Analysis Overview
SHA256
9ba8bae87a9665c5683c4f5111fccfe524ba8671180c8d6cc8a9bd20f2f30f35
Threat Level: Known bad
The file 9ba8bae87a9665c5683c4f5111fccfe524ba8671180c8d6cc8a9bd20f2f30f35 was found to be: Known bad.
Malicious Activity Summary
Detected Djvu ransomware
SmokeLoader
RisePro
Djvu Ransomware
Detect Lumma Stealer payload V4
Lumma Stealer
DcRat
PrivateLoader
Downloads MZ/PE file
Reads user/profile data of web browsers
Drops startup file
Deletes itself
Reads user/profile data of local email clients
Checks computer location settings
Executes dropped EXE
Modifies file permissions
Checks installed software on the system
Looks up external IP address via web service
Adds Run key to start application
Accesses Microsoft Outlook profiles
AutoIT Executable
Drops file in System32 directory
Detected potential entity reuse from brand paypal.
Suspicious use of SetThreadContext
Program crash
Enumerates physical storage devices
Unsigned PE
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
outlook_win_path
Uses Task Scheduler COM API
Creates scheduled task(s)
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Enumerates system info in registry
outlook_office_path
Suspicious use of FindShellTrayWindow
Suspicious use of UnmapMainImage
Suspicious use of WriteProcessMemory
Checks processor information in registry
Checks SCSI registry key(s)
Suspicious use of SendNotifyMessage
Suspicious behavior: MapViewOfSection
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2023-12-13 05:38
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2023-12-13 05:38
Reported
2023-12-13 05:40
Platform
win10v2004-20231127-en
Max time kernel
150s
Max time network
154s
Command Line
Signatures
DcRat
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\9ba8bae87a9665c5683c4f5111fccfe524ba8671180c8d6cc8a9bd20f2f30f35.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1067295379-1486014338-1703171060-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SysHelper = "\"C:\\Users\\Admin\\AppData\\Local\\ae32c46a-408f-440b-ba92-443fb487bad9\\7DD.exe\" --AutoStart" | C:\Users\Admin\AppData\Local\Temp\7DD.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Detect Lumma Stealer payload V4
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Detected Djvu ransomware
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Djvu Ransomware
Lumma Stealer
PrivateLoader
RisePro
SmokeLoader
Downloads MZ/PE file
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1067295379-1486014338-1703171060-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\7DD.exe | N/A |
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FANBooster131.lnk | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2PR8616.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\EF13.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\EF13.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7DD.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7DD.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7DD.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\1470.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ca3lM75.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1To94YF2.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7DD.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2PR8616.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7mX2az42.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\gucdjge | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\gucdjge | N/A |
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Accesses Microsoft Outlook profiles
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-1067295379-1486014338-1703171060-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2PR8616.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-1067295379-1486014338-1703171060-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2PR8616.exe | N/A |
| Key opened | \REGISTRY\USER\S-1-5-21-1067295379-1486014338-1703171060-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2PR8616.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1067295379-1486014338-1703171060-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MaxLoonaFest131 = "C:\\Users\\Admin\\AppData\\Local\\MaxLoonaFest131\\MaxLoonaFest131.exe" | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2PR8616.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1067295379-1486014338-1703171060-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SysHelper = "\"C:\\Users\\Admin\\AppData\\Local\\ae32c46a-408f-440b-ba92-443fb487bad9\\7DD.exe\" --AutoStart" | C:\Users\Admin\AppData\Local\Temp\7DD.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\1470.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ca3lM75.exe | N/A |
Checks installed software on the system
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | api.2ip.ua | N/A | N/A |
| N/A | api.2ip.ua | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
| N/A | ipinfo.io | N/A | N/A |
AutoIT Executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Detected potential entity reuse from brand paypal.
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\System32\GroupPolicy | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2PR8616.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\GroupPolicy\gpt.ini | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2PR8616.exe | N/A |
| File created | C:\Windows\System32\GroupPolicy\Machine\Registry.pol | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2PR8616.exe | N/A |
| File opened for modification | C:\Windows\System32\GroupPolicy\GPT.INI | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2PR8616.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 4468 set thread context of 1340 | N/A | C:\Users\Admin\AppData\Local\Temp\9ba8bae87a9665c5683c4f5111fccfe524ba8671180c8d6cc8a9bd20f2f30f35.exe | C:\Users\Admin\AppData\Local\Temp\9ba8bae87a9665c5683c4f5111fccfe524ba8671180c8d6cc8a9bd20f2f30f35.exe |
| PID 4600 set thread context of 4088 | N/A | C:\Users\Admin\AppData\Local\Temp\EF13.exe | C:\Users\Admin\AppData\Local\Temp\EF13.exe |
| PID 4560 set thread context of 3144 | N/A | C:\Users\Admin\AppData\Local\Temp\7DD.exe | C:\Users\Admin\AppData\Local\Temp\7DD.exe |
| PID 3864 set thread context of 1992 | N/A | C:\Users\Admin\AppData\Local\Temp\7DD.exe | C:\Users\Admin\AppData\Local\Temp\7DD.exe |
| PID 6348 set thread context of 1080 | N/A | C:\Users\Admin\AppData\Roaming\gucdjge | C:\Users\Admin\AppData\Roaming\gucdjge |
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\7DD.exe |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2PR8616.exe |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7mX2az42.exe |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\9ba8bae87a9665c5683c4f5111fccfe524ba8671180c8d6cc8a9bd20f2f30f35.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\9ba8bae87a9665c5683c4f5111fccfe524ba8671180c8d6cc8a9bd20f2f30f35.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\EF13.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Roaming\gucdjge | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\9ba8bae87a9665c5683c4f5111fccfe524ba8671180c8d6cc8a9bd20f2f30f35.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\EF13.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\EF13.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Roaming\gucdjge | N/A |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Roaming\gucdjge | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2PR8616.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2PR8616.exe | N/A |
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\9ba8bae87a9665c5683c4f5111fccfe524ba8671180c8d6cc8a9bd20f2f30f35.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\9ba8bae87a9665c5683c4f5111fccfe524ba8671180c8d6cc8a9bd20f2f30f35.exe | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: MapViewOfSection
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\9ba8bae87a9665c5683c4f5111fccfe524ba8671180c8d6cc8a9bd20f2f30f35.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\EF13.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\gucdjge | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of UnmapMainImage
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
outlook_office_path
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-1067295379-1486014338-1703171060-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2PR8616.exe | N/A |
outlook_win_path
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-1067295379-1486014338-1703171060-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2PR8616.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\9ba8bae87a9665c5683c4f5111fccfe524ba8671180c8d6cc8a9bd20f2f30f35.exe
"C:\Users\Admin\AppData\Local\Temp\9ba8bae87a9665c5683c4f5111fccfe524ba8671180c8d6cc8a9bd20f2f30f35.exe"
C:\Users\Admin\AppData\Local\Temp\9ba8bae87a9665c5683c4f5111fccfe524ba8671180c8d6cc8a9bd20f2f30f35.exe
"C:\Users\Admin\AppData\Local\Temp\9ba8bae87a9665c5683c4f5111fccfe524ba8671180c8d6cc8a9bd20f2f30f35.exe"
C:\Users\Admin\AppData\Local\Temp\EF13.exe
C:\Users\Admin\AppData\Local\Temp\EF13.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\F06C.bat" "
C:\Windows\system32\reg.exe
reg add "HKEY_CURRENT_USER\Software\clicker\key" /v primary /t REG_DWORD /d 1
C:\Users\Admin\AppData\Local\Temp\EF13.exe
C:\Users\Admin\AppData\Local\Temp\EF13.exe
C:\Users\Admin\AppData\Local\Temp\7DD.exe
C:\Users\Admin\AppData\Local\Temp\7DD.exe
C:\Users\Admin\AppData\Local\Temp\7DD.exe
C:\Users\Admin\AppData\Local\Temp\7DD.exe
C:\Windows\SysWOW64\icacls.exe
icacls "C:\Users\Admin\AppData\Local\ae32c46a-408f-440b-ba92-443fb487bad9" /deny *S-1-1-0:(OI)(CI)(DE,DC)
C:\Users\Admin\AppData\Local\Temp\7DD.exe
"C:\Users\Admin\AppData\Local\Temp\7DD.exe" --Admin IsNotAutoStart IsNotTask
C:\Users\Admin\AppData\Local\Temp\1470.exe
C:\Users\Admin\AppData\Local\Temp\1470.exe
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ca3lM75.exe
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ca3lM75.exe
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1To94YF2.exe
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1To94YF2.exe
C:\Users\Admin\AppData\Local\Temp\7DD.exe
"C:\Users\Admin\AppData\Local\Temp\7DD.exe" --Admin IsNotAutoStart IsNotTask
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 1992 -ip 1992
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x144,0x174,0x7ffd8dd746f8,0x7ffd8dd74708,0x7ffd8dd74718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffd8dd746f8,0x7ffd8dd74708,0x7ffd8dd74718
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1992 -s 568
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffd8dd746f8,0x7ffd8dd74708,0x7ffd8dd74718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffd8dd746f8,0x7ffd8dd74708,0x7ffd8dd74718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffd8dd746f8,0x7ffd8dd74708,0x7ffd8dd74718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffd8dd746f8,0x7ffd8dd74708,0x7ffd8dd74718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffd8dd746f8,0x7ffd8dd74708,0x7ffd8dd74718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffd8dd746f8,0x7ffd8dd74708,0x7ffd8dd74718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x16c,0x170,0x174,0x148,0x178,0x7ffd8dd746f8,0x7ffd8dd74708,0x7ffd8dd74718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,6416093471888615068,2397192538690831067,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,6416093471888615068,2397192538690831067,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,1338148167093771364,1370282563979347010,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,1338148167093771364,1370282563979347010,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,9848842407201901460,18123915721562923441,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,16795344000278021468,7760274516861956801,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2220 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,16795344000278021468,7760274516861956801,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,1338148167093771364,1370282563979347010,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2940 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,9848842407201901460,18123915721562923441,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2PR8616.exe
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2PR8616.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,2300100849802714671,7517593101365197699,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,1338148167093771364,1370282563979347010,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,1338148167093771364,1370282563979347010,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x78,0x170,0x7ffd8dd746f8,0x7ffd8dd74708,0x7ffd8dd74718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,5550792225734076753,1685124743080624193,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,2300100849802714671,7517593101365197699,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,5550792225734076753,1685124743080624193,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /f /RU "Admin" /tr "C:\ProgramData\OfficeTrackerNMP131\OfficeTrackerNMP131.exe" /tn "OfficeTrackerNMP131 HR" /sc HOURLY /rl HIGHEST
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,1338148167093771364,1370282563979347010,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3948 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,13311691850316208750,15429520729105742813,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2408 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,1338148167093771364,1370282563979347010,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4108 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,13311691850316208750,15429520729105742813,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1556,3763091579317280085,2886994263970768899,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -s WPDBusEnum
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s fhsvc
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,1338148167093771364,1370282563979347010,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4260 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,1338148167093771364,1370282563979347010,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2512 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,1338148167093771364,1370282563979347010,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,1338148167093771364,1370282563979347010,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:1
C:\Windows\SysWOW64\schtasks.exe
schtasks /create /f /RU "Admin" /tr "C:\ProgramData\OfficeTrackerNMP131\OfficeTrackerNMP131.exe" /tn "OfficeTrackerNMP131 LG" /sc ONLOGON /rl HIGHEST
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,1338148167093771364,1370282563979347010,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4428 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,1338148167093771364,1370282563979347010,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,1338148167093771364,1370282563979347010,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,1338148167093771364,1370282563979347010,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6736 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,1338148167093771364,1370282563979347010,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6536 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,1338148167093771364,1370282563979347010,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6936 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,1338148167093771364,1370282563979347010,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7116 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,1338148167093771364,1370282563979347010,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,1338148167093771364,1370282563979347010,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7500 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,1338148167093771364,1370282563979347010,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7876 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,1338148167093771364,1370282563979347010,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7876 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,1338148167093771364,1370282563979347010,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7340 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,1338148167093771364,1370282563979347010,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4280 /prefetch:1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 6176 -ip 6176
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6176 -s 1820
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7mX2az42.exe
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7mX2az42.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 6800 -ip 6800
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6800 -s 1028
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,1338148167093771364,1370282563979347010,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7680 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2120,1338148167093771364,1370282563979347010,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7500 /prefetch:8
C:\Users\Admin\AppData\Roaming\gucdjge
C:\Users\Admin\AppData\Roaming\gucdjge
C:\Users\Admin\AppData\Roaming\gucdjge
C:\Users\Admin\AppData\Roaming\gucdjge
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 82.177.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.194.73.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 180.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.240.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | host-file-host6.com | udp |
| US | 8.8.8.8:53 | host-host-file8.com | udp |
| RU | 212.193.52.24:80 | host-host-file8.com | tcp |
| RU | 212.193.52.24:80 | host-host-file8.com | tcp |
| US | 8.8.8.8:53 | galandskiyher5.com | udp |
| RU | 212.193.52.24:80 | galandskiyher5.com | tcp |
| US | 8.8.8.8:53 | 24.52.193.212.in-addr.arpa | udp |
| RU | 212.193.52.24:80 | galandskiyher5.com | tcp |
| RU | 212.193.52.24:80 | galandskiyher5.com | tcp |
| RU | 212.193.52.24:80 | galandskiyher5.com | tcp |
| RU | 212.193.52.24:80 | galandskiyher5.com | tcp |
| RU | 212.193.52.24:80 | galandskiyher5.com | tcp |
| RU | 212.193.52.24:80 | galandskiyher5.com | tcp |
| RU | 212.193.52.24:80 | galandskiyher5.com | tcp |
| RU | 212.193.52.24:80 | galandskiyher5.com | tcp |
| RU | 212.193.52.24:80 | galandskiyher5.com | tcp |
| RU | 212.193.52.24:80 | galandskiyher5.com | tcp |
| RU | 212.193.52.24:80 | galandskiyher5.com | tcp |
| RU | 212.193.52.24:80 | galandskiyher5.com | tcp |
| RU | 212.193.52.24:80 | galandskiyher5.com | tcp |
| RU | 212.193.52.24:80 | galandskiyher5.com | tcp |
| US | 8.8.8.8:53 | brusuax.com | udp |
| KR | 211.119.84.112:80 | brusuax.com | tcp |
| US | 8.8.8.8:53 | 112.84.119.211.in-addr.arpa | udp |
| RU | 212.193.52.24:80 | galandskiyher5.com | tcp |
| RU | 212.193.52.24:80 | galandskiyher5.com | tcp |
| RU | 212.193.52.24:80 | galandskiyher5.com | tcp |
| RU | 212.193.52.24:80 | galandskiyher5.com | tcp |
| RU | 212.193.52.24:80 | galandskiyher5.com | tcp |
| RU | 212.193.52.24:80 | galandskiyher5.com | tcp |
| RU | 212.193.52.24:80 | galandskiyher5.com | tcp |
| US | 8.8.8.8:53 | transfer.sh | udp |
| DE | 144.76.136.153:443 | transfer.sh | tcp |
| RU | 212.193.52.24:80 | galandskiyher5.com | tcp |
| US | 8.8.8.8:53 | api.2ip.ua | udp |
| RU | 212.193.52.24:80 | galandskiyher5.com | tcp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.136.76.144.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 172.67.139.220:443 | api.2ip.ua | tcp |
| RU | 212.193.52.24:80 | galandskiyher5.com | tcp |
| RU | 212.193.52.24:80 | galandskiyher5.com | tcp |
| RU | 212.193.52.24:80 | galandskiyher5.com | tcp |
| RU | 212.193.52.24:80 | galandskiyher5.com | tcp |
| RU | 212.193.52.24:80 | galandskiyher5.com | tcp |
| RU | 109.107.182.45:80 | 109.107.182.45 | tcp |
| US | 8.8.8.8:53 | 67.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 220.139.67.172.in-addr.arpa | udp |
| RU | 212.193.52.24:80 | galandskiyher5.com | tcp |
| US | 8.8.8.8:53 | 45.182.107.109.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | store.steampowered.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 92.123.241.50:443 | store.steampowered.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| BE | 64.233.167.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | 1.242.123.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.241.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.167.233.64.in-addr.arpa | udp |
| IE | 163.70.151.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| US | 8.8.8.8:53 | twitter.com | udp |
| FR | 216.58.204.78:443 | www.youtube.com | tcp |
| US | 104.244.42.1:443 | twitter.com | tcp |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| US | 8.8.8.8:53 | www.epicgames.com | udp |
| GB | 104.103.202.103:443 | steamcommunity.com | tcp |
| US | 3.88.245.197:443 | www.epicgames.com | tcp |
| US | 8.8.8.8:53 | www.paypal.com | udp |
| US | 151.101.1.21:443 | www.paypal.com | tcp |
| US | 193.233.132.51:50500 | tcp | |
| BE | 64.233.167.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 35.151.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.202.103.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.245.88.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 51.132.233.193.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.paypalobjects.com | udp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 8.8.8.8:53 | ipinfo.io | udp |
| US | 34.117.59.81:443 | ipinfo.io | tcp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 8.8.8.8:53 | 119.110.32.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.59.117.34.in-addr.arpa | udp |
| FR | 216.58.204.78:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| GB | 172.217.169.86:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | store.akamai.steamstatic.com | udp |
| GB | 104.77.160.200:443 | store.akamai.steamstatic.com | tcp |
| GB | 104.77.160.200:443 | store.akamai.steamstatic.com | tcp |
| GB | 104.77.160.200:443 | store.akamai.steamstatic.com | tcp |
| US | 8.8.8.8:53 | 86.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.160.77.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static.xx.fbcdn.net | udp |
| IE | 163.70.147.23:443 | static.xx.fbcdn.net | tcp |
| IE | 163.70.147.23:443 | static.xx.fbcdn.net | tcp |
| IE | 163.70.147.23:443 | static.xx.fbcdn.net | tcp |
| US | 192.55.233.1:443 | tcp | |
| US | 8.8.8.8:53 | c.paypal.com | udp |
| US | 8.8.8.8:53 | www.recaptcha.net | udp |
| GB | 142.250.200.3:443 | www.recaptcha.net | tcp |
| US | 192.55.233.1:443 | tcp | |
| US | 8.8.8.8:53 | t.paypal.com | udp |
| US | 151.101.1.35:443 | t.paypal.com | tcp |
| US | 8.8.8.8:53 | 23.147.70.163.in-addr.arpa | udp |
| US | 8.8.8.8:53 | b.stats.paypal.com | udp |
| US | 64.4.245.84:443 | b.stats.paypal.com | tcp |
| US | 8.8.8.8:53 | dub.stats.paypal.com | udp |
| US | 64.4.245.84:443 | dub.stats.paypal.com | tcp |
| US | 8.8.8.8:53 | community.akamai.steamstatic.com | udp |
| GB | 104.77.160.221:443 | community.akamai.steamstatic.com | tcp |
| GB | 104.77.160.221:443 | community.akamai.steamstatic.com | tcp |
| GB | 104.77.160.221:443 | community.akamai.steamstatic.com | tcp |
| US | 8.8.8.8:53 | c6.paypal.com | udp |
| US | 151.101.1.35:443 | c6.paypal.com | tcp |
| US | 8.8.8.8:53 | tracking.epicgames.com | udp |
| US | 8.8.8.8:53 | static-assets-prod.unrealengine.com | udp |
| US | 52.203.30.102:443 | tracking.epicgames.com | tcp |
| AT | 13.32.110.72:443 | static-assets-prod.unrealengine.com | tcp |
| AT | 13.32.110.72:443 | static-assets-prod.unrealengine.com | tcp |
| US | 8.8.8.8:53 | api.x.com | udp |
| US | 8.8.8.8:53 | abs.twimg.com | udp |
| US | 8.8.8.8:53 | api.twitter.com | udp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 8.8.8.8:53 | video.twimg.com | udp |
| US | 172.64.150.242:443 | api.x.com | tcp |
| US | 104.244.42.66:443 | api.twitter.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 8.8.8.8:53 | pbs.twimg.com | udp |
| US | 192.229.220.133:443 | video.twimg.com | tcp |
| US | 8.8.8.8:53 | t.co | udp |
| US | 192.229.233.50:443 | pbs.twimg.com | tcp |
| US | 8.8.8.8:53 | 3.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.245.4.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 221.160.77.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.110.32.13.in-addr.arpa | udp |
| US | 104.244.42.197:443 | t.co | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.200.3:443 | www.recaptcha.net | udp |
| US | 8.8.8.8:53 | 242.150.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 141.21.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.220.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.233.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.30.203.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | soupinterestoe.fun | udp |
| US | 104.21.24.252:80 | soupinterestoe.fun | tcp |
| US | 8.8.8.8:53 | 252.24.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dayfarrichjwclik.fun | udp |
| US | 172.67.174.181:80 | dayfarrichjwclik.fun | tcp |
| US | 8.8.8.8:53 | neighborhoodfeelsa.fun | udp |
| US | 172.67.143.130:80 | neighborhoodfeelsa.fun | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 216.58.204.68:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | diagramfiremonkeyowwa.fun | udp |
| US | 104.21.18.224:80 | diagramfiremonkeyowwa.fun | tcp |
| US | 8.8.8.8:53 | ratefacilityframw.fun | udp |
| US | 104.21.74.182:80 | ratefacilityframw.fun | tcp |
| US | 8.8.8.8:53 | reviveincapablewew.pw | udp |
| US | 8.8.8.8:53 | cakecoldsplurgrewe.pw | udp |
| US | 8.8.8.8:53 | opposesicknessopw.pw | udp |
| US | 8.8.8.8:53 | politefrightenpowoa.pw | udp |
| US | 8.8.8.8:53 | 181.174.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.143.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 224.18.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 182.74.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | facebook.com | udp |
| IE | 163.70.147.35:443 | facebook.com | tcp |
| US | 8.8.8.8:53 | fbcdn.net | udp |
| IE | 163.70.147.35:443 | fbcdn.net | tcp |
| US | 8.8.8.8:53 | fbsbx.com | udp |
| US | 8.8.8.8:53 | 35.147.70.163.in-addr.arpa | udp |
| GB | 104.77.160.200:443 | store.akamai.steamstatic.com | tcp |
| GB | 104.77.160.200:443 | store.akamai.steamstatic.com | tcp |
| GB | 104.77.160.200:443 | store.akamai.steamstatic.com | tcp |
| GB | 104.77.160.221:443 | community.akamai.steamstatic.com | tcp |
| GB | 104.77.160.221:443 | community.akamai.steamstatic.com | tcp |
| GB | 104.77.160.221:443 | community.akamai.steamstatic.com | tcp |
| US | 8.8.8.8:53 | login.steampowered.com | udp |
| GB | 104.103.202.103:443 | login.steampowered.com | tcp |
| US | 8.8.8.8:53 | sentry.io | udp |
| US | 35.186.247.156:443 | sentry.io | tcp |
| US | 8.8.8.8:53 | 156.247.186.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.steampowered.com | udp |
| GB | 104.103.202.103:443 | api.steampowered.com | tcp |
| FR | 216.58.204.68:443 | www.google.com | udp |
| AT | 13.32.110.72:443 | static-assets-prod.unrealengine.com | tcp |
| US | 8.8.8.8:53 | talon-website-prod.ecosec.on.epicgames.com | udp |
| US | 104.18.41.136:443 | talon-website-prod.ecosec.on.epicgames.com | tcp |
| US | 35.186.247.156:443 | sentry.io | udp |
| US | 104.244.42.66:443 | api.twitter.com | tcp |
| US | 104.244.42.66:443 | api.twitter.com | tcp |
| US | 8.8.8.8:53 | 136.41.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | tcp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 238.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 194.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | talon-service-prod.ecosec.on.epicgames.com | udp |
| US | 104.18.41.136:443 | talon-service-prod.ecosec.on.epicgames.com | tcp |
| US | 104.18.41.136:443 | talon-service-prod.ecosec.on.epicgames.com | tcp |
| US | 104.18.41.136:443 | talon-service-prod.ecosec.on.epicgames.com | tcp |
| US | 8.8.8.8:53 | js.hcaptcha.com | udp |
| US | 104.19.219.90:443 | js.hcaptcha.com | tcp |
| US | 8.8.8.8:53 | 90.219.19.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | newassets.hcaptcha.com | udp |
| US | 8.8.8.8:53 | api.hcaptcha.com | udp |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | youtube.com | udp |
| GB | 142.250.178.14:443 | youtube.com | tcp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| FR | 216.58.204.78:443 | www.youtube.com | udp |
| US | 8.8.8.8:53 | 253.15.104.51.in-addr.arpa | udp |
Files
memory/4468-1-0x0000000000CA0000-0x0000000000DA0000-memory.dmp
memory/4468-2-0x0000000002640000-0x0000000002649000-memory.dmp
memory/1340-3-0x0000000000400000-0x0000000000409000-memory.dmp
memory/1340-4-0x0000000000400000-0x0000000000409000-memory.dmp
memory/3272-5-0x0000000003210000-0x0000000003226000-memory.dmp
memory/1340-7-0x0000000000400000-0x0000000000409000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\EF13.exe
| MD5 | e1db58927595887f3528ccd12a9b3139 |
| SHA1 | ddddbc9ba3112f0bdcbe0e6fa75bcfb74c68f1cb |
| SHA256 | 9ba8bae87a9665c5683c4f5111fccfe524ba8671180c8d6cc8a9bd20f2f30f35 |
| SHA512 | 4809cd07c8847e2d3812f75a97526fc2f32703b3f8b3dc0b60b3335432e595031147a8245913ba731c2996acaa0a93aae255e29a729870eb9a4eee9710d9f6a7 |
C:\Users\Admin\AppData\Local\Temp\F06C.bat
| MD5 | 55cc761bf3429324e5a0095cab002113 |
| SHA1 | 2cc1ef4542a4e92d4158ab3978425d517fafd16d |
| SHA256 | d6cceb3c71b80403364bf142f2fa4624ee0be36a49bac25ed45a497cf1ce9c3a |
| SHA512 | 33f9f5cad22d291077787c7df510806e4ac31f453d288712595af6debe579fabed6cdf4662e46e6fa94de135b161e739f55cfae05c36c87af85ed6a6ad1c9155 |
memory/4600-22-0x0000000000920000-0x0000000000A20000-memory.dmp
memory/4088-24-0x0000000000400000-0x0000000000409000-memory.dmp
memory/3272-25-0x0000000007870000-0x0000000007886000-memory.dmp
memory/4088-26-0x0000000000400000-0x0000000000409000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7DD.exe
| MD5 | d6709cc2adb09d6ff003d52ece25c894 |
| SHA1 | 1f5b110ab3549efac240ff309bbcb934c26a072a |
| SHA256 | fb5c249e2a353691a022f786fabcdc80037824e1f018ddb01d2a5f68c62e2167 |
| SHA512 | 9501a3818f7e478f546438582a654592bc2c541cdb7d1b54dfb931672a6da74b5e0c3b6a9ee5080dd604762bdb7be3222c931223acc7c79c51b3b06ea72e002d |
memory/4560-34-0x0000000002430000-0x00000000024D0000-memory.dmp
memory/4560-35-0x00000000025D0000-0x00000000026EB000-memory.dmp
memory/3144-36-0x0000000000400000-0x0000000000537000-memory.dmp
memory/3144-38-0x0000000000400000-0x0000000000537000-memory.dmp
memory/3144-39-0x0000000000400000-0x0000000000537000-memory.dmp
memory/3144-40-0x0000000000400000-0x0000000000537000-memory.dmp
memory/3144-50-0x0000000000400000-0x0000000000537000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\1470.exe
| MD5 | ecb468882ee533e521a9df36ad3eacf1 |
| SHA1 | a1fea7ca6d1f65458a9f8464377d43f1f26bb947 |
| SHA256 | 87a0bf17ab7b79d832c520aae117ea3cb6f141b84a7035099664ac8148a4626f |
| SHA512 | 1a157b18084c6e7d0cd4801d71080aba5971ddb02fdacefc05f11b28124c2fddb09bf1766f25d2d6c3b778bf66ebdc806b14c96bb6883041b5fad4e8623bade5 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\ca3lM75.exe
| MD5 | e01a2c4142fc339884e60b819b52ff9e |
| SHA1 | f75821ea099c26b7b1e933787b2e0795fe70e89e |
| SHA256 | ac29d44852bcc1f12d6fc777e6958705d40406ef36b91cf3426017845805bfba |
| SHA512 | 40d8e21da5b544b2782e8f1e1a3f458424b541a7474f7893f1c11ea1266fd0a1888b1d4e4868e9e7070ee1f5fee311cf4571bcc7cd86401186b4adba5c4679c5 |
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1To94YF2.exe
| MD5 | 589e67e5be95d38137707eab421a98f9 |
| SHA1 | d89e115d57920a0f037b34181ed824589609c302 |
| SHA256 | 844c5a77852461e53bc1f57f5226ec0c0f124ce780c7467d0b5d9e88edb45e8c |
| SHA512 | 458b250cfcdeebb378fc198d1dc709daac6ed2c33d3f2f70d03dd4da32be45ef727b47512c791aba29c7b8aed4f0738371723bc8f7673097c5b6f858eab40c72 |
memory/3864-71-0x0000000002460000-0x0000000002502000-memory.dmp
memory/1992-74-0x0000000000400000-0x0000000000537000-memory.dmp
memory/1992-75-0x0000000000400000-0x0000000000537000-memory.dmp
memory/1992-77-0x0000000000400000-0x0000000000537000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 16f2e3b53bcbb102e66ce976ddf51d21 |
| SHA1 | 2d08df66868e7a63324fc49d8badcce608bd68e3 |
| SHA256 | 735cfaa43a4815a1aef46276a32d628ce5b1b7a4f57b316e7d51abc762b92653 |
| SHA512 | bb567f8fa37c0b0a1447e247aef839c681a24e0861fcb2fc9ece89978cd6443cf2cd6d73b288b1cdd5ccd1851d3f10e2fcde896da8571e99102b1a9a14c9d524 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ef2ab50a3d368243b8203ac219278a5d |
| SHA1 | 2d154d63c4371354ff607656a4d94bc3734658a9 |
| SHA256 | 2e2faf2873e0b8d58788da8603acdd772642a396fff661c4e32f8a581362cbdf |
| SHA512 | 4533997bf4070f99306337b8ff553691d4cf1d1b53401628524ad4dc9d29bd0536a3f2df4ecdd0a8afa81b7f917f40524c9a1898b566ee499a358abc5c84b27a |
\??\pipe\LOCAL\crashpad_1004_GUARPZFPTLPZKLDT
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\2PR8616.exe
| MD5 | f8e7488fd4ced59d6eb387447bc37430 |
| SHA1 | 560ed0a592273875ae66a93efd611f76a9da7ee7 |
| SHA256 | 30d11b5bd1ed2f376bb2c6dd47299a54702bf9cfdfc0d32e5f50c1adf83ae347 |
| SHA512 | 0e7445eb71a24e10c13a706189cc972d9d590bbd456f27b4008243161868fc6b0e86fd8fadf42f61502aa913f39e2a3fedb7de236b80a2bff05378b7ade6cdb2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | d5da6a68e569268fa360aa86df1da691 |
| SHA1 | 88620c7f144764aa0f7f16956ae92fcec3e15635 |
| SHA256 | b6e0b2fc73e32b89ff00e730be30cc4d9bee4cd7316f62d76250807300610b7f |
| SHA512 | 7e2e811070e949921474e5d76107a5b4ce27b0ae54c80f948d9147d655f3edac571266393a0b99f0c8bd900f560e8cafb05cb2a21194f9e9e3b77b63713aff18 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | bc96ecb2b35d13512fc80c33c4fbd0b4 |
| SHA1 | e360e58fa6eba698482d78d8b6b91473d35c98e8 |
| SHA256 | ac271596e1f1df2848f0c5ac04f1968e802615611bf5c11ba73acfd8cb6075ca |
| SHA512 | 4d5140272bd6db3c860585b51c19f068b7d99acfbec3a7de141daa6911a56b9cf68efd802aa7e5ef177aa7fc5d9a24d9855800723a157adbbacafddb238b1faf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | fae532313b86d5299fcc9e4dcc909590 |
| SHA1 | 697ef446f9b62b987cd2e98496911a9b2cc12cd3 |
| SHA256 | 803850f2b439ed0139601ea748c1f2b93353fec2a9a9efebb63460618802d6d4 |
| SHA512 | 07616f0d6eb1b7fdddd279d00a1c17b2f0e7b2e8b70d4cce57cf1997542b910d99d9f100d4b513d3f74833eb3e3525b25410322eec12d5ebb44efd8049c941a3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 8b3a2a187fb05ca2e41e7b4ce6e9aff0 |
| SHA1 | 3c931b61d8e5bffce81c1c95bf761ee7621daf9f |
| SHA256 | 5f3d00869d7f5a8d98b8e62e1f8fcf79fe21877535f3faf975d7fbcd9f29c130 |
| SHA512 | 000359146b87cdf9f432acc25299ed05f6de53912e38f972f4e2002c8075cb10a75209dc4ee71912578095976482dbe9b2f379c290a9b005bccf27a6ecb6bfd2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 0013d549efc9f4ee70e7fc49da8eac12 |
| SHA1 | 6cd8da38a709af62dbc739c39e31d1742b5c8868 |
| SHA256 | e286d36fd3b1ddeb83e7e2847631e5308bf3769e9032f6c5e0596e09563937ca |
| SHA512 | 498158b366658d338303e26549688bc7f9bce29f7e3083f3ab97c2e4ed9e1695b9cead929dca5eb9e808d70c43045a258c00355421fda65129d0bb184b90f921 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | e82c55cefd424b2dc19b22540124a9d9 |
| SHA1 | cfb54b32a46e8a9dab3374edbbb56272ca6ff2a7 |
| SHA256 | c7921a8e160fa1c72488a64b6193a1ffa14e423d6b94414abe19b88aa07c6264 |
| SHA512 | 3fe72e76388a0cf5aca2811865c6ea0ad3b00d9ffc4a114a758dd4187466be14d66a92fc66e34dd424167614e0527b27c0237c781e6d6c5087d8ff20677061e0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 137e24d7afd90068bbc2ea166bdb058c |
| SHA1 | 503544674913da9f28bd448e4058bbf86a73e644 |
| SHA256 | 816120ab623944eed660787b9986c24ac462be30fc2d612bb164d043c1457521 |
| SHA512 | 7125ac809eda48074f240bffa35555af24d6abbab311a7d41880caa39f808317b2ec2276c1f5368faa194e9d7a29655db97867449a9d9debdd9ad9460d5ec39a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | bd2c937a0bd6f6fef431c45c9f9f70a6 |
| SHA1 | 9cc0d2f94e50c87c6544e981756f56da49683804 |
| SHA256 | fbe63ff4383d29a5608badaa34b90841bd80177c7435a12af1747c8437bb46d8 |
| SHA512 | 594185fea4541939dca53237f39952e8ee96c58a31009b937afcc998e34fbe0eafe9d2ac9061e3145e89b503c815648648a68bb20babaa97f324dc19f2fdd862 |
C:\Users\Admin\AppData\Local\Temp\posterBoxu1jg7T94ASzNE\QdX9ITDLyCRBWeb Data
| MD5 | 15b15858232eb73939154fa51070f7d9 |
| SHA1 | c5d442be8afd48c12f3e10324d74c274ebad25d8 |
| SHA256 | 415b5d95ff3e636716deaa385106694fcc257f82be4fe831fdaed420bba50cf2 |
| SHA512 | 8477c2a94ecbecff9d79d3f73713d568ab29260cd51397f54939629531aa84eeaaffc742bef744da071718b597b15e8870c547cf1dfeb122686bb9e59a7dfd86 |
C:\Users\Admin\AppData\Local\Temp\posterBoxu1jg7T94ASzNE\ZunTSaNJLBVfWeb Data
| MD5 | f70aa3fa04f0536280f872ad17973c3d |
| SHA1 | 50a7b889329a92de1b272d0ecf5fce87395d3123 |
| SHA256 | 8d782aa65de6db3538a14da82216e96d5e0a3c60496726e3541a8165bccc65f8 |
| SHA512 | 30675c5c610d9aa32a4c4a4d9c3af7570823cd197f8d2a709222c78e2cd15304bbed80e233e3674ec2f6e33d1961c67fd6a46dc8ba8b1a301cd0722932c03c84 |
C:\Users\Admin\AppData\Local\Temp\grandUIAu1jg7T94ASzNE\information.txt
| MD5 | df3ae2dbdbafe7f4eb0fbd8cb7b993d8 |
| SHA1 | ed3410f4271a4af92168cba045d2218ed4bb9306 |
| SHA256 | 4e2bdcf3461b9c798ebddc008f1425ede36bf1e60b1b379e35c7b44d8c238193 |
| SHA512 | 56e902f1e671ff2d07ddd979ee159407dce8995f05d5dd936dc5dd8e86d6a8fa5bf2adc7a06e0c6708be891486f507c1a6f80b2882ddd6da00b821feff63e08f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 04c3558f9276d9c3d7769ead90acb21b |
| SHA1 | 1135f4eba6629e2775302537d8615d4267e89908 |
| SHA256 | aa759c4ad98f812da40bd00524e00ce18da098e780afa7aa5bd79b77e735ae4a |
| SHA512 | cdd3a74da2ee35dde6b9b200dd765a5f3bc96da53e2897d0cd21f78dd4ee66399dc909d3e70a4ac5125503822bbe2854ed5b590a57c0776894e156dad7c619ed |
memory/6800-546-0x0000000000930000-0x0000000000A30000-memory.dmp
memory/6800-547-0x00000000024F0000-0x000000000256C000-memory.dmp
memory/6800-553-0x0000000000400000-0x0000000000892000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026
| MD5 | 923a543cc619ea568f91b723d9fb1ef0 |
| SHA1 | 6f4ade25559645c741d7327c6e16521e43d7e1f9 |
| SHA256 | bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd |
| SHA512 | a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555 |
memory/6800-599-0x0000000000400000-0x0000000000892000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 879c7e76c9513b1435d386a4f1472303 |
| SHA1 | 2f9ea28dc94bfb83d9f3268ccc665129c3d8823d |
| SHA256 | 7d16a8d3c24dee6f14d5e33070ba00cd0662c317a3416b20d5f298b68c8d4343 |
| SHA512 | 4ef80c84748985831794c0c1649ac430ae3b69aa44993628c0d9ee528be95191d845ac0afaaea8614c14a56871856ba824e0a91190f69f526ea811d0054d59b0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | bf38e67347aea6d520cda5fde321a1e5 |
| SHA1 | 0e7a8def4c923201d76b41dfa9918bb1052827ea |
| SHA256 | 0f0744f36e30e64949c41835aa5666f25c1ab4f3636d9247b8350fd8ad4f8025 |
| SHA512 | f62478dd4e38c6bef2bfc24f46caa03840613711e2b6fda2aad707df5cbd33b25af4fc3954521e203b981c4a10e5c8fd2520cabc16cdad858eed819b45a6f366 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029
| MD5 | 7d75a9eb3b38b5dd04b8a7ce4f1b87cc |
| SHA1 | 68f598c84936c9720c5ffd6685294f5c94000dff |
| SHA256 | 6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7 |
| SHA512 | cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f
| MD5 | b3ba9decc3bb52ed5cca8158e05928a9 |
| SHA1 | 19d045a3fbccbf788a29a4dba443d9ccf5a12fb0 |
| SHA256 | 8bd1b2afcbe2fa046b0937197f1b2f393ef821ff89331f99754b9006f0114df4 |
| SHA512 | 86a86d370e96fa29c0c1d12991c2287936b400830869ff7b5abe4de6f32db2df782b626d724496cd6de27f8cbd32101ba34cbcd4c650ef11afa26bc048d68529 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030
| MD5 | 909324d9c20060e3e73a7b5ff1f19dd8 |
| SHA1 | feea7790740db1e87419c8f5920859ea0234b76b |
| SHA256 | dfc749d2afefe484d9aa9f8f06d461ad104a0ca9b75b46abfaaddda64a5e9278 |
| SHA512 | b64d2dce1f9a185fbb8a32adc1ff402d8045d379600bf3f9154bbde18303610f18af9fce258442db1e621ecf10b77aafe99cffedfcbe2a1490056c50cc42d0f9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000031
| MD5 | d55250dc737ef207ba326220fff903d1 |
| SHA1 | cbdc4af13a2ca8219d5c0b13d2c091a4234347c6 |
| SHA256 | d3e913618a52fe57ab4320e62a5ace58a699d6bce8187164e198abe3279726fd |
| SHA512 | 13adff61e2cfa25dc535eba9d63209b7e7e9bd29fc4d6c868b057df7f680aa66ef5783a0e82a8367185debf7f6fe5bae89adc0770daff5317d2e16db5ad3ab39 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 0ac259c4f162bd43564775eff4f2c0c4 |
| SHA1 | 575f23492bdee169a10a202ed49dc53b067a8ce1 |
| SHA256 | d8ca798cad77b9679d7f521b459ff1fe78cdccdb79fa3b716d9e0e81576fda76 |
| SHA512 | 8c40fed53429eb92673c6a42a060d26d7e8dcc4b1bf17c3c4529e4e9af04453a1d3b3878e4bd874686529ce9652ab5c89ccdd31b62e72255290ff0e32b0840b8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5878a6.TMP
| MD5 | ed8190877f30950ff120bd9f7a621410 |
| SHA1 | 3a13b8ab385b763920a0a60b6b738632d7a1fdde |
| SHA256 | 459af229641ae2a31305ee05403562bf40392352a71a57426945714667e55530 |
| SHA512 | 31602eec789459bc060d3b06c37e35f59660fad879a4cf16ed0cf95f44324c84c295ee786d1ad383355c1d2982e71de8fc511256f1d1fd4ba23c5cc1fdd6e24e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | fe98b2996beb858c705d3606acfa8183 |
| SHA1 | b4f2d3a27910730bb43021d6a0d37c00ba5c29dd |
| SHA256 | a229114b09a580feb8a7dccd9a7ae338631c1748eecf8cf4bb832ec2e859d7b9 |
| SHA512 | b47752d639574a3131b30ebcd7e106404bf56bdfc9521d4e2a8e61f1ff901194a7c921c81492bce8cc3e833b85fa6fe6ab2d526e222b6f376af8c6446ebd18d3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt
| MD5 | ffa98f35e93bee0ef7c9ec796cecb7e7 |
| SHA1 | b54d14dd72466318796a2a69df8052bcfc73b7b7 |
| SHA256 | e1905aeb1f28dcf4edde44cee246baf723082ca4b5993bdb37c36be8058d73ce |
| SHA512 | b932cf8acc5997b4923a0cc626530b699573a197be78ba7dd248b3175c366b1b63c2c4e92e9f8e3297b4c203773967e24d82be2bd4f156db32fea079599e6768 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 5a23287e17020328644eeb777879fb7d |
| SHA1 | 9a9f3fa3ee71390774622e6cba700ad496257a03 |
| SHA256 | 1755d56e94c6f93ea0f05cfafa0f97dd4cbe7e99d5404fccf417211e8e3e0b7c |
| SHA512 | 33e407030c719767a9d12796821974ff3529746967d52888e8c4b44de6278ca59c945adc871433edf1449eed1153ff6bebd23578f2f71f05c85bc2f0eee7729d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | f349000ca3f25416aba6e73cd88f7fd3 |
| SHA1 | 9a543b8e8af490253c5ce3a4092998104bbbb072 |
| SHA256 | 97fd4dd1b617d6b9ee381d3fbc44ff041e99302690e0eb5d5cdea0605d8d235c |
| SHA512 | cd25c7c8e3f60d5dd32c56fbc480ca4dd572ac39f6eac14fa60799a6ad131fe9f225c4c8bc69b95198a9926c9e8c23a1fb6e3fe89924fb756ddf432e2649d215 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt.tmp
| MD5 | f9efbc0a1a3e6f0b296e08c8dd39cd64 |
| SHA1 | abdc090fe539ed15271e408f057a445fb9beef7b |
| SHA256 | 50096eba3160c15840f56fe321329b2b7bd422d76de1e4a9092cf83dbad8ac51 |
| SHA512 | 416ed14f65cc740a2469cdce7a4723ec59954122ddb338ca54146de0bffedba6533312498b89e6147f9f13848bfdcee0460587623e5e50f90bae8fb1cee93830 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | db0db5b79003a5f1d675e22c6181588d |
| SHA1 | 169059ef7a707b9cfbda45d61fda3c140ac38b14 |
| SHA256 | 9ac09123071930efd0f8bba69c3cdefe2a2aaa6ca90cdcaca04fc6f6125a518a |
| SHA512 | 1307e865456cb720194512b9464ebf7ad06726b02ee3606fa58f9adc9a147963e3e6d2d1b55625a84e95286317d3a7698bb6cdafb49a801f64b45ce618a07a17 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 145a4bd531bfb7ca8f483a36e1c8263e |
| SHA1 | f2db238ca8550d04392ee0a7c1d04c0053658367 |
| SHA256 | 746146c1a6a85c22f403e95eba43e2053e7e10d4f7fd7d3821c88f9b5a7ca37c |
| SHA512 | 0e1e379f286d7f72e569fd114a831be11731211aaa97b44170832711a8dc0f9dfad0a6a034050f8b893c8db31e03a4fda10c8165f8c0204c9d2896150a318f6c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | fade4a345ba7cf8e0a3d13d44f736637 |
| SHA1 | 3cd2a91ca71f2800385c2b1f9e044ff489176763 |
| SHA256 | c3409a95bce308fa8332158e75c0a06c8d5485a0e7ad5ac88125d86d26dd2acf |
| SHA512 | 68c135eabdbc7c54b433a07d945e8b0fccdbd8d9826c18c797e14d5b051b1b575069180195492c3e392e446c0ae3e9886b4a3ec1e9b3632b31fbef89d038685d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | a06cabfaff91ddd22428056626193f24 |
| SHA1 | 825db76c5ec4d7d78bf3ffaf2343daa1c65e961f |
| SHA256 | 8ac7113568d4b8d79b7ac556e04100378881b22d4a4e7fb55006d5e31127159e |
| SHA512 | 79786337026b7c0e9286f7e53dc0b38d7f0a1b436702ba03081c918267d7b6be9c263ec9bcc464e6aacc60fbffe8684976761ef1bf1bdb7e05d494dad33db7c6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58f2b8.TMP
| MD5 | 65071ab6f24a5eabf803c54a77433177 |
| SHA1 | 8cedd28cef5d7f4ff27dc40f2cf39ea07acf5ed6 |
| SHA256 | 49b73ba88f33f3453718923ecf684dcd4a0c330f996799b493998af14b2da8fc |
| SHA512 | 0e5c36b818868d63fe1db759e46dc94ee2a96b9eda84827cafebd8709bbc3b2ccc2f52ecfc352130e4947985a5413203dbd0a3ca2f1a7e4489095ce582857cfa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 50727789b0e962937710739168b3089c |
| SHA1 | 755716bd1bd93eeddb0df0047df7a6f0ff1dec6d |
| SHA256 | 31e1cfa4453326aa89d4a3389b1657a30d21c8d55f2d4fb089add96c2da75f01 |
| SHA512 | 1b52f78bcde098e840ef601b00a6f6467774530f5b21a4e54c29b6352ac17de79a7840f35e17d2ff0965f8de55e339165d2dc778d64e7506fdf0ac4a46675548 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\313cad57-64e9-4bd2-a0e1-39060ddbc249\index-dir\the-real-index~RFe591488.TMP
| MD5 | bb247aa39a4c9b789a6fb24b38b55cad |
| SHA1 | 0ddad99e34f5b660b03b6278cc801cb92164bdfb |
| SHA256 | 44398e1f93e5acf7336da9aeb7e930b6afee2747281b1c466b8b5a9aa3e3269c |
| SHA512 | fc91b538c824a8ab17e912aca6b69493ba2782921a8c4ae1ede64bdd262bcf5e41be188d1a2196fda35bb82b8fe39bf388f3adf1fcc7445a42ab9d7c298f2f01 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\313cad57-64e9-4bd2-a0e1-39060ddbc249\index-dir\the-real-index
| MD5 | 8875a960b95627cb241e2fca32844932 |
| SHA1 | e0554a198e27da79d29e6a2324b951f51aea939e |
| SHA256 | 965b6248b5b4789087f8d93ef9dffae8ab8d2b1ee09f940e8b378a9d138b4cb9 |
| SHA512 | 6703c574603f74ed62a9908486a4fd22acd066098d30b2f07395cc6fe6a9102e07a18463800ca1b0224187d97e73a5e395ebda10090390b479f4ba5244c4ef66 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt
| MD5 | 480b5a8c8314a99ae08d04f418d6d8df |
| SHA1 | d3dd7b0bfa28a5a7cbb4229d021a41468f3e5de2 |
| SHA256 | 477cd5c4fd64389ba7101bf71b88552cb8dac439350d8334fabc920d2befe142 |
| SHA512 | d6b17c592ff09f954def99763bb7bec86665e374b2b40c1dfd55bd694859814b4b4344ffc77b989062b3fe6206c2e82333414514b22da205983b1e8c50618ad9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5049b791567301b6fdf147f43ab92e61 |
| SHA1 | 86d4bf745cd832f8554350de5efac2952c5abb74 |
| SHA256 | 20987044cedd4a06de919ae17b6e420c75d15a9e6787b09027ff9dbe041f7599 |
| SHA512 | 229da8ca6e54ba6ca870a0a4d81d48e6cd1b3afd0534bdb9073f0dedba7f6ff4b3eedd0947787c6138c76fdd11b45f7e7a14d7a0e24efddcf6521f646aad7ea3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 58f9457599ab31d91e17a4b9e949eee5 |
| SHA1 | b3caba40f0e364da0a80b704220fb43153133042 |
| SHA256 | 4eccd3ea676b8e301551bd02f28ff78f92793f88f6a4fd4f7ac9346907e84ba5 |
| SHA512 | a5e29554bc7573d1599ea3e51e0c0bcd8865df95fb126f5f5bfb2467ceadba1da2aa11ab21ef0b01a245edf361ad1720983a7fd2cbbcade80dc64b91e02c041f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | c0fc43af3f6775b43c3508419a7d6731 |
| SHA1 | 00b5a606d199e7ec0a33cf220bea315580545108 |
| SHA256 | c25708b04b813e9d5c9bfcacad96c27abac23ff4067fd474cdf66580f84eb8d2 |
| SHA512 | b253c29a6b6b56d5f9efb2fb0d5a97aa8a787213352cf452cb0ca5976486cc596dee06627bbd400fa93d4ca1622ebf1076690a5ddedbfa96b59bed3d4f52779a |
memory/6348-2259-0x0000000000A60000-0x0000000000B60000-memory.dmp
memory/1080-2261-0x0000000000400000-0x0000000000409000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\1f275724-e5f9-4afe-a9e3-e97b6eaf90aa.tmp
| MD5 | 873afee3119b877fec6a29dc875edd93 |
| SHA1 | 8ab637f2114af539691e4ac8baaee5f04dda234a |
| SHA256 | b7b889cacbc75d04eee4dd9b9c1aac78cb76efd526b7c62c1b0aa5c06d9c87d9 |
| SHA512 | 7ebb430f0e75013594d4017063ad44c29d598a2dd0e1ffc3587c42fa37b6d8aaf7a5b60324471ebd63158e411300dc13ec0055269f5d876e052f863b917dfb11 |
memory/3272-2271-0x0000000001460000-0x0000000001476000-memory.dmp
memory/1080-2272-0x0000000000400000-0x0000000000409000-memory.dmp