
| RU | 212.193.52.24:80 | host-host-file8.com | tcp |
| RU | 212.193.52.24:80 | host-host-file8.com | tcp |
| RU | 212.193.52.24:80 | host-host-file8.com | tcp |
| US | 8.8.8.8:53 | api.2ip.ua | udp |
| US | 104.21.65.24:443 | api.2ip.ua | tcp |
| US | 8.8.8.8:53 | transfer.sh | udp |
| DE | 144.76.136.153:443 | transfer.sh | tcp |
| RU | 212.193.52.24:80 | host-host-file8.com | tcp |
| US | 8.8.8.8:53 | 24.65.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.136.76.144.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| RU | 212.193.52.24:80 | host-host-file8.com | tcp |
| RU | 212.193.52.24:80 | host-host-file8.com | tcp |
| RU | 212.193.52.24:80 | host-host-file8.com | tcp |
| RU | 212.193.52.24:80 | host-host-file8.com | tcp |
| RU | 212.193.52.24:80 | host-host-file8.com | tcp |
| RU | 212.193.52.24:80 | host-host-file8.com | tcp |
| RU | 212.193.52.24:80 | host-host-file8.com | tcp |
| RU | 109.107.182.45:80 | 109.107.182.45 | tcp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 45.182.107.109.in-addr.arpa | udp |
| RU | 212.193.52.24:80 | host-host-file8.com | tcp |
| US | 8.8.8.8:53 | 217.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | store.steampowered.com | udp |
| BE | 74.125.71.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 92.123.241.50:443 | store.steampowered.com | tcp |
| GB | 157.240.221.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | www.paypal.com | udp |
| US | 8.8.8.8:53 | 84.71.125.74.in-addr.arpa | udp |
| US | 151.101.1.21:443 | www.paypal.com | tcp |
| US | 8.8.8.8:53 | twitter.com | udp |
| US | 104.244.42.193:443 | twitter.com | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| GB | 142.250.200.46:443 | www.youtube.com | tcp |
| GB | 104.103.202.103:443 | steamcommunity.com | tcp |
| US | 8.8.8.8:53 | www.epicgames.com | udp |
| US | 18.210.105.79:443 | www.epicgames.com | tcp |
| BE | 74.125.71.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 50.241.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.221.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 46.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.202.103.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.105.210.18.in-addr.arpa | udp |
| US | 193.233.132.51:50500 | tcp | |
| US | 8.8.8.8:53 | 94.95.9.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.132.233.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static.xx.fbcdn.net | udp |
| GB | 142.250.200.46:443 | www.youtube.com | udp |
| IE | 163.70.147.23:443 | static.xx.fbcdn.net | tcp |
| IE | 163.70.147.23:443 | static.xx.fbcdn.net | tcp |
| IE | 163.70.147.23:443 | static.xx.fbcdn.net | tcp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 216.58.213.22:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | ipinfo.io | udp |
| US | 34.117.59.81:443 | ipinfo.io | tcp |
| US | 8.8.8.8:53 | 23.147.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.59.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 216.58.204.68:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | abs.twimg.com | udp |
| US | 8.8.8.8:53 | api.x.com | udp |
| US | 8.8.8.8:53 | api.twitter.com | udp |
| US | 104.244.42.130:443 | api.twitter.com | tcp |
| US | 8.8.8.8:53 | video.twimg.com | udp |
| US | 104.18.37.14:443 | api.x.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 8.8.8.8:53 | t.co | udp |
| US | 8.8.8.8:53 | pbs.twimg.com | udp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| GB | 151.101.60.158:443 | video.twimg.com | tcp |
| US | 192.229.233.50:443 | pbs.twimg.com | tcp |
| US | 104.244.42.5:443 | t.co | tcp |
| US | 8.8.8.8:53 | tracking.epicgames.com | udp |
| US | 8.8.8.8:53 | static-assets-prod.unrealengine.com | udp |
| US | 54.87.226.161:443 | tracking.epicgames.com | tcp |
| CZ | 65.9.95.66:443 | static-assets-prod.unrealengine.com | tcp |
| CZ | 65.9.95.66:443 | static-assets-prod.unrealengine.com | tcp |
| US | 8.8.8.8:53 | community.akamai.steamstatic.com | udp |
| GB | 104.77.160.220:443 | community.akamai.steamstatic.com | tcp |
| GB | 104.77.160.220:443 | community.akamai.steamstatic.com | tcp |
| GB | 104.77.160.220:443 | community.akamai.steamstatic.com | tcp |
| US | 8.8.8.8:53 | www.paypalobjects.com | udp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 8.8.8.8:53 | 68.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.37.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 141.21.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.60.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.233.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.95.9.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 220.160.77.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.226.87.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | store.akamai.steamstatic.com | udp |
| GB | 104.77.160.220:443 | store.akamai.steamstatic.com | tcp |
| GB | 104.77.160.220:443 | store.akamai.steamstatic.com | tcp |
| GB | 104.77.160.220:443 | store.akamai.steamstatic.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 8.8.8.8:53 | facebook.com | udp |
| IE | 163.70.147.35:443 | facebook.com | tcp |
| US | 8.8.8.8:53 | fbcdn.net | udp |
| IE | 163.70.147.35:443 | fbcdn.net | tcp |
| US | 8.8.8.8:53 | 35.147.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | fbsbx.com | udp |
| US | 8.8.8.8:53 | c.paypal.com | udp |
| US | 192.55.233.1:443 | tcp | |
| US | 8.8.8.8:53 | soupinterestoe.fun | udp |
| US | 8.8.8.8:53 | www.recaptcha.net | udp |
| US | 172.67.221.65:80 | soupinterestoe.fun | tcp |
| GB | 142.250.200.3:443 | www.recaptcha.net | tcp |
| US | 192.55.233.1:443 | tcp | |
| US | 8.8.8.8:53 | dayfarrichjwclik.fun | udp |
| US | 8.8.8.8:53 | 3.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.221.67.172.in-addr.arpa | udp |
| GB | 104.77.160.220:443 | store.akamai.steamstatic.com | tcp |
| GB | 104.77.160.220:443 | store.akamai.steamstatic.com | tcp |
| US | 104.21.80.57:80 | dayfarrichjwclik.fun | tcp |
| GB | 104.77.160.220:443 | store.akamai.steamstatic.com | tcp |
| US | 8.8.8.8:53 | t.paypal.com | udp |
| US | 151.101.1.35:443 | t.paypal.com | tcp |
| US | 8.8.8.8:53 | neighborhoodfeelsa.fun | udp |
| US | 172.67.143.130:80 | neighborhoodfeelsa.fun | tcp |
| GB | 104.77.160.220:443 | store.akamai.steamstatic.com | tcp |
| GB | 104.77.160.220:443 | store.akamai.steamstatic.com | tcp |
| GB | 104.77.160.220:443 | store.akamai.steamstatic.com | tcp |
| US | 8.8.8.8:53 | diagramfiremonkeyowwa.fun | udp |
| US | 172.67.183.217:80 | diagramfiremonkeyowwa.fun | tcp |
| US | 8.8.8.8:53 | b.stats.paypal.com | udp |
| US | 64.4.245.84:443 | b.stats.paypal.com | tcp |
| US | 8.8.8.8:53 | login.steampowered.com | udp |
| GB | 104.103.202.103:443 | login.steampowered.com | tcp |
| GB | 142.250.200.3:443 | www.recaptcha.net | udp |
| US | 172.67.161.55:80 | ratefacilityframw.fun | tcp |
| US | 8.8.8.8:53 | 57.80.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.143.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.183.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.245.4.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | reviveincapablewew.pw | udp |
| US | 8.8.8.8:53 | cakecoldsplurgrewe.pw | udp |
| US | 8.8.8.8:53 | opposesicknessopw.pw | udp |
| US | 8.8.8.8:53 | politefrightenpowoa.pw | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | tcp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 55.161.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 238.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dub.stats.paypal.com | udp |
| US | 64.4.245.84:443 | dub.stats.paypal.com | tcp |
| GB | 104.103.202.103:443 | login.steampowered.com | tcp |
| US | 8.8.8.8:53 | sentry.io | udp |
| US | 35.186.247.156:443 | sentry.io | tcp |
| US | 8.8.8.8:53 | c6.paypal.com | udp |
| US | 151.101.1.35:443 | c6.paypal.com | tcp |
| US | 8.8.8.8:53 | 156.247.186.35.in-addr.arpa | udp |
| CZ | 65.9.95.66:443 | static-assets-prod.unrealengine.com | tcp |
| US | 104.244.42.130:443 | api.twitter.com | tcp |
| US | 104.244.42.130:443 | api.twitter.com | tcp |
| US | 8.8.8.8:53 | talon-website-prod.ecosec.on.epicgames.com | udp |
| US | 104.18.41.136:443 | talon-website-prod.ecosec.on.epicgames.com | tcp |
| US | 35.186.247.156:443 | sentry.io | udp |
| US | 8.8.8.8:53 | 136.41.18.104.in-addr.arpa | udp |
| FR | 216.58.204.68:443 | www.google.com | udp |
| US | 8.8.8.8:53 | talon-service-prod.ecosec.on.epicgames.com | udp |
| US | 172.64.146.120:443 | talon-service-prod.ecosec.on.epicgames.com | tcp |
| US | 172.64.146.120:443 | talon-service-prod.ecosec.on.epicgames.com | tcp |
| US | 172.64.146.120:443 | talon-service-prod.ecosec.on.epicgames.com | tcp |
| US | 8.8.8.8:53 | js.hcaptcha.com | udp |
| US | 104.19.219.90:443 | js.hcaptcha.com | tcp |
| US | 8.8.8.8:53 | 120.146.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.219.19.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | rr3---sn-q4flrn7y.googlevideo.com | udp |
| US | 209.85.165.136:443 | rr3---sn-q4flrn7y.googlevideo.com | tcp |
| US | 209.85.165.136:443 | rr3---sn-q4flrn7y.googlevideo.com | tcp |
| US | 209.85.165.136:443 | rr3---sn-q4flrn7y.googlevideo.com | tcp |
| US | 209.85.165.136:443 | rr3---sn-q4flrn7y.googlevideo.com | tcp |
| US | 8.8.8.8:53 | newassets.hcaptcha.com | udp |
| US | 8.8.8.8:53 | 136.165.85.209.in-addr.arpa | udp |
| US | 209.85.165.136:443 | rr3---sn-q4flrn7y.googlevideo.com | tcp |
| US | 209.85.165.136:443 | rr3---sn-q4flrn7y.googlevideo.com | tcp |
| US | 8.8.8.8:53 | api.hcaptcha.com | udp |
| US | 8.8.8.8:53 | 173.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | youtube.com | udp |
| GB | 142.250.178.14:443 | youtube.com | tcp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| BE | 74.125.71.84:443 | accounts.google.com | udp |
Files
memory/2488-1-0x0000000000A80000-0x0000000000B80000-memory.dmp
memory/2488-2-0x00000000009C0000-0x00000000009C9000-memory.dmp
memory/3860-3-0x0000000000400000-0x0000000000409000-memory.dmp
memory/3860-4-0x0000000000400000-0x0000000000409000-memory.dmp
memory/3860-6-0x0000000000400000-0x0000000000409000-memory.dmp
memory/1972-5-0x0000000002CA0000-0x0000000002CB6000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\D0EC.bat
| MD5 | 55cc761bf3429324e5a0095cab002113 |
| SHA1 | 2cc1ef4542a4e92d4158ab3978425d517fafd16d |
| SHA256 | d6cceb3c71b80403364bf142f2fa4624ee0be36a49bac25ed45a497cf1ce9c3a |
| SHA512 | 33f9f5cad22d291077787c7df510806e4ac31f453d288712595af6debe579fabed6cdf4662e46e6fa94de135b161e739f55cfae05c36c87af85ed6a6ad1c9155 |
C:\Users\Admin\AppData\Local\Temp\E521.exe
| MD5 | d6709cc2adb09d6ff003d52ece25c894 |
| SHA1 | 1f5b110ab3549efac240ff309bbcb934c26a072a |
| SHA256 | fb5c249e2a353691a022f786fabcdc80037824e1f018ddb01d2a5f68c62e2167 |
| SHA512 | 9501a3818f7e478f546438582a654592bc2c541cdb7d1b54dfb931672a6da74b5e0c3b6a9ee5080dd604762bdb7be3222c931223acc7c79c51b3b06ea72e002d |
memory/1028-23-0x0000000002560000-0x00000000025FB000-memory.dmp
memory/8-22-0x0000000000400000-0x0000000000537000-memory.dmp
memory/1028-24-0x0000000002600000-0x000000000271B000-memory.dmp
memory/8-26-0x0000000000400000-0x0000000000537000-memory.dmp
memory/8-27-0x0000000000400000-0x0000000000537000-memory.dmp
memory/8-28-0x0000000000400000-0x0000000000537000-memory.dmp
memory/8-39-0x0000000000400000-0x0000000000537000-memory.dmp
memory/4100-41-0x0000000002460000-0x00000000024F4000-memory.dmp
memory/1408-44-0x0000000000400000-0x0000000000537000-memory.dmp
memory/1408-45-0x0000000000400000-0x0000000000537000-memory.dmp
memory/1408-47-0x0000000000400000-0x0000000000537000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\F5CC.exe
| MD5 | 7f2f5a15034c540ea8e93d89465f4afb |
| SHA1 | 6f09c036c6bd48f68cc96899442c3105c8c9427f |
| SHA256 | 63affcd7bd9f4ec501f0c51e1b544cfb4f9ff324bbb6712eb31d5847d850f82e |
| SHA512 | 5ae0c8f8c07b853611569e78bfda61cc740b9104a6417ce2f5b03b0d4fc4f201a73f2f8ea3c50e38ca035a791b8a51ad612e3d2dc3d17b91f7587ba22ecf2e83 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ja9MQ57.exe
| MD5 | b054796f03233e6e94d4c4c1febace44 |
| SHA1 | a42cca353c5b35175473fc94f2a657e7b3d66547 |
| SHA256 | 1282cecf79b7f71630a17af04c7aec43a86c5014db19290d4bbfbf16627032e4 |
| SHA512 | 3ffc08f32aca33635f0bf0df668d9a9c47db3ae2d990a3d36aea56da40402c8267f188ec66b47c652174aed1a4ac56bbefbc6d835d3b6ee99341c7559b08083b |
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1Um41Rf4.exe
| MD5 | 5bbc7a3d49619274f68255308fd8f041 |
| SHA1 | 1c3ff2468cf6122c1754df2c6f61a1fc76c535f1 |
| SHA256 | e88fd25b815bd13ef3b9403cc6cca2121b480266685a3eb91f3176e9973e7086 |
| SHA512 | f5fe13448cde9c07c8cc0b15eee36d3dc0ed6da035867b78e8ff0dc0ddd5adc0a60f58e11226fc0bdfdbcb76734a36b3600d514fbfa3881763feac110700251f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | d94c59e136e2bc795637c1c05e315e35 |
| SHA1 | 0ec32d5c51c34e9215b5390e7aa4add173310f01 |
| SHA256 | ad71bfe2069efebb4ca211ae6ec21473fc1b43dd3269b8523c5b67da6edcb41f |
| SHA512 | 57a5c50bd9e87b20200ecbd18ed2bd7712a46fcb9f5ce3d3aecdb768bcfa52d5025f9fd40523015414aeac3e8c94c9ab1caa6ae006dc4e9e7ab58c92607ffd6c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 890585f0e978711e84e103f4e737e1b8 |
| SHA1 | 12b9a7b4a1a016c8a0d4458f389135ed23574e27 |
| SHA256 | c83ee823a77974192ee702a6b550e28046fe4f60798e471e7b5b75c1f623c092 |
| SHA512 | 246b774837bfb5c3f158024986fb040419974c7a8c1e6f6875e713760385084b32cfa294a5195598e7968632d1e2e4f553545f6d084cb4e5204a868aabdc0297 |
\??\pipe\LOCAL\crashpad_3172_AYLXNOXMBOFDLCAJ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | e9fa9d5ff344fe84929953ea8f1ac89e |
| SHA1 | ce42cc307f9483b22658fe43842937aad6ef82d7 |
| SHA256 | 4df540d9338a2af44fc263ca1ba3c93140adb34925b3452f278c3088776da8e7 |
| SHA512 | 82267d72f15f9e9b6968b09973385573fb7b3a59bd8ee206deb354e9d69802bdc63e9d4113b56bf57ef871a2418c2f65495349d3383a3b0b5dea2cd7af1129bb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 656ec6232aaf288f4eddbb1bf63fce69 |
| SHA1 | d1576f8188370243d4bce8400492f9a5b3f5cc94 |
| SHA256 | 143e02dc9e027aaecf073d2bfe4d1e0067427fcf9b259539283334680f4203bd |
| SHA512 | 41268e355f146d70fc7b2ab1fd4358d3f0f5ac4a7c971e78a35d63a5ea492e4f0cafe45a1bd44941a2b8047c1ca50fc1e4c13eea8732710734a60b67a233ebba |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 577fbb1605de6f9d707b1536af15c754 |
| SHA1 | 4c147bb938e1a8028862f02e4e122025672957eb |
| SHA256 | 9e91a304a6152e74f396aa23ece934648b8d809c82606ab94ea4c0dbdc6a94c4 |
| SHA512 | a1c3a488f497dde78157b698b3e613d2d8bf70544437b299cdba7443c976f0b528b6cb8a1f4cbab3e6ca5c1e10d43e64bdd87ad7eed8dfa62eabff5061c5ac99 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 23e72bf8971dd9b4ba6f021692077a91 |
| SHA1 | 6c73cb21e424370fed7d606f7b6c054bfacf5ae7 |
| SHA256 | 976ece6f125316f931717cfb465a3c6f9b24c11acaa699465e97a10f402a4ae4 |
| SHA512 | 17811eb145dfba3983dc0e3f6d67495264ea99b511162d6b49195df657a1fe22d1e4b7dfce810c319aeb0f5e530f28e644fb826340dac3d1624f9d99fd470799 |
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2Mg8373.exe
| MD5 | f8e7488fd4ced59d6eb387447bc37430 |
| SHA1 | 560ed0a592273875ae66a93efd611f76a9da7ee7 |
| SHA256 | 30d11b5bd1ed2f376bb2c6dd47299a54702bf9cfdfc0d32e5f50c1adf83ae347 |
| SHA512 | 0e7445eb71a24e10c13a706189cc972d9d590bbd456f27b4008243161868fc6b0e86fd8fadf42f61502aa913f39e2a3fedb7de236b80a2bff05378b7ade6cdb2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | c7027d2efa4ea21c0dd20943dd348cb7 |
| SHA1 | 00a4ad7f06ced9848a94f5bd86822cd64a983ecc |
| SHA256 | 1a2435cd5be7c4ad76c644ce94d4e58405a8bba0827660f26353e011f52045ae |
| SHA512 | f9dee2f8ab5dbbc14aef56bf3b82bb83279b169adc245531b706cd2e2748cb04d2f4b7271393ad8b0b8910214cd27f0795fe8fd6d02a621e8408be060140dd6b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | bc38313c6d639f99d39598e62e7fdfb0 |
| SHA1 | f8d795d751f70b3f8c840bcbbe0bdea1bbdd917b |
| SHA256 | f2a45da7571d7a085a8700457793c9200c8abead97a4a9ccc4f180390b3be0bd |
| SHA512 | 72b220b394d079d5b5c5ca5aed5ffdce11000952cd6489b303c44b517ac5ee8b95cfa33b2d888c65ba032d384c708fccfd2ba3354a2f866c1303d0a1e7835462 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0719789823ef9256750f63a1e124a0cf |
| SHA1 | a9e237fdc33d798a1e7810d1025a0c333def4645 |
| SHA256 | 37fe9a37425159834944f6d82e44ab02e952d830664eb5ab0ba1ace2cbd378d2 |
| SHA512 | 6a1df034341855a29c3174b3b58b0b5a6b37a823ff791f1feef9ce214fdd6666700b926498ce38d0322904641f838ef8cdd0a8a1d87795270e4d0f96ea5b3676 |
C:\Users\Admin\AppData\Local\Temp\posterBox2fJQ8maZ0O5as\QdX9ITDLyCRBWeb Data
| MD5 | 250f6cee6a8be4a85cd0d78b8f9ac854 |
| SHA1 | 48a5be711abe88c0efb7204f6c792e67a99d390a |
| SHA256 | 21e090219937792f360789c94785cf969cf22fb9e2ae145dec419dc4beab1321 |
| SHA512 | 4685c2cbc34566879e5c494f1433996ce9541e048a87036876d0ec426a02a13af6ed606575306522def4dd19a3fcc34b95335f492b21960b28e8f12be82a35b7 |
C:\Users\Admin\AppData\Local\Temp\posterBox2fJQ8maZ0O5as\ZunTSaNJLBVfWeb Data
| MD5 | f70aa3fa04f0536280f872ad17973c3d |
| SHA1 | 50a7b889329a92de1b272d0ecf5fce87395d3123 |
| SHA256 | 8d782aa65de6db3538a14da82216e96d5e0a3c60496726e3541a8165bccc65f8 |
| SHA512 | 30675c5c610d9aa32a4c4a4d9c3af7570823cd197f8d2a709222c78e2cd15304bbed80e233e3674ec2f6e33d1961c67fd6a46dc8ba8b1a301cd0722932c03c84 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002
| MD5 | 6dfb28a6390f63171f06e77ea2e7465a |
| SHA1 | 415dbb91566f810a83c3c6efa2e4dd2c4084c276 |
| SHA256 | 3cfe4ed506d1ee431d75dfab4e2f1ada2fd30e8d7664061d9fd706b3ed9c4b98 |
| SHA512 | 333b19faaa15c61ee44793bb4c2222663070ebf6463fb85115f561bba0abff09ab8a88f5dcad8f31ccc496b42930d137c865515c78ecb0a0adf994d64354ba56 |
C:\Users\Admin\AppData\Local\Temp\grandUIA2fJQ8maZ0O5as\information.txt
| MD5 | b94646328963be28d6d5b63eb794b54a |
| SHA1 | a8164ffd45821c98a8ba013e7bf7310d75878d9b |
| SHA256 | f68ff6d25f66fd0dfdfa10cdcfb49080004bcd4a0bc9e7bf67e2f86100958c61 |
| SHA512 | 48e00a3b59b0cce50e5f5272227875d52665fd924f54808f281bbcb2f5ae7e16aec07986270d2606fe72e9e69e8c922c8863cc9c85be01f29bdc9b72fd1e8e7a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 5d32164d49a7709d8cfaeb8501d0b984 |
| SHA1 | 5a64294dc1c27930d38136efe69d5efd57638e7d |
| SHA256 | 0f9863874575911062a65a838487704194c66a45c231539e3560acb81b8d1923 |
| SHA512 | c24cd42c01345bac6853922d6cc6aeb42f05af002572ddcf83910912072892842263c07d8e8ebf1b860d3fbeedb707de996029e1997ef535d44d5bbc98ebe75d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001
| MD5 | 923a543cc619ea568f91b723d9fb1ef0 |
| SHA1 | 6f4ade25559645c741d7327c6e16521e43d7e1f9 |
| SHA256 | bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd |
| SHA512 | a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003
| MD5 | 7d75a9eb3b38b5dd04b8a7ce4f1b87cc |
| SHA1 | 68f598c84936c9720c5ffd6685294f5c94000dff |
| SHA256 | 6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7 |
| SHA512 | cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004
| MD5 | 909324d9c20060e3e73a7b5ff1f19dd8 |
| SHA1 | feea7790740db1e87419c8f5920859ea0234b76b |
| SHA256 | dfc749d2afefe484d9aa9f8f06d461ad104a0ca9b75b46abfaaddda64a5e9278 |
| SHA512 | b64d2dce1f9a185fbb8a32adc1ff402d8045d379600bf3f9154bbde18303610f18af9fce258442db1e621ecf10b77aafe99cffedfcbe2a1490056c50cc42d0f9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005
| MD5 | d55250dc737ef207ba326220fff903d1 |
| SHA1 | cbdc4af13a2ca8219d5c0b13d2c091a4234347c6 |
| SHA256 | d3e913618a52fe57ab4320e62a5ace58a699d6bce8187164e198abe3279726fd |
| SHA512 | 13adff61e2cfa25dc535eba9d63209b7e7e9bd29fc4d6c868b057df7f680aa66ef5783a0e82a8367185debf7f6fe5bae89adc0770daff5317d2e16db5ad3ab39 |
memory/6568-612-0x0000000000AF0000-0x0000000000BF0000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c94a8b4b8c59008153ce4e7982ec790e |
| SHA1 | 85d1b363873ac4f48b4a7a13e3ce86a28620fe14 |
| SHA256 | 279a384996e8f8716fb5871fb29a8b9094b43dd7990e97196186ab139c55ca5e |
| SHA512 | 651611456db121be3f82f8b324e2cf7d21be1d0e4d3ec64c9f727a38903f0efdb843f8df6eb781c240081d6cd614c73bc948f22535bfe41b571b2324d5e2eb0e |
memory/6568-622-0x0000000000A30000-0x0000000000AAC000-memory.dmp
memory/6568-623-0x0000000000400000-0x0000000000892000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | a553ed37741112dae933596a86226276 |
| SHA1 | 74ab5b15036f657a40a159863fa901421e36d4fa |
| SHA256 | ec16b2f20ead3d276f672ae72533fcc24833c7bcfd08e82abf8c582e1bed5e87 |
| SHA512 | 25d263aeeda0384b709e1c4ec3f6dba5cfcb8577e026d66846c2045b543f6446439b946163b1ea8f7e53cc6ebf38c93172452bd43e2560b42b56c4d13625e107 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
memory/6568-730-0x0000000000400000-0x0000000000892000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5284b178d04d28994c7d80ae9664c8d5 |
| SHA1 | cfcfaf9ad8c82f2bc5439846734bf5100ddadac5 |
| SHA256 | 8b4f8da2991a12a017787e187d50694cb8c42c9794f2d612dde335cb16ce5ec7 |
| SHA512 | e6f8aff7d4fae8f07b3b6b6958e65321253c803a20bf5fe143f22fea474ed041dffd17b52aa1a345858c4c6ab64aca02af42f9cc5e2a0743ce5fa6b4eb77ef26 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000055
| MD5 | b3ba9decc3bb52ed5cca8158e05928a9 |
| SHA1 | 19d045a3fbccbf788a29a4dba443d9ccf5a12fb0 |
| SHA256 | 8bd1b2afcbe2fa046b0937197f1b2f393ef821ff89331f99754b9006f0114df4 |
| SHA512 | 86a86d370e96fa29c0c1d12991c2287936b400830869ff7b5abe4de6f32db2df782b626d724496cd6de27f8cbd32101ba34cbcd4c650ef11afa26bc048d68529 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58585c.TMP
| MD5 | b5c00f786dc49f5b7cebda44bb148bb7 |
| SHA1 | 9518dcb18e157e535e734c96b646832ca536b5ff |
| SHA256 | 2f4e0c59cd250a7c3af033ddef504f0a5d4fdd3fa1b8585c5cfa8b9ac58e994c |
| SHA512 | b569446dd19e4a36fae575c3c6a90c5cf54ae3a414a1de9fdd54168b04b2d12e74341bb57c017703e85d00cc5ed23c84e36a26fca4e861c7de2154807981ba71 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 00fdbfb4a4cb2780cb8aba55f8e07559 |
| SHA1 | e43d6411a7496c230cdd85cf306dcdf3d5803c6f |
| SHA256 | 53c871bdfaedc529abc0a11b22ea0dbe64109ef9d5161b0a51384f64355dbd20 |
| SHA512 | e854b4f72c333e864d5c46acde8a5c8694ebb10500b67ce5933ecb813b87cedbe87ac86f09173cd4e8d7abf9d11204b5fb224e48c1146f26d0723c14b9a2f2f3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt
| MD5 | 4a8e1e6abe9358705420e7a0863ff104 |
| SHA1 | d6173f385c7d6698d7272807a080483c23df53f9 |
| SHA256 | fa84c467cbbfe515c56c06739cc1bb8dc077bfde1d19d29b314bbb0a8cf85801 |
| SHA512 | f36f6777fec1da4c73433afeaf653e77cc8d691e422595e2025cf001d42d9e08622751104ad931768360117ef6c2d1b312bb28b9544996d953153cf2c9a90cff |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 7353e64fff7002db8f8e6efbf2fd839b |
| SHA1 | 614083398005b107ebbc2f0b86d941c457f4f205 |
| SHA256 | 08e863c52de8936ee9f5e6330c6c4b730f9cde37ee04decf42701cbb7e71f491 |
| SHA512 | d319fad09fef945708e22c92a7e2b11386a2e6eb8dc0c1b2890e7bbecb3dc3377cf92dbe6e44507e9886db6169a1512fa8f035cf42631819ec5c814947ed6569 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 83448bff2881daf159b2fcf73359043a |
| SHA1 | 304aec4dc6e73a1fd02e765cc4fc3f0ea42b9c43 |
| SHA256 | 5c52d87a3bed46d687f8759c9a4046e617a486b17eda89b01a0097e7e83a9dd5 |
| SHA512 | 82772eaeb56f96e8dcf7a412cef62cced819ff7e20e85de29c416140adc82fc4b1a328230a938f7fbfbe4794866b92da670004eefd74f80e008d8b49a73c618c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 48517b961a9c11fd997e09587d90d017 |
| SHA1 | 731ac50e6d69bd88f3859df93e47f9a8d0306a8c |
| SHA256 | 84c0723092762cb9691d72a28d586f5fed40297310d196090304cbf3af21287c |
| SHA512 | 99948d806faa663414dd76ff719bf0b85e2b2b457e21a5f768888b352892e0c26e993f22c426e22354ea6a1fdeba184612f30c7cbaf721d41bd66f38f7a90183 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | a60605039a9d0987e0ac849ca24f8e5c |
| SHA1 | c640a91ea4495a4b2304188592fd6e91084e482b |
| SHA256 | 4941d3e5a1e39a409f45da7ebbc772c968031f5e57dc233f0569017b6066f9da |
| SHA512 | a3e89c1a7272fe93421a6252bebec638c7621efd91aee0697c228c32d30e523de4cdcae3ca3a9da023ec72f64b83b97098ae8e4b877ff9acc8498756b8d43ca5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 5b0193e501fffb82dfe10af5f91c3da8 |
| SHA1 | 47004af98f01962523fe14114760329b0d3d270b |
| SHA256 | 56b50c365d6ffbb2fa38728ae0f0a9081203acaf169fe7b1ed1eabe1ddbde181 |
| SHA512 | a09651404915fa50aac4af550ed7431613350e35d9f1aca78c97e9fd94263c7a8bba66250c448b435b78807d6945efda8396dcf794250218c8bf6da5e53eeecd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 0b682cc72d2a4593a123326b1f41f19b |
| SHA1 | e31d37915837e3d2e528e993f58e1d21c69ac0ce |
| SHA256 | 82b231bebce2cb08faa3a311c30cc94a457cab52331878da22bef08100a210aa |
| SHA512 | 91b61330b4c9cbc7ca7e154db800d36c0a99a6b0948985ad083b0a5987e7f4f64c914392496b47fc4f55ee9e29a5697a40e4f6859f9821023148b841515686fd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58bdae.TMP
| MD5 | 0102f91fd47f89935a9e1aa400e79063 |
| SHA1 | 1e7ea22f49dfc5407115e7c78df9fd227deb5301 |
| SHA256 | d754f07e9d70d8d4192450f3174efae3db35db94a8c5ddc1f81d4c7e178a8438 |
| SHA512 | 63c0fd93bf9529748038e1e678f17e2b2fa2ee95edf36ae3f9ecc0ad63aa89ec70e4fbe56413beeaa3fedc8812507e425587a5435dd46ca33d3f61181cd17ac6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | ac269e52c3dc37c07319fd4a1eaa35ef |
| SHA1 | 48525d573738c4aeeb83e2d95b19f205b55f3737 |
| SHA256 | 34e27153fb715be91c4ae508d63d2e04b24f102f6edc734a57a610cb58e7b7f2 |
| SHA512 | 40f72a256f091390676ba00fcd01db9d317a8fa932992abaa1e8024b70981898b767723b7327425d7d5ffaef93bfef9bff4cc8cd5489a0b519a8f2fdece55191 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | a758de16c454ca9375d8011350b73ff6 |
| SHA1 | 0569bbaddc2f717f092cf0fa679de1257d0e55ca |
| SHA256 | 101937a2102d61c0f1e2164af11ae6ab786cce34da4b57777a41776b86f7f065 |
| SHA512 | 78b7ba6f6b19f54cc1b4136cda007e678280bcaac94300e146f7a2f09e8c1ffaec282afa1a4495ed178b867df8bd9c03f2cf6855fa4994ffe80aa79d74e29616 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\7d2117e0-5c33-44a9-b340-6f72122396a1\index-dir\the-real-index~RFe58ff1c.TMP
| MD5 | de850f42202d8d554069303feb9df4bf |
| SHA1 | e3a4a87f9665ada2bfa19d501325e0e4c416add5 |
| SHA256 | 5fe028467d2e4e69a52adea643ae50be5508d892bbdf9c71cf97b8976f86558f |
| SHA512 | 98e62bb28a8c59be75a5830022c3e3861e6f3f5ed386024654203a08cb37aa58e8b20fe66c5ed54c744e1f3810d335d1c40a5d738af9ea8628dedf2f19acdc37 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\7d2117e0-5c33-44a9-b340-6f72122396a1\index-dir\the-real-index
| MD5 | 5bb9ee68d0630d57e71dc442733b7c1f |
| SHA1 | e2b286ecc7e41676c7c43889d83c718397ac697b |
| SHA256 | ab64f39a68873e644660eeb4ec85c1b6d720628c9b50b52948bd5263608b87fa |
| SHA512 | 58d5272059e5dda1fdb8eb58d497ab2755b7b9be9d1bf47a14c468015423eaf42acc3b0f2341965e9f6a53117e0ab24a2665a481ceded89afe498fa5c209600c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt
| MD5 | 7dc066fa29f679680268b35e4d05fcef |
| SHA1 | 94ddb711a21448e5dd2c94ed579164a002fbdd11 |
| SHA256 | 435b619b01d474cfa4f1eb5d480f83d7b9e3f1957228cbe7ea5da3ccf2be4fc4 |
| SHA512 | 03a06d213220398e26b7480a9c9044e6997f311b8d6b3faeb385d25dc90188c5fc0ebaf9b6d55c3c969663e85007b0d89513d7af254706d0b06ab790af75d159 |
memory/5032-2223-0x0000000000BB0000-0x0000000000CB0000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 29c476ab7da02504b998c0f58cecf991 |
| SHA1 | a631bdced62d69689f1fd9400cd9c069beec9df7 |
| SHA256 | c0c24c46e29d600916c1c96d662792b368650990054f0ea6fb5361c3a1c535dd |
| SHA512 | d87d00d583f6b393d8e743317ce2f52726624c1681c37cc3fe8a05fea48e0b16914244fde7e452a9664d9a0a6bf0ec59007d430dcfd36bf0209ccdcbe756bea5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 359d12209bf3dc9176a6a860d4ef3448 |
| SHA1 | 12c7f202465849f15069bb34779af46eb25417c6 |
| SHA256 | 79b45840d03ab11d76e112f60e2d74d976fd3b99b354d6fb90432015b0598ce2 |
| SHA512 | bb808d2416ca7c44ebfb238b81b0dce99eb3ffe8f13a0fb5caf7fb6e9586a07883e6e148556c35cc8f6a3dad2bfd998fee254c5cad57d2e19aeb4d31d1000c3b |
memory/1972-2251-0x0000000000D20000-0x0000000000D36000-memory.dmp
memory/1384-2254-0x0000000000400000-0x0000000000409000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 133696c9bddf12fe1fcffa45d733dfa1 |
| SHA1 | 8d7d0a87babdb8a1e7afdea8488c4433205f39a2 |
| SHA256 | 1f6722d549ec5c0f6e4de626c36e47799972ba5a2d22225368aa64662a5e4ade |
| SHA512 | ceeb48f03de7113bef5fee4ef910c041df64a1a98aeb3a0ccb4516199be74e79d49e8cac897eadd7cbe9ad15b112698602de4dc478c4513ec9d9d10077d00acc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | ae6e7ce5d2cad99a9c6d199990c72b7a |
| SHA1 | 1809ebc66c9f8b41e48c29d767e18a8a6cbaf326 |
| SHA256 | 66ca4c6d49f56f93a5c990f123f43b4ca52f77e7fd728b341e1a0d1002ac90a0 |
| SHA512 | 6209de45df40368e1dff1b9bcbb50f70b4a7c4510a483728eb0027add81c2e260790693add1ec568021c7c52cc0ab8bc1102570ba4a7eef8b6cfd6b03d213ffd |