Analysis Overview
SHA256
297923a6eaeca84d054a263d3a9c13cb3fbaf5704f714d308bde0fc7a4630c5c
Threat Level: Known bad
The file 297923a6eaeca84d054a263d3a9c13cb3fbaf5704f714d308bde0fc7a4630c5c was found to be: Known bad.
Malicious Activity Summary
Lumma Stealer
Djvu Ransomware
Detect Lumma Stealer payload V4
Detected Djvu ransomware
SmokeLoader
PrivateLoader
RisePro
Downloads MZ/PE file
Executes dropped EXE
Checks computer location settings
Modifies file permissions
Deletes itself
Looks up external IP address via web service
Adds Run key to start application
Suspicious use of SetThreadContext
Detected potential entity reuse from brand paypal.
AutoIT Executable
Unsigned PE
Enumerates physical storage devices
Program crash
Suspicious use of FindShellTrayWindow
Uses Task Scheduler COM API
Suspicious use of WriteProcessMemory
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Enumerates system info in registry
Suspicious behavior: MapViewOfSection
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
Checks SCSI registry key(s)
Suspicious use of UnmapMainImage
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2023-12-13 00:59
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2023-12-13 00:59
Reported
2023-12-13 01:02
Platform
win10v2004-20231127-en
Max time kernel
151s
Max time network
154s
Command Line
Signatures
Detect Lumma Stealer payload V4
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Detected Djvu ransomware
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Djvu Ransomware
Lumma Stealer
PrivateLoader
RisePro
SmokeLoader
Downloads MZ/PE file
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\DA02.exe | N/A |
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\BF44.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\BF44.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\DA02.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\DA02.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\E916.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\DA02.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Iq1AE80.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1OS23mY7.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\DA02.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2HZ4149.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7wy9dn57.exe | N/A |
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3635043082-2972811465-3176142135-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SysHelper = "\"C:\\Users\\Admin\\AppData\\Local\\7b76c731-e2f8-4360-b332-250d588ac8e6\\DA02.exe\" --AutoStart" | C:\Users\Admin\AppData\Local\Temp\DA02.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\E916.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Iq1AE80.exe | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | api.2ip.ua | N/A | N/A |
| N/A | api.2ip.ua | N/A | N/A |
AutoIT Executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Detected potential entity reuse from brand paypal.
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 1020 set thread context of 968 | N/A | C:\Users\Admin\AppData\Local\Temp\297923a6eaeca84d054a263d3a9c13cb3fbaf5704f714d308bde0fc7a4630c5c.exe | C:\Users\Admin\AppData\Local\Temp\297923a6eaeca84d054a263d3a9c13cb3fbaf5704f714d308bde0fc7a4630c5c.exe |
| PID 2148 set thread context of 4316 | N/A | C:\Users\Admin\AppData\Local\Temp\BF44.exe | C:\Users\Admin\AppData\Local\Temp\BF44.exe |
| PID 2972 set thread context of 448 | N/A | C:\Users\Admin\AppData\Local\Temp\DA02.exe | C:\Users\Admin\AppData\Local\Temp\DA02.exe |
| PID 3300 set thread context of 332 | N/A | C:\Users\Admin\AppData\Local\Temp\DA02.exe | C:\Users\Admin\AppData\Local\Temp\DA02.exe |
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\DA02.exe |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2HZ4149.exe |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7wy9dn57.exe |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\BF44.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\297923a6eaeca84d054a263d3a9c13cb3fbaf5704f714d308bde0fc7a4630c5c.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\297923a6eaeca84d054a263d3a9c13cb3fbaf5704f714d308bde0fc7a4630c5c.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\297923a6eaeca84d054a263d3a9c13cb3fbaf5704f714d308bde0fc7a4630c5c.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\BF44.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\BF44.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\297923a6eaeca84d054a263d3a9c13cb3fbaf5704f714d308bde0fc7a4630c5c.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\297923a6eaeca84d054a263d3a9c13cb3fbaf5704f714d308bde0fc7a4630c5c.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: MapViewOfSection
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\297923a6eaeca84d054a263d3a9c13cb3fbaf5704f714d308bde0fc7a4630c5c.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\BF44.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of UnmapMainImage
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\297923a6eaeca84d054a263d3a9c13cb3fbaf5704f714d308bde0fc7a4630c5c.exe
"C:\Users\Admin\AppData\Local\Temp\297923a6eaeca84d054a263d3a9c13cb3fbaf5704f714d308bde0fc7a4630c5c.exe"
C:\Users\Admin\AppData\Local\Temp\297923a6eaeca84d054a263d3a9c13cb3fbaf5704f714d308bde0fc7a4630c5c.exe
"C:\Users\Admin\AppData\Local\Temp\297923a6eaeca84d054a263d3a9c13cb3fbaf5704f714d308bde0fc7a4630c5c.exe"
C:\Users\Admin\AppData\Local\Temp\BF44.exe
C:\Users\Admin\AppData\Local\Temp\BF44.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\C0FA.bat" "
C:\Users\Admin\AppData\Local\Temp\BF44.exe
C:\Users\Admin\AppData\Local\Temp\BF44.exe
C:\Windows\system32\reg.exe
reg add "HKEY_CURRENT_USER\Software\clicker\key" /v primary /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\DA02.exe
C:\Users\Admin\AppData\Local\Temp\DA02.exe
C:\Users\Admin\AppData\Local\Temp\DA02.exe
C:\Users\Admin\AppData\Local\Temp\DA02.exe
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Users\Admin\AppData\Local\7b76c731-e2f8-4360-b332-250d588ac8e6" /deny *S-1-1-0:(OI)(CI)(DE,DC)
C:\Users\Admin\AppData\Local\Temp\DA02.exe
"C:\Users\Admin\AppData\Local\Temp\DA02.exe" --Admin IsNotAutoStart IsNotTask
C:\Users\Admin\AppData\Local\Temp\E916.exe
C:\Users\Admin\AppData\Local\Temp\E916.exe
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Iq1AE80.exe
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Iq1AE80.exe
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1OS23mY7.exe
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1OS23mY7.exe
C:\Users\Admin\AppData\Local\Temp\DA02.exe
"C:\Users\Admin\AppData\Local\Temp\DA02.exe" --Admin IsNotAutoStart IsNotTask
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 332 -ip 332
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 332 -s 568
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffa68d346f8,0x7ffa68d34708,0x7ffa68d34718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffa68d346f8,0x7ffa68d34708,0x7ffa68d34718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffa68d346f8,0x7ffa68d34708,0x7ffa68d34718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffa68d346f8,0x7ffa68d34708,0x7ffa68d34718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffa68d346f8,0x7ffa68d34708,0x7ffa68d34718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffa68d346f8,0x7ffa68d34708,0x7ffa68d34718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x144,0x174,0x7ffa68d346f8,0x7ffa68d34708,0x7ffa68d34718
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2HZ4149.exe
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2HZ4149.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffa68d346f8,0x7ffa68d34708,0x7ffa68d34718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffa68d346f8,0x7ffa68d34708,0x7ffa68d34718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffa68d346f8,0x7ffa68d34708,0x7ffa68d34718
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 580 -ip 580
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 580 -s 608
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,386507143544789730,5275539499887533885,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,386507143544789730,5275539499887533885,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,9821743955718188683,8468007104775057954,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,9821743955718188683,8468007104775057954,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,10041447288144819264,12926289205335157227,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,10041447288144819264,12926289205335157227,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,12861396895993012810,6394902687146296616,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2184,13220586906538514228,4839550063503867304,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,12861396895993012810,6394902687146296616,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,13220586906538514228,4839550063503867304,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2248 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,11091751712428208524,3604646306338391314,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,11091751712428208524,3604646306338391314,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,2810821930316809750,670636326491933245,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,2810821930316809750,670636326491933245,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,1113568457323006451,3838666670911242353,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,1113568457323006451,3838666670911242353,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2184,13220586906538514228,4839550063503867304,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2944 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,17936942394051835509,11062044747780198102,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1828,18431670393529450911,7214000163077376023,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,17936942394051835509,11062044747780198102,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1828,18431670393529450911,7214000163077376023,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,13220586906538514228,4839550063503867304,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,13220586906538514228,4839550063503867304,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7wy9dn57.exe
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7wy9dn57.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,13220586906538514228,4839550063503867304,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3836 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,13220586906538514228,4839550063503867304,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4040 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,13220586906538514228,4839550063503867304,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4196 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,13220586906538514228,4839550063503867304,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4232 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,13220586906538514228,4839550063503867304,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4584 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,13220586906538514228,4839550063503867304,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4736 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,13220586906538514228,4839550063503867304,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,13220586906538514228,4839550063503867304,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,13220586906538514228,4839550063503867304,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,13220586906538514228,4839550063503867304,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6440 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,13220586906538514228,4839550063503867304,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6580 /prefetch:1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 384 -p 7900 -ip 7900
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7900 -s 608
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,13220586906538514228,4839550063503867304,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7152 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,13220586906538514228,4839550063503867304,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7796 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,13220586906538514228,4839550063503867304,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7776 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,13220586906538514228,4839550063503867304,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8580 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,13220586906538514228,4839550063503867304,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8580 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,13220586906538514228,4839550063503867304,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,13220586906538514228,4839550063503867304,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6724 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,13220586906538514228,4839550063503867304,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8112 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,13220586906538514228,4839550063503867304,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7456 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2184,13220586906538514228,4839550063503867304,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5556 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 16.53.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.194.73.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.200:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 59.128.231.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 2.136.104.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | host-file-host6.com | udp |
| US | 8.8.8.8:53 | host-host-file8.com | udp |
| RU | 212.193.52.24:80 | host-host-file8.com | tcp |
| RU | 212.193.52.24:80 | host-host-file8.com | tcp |
| US | 8.8.8.8:53 | galandskiyher5.com | udp |
| US | 8.8.8.8:53 | 24.52.193.212.in-addr.arpa | udp |
| RU | 212.193.52.24:80 | galandskiyher5.com | tcp |
| RU | 212.193.52.24:80 | galandskiyher5.com | tcp |
| RU | 212.193.52.24:80 | galandskiyher5.com | tcp |
| RU | 212.193.52.24:80 | galandskiyher5.com | tcp |
| RU | 212.193.52.24:80 | galandskiyher5.com | tcp |
| RU | 212.193.52.24:80 | galandskiyher5.com | tcp |
| RU | 212.193.52.24:80 | galandskiyher5.com | tcp |
| RU | 212.193.52.24:80 | galandskiyher5.com | tcp |
| RU | 212.193.52.24:80 | galandskiyher5.com | tcp |
| RU | 212.193.52.24:80 | galandskiyher5.com | tcp |
| RU | 212.193.52.24:80 | galandskiyher5.com | tcp |
| RU | 212.193.52.24:80 | galandskiyher5.com | tcp |
| RU | 212.193.52.24:80 | galandskiyher5.com | tcp |
| RU | 212.193.52.24:80 | galandskiyher5.com | tcp |
| RU | 212.193.52.24:80 | galandskiyher5.com | tcp |
| US | 8.8.8.8:53 | brusuax.com | udp |
| KR | 211.53.230.67:80 | brusuax.com | tcp |
| US | 8.8.8.8:53 | 67.230.53.211.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.134.221.88.in-addr.arpa | udp |
| RU | 212.193.52.24:80 | galandskiyher5.com | tcp |
| RU | 212.193.52.24:80 | galandskiyher5.com | tcp |
| RU | 212.193.52.24:80 | galandskiyher5.com | tcp |
| RU | 212.193.52.24:80 | galandskiyher5.com | tcp |
| RU | 212.193.52.24:80 | galandskiyher5.com | tcp |
| RU | 212.193.52.24:80 | galandskiyher5.com | tcp |
| RU | 212.193.52.24:80 | galandskiyher5.com | tcp |
| US | 8.8.8.8:53 | transfer.sh | udp |
| DE | 144.76.136.153:443 | transfer.sh | tcp |
| RU | 212.193.52.24:80 | galandskiyher5.com | tcp |
| RU | 212.193.52.24:80 | galandskiyher5.com | tcp |
| RU | 212.193.52.24:80 | galandskiyher5.com | tcp |
| US | 8.8.8.8:53 | api.2ip.ua | udp |
| US | 104.21.65.24:443 | api.2ip.ua | tcp |
| RU | 212.193.52.24:80 | galandskiyher5.com | tcp |
| RU | 212.193.52.24:80 | galandskiyher5.com | tcp |
| RU | 212.193.52.24:80 | galandskiyher5.com | tcp |
| RU | 212.193.52.24:80 | galandskiyher5.com | tcp |
| US | 8.8.8.8:53 | 153.136.76.144.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 24.65.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| RU | 212.193.52.24:80 | galandskiyher5.com | tcp |
| RU | 109.107.182.45:80 | 109.107.182.45 | tcp |
| RU | 212.193.52.24:80 | galandskiyher5.com | tcp |
| US | 8.8.8.8:53 | 45.182.107.109.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | twitter.com | udp |
| IE | 163.70.147.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 104.244.42.193:443 | twitter.com | tcp |
| BE | 74.125.71.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| US | 8.8.8.8:53 | 35.147.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.71.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 104.103.202.103:443 | steamcommunity.com | tcp |
| US | 8.8.8.8:53 | www.paypal.com | udp |
| GB | 172.217.16.238:443 | www.youtube.com | tcp |
| US | 151.101.1.21:443 | www.paypal.com | tcp |
| US | 8.8.8.8:53 | store.steampowered.com | udp |
| US | 8.8.8.8:53 | 103.202.103.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | soupinterestoe.fun | udp |
| US | 8.8.8.8:53 | www.epicgames.com | udp |
| US | 92.123.241.50:443 | store.steampowered.com | tcp |
| US | 3.88.245.197:443 | www.epicgames.com | tcp |
| US | 172.67.221.65:80 | soupinterestoe.fun | tcp |
| US | 8.8.8.8:53 | dayfarrichjwclik.fun | udp |
| US | 172.67.174.181:80 | dayfarrichjwclik.fun | tcp |
| BE | 74.125.71.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | neighborhoodfeelsa.fun | udp |
| US | 172.67.143.130:80 | neighborhoodfeelsa.fun | tcp |
| US | 8.8.8.8:53 | 238.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.241.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.245.88.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.221.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 181.174.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.95.9.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | diagramfiremonkeyowwa.fun | udp |
| US | 104.21.18.224:80 | diagramfiremonkeyowwa.fun | tcp |
| US | 8.8.8.8:53 | tracking.epicgames.com | udp |
| US | 8.8.8.8:53 | static-assets-prod.unrealengine.com | udp |
| US | 8.8.8.8:53 | ratefacilityframw.fun | udp |
| US | 52.203.233.59:443 | tracking.epicgames.com | tcp |
| CZ | 65.9.95.66:443 | static-assets-prod.unrealengine.com | tcp |
| CZ | 65.9.95.66:443 | static-assets-prod.unrealengine.com | tcp |
| US | 104.21.74.182:80 | ratefacilityframw.fun | tcp |
| US | 8.8.8.8:53 | 130.143.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 224.18.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.95.9.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 182.74.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | reviveincapablewew.pw | udp |
| US | 8.8.8.8:53 | cakecoldsplurgrewe.pw | udp |
| US | 8.8.8.8:53 | opposesicknessopw.pw | udp |
| US | 8.8.8.8:53 | politefrightenpowoa.pw | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 59.233.203.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | sentry.io | udp |
| US | 35.186.247.156:443 | sentry.io | tcp |
| US | 8.8.8.8:53 | 156.247.186.35.in-addr.arpa | udp |
| CZ | 65.9.95.66:443 | static-assets-prod.unrealengine.com | tcp |
| US | 8.8.8.8:53 | talon-website-prod.ecosec.on.epicgames.com | udp |
| US | 172.64.146.120:443 | talon-website-prod.ecosec.on.epicgames.com | tcp |
| US | 35.186.247.156:443 | sentry.io | udp |
| US | 8.8.8.8:53 | 120.146.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | talon-service-prod.ecosec.on.epicgames.com | udp |
| US | 172.64.146.120:443 | talon-service-prod.ecosec.on.epicgames.com | tcp |
| US | 172.64.146.120:443 | talon-service-prod.ecosec.on.epicgames.com | tcp |
| US | 8.8.8.8:53 | js.hcaptcha.com | udp |
| US | 104.19.218.90:443 | js.hcaptcha.com | tcp |
| US | 8.8.8.8:53 | newassets.hcaptcha.com | udp |
| US | 8.8.8.8:53 | 90.218.19.104.in-addr.arpa | udp |
| GB | 172.217.16.238:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 216.58.213.22:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | static.xx.fbcdn.net | udp |
| IE | 163.70.147.23:443 | static.xx.fbcdn.net | tcp |
| IE | 163.70.147.23:443 | static.xx.fbcdn.net | tcp |
| IE | 163.70.147.23:443 | static.xx.fbcdn.net | tcp |
| US | 8.8.8.8:53 | 22.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.147.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | community.akamai.steamstatic.com | udp |
| GB | 104.77.160.221:443 | community.akamai.steamstatic.com | tcp |
| GB | 104.77.160.221:443 | community.akamai.steamstatic.com | tcp |
| GB | 104.77.160.221:443 | community.akamai.steamstatic.com | tcp |
| US | 8.8.8.8:53 | api.twitter.com | udp |
| US | 8.8.8.8:53 | abs.twimg.com | udp |
| US | 8.8.8.8:53 | api.x.com | udp |
| US | 104.244.42.194:443 | api.twitter.com | tcp |
| US | 8.8.8.8:53 | video.twimg.com | udp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 8.8.8.8:53 | t.co | udp |
| US | 172.64.150.242:443 | api.x.com | tcp |
| US | 8.8.8.8:53 | pbs.twimg.com | udp |
| US | 192.229.220.133:443 | video.twimg.com | tcp |
| US | 104.244.42.69:443 | t.co | tcp |
| GB | 199.232.56.159:443 | pbs.twimg.com | tcp |
| US | 8.8.8.8:53 | 194.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 141.21.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 242.150.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 221.160.77.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 159.56.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.220.229.192.in-addr.arpa | udp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 8.8.8.8:53 | store.akamai.steamstatic.com | udp |
| GB | 104.77.160.200:443 | store.akamai.steamstatic.com | tcp |
| GB | 104.77.160.200:443 | store.akamai.steamstatic.com | tcp |
| GB | 104.77.160.200:443 | store.akamai.steamstatic.com | tcp |
| US | 8.8.8.8:53 | 200.160.77.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.paypalobjects.com | udp |
| US | 151.101.2.133:443 | www.paypalobjects.com | tcp |
| US | 151.101.2.133:443 | www.paypalobjects.com | tcp |
| US | 151.101.2.133:443 | www.paypalobjects.com | tcp |
| US | 8.8.8.8:53 | 133.2.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | facebook.com | udp |
| US | 8.8.8.8:53 | api2.hcaptcha.com | udp |
| US | 151.101.2.133:443 | www.paypalobjects.com | tcp |
| US | 8.8.8.8:53 | fbcdn.net | udp |
| IE | 163.70.147.35:443 | fbcdn.net | tcp |
| US | 8.8.8.8:53 | fbsbx.com | udp |
| US | 8.8.8.8:53 | c.paypal.com | udp |
| US | 8.8.8.8:53 | www.recaptcha.net | udp |
| GB | 142.250.200.3:443 | www.recaptcha.net | tcp |
| US | 8.8.8.8:53 | 3.200.250.142.in-addr.arpa | udp |
| GB | 104.77.160.221:443 | community.akamai.steamstatic.com | tcp |
| GB | 104.77.160.221:443 | community.akamai.steamstatic.com | tcp |
| GB | 104.77.160.221:443 | community.akamai.steamstatic.com | tcp |
| GB | 142.250.200.3:443 | www.recaptcha.net | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| US | 192.55.233.1:443 | tcp | |
| US | 8.8.8.8:53 | t.paypal.com | udp |
| US | 192.229.221.25:443 | t.paypal.com | tcp |
| US | 192.55.233.1:443 | tcp | |
| US | 8.8.8.8:53 | 25.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 216.58.204.68:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 68.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | tcp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| FR | 216.58.204.68:443 | www.google.com | udp |
| US | 8.8.8.8:53 | login.steampowered.com | udp |
| GB | 104.103.202.103:443 | login.steampowered.com | tcp |
| US | 8.8.8.8:53 | 238.179.250.142.in-addr.arpa | udp |
| GB | 104.77.160.200:443 | store.akamai.steamstatic.com | tcp |
| GB | 104.77.160.200:443 | store.akamai.steamstatic.com | tcp |
| GB | 104.77.160.200:443 | store.akamai.steamstatic.com | tcp |
| US | 8.8.8.8:53 | b.stats.paypal.com | udp |
| US | 64.4.245.84:443 | b.stats.paypal.com | tcp |
| US | 8.8.8.8:53 | 84.245.4.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dub.stats.paypal.com | udp |
| US | 64.4.245.84:443 | dub.stats.paypal.com | tcp |
| US | 8.8.8.8:53 | c6.paypal.com | udp |
| US | 151.101.1.35:443 | c6.paypal.com | tcp |
| US | 8.8.8.8:53 | api.steampowered.com | udp |
| GB | 104.103.202.103:443 | api.steampowered.com | tcp |
| US | 8.8.8.8:53 | 35.1.101.151.in-addr.arpa | udp |
| US | 104.244.42.194:443 | api.twitter.com | tcp |
| BE | 74.125.71.84:443 | accounts.google.com | udp |
| BE | 74.125.71.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 8.179.89.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | youtube.com | udp |
| GB | 142.250.178.14:443 | youtube.com | tcp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
Files
memory/1020-1-0x0000000000A10000-0x0000000000B10000-memory.dmp
memory/1020-2-0x00000000025B0000-0x00000000025B9000-memory.dmp
memory/968-3-0x0000000000400000-0x0000000000409000-memory.dmp
memory/968-4-0x0000000000400000-0x0000000000409000-memory.dmp
memory/968-6-0x0000000000400000-0x0000000000409000-memory.dmp
memory/3340-5-0x0000000002A40000-0x0000000002A56000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\BF44.exe
| MD5 | 0be90dc3245c6e5a4ddb14c9cd1b6520 |
| SHA1 | ca15142e1c01ad9a8a70952988c071cac60a7863 |
| SHA256 | 297923a6eaeca84d054a263d3a9c13cb3fbaf5704f714d308bde0fc7a4630c5c |
| SHA512 | 66fa470363ece3cd8c283563b7d32f5b988190430c04f615a3f385f51f1864088cb5278efe151d53f362cd329415cd3a81c08f11b11afa9202b6880bad1c0b86 |
memory/2148-21-0x0000000000A20000-0x0000000000B20000-memory.dmp
memory/4316-24-0x0000000000400000-0x0000000000409000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\C0FA.bat
| MD5 | 55cc761bf3429324e5a0095cab002113 |
| SHA1 | 2cc1ef4542a4e92d4158ab3978425d517fafd16d |
| SHA256 | d6cceb3c71b80403364bf142f2fa4624ee0be36a49bac25ed45a497cf1ce9c3a |
| SHA512 | 33f9f5cad22d291077787c7df510806e4ac31f453d288712595af6debe579fabed6cdf4662e46e6fa94de135b161e739f55cfae05c36c87af85ed6a6ad1c9155 |
memory/4316-27-0x0000000000400000-0x0000000000409000-memory.dmp
memory/3340-26-0x0000000002DD0000-0x0000000002DE6000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\DA02.exe
| MD5 | d6709cc2adb09d6ff003d52ece25c894 |
| SHA1 | 1f5b110ab3549efac240ff309bbcb934c26a072a |
| SHA256 | fb5c249e2a353691a022f786fabcdc80037824e1f018ddb01d2a5f68c62e2167 |
| SHA512 | 9501a3818f7e478f546438582a654592bc2c541cdb7d1b54dfb931672a6da74b5e0c3b6a9ee5080dd604762bdb7be3222c931223acc7c79c51b3b06ea72e002d |
memory/2972-36-0x0000000000990000-0x0000000000A2D000-memory.dmp
memory/2972-37-0x00000000026B0000-0x00000000027CB000-memory.dmp
memory/448-38-0x0000000000400000-0x0000000000537000-memory.dmp
memory/448-40-0x0000000000400000-0x0000000000537000-memory.dmp
memory/448-41-0x0000000000400000-0x0000000000537000-memory.dmp
memory/448-42-0x0000000000400000-0x0000000000537000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\E916.exe
| MD5 | 135f48610836f8ff87eeb2d15fc14904 |
| SHA1 | c9a0fac15dccb7045d11fe24330034b5e14ad5e3 |
| SHA256 | 0f08b517669f5ebaef56cff14515eac9f6b0db4ce2f1d13a262bd6a2018d9db9 |
| SHA512 | f1f3214d5a437df4eb410844b80d727f25c513eeff9d7181136d2d03d654936d03885b310b5f6093c9b5661491a1eaf69da51123913fe9d7455160e44293d9cd |
C:\Users\Admin\AppData\Local\Temp\DA02.exe
| MD5 | 89e40c03864820ddd5dc3ec94fe04aff |
| SHA1 | 3e2e1b7748fb460745181576b2ce7500d9f3b042 |
| SHA256 | f0e3aa298c297fd36b51446b01d234039eca24c46505526fa7a67910dafa141e |
| SHA512 | e524bddd6009630aa447cffc011b76fb93bc92e4fa9e52c0c6eb30ff004bb8410749941fbaa602617b71930e5f7cbaefa5aaf81a23ce8cbc1ce41d3ae5f9c335 |
memory/448-63-0x0000000000400000-0x0000000000537000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Iq1AE80.exe
| MD5 | 0027d666985236cbc938bb9ae00a8e85 |
| SHA1 | ab5f9c70783fb90d7033de3feaf657d735af1f5e |
| SHA256 | 975d85b42935d6b317d823861a5654da5e7a5ad04b160e42b10f8f3c277ea8e2 |
| SHA512 | 7c0c7b6898c118c099cfc2271821395526261511c96d11bab0e1254a078147f3b9ef49c8c31ba5eef2c82cb9e1e32f779966815166e3da0c37c4705d7dd07d2a |
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1OS23mY7.exe
| MD5 | f0c1590658c1c8b045fb47832b66261c |
| SHA1 | 36240cdc8ce51dd4ca24618ebb6bb2a055342f9f |
| SHA256 | 376cdd65497861b761f14b78b419fd5c66d2a7b017d52fb3e9ef530fd719f616 |
| SHA512 | 0e742618c9b98c668aea5b4140803f0c323b9cc541bf3befd500000b1d894423e8c5b5b4186a2e306bfd1ace43dae248b617770ee1704ec23002325690f5b586 |
memory/3300-75-0x00000000025B0000-0x0000000002648000-memory.dmp
memory/332-78-0x0000000000400000-0x0000000000537000-memory.dmp
memory/332-79-0x0000000000400000-0x0000000000537000-memory.dmp
memory/332-81-0x0000000000400000-0x0000000000537000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2HZ4149.exe
| MD5 | f8e7488fd4ced59d6eb387447bc37430 |
| SHA1 | 560ed0a592273875ae66a93efd611f76a9da7ee7 |
| SHA256 | 30d11b5bd1ed2f376bb2c6dd47299a54702bf9cfdfc0d32e5f50c1adf83ae347 |
| SHA512 | 0e7445eb71a24e10c13a706189cc972d9d590bbd456f27b4008243161868fc6b0e86fd8fadf42f61502aa913f39e2a3fedb7de236b80a2bff05378b7ade6cdb2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 5990c020b2d5158c9e2f12f42d296465 |
| SHA1 | dcb52612d301824d3a7fdfd0ea20c3fcfbb7a1b4 |
| SHA256 | 2f33956ce5a0bb01abb3c0fee9a321c8f8f7abcf1d7535800bf25f1dc44b1643 |
| SHA512 | 9efb70c4922365967c5fa7e89967e21eede96979a149e027099da786cd8b198d4e81bb3bf2b39c8d65a8796c5d72ca79241e66fc69e2502fdec8a0c5f230412c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 208a234643c411e1b919e904ee20115e |
| SHA1 | 400b6e6860953f981bfe4716c345b797ed5b2b5b |
| SHA256 | af80020ae43388bbd3db31c75aade369d489a30a933574dea19163e094d5f458 |
| SHA512 | 2779b96325234c836cbb91820ee332ed56c15b534ec0c7770b322a5c03849ec3ee67b0ec7978e1fab563eeed1cea96f5155d7b942702555d9352ff6711a548d2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 3cc0ef51b718874a63daea165c7958fb |
| SHA1 | f6556ac31bc77ace6a13e2d8dc451bae086b0274 |
| SHA256 | 313a5086bae61ee827d7056ac16c5c6ca9baa45df3bc5762cd557639b18bfe1e |
| SHA512 | e9c56b2a157f4b7872d93f792097f138648fa9c82779270de32ac03d2719d435616e7378b8890e3b04f0b4356191b04ad83bc65fbcf7e75bd73acc9dd8815fb0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 8645f1498b90519634870ed71f597ebc |
| SHA1 | d26f7050874fcabf1c457573af2f3a3a4868c569 |
| SHA256 | 4b27097cf124484b51b888f83175571dc8852ed7dd07611d7479c0d02a76bc54 |
| SHA512 | 87c511fc97ea46beb1c379ac098c05e5a41f72b921b476531451190b60b428ae11e93ee1f453c4726fe75f5c1d461c0174b9e1612936246d3ff64b2f3cbf85fc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | d13b60cd796bfccbf51e7adb21f3415d |
| SHA1 | 0e2ff859642ea42fc02f8cacb4ac4e9b198a04ec |
| SHA256 | dab65d9eba008a16200569f7a1c1aba8f2068bca11daaf9797af15da408cbd6f |
| SHA512 | b871df648857a935872c5f211f9a39a29b2f43976314faf782e97e95dfd1fe82e0840d1cc02ed9ec6800ee256d28ccb1f42880dc9a09d866b7506ff8f9f6f01a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 68941f2db84d9f569f9eb988f16a0f18 |
| SHA1 | e3ec98307790e144a270ae1cb8b1b17aee2ca5fc |
| SHA256 | 2730a40ebb7558e954d464ebb2bbb2b015dc138c383f402eeab118a7140dbba6 |
| SHA512 | 6e9f90249678f2c4efc00122b7e05b0496f79c4969a54834803be9b5e877e9145cb4f1368a42a85db158b3ce85c4d8bb8e12b6132d222c605d95365d08ae795e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 1018032832b54db430bdcf20d25085d1 |
| SHA1 | 96ebaa16f0b2b2ba3eafb2a6c08e147c02a54c5b |
| SHA256 | 099ed68e26c9ffed39edbebb34b2b2487bdb1374355e9d102250e1f576df3953 |
| SHA512 | 8654806ce4852d073b91bd8d9672f0be23c31bb7e396130706c451c224dfaae14e29ea82d38f2316f746fd09f94919e537798188b74b64303c492f9ed32c06d8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 036270f1f9ba35382eedcaf545c44ae5 |
| SHA1 | 987cfc71991074f77e33d1d5388728898fa4f108 |
| SHA256 | 51428ddb096871f6e7515953176d6e3ebf223a94bbf90553c469578602291667 |
| SHA512 | 2a562da8b19d7c54e67d180348087836fca1443501a5ba83790cd6f9aa560f925b4ea34b0ed3715134fd8354b5f166d7d180c5f8c2c78136f1b42e430f87f908 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 752eb74b04990dd9b5939429168a7c0a |
| SHA1 | c28c75240595afcb1714d93f2338fda6fcf659cc |
| SHA256 | 630b6f72f9405db0f53b2c93c142ca3489ea71e1a575980daa76d9e1451f2c3d |
| SHA512 | 6afc1fa4249110535191871210e66942cd86315cc785b9742cf5f96d5b868c29bcd65d4c7b31a3231e7305bd293ef0d31dc739e4cde1dbbb07c15bbd9b9e9e70 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 1df384673ce5d0990bdc12e620573021 |
| SHA1 | e0a33b5f193d9175c109db89c5302d523bd8cf5f |
| SHA256 | 60dd075479ea9392debbf871710a9752c0255ee81805319fe62d82a9ae4873f8 |
| SHA512 | 992f4196cdc1eb29b2d5774fa678fdc2969ab7c757ef72fcf5e9db4cb398426b81f939216e5e13854483796589ddeb1274444518610d9c2bb1c867a6f49609ca |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | a679161b7fc7a58ef39c168f1c447181 |
| SHA1 | 62e9914b4618e0a0f2cbb4a878bbeaa812646979 |
| SHA256 | 52203f6101a867f6fcfa9b032fe25721c943f12c3c1f1beafa81e3367627a866 |
| SHA512 | 6da6bdd9303247b4b6cc5d1bb90a77dcb4373e120b602743284d3c2577d6545151bc320837c2a593224cf60bc3835f34259e0f32254262d1f1d9f1cac90b9b79 |
memory/7900-267-0x0000000000B10000-0x0000000000C10000-memory.dmp
memory/7900-286-0x00000000024F0000-0x000000000256C000-memory.dmp
memory/7900-316-0x0000000000400000-0x0000000000892000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\489c29b0-80b1-4b17-b90e-b3e70a7e65a6.tmp
| MD5 | c578cc0a148b1f171476e26cca935a27 |
| SHA1 | af3b4966c213bd27885787d20424a7b01ec54784 |
| SHA256 | 5a69567646706c80853ee8019c0a9e6c3c1857f0b0339dd2dc041e8b74ccbab8 |
| SHA512 | e99f4014d6c210a186ef6747ae2bb84c0d07c27950699258424fd20b3312e7560bfb3eabea524e802169cb0194700c1f872f78cd9ca77be9e02bd67a9e45d90e |
memory/7900-354-0x0000000000400000-0x0000000000892000-memory.dmp
memory/7900-357-0x00000000024F0000-0x000000000256C000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 0610f68ab08e30caa8725b2272856454 |
| SHA1 | 711f0bdbdd639b92814c844da28e7959f070fe5c |
| SHA256 | 147c5bfd7b8ba3b18612387354e6049fd143d0747b61d1ceccb2f7d9111591d3 |
| SHA512 | ca221ec633aa252c1de56188d8c2987ac0a27b8842498260fdd0cab6248d76df834d79f83349057766c2408c45232b5b263ef67f977ac59e701bdd0cfc472435 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d37dbe7ce7723d51f46e0d7b8285e721 |
| SHA1 | ea66409414b50a91c4fddafe9bf771e4518aefdd |
| SHA256 | 2663bc8e8b93079dd084e5455a72014e83f72f2b9c72b9ade00f256b60a80d1f |
| SHA512 | f49379521ea86aa6c0b5c2ef48f8a089a9dabd8e8a896c4f8077629e40010930d796495eefc50588f5ac81cdf3818bf7d3ecc42529a747f8ea6983bd8d4ffa01 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | 5a6206a3489650bf4a9c3ce44a428126 |
| SHA1 | 3137a909ef8b098687ec536c57caa1bacc77224b |
| SHA256 | 0a9e623c6df237c02a585539bffb8249de48949c6d074fe0aaf43063731a3e28 |
| SHA512 | 980da83c3142bf08433ec1770a2ec5f5560daf3ee680466f89beae8290e921c0db677489daad055fbc1f196388f8bc4f60e050600381f860b06d330062440a78 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b2bb69c9e148070b3ba5478f7b487954 |
| SHA1 | 81354c50485e8cc9b694345756424dfcb579aa3e |
| SHA256 | a60b9cd4f0c559fad8c3a2db807fef0bab711c18ac3253d2872b760d423e05b5 |
| SHA512 | d9db958f7cbca56745805d8475fc6521a016f5c91c98e488caaf7b99075b9785b5df9745e9c8738d8f87567593350902fb33ea078356f5e88c2e040eaabbad19 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a
| MD5 | 923a543cc619ea568f91b723d9fb1ef0 |
| SHA1 | 6f4ade25559645c741d7327c6e16521e43d7e1f9 |
| SHA256 | bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd |
| SHA512 | a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002e
| MD5 | 7d75a9eb3b38b5dd04b8a7ce4f1b87cc |
| SHA1 | 68f598c84936c9720c5ffd6685294f5c94000dff |
| SHA256 | 6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7 |
| SHA512 | cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 2e90596818f38ace1ae87d0cdb98d425 |
| SHA1 | e16024212f21fa68b148b97a4cee2f5a45856563 |
| SHA256 | bc72d9e125b9866e3634bc6b517fc901b6218a39b530abb7c437ca0e20f1f55b |
| SHA512 | c3868ac591c00abfc8b5f395b7d01e2802ba0d20c4ec09dbd7a8e2b436b05417f49ea33f3ad4b293dc1f1f72fe87f63afde2a45bca92c64e4aa7aa405e3db777 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe597e9c.TMP
| MD5 | cf5567ba47b0d6ef07f55b48c88237ec |
| SHA1 | 023f4e20b8a09c047db6b8a73e646bff2c9320d5 |
| SHA256 | bf6f2bd61fc36467b5e796e5d915a85670eaa4dfc2a08b7be5b2f37420a3311c |
| SHA512 | 7d41902e8f379449ec7ec3e0cb276471fd714c449dd171a78b2acd3dd6435bd46f3c35429c17857cbe6144f59d87acde1fa80f4ec6c06e2415fc70c9edb113c4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c
| MD5 | 909324d9c20060e3e73a7b5ff1f19dd8 |
| SHA1 | feea7790740db1e87419c8f5920859ea0234b76b |
| SHA256 | dfc749d2afefe484d9aa9f8f06d461ad104a0ca9b75b46abfaaddda64a5e9278 |
| SHA512 | b64d2dce1f9a185fbb8a32adc1ff402d8045d379600bf3f9154bbde18303610f18af9fce258442db1e621ecf10b77aafe99cffedfcbe2a1490056c50cc42d0f9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d
| MD5 | d55250dc737ef207ba326220fff903d1 |
| SHA1 | cbdc4af13a2ca8219d5c0b13d2c091a4234347c6 |
| SHA256 | d3e913618a52fe57ab4320e62a5ace58a699d6bce8187164e198abe3279726fd |
| SHA512 | 13adff61e2cfa25dc535eba9d63209b7e7e9bd29fc4d6c868b057df7f680aa66ef5783a0e82a8367185debf7f6fe5bae89adc0770daff5317d2e16db5ad3ab39 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | ebd94c143927b3e0160acfdab525cebe |
| SHA1 | df8bbf60465c9c63d67fccbd9e74e617cd3302c0 |
| SHA256 | ba98674b4a34e69eada4b97c16905dcb77310e7a76df8fc57a6072bc570dced8 |
| SHA512 | 6c23e2b5c1cf617894bade6fee03065c7638b6d3aba8672ae2823e350849ce39ab8f87585b8e18ec4b8ee277c9d32c23344556310589001da90e27b22169e464 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000048
| MD5 | b3ba9decc3bb52ed5cca8158e05928a9 |
| SHA1 | 19d045a3fbccbf788a29a4dba443d9ccf5a12fb0 |
| SHA256 | 8bd1b2afcbe2fa046b0937197f1b2f393ef821ff89331f99754b9006f0114df4 |
| SHA512 | 86a86d370e96fa29c0c1d12991c2287936b400830869ff7b5abe4de6f32db2df782b626d724496cd6de27f8cbd32101ba34cbcd4c650ef11afa26bc048d68529 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c6a7625d6ec9fb3ebde08d375aa7d246 |
| SHA1 | 5bd1223ff4c2a4daa61ebf6b2fcf5cc62e374cd5 |
| SHA256 | 0bda0349cf0e221a1655f7883b0ed395aee50f8925611d514dbc9f9709be01cf |
| SHA512 | 03455431f2823af308ebca79e82d1300b3830ca76080333bcd4d9d7105b0c8577fea38288918a3b5f3a67c1e3d553f72a208273064aa45e890688477b003125b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | d76d9cc3117245d440ac9c42f1665063 |
| SHA1 | 7630ce4ac68698e07f13fc39db482c4864520854 |
| SHA256 | b754532ba45b7044103b4d41542a9a046ae5242009202a5f7fe68abe763dd0dd |
| SHA512 | a9ac269f538142dbc803d55eceb6a293ba47c13801566fefdd145d40c997c551967892c3701f0f8a2227a71bbdbbae7b9e23731aa6b2e3febb2c5c8d76ae3f19 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt
| MD5 | f1e03457112dfeea8fede800d82882ec |
| SHA1 | c113c095d5d5c29d45bdfc893f5fd227a44caec3 |
| SHA256 | 9c520314aebf3f9eecc83a067d1f248ca3877dffb9c7844d16dd3c72cec00c18 |
| SHA512 | 73cd97b147204312c25c6b0931c3f75a11c3b0a5a66c4b42ab9774ea2df17fd2e35a59cb163c7552892063ff81b73dfb927929727b18892aa05d60c238c08845 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 8508f417b5aeebef4331a36cc6279fb8 |
| SHA1 | 23f720a722705592c902ef6fe99707da0f5f5064 |
| SHA256 | 30005d0ef244cce8ebf4140ad51f94d424cfe37aa9c316386ec5dc5e28681d69 |
| SHA512 | 4aeb190d396b66a68bd12bce897460be1dc560f940ece02a6834d1298742b682a544b1d5cd35bd14c8e911b9d82cf8636a59acfbd59d4ac467695c03b955d5e7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | c0b0405cff8af6c3f90ae0122be7b794 |
| SHA1 | ff1a9e92a4022e4c913e7e92856bab1d9caf18bd |
| SHA256 | b7829343aed3818cc50b10bec98b09f341488aaf568b30ca59f110ca623ab4dd |
| SHA512 | 50ca134229c18034f2102e8a29d28b7f9b2d5a37f181f438f687b99c5a357414049d9d6fc9943bcdd1eb941c78df2f7ffcbbbbc57c1a41ef2a61868a6ba52f60 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 7d3b083796fa6788f064a09b8a5105d4 |
| SHA1 | 48712b8f01cf50f4f4ae04b0e89d281544f8bb70 |
| SHA256 | 8e6e3dbbd6f8cfb3b3aef4274394db4ea7d190378bc26b189231d1b827bca029 |
| SHA512 | cc91a56daa4b202bc2b49c7b848982383a9baa18e40355db1506a5d726c130b18586cd2ddf7bc3e39b2fd458542528935a3457de40fec53735a397a5f3cdac03 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | c47b919f2e5fd15a08e80ade8c508fa8 |
| SHA1 | b206ed660ea68192478d7d54b5fab5aa6705c7d1 |
| SHA256 | b5f31f96e872cb44cbc45a7053b75c62985c6e580a8f734e10ebb68c91f9fbbc |
| SHA512 | d3d4fe294dc39399b6ecd1b177916947b897fc8f67f201caa840ac42bc3bae34de222c06f9eb52ec42cfeac59d7385d440a3703498fcf08690215d8c5df075e9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7f285fb7f4f0a99b0c7e2c4fb013d6eb |
| SHA1 | aecb08b3442d0f67dfdbc6f3decaf500ba65e70e |
| SHA256 | efa2d61a7d36b989e786207016a5eb770149bf61c00abaa71792791cf4aadf28 |
| SHA512 | b92e2e10101550e4c157357c4e2b9b36f4958c6bbc34e849ab42640a3a38f4300dd995b05f27860c43b0998ff9e855038f0766212b2050b1f763449b7d68eeed |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | ea5a7ec40f512ad009ed957761b0ab72 |
| SHA1 | 1203ee1e6ae90a631a9e8825c8cd41ca2abf9226 |
| SHA256 | 7072b97b2b6591df8243e525c5ccb029ca4c981c30b5a678831e81066bd77248 |
| SHA512 | 45371d94d077749f5711409871ae48f415bd72ca7edb36418a2644eb5558118ecc8011fddc8db89c274c304a608726f98c32ebef453b7bf0059f3f15f985a67f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 4c183bce95871716efe22af889b9f748 |
| SHA1 | f44fa962022aeaf37e287de79cb04a09fb9220b8 |
| SHA256 | d2ed11aa472c718900f4d49bd74fe1df9dc64b748103a7342f65a55d83626041 |
| SHA512 | 81e95c9d0003012073fca454e0a8d541680f396f5ed9572fde6623f416c8e412131b33d4484d0927582ccbe2fc7534ae7a9ca5f96b4e6a97c84e4408da09d276 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | e2c79bbd32840686d8f3131458e3ef07 |
| SHA1 | fcf2563b9a46e1322eb7836cfb39dbe14e041e6e |
| SHA256 | 11db12f8b784ff1692d401afc220c3850b606ed9b464c7cd2b44c1f00a405faf |
| SHA512 | 643de7eb1ed27f35d4380761d277a1870f589918826cadc6dd6bb02a3517b267a1f306aee71b4d4fccb0353bea9c33314b039df66bb83460a21ba4ea7dbd5fb0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | f7a3991112709e5d262d7c9120f122b9 |
| SHA1 | 4803eae05a3b3b1bf9dbb646d443e724ffe412db |
| SHA256 | 4f178e98b01167e75390395c9408616c2bbfd265ed2f5573f69c4cc9f18b322c |
| SHA512 | b4d69ced39fe824d1ef8b7a360942dce4339057177da242e659853d660a274d5e7f73d218f06c6508a301b77845db4ac38ce57fa0eb8ac0c0580ee1cc332f9f1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5a46bf.TMP
| MD5 | d90e48b26be476b50e1be4716ce6776a |
| SHA1 | 7ce918d2d1252fac29792637763a67466d509d32 |
| SHA256 | 5fe45bef91a86898d70a233e1212c78d2b09da16ffa55e6c8a8804082f4dc02c |
| SHA512 | 2281725221d29f7e15adc95a37ac5f85fd5bef739ba1125260a8c6b9465b0f7c29ba5e5aa7b90cc5c8d9000512d238fa13a1ab780fc65edc96b93b1f16166189 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 3868c37a9bde2dce2f9c2e3995855bbb |
| SHA1 | 7e4bec0c21f949baed0478c4431aeab4b35193ef |
| SHA256 | c7be42086a3f2d41dad5da036372de3a7b6ee760c7e3133321113426fad759fa |
| SHA512 | 4d89239791883fd788875fd3df66a00b8633c1702a2d751275823061739e251dc7ecc6998c6c3cb2f77629ac0125a580d1b713598039a286aa6449adddd6a92c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\0ffd73af-ef56-47b0-a7f9-f37e383c941b\index-dir\the-real-index~RFe5a738b.TMP
| MD5 | 784caa2ea470dda08f7d4227e9a10a4f |
| SHA1 | 8252c218a4805e7b2832d4d6db04fbc48540ebb5 |
| SHA256 | 9fc37dd5641f085f0a1169367303510f9007435a799057370d2c93c214fa4bd0 |
| SHA512 | 15896929329727c7998cce666580da0f20f9ba3335b49a9417b96b3a1df81e44c5602f6b8ca41b5b02eddc9c3e51184f9b773736afcc920669c33c7aec161f93 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\0ffd73af-ef56-47b0-a7f9-f37e383c941b\index-dir\the-real-index
| MD5 | 05ffd4c35cec2fe5382c030b0f0083f0 |
| SHA1 | 93fa79a614a4f621ff795c34cd28a0ca856712c6 |
| SHA256 | 912844145971d63ca2b5629bf79e0942d89f56da6d5272280cd9d3485a82d05e |
| SHA512 | 2b32bdf38efc87fe4c48d511581e5b43402d949aeef28f7d879485cd9ad3b4046ba56e17b0c0f8ce9a41e29bbf9d3519a88f7ceedbe9614cdb5f4a98d5b1cf4d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt
| MD5 | 4e316bfe7dd487d42b46aa715a72331e |
| SHA1 | 0b92c47c3576d73051731137c178d279af694992 |
| SHA256 | 8b33199f1a644d06d9f140bf47f9063a6c2fed807b9ded38a0126ef048d3f8d8 |
| SHA512 | bcf5c04143180bb8795da8843fa0e853f2970ff0331618aa27dc963c3b7e6f236c5b5f94d3ba6bb4444a13a6084a570318e4c30cfcf42c579fa058c3b65514f6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 229a6cd3490720d201d8b4b5d93c4b7a |
| SHA1 | fba1a3bef42034bddc2e407a7ffa64c59a928cfc |
| SHA256 | ba3b2e427ae9047d8d5a5178ace33994f98fe66c13484e3bdad945fc0941f13e |
| SHA512 | a027ffd01b8f864177fcd84cdb4af0f4407ec7ed91e41df47431203ce23ab93d49980f7ce83c8e8d24b5163d726a12b27fe16686a5fce98963dd8ecf2a2a4e93 |