Analysis Overview
SHA256
9ee73fddcf442cc41bf8dfdfa6e283d335242e061bf643ec0c1a35130d219003
Threat Level: Known bad
The file sample was found to be: Known bad.
Malicious Activity Summary
Modifies WinLogon for persistence
UAC bypass
Disables Task Manager via registry modification
Downloads MZ/PE file
Possible privilege escalation attempt
Executes dropped EXE
Checks computer location settings
Modifies file permissions
Legitimate hosting services abused for malware hosting/C2
Writes to the Master Boot Record (MBR)
Sets desktop wallpaper using registry
Drops file in Windows directory
Enumerates physical storage devices
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Checks processor information in registry
Enumerates system info in registry
Modifies registry class
Suspicious behavior: GetForegroundWindowSpam
Uses Task Scheduler COM API
Suspicious use of WriteProcessMemory
System policy modification
Suspicious use of SendNotifyMessage
Kills process with taskkill
Modifies Control Panel
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Delays execution with timeout.exe
NTFS ADS
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-03-04 14:52
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-03-04 14:52
Reported
2024-03-04 15:23
Platform
win10v2004-20240226-en
Max time kernel
375s
Max time network
330s
Command Line
Signatures
Modifies WinLogon for persistence
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "explorer.exe, wscript.exe \"C:\\windows\\winbase_base_procid_none\\secureloc0x65\\WinRapistI386.vbs\"" | C:\Users\Admin\AppData\Local\Temp\A1A5.tmp\gdifuncs.exe | N/A |
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\A1A5.tmp\gdifuncs.exe | N/A |
Disables Task Manager via registry modification
Downloads MZ/PE file
Possible privilege escalation attempt
| Description | Indicator | Process | Target |
| N/A | N/A | C:\windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\HorrorTrojan Ultimate Edition.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\Control Panel\International\Geo\Nation | C:\Windows\system32\wscript.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\A1A5.tmp\gdifuncs.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\HorrorTrojan Ultimate Edition.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\A1A5.tmp\mbr.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\A1A5.tmp\jeffpopup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\A1A5.tmp\bobcreep.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\A1A5.tmp\gdifuncs.exe | N/A |
Modifies file permissions
| Description | Indicator | Process | Target |
| N/A | N/A | C:\windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\icacls.exe | N/A |
| N/A | N/A | C:\windows\SysWOW64\takeown.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\AppData\Local\Temp\A1A5.tmp\mbr.exe | N/A |
Sets desktop wallpaper using registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\Control Panel\Desktop\Wallpaper = "c:\\bg.bmp" | C:\Windows\system32\reg.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | \??\c:\windows\winbase_base_procid_none\secureloc0x65\mainbgtheme.wav | C:\Windows\system32\cmd.exe | N/A |
| File created | C:\windows\WinAttr.gci | C:\Users\Admin\AppData\Local\Temp\A1A5.tmp\gdifuncs.exe | N/A |
| File opened for modification | \??\c:\windows\WinAttr.gci | C:\Windows\SysWOW64\cmd.exe | N/A |
| File created | \??\c:\windows\winbase_base_procid_none\secureloc0x65\gdifuncs.exe | C:\Windows\system32\cmd.exe | N/A |
| File opened for modification | \??\c:\windows\winbase_base_procid_none\secureloc0x65\gdifuncs.exe | C:\Windows\system32\cmd.exe | N/A |
| File created | \??\c:\windows\winbase_base_procid_none\secureloc0x65\mainbgtheme.wav | C:\Windows\system32\cmd.exe | N/A |
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Delays execution with timeout.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\timeout.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
Modifies Control Panel
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\Control Panel\Cursors\Arrow = "C:\\Windows\\winbase_base_procid_none\\secureloc0x65\\rcur.cur" | C:\Users\Admin\AppData\Local\Temp\A1A5.tmp\gdifuncs.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\winbase_base_procid_none\\secureloc0x65\\rcur.cur" | C:\Users\Admin\AppData\Local\Temp\A1A5.tmp\gdifuncs.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\Control Panel\Cursors\Hand = "C:\\Windows\\winbase_base_procid_none\\secureloc0x65\\rcur.cur" | C:\Users\Admin\AppData\Local\Temp\A1A5.tmp\gdifuncs.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\sln_auto_file\shell\open | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\sln_auto_file\shell\open\command\ = "\"C:\\Program Files\\Mozilla Firefox\\firefox.exe\" -osint -url \"%1\"" | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\.sln | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\sln_auto_file | C:\Windows\system32\OpenWith.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\.sln\ = "sln_auto_file" | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-566096764-1992588923-1249862864-1000\{6E342154-4724-486C-BBA9-CA3864992E77} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\sln_auto_file\shell | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\sln_auto_file\shell\open\command | C:\Windows\system32\OpenWith.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 272924.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\A1A5.tmp\gdifuncs.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\A1A5.tmp\gdifuncs.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\windows\SysWOW64\takeown.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\SysWOW64\takeown.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\A1A5.tmp\jeffpopup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\A1A5.tmp\bobcreep.exe | N/A |
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\A1A5.tmp\gdifuncs.exe | N/A |
Uses Task Scheduler COM API
Processes
C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\sample.js
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff888f46f8,0x7fff888f4708,0x7fff888f4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,1333168878240876001,4724461481561998626,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,1333168878240876001,4724461481561998626,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,1333168878240876001,4724461481561998626,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2956 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,1333168878240876001,4724461481561998626,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,1333168878240876001,4724461481561998626,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,1333168878240876001,4724461481561998626,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3136 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,1333168878240876001,4724461481561998626,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4232 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,1333168878240876001,4724461481561998626,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3660 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,1333168878240876001,4724461481561998626,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3660 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,1333168878240876001,4724461481561998626,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,1333168878240876001,4724461481561998626,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3616 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2152,1333168878240876001,4724461481561998626,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5444 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2152,1333168878240876001,4724461481561998626,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5416 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,1333168878240876001,4724461481561998626,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,1333168878240876001,4724461481561998626,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3464 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,1333168878240876001,4724461481561998626,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,1333168878240876001,4724461481561998626,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,1333168878240876001,4724461481561998626,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,1333168878240876001,4724461481561998626,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,1333168878240876001,4724461481561998626,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6040 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,1333168878240876001,4724461481561998626,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2316 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,1333168878240876001,4724461481561998626,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2152,1333168878240876001,4724461481561998626,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6064 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,1333168878240876001,4724461481561998626,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2152,1333168878240876001,4724461481561998626,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3512 /prefetch:8
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\YouAreAnIdiot.sln"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\Downloads\YouAreAnIdiot.sln
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2276.0.492229633\533070058" -parentBuildID 20221007134813 -prefsHandle 1888 -prefMapHandle 1880 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {024915b2-42e2-4eca-8fc6-297dd33bae0c} 2276 "\\.\pipe\gecko-crash-server-pipe.2276" 1992 1ec58e06858 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2276.1.770399110\1301145340" -parentBuildID 20221007134813 -prefsHandle 2408 -prefMapHandle 2404 -prefsLen 21565 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {13f20e15-a915-47cb-acd4-163e4877bf76} 2276 "\\.\pipe\gecko-crash-server-pipe.2276" 2428 1ec441e4a58 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2276.2.1167360623\1085269295" -childID 1 -isForBrowser -prefsHandle 2944 -prefMapHandle 3048 -prefsLen 21668 -prefMapSize 233444 -jsInitHandle 1084 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {91b5b99c-faf5-4fc8-bc1a-c1b7c11d4c5d} 2276 "\\.\pipe\gecko-crash-server-pipe.2276" 3256 1ec58062258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2276.3.2138859823\1135262041" -childID 2 -isForBrowser -prefsHandle 3560 -prefMapHandle 3556 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1084 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {18e2bf9a-2532-44cc-99b7-1617196d0279} 2276 "\\.\pipe\gecko-crash-server-pipe.2276" 3572 1ec44162858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2276.4.137385359\1347526071" -childID 3 -isForBrowser -prefsHandle 4724 -prefMapHandle 4720 -prefsLen 26300 -prefMapSize 233444 -jsInitHandle 1084 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {56cb2abc-71c7-44b4-a70d-ce4d1898018d} 2276 "\\.\pipe\gecko-crash-server-pipe.2276" 4740 1ec5c46cd58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2276.5.533576441\156946551" -childID 4 -isForBrowser -prefsHandle 5044 -prefMapHandle 5048 -prefsLen 26300 -prefMapSize 233444 -jsInitHandle 1084 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6523799f-1c7f-4358-b558-10aeafc9ede8} 2276 "\\.\pipe\gecko-crash-server-pipe.2276" 5032 1ec5e16fb58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2276.6.1808660587\470899665" -childID 5 -isForBrowser -prefsHandle 5244 -prefMapHandle 5248 -prefsLen 26300 -prefMapSize 233444 -jsInitHandle 1084 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {36baea4a-c366-4a43-98b4-6d5a98cad688} 2276 "\\.\pipe\gecko-crash-server-pipe.2276" 5236 1ec5e16e658 tab
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,1333168878240876001,4724461481561998626,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6428 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,1333168878240876001,4724461481561998626,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6368 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,1333168878240876001,4724461481561998626,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6068 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,1333168878240876001,4724461481561998626,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,1333168878240876001,4724461481561998626,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2152,1333168878240876001,4724461481561998626,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5992 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2152,1333168878240876001,4724461481561998626,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2756 /prefetch:8
C:\Users\Admin\Downloads\HorrorTrojan Ultimate Edition.exe
"C:\Users\Admin\Downloads\HorrorTrojan Ultimate Edition.exe"
C:\Windows\system32\wscript.exe
"C:\Windows\sysnative\wscript.exe" C:\Users\Admin\AppData\Local\Temp\A1A5.tmp\A1A6.tmp\A1A7.vbs //Nologo
C:\Users\Admin\AppData\Local\Temp\A1A5.tmp\mbr.exe
"C:\Users\Admin\AppData\Local\Temp\A1A5.tmp\mbr.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\A1A5.tmp\tools.cmd" "
C:\Windows\system32\reg.exe
reg add "HKEY_CURRENT_USER\Control Panel\Desktop" /v Wallpaper /t REG_SZ /d c:\bg.bmp /f
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Windows\system32\rundll32.exe
RUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters
C:\Users\Admin\AppData\Local\Temp\A1A5.tmp\jeffpopup.exe
"C:\Users\Admin\AppData\Local\Temp\A1A5.tmp\jeffpopup.exe"
C:\Users\Admin\AppData\Local\Temp\A1A5.tmp\bobcreep.exe
"C:\Users\Admin\AppData\Local\Temp\A1A5.tmp\bobcreep.exe"
C:\Users\Admin\AppData\Local\Temp\A1A5.tmp\gdifuncs.exe
"C:\Users\Admin\AppData\Local\Temp\A1A5.tmp\gdifuncs.exe"
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2f8 0x32c
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\YOUDIED 42.txt
C:\windows\SysWOW64\takeown.exe
"C:\windows\system32\takeown.exe" /f C:\windows\system32\LogonUI.exe
C:\windows\SysWOW64\icacls.exe
"C:\windows\system32\icacls.exe" C:\\windows\\system32\\LogonUI.exe /granted "Admin":F
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /c cd\&cd Windows\system32&takeown /f LogonUI.exe&icacls LogonUI.exe /granted "%username%":F&cd..&cd winbase_base_procid_none&cd secureloc0x65© "ui65.exe" "C:\windows\system32\LogonUI.exe" /Y&echo WinLTDRStartwinpos > "c:\windows\WinAttr.gci"&timeout 2&taskkill /f /im "tobi0a0c.exe"&exit
C:\Windows\SysWOW64\takeown.exe
takeown /f LogonUI.exe
C:\Windows\SysWOW64\icacls.exe
icacls LogonUI.exe /granted "Admin":F
C:\Windows\SysWOW64\timeout.exe
timeout 2
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im "tobi0a0c.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 149.177.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.200:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 173.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.201.86.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.171.91.138.in-addr.arpa | udp |
| GB | 92.123.128.168:443 | www.bing.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 168.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| GB | 92.123.128.188:443 | th.bing.com | tcp |
| GB | 92.123.128.171:443 | r.bing.com | tcp |
| GB | 92.123.128.171:443 | r.bing.com | tcp |
| GB | 92.123.128.188:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | 171.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 188.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| NL | 40.126.32.140:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | services.bingapis.com | udp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 8.8.8.8:53 | 80.5.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 8.8.8.8:53 | 74.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.clarity.ms | udp |
| US | 13.107.253.64:443 | www.clarity.ms | tcp |
| US | 8.8.8.8:53 | 64.253.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | c.clarity.ms | udp |
| IE | 68.219.88.97:443 | c.clarity.ms | tcp |
| US | 8.8.8.8:53 | r.clarity.ms | udp |
| US | 20.119.174.243:443 | r.clarity.ms | tcp |
| US | 8.8.8.8:53 | c.bing.com | udp |
| US | 20.119.174.243:443 | r.clarity.ms | tcp |
| US | 8.8.8.8:53 | 202.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.88.219.68.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 243.174.119.20.in-addr.arpa | udp |
| US | 20.119.174.243:443 | r.clarity.ms | tcp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 20.119.174.243:443 | r.clarity.ms | tcp |
| US | 8.8.8.8:53 | 232.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| DE | 140.82.121.4:443 | github.com | tcp |
| DE | 140.82.121.4:443 | github.com | tcp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.133:443 | user-images.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 140.82.113.21:443 | collector.github.com | tcp |
| US | 140.82.113.21:443 | collector.github.com | tcp |
| DE | 140.82.121.5:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 154.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.121.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 5.121.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.113.82.140.in-addr.arpa | udp |
| US | 20.119.174.243:443 | r.clarity.ms | tcp |
| US | 20.119.174.243:443 | r.clarity.ms | tcp |
| US | 8.8.8.8:53 | 177.178.17.96.in-addr.arpa | udp |
| US | 20.119.174.243:443 | r.clarity.ms | tcp |
| GB | 92.123.128.188:443 | th.bing.com | tcp |
| DE | 140.82.121.4:443 | github.com | tcp |
| US | 20.119.174.243:443 | r.clarity.ms | tcp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.109.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 133.109.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 34.117.237.239:443 | contile.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 44.239.242.57:443 | shavar.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| US | 8.8.8.8:53 | 57.242.239.44.in-addr.arpa | udp |
| N/A | 127.0.0.1:53725 | tcp | |
| N/A | 127.0.0.1:53731 | tcp | |
| US | 8.8.8.8:53 | r.clarity.ms | udp |
| US | 20.119.174.243:443 | r.clarity.ms | tcp |
| US | 20.119.174.243:443 | r.clarity.ms | tcp |
| US | 20.119.174.243:443 | r.clarity.ms | tcp |
| US | 20.119.174.243:443 | r.clarity.ms | tcp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| GB | 92.123.128.191:443 | th.bing.com | tcp |
| US | 20.119.174.243:443 | r.clarity.ms | tcp |
| US | 8.8.8.8:53 | 191.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| DE | 140.82.121.4:443 | github.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| DE | 140.82.121.6:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 6.121.82.140.in-addr.arpa | udp |
| US | 20.119.174.243:443 | r.clarity.ms | tcp |
| US | 20.119.174.243:443 | r.clarity.ms | tcp |
| US | 20.119.174.243:443 | r.clarity.ms | tcp |
| US | 8.8.8.8:53 | 7.173.189.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | e1b45169ebca0dceadb0f45697799d62 |
| SHA1 | 803604277318898e6f5c6fb92270ca83b5609cd5 |
| SHA256 | 4c0224fb7cc26ccf74f5be586f18401db57cce935c767a446659b828a7b5ee60 |
| SHA512 | 357965b8d5cfaf773dbd9b371d7e308d1c86a6c428e542adbfe6bac34a7d2061d0a2f59e84e5b42768930e9b109e9e9f2a87e95cf26b3a69cbff05654ee42b4e |
\??\pipe\LOCAL\crashpad_3972_KUZGDTRCXCFNTYYP
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 9ffb5f81e8eccd0963c46cbfea1abc20 |
| SHA1 | a02a610afd3543de215565bc488a4343bb5c1a59 |
| SHA256 | 3a654b499247e59e34040f3b192a0069e8f3904e2398cbed90e86d981378e8bc |
| SHA512 | 2d21e18ef3f800e6e43b8cf03639d04510433c04215923f5a96432a8aa361fdda282cd444210150d9dbf8f028825d5bc8a451fd53bd3e0c9528eeb80d6e86597 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d44349d4334235b24bbf5fa35d04a321 |
| SHA1 | 152be05ef857f10a986b5f3c383d9004156547f9 |
| SHA256 | 278e546b50eee8109ef195a02637385a51cf0ae1f588abc6ae89bba23c011b95 |
| SHA512 | eb31f5361fe6216b970a6695aa8cb32cf263c73e9c2fa95566f2a6239914eda6354144369dc536bc175764283eed9b921c3083d8cdce2efccd5fe83e3fcad34e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\5872c7b1-4f31-4558-9756-8a4ca6d4e726.tmp
| MD5 | 64bb2f4120013baf7a44d92a693a5db7 |
| SHA1 | f9e26c16404cc38811fa3b52220753c5723d7b8d |
| SHA256 | d40c5544c35920676540db865f127c0d36e47d599da9dbf3e1187c3eadee9db6 |
| SHA512 | c1fc407c300a73a7417e3bded8cbfbdc8e6959a61dcd899429dfa98e75fded22c7b0c80b847340142fbbb77cb11f64135fd83c5f92949a867a460ac12d064a69 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a6e60eef1cc0d78bfe43135564fcadb2 |
| SHA1 | 6e00858eefcaa782f524a1c2c0d9322c80828e08 |
| SHA256 | 9c47ff527aa59c3d6a1bcc32475d37e2b2f951770eb2ea77f9390609de73b76c |
| SHA512 | df513c6dd1203d6378179f70c7fd8f4bd4ece3b85a0707ae8679a41d330fc709b09d7fe9384c00dce64e23118eeddf3da28b561797bc978f4ef89ab30f05c3e9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 807419ca9a4734feaf8d8563a003b048 |
| SHA1 | a723c7d60a65886ffa068711f1e900ccc85922a6 |
| SHA256 | aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631 |
| SHA512 | f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e54f.TMP
| MD5 | efd99bba87a5257e95507bf87764cd37 |
| SHA1 | 8cc1af8d13e4d4f351e86aa3329e1ce5b3be9852 |
| SHA256 | 7e70c42608781d355d82db53567e20481d1c73bc51bcaa1fc6120f15d090939f |
| SHA512 | 65d0701e5bad9cb42a91ffac620292abc3b6892ded03a92a13b75c5c58b9656bebb5cce7dc040d6c1599b2ef41c345c4c75791b7a5aeef982f60b7face5a8c7a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\138e0a36-edbc-49ed-bd6f-40a3bec2df0e.tmp
| MD5 | a2f2feb5140818c4cff8c9fc4fb31bc0 |
| SHA1 | 336800747668cf3effb30fd6b28a7339b740c34a |
| SHA256 | 107f6b16d5a03fe5050964987e956669df920595dffb5c4a3a1f358e8a7a4613 |
| SHA512 | eca693ec3b31a70f3283dda8d3dffd1a73c23fcd78c6d81ec01f4600fd097439bb9a565ae02a4a8a18509c4ab1332a716141454eaad8e91b97daa74dd71b24cf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | be27b8dcc4c0c0fc5b20b98ddee15dbb |
| SHA1 | 59c61b3c1763e4642fa36a61f9381827e3b2820a |
| SHA256 | 1bafc38217302d07151988a7b3cb34479ac86bececc5e3fce818f25e0403f575 |
| SHA512 | dee42c0f7965b6febbc5b1803ec3fba06b5e71a931aced156cf9a9f4e71fa62dc455fccb5b6710e13b1527a2ec3767a916c42daa37c9346a1dd0babf766d64c5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 7cd53a1ba870c1335e6aa75257236bb9 |
| SHA1 | 6af16bb801880c29d8c52af7ce73c7aafcb807de |
| SHA256 | ca0f7be33f2307008cb1b646c8810bb5891d8b6baba0a8b92d3f4c622cf681e8 |
| SHA512 | 858da2aeae360f5a84c100275d9744bffe97f8273becd8e73737256b369c4c1c95f93ca8c013197958054e6c5f0ac53d46bc0737ceb9398fa331bf79e6237de5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 0862fb33b4b06a7f44264277dbd47847 |
| SHA1 | 4ff1782a85c8d84e69aafaccf8d2bb15e048b038 |
| SHA256 | 102121d47fc900fa5b32e4077da4a76f58874e132acd3a73f476fd1694cc1233 |
| SHA512 | 68c0c7185a0a9dc685b95e504706354bca1c958aed7659178f0793fd2c574f580f20a66a458afdadcd577bbe756a7c044cad9e3f9fcba15106260fdaaca85e9e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003
| MD5 | a127a49f49671771565e01d883a5e4fa |
| SHA1 | 09ec098e238b34c09406628c6bee1b81472fc003 |
| SHA256 | 3f208f049ffaf4a7ed808bf0ff759ce7986c177f476b380d0076fd1f5482fca6 |
| SHA512 | 61b54222e54e7ab8743a2d6ca3c36768a7b2cf22d5689a3309dee9974b1f804533720ea9de2d3beab44853d565a94f1bc0e60b9382997abcf03945219f98d734 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002
| MD5 | c3c0eb5e044497577bec91b5970f6d30 |
| SHA1 | d833f81cf21f68d43ba64a6c28892945adc317a6 |
| SHA256 | eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb |
| SHA512 | 83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005
| MD5 | 710d7637cc7e21b62fd3efe6aba1fd27 |
| SHA1 | 8645d6b137064c7b38e10c736724e17787db6cf3 |
| SHA256 | c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b |
| SHA512 | 19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006
| MD5 | 2e86a72f4e82614cd4842950d2e0a716 |
| SHA1 | d7b4ee0c9af735d098bff474632fc2c0113e0b9c |
| SHA256 | c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f |
| SHA512 | 7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004
| MD5 | acd3f8bcdca044e4382c0bb6246b0234 |
| SHA1 | 1c83d89a3c40835a82f06e6bea0af86f52901bc5 |
| SHA256 | cec8af8be960f3b13ad0f554c338ab88688ae5b4ddfcda5471fc8268ce66db25 |
| SHA512 | 3cbf100cc72f4a63c7aebe0ec029fc3635b97addbb0a4e83febbd127e00ff1455fc0b4cb90839f3bec498a7cdb848d8fde4d6991cc6a1f479669e70ad220b5a1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007
| MD5 | 74e33b4b54f4d1f3da06ab47c5936a13 |
| SHA1 | 6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c |
| SHA256 | 535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287 |
| SHA512 | 79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008
| MD5 | ae6fba4a8a4923ae8fb23bbe54365bb4 |
| SHA1 | fb04d11d5f8433a5149dbbf05323cdbcbdfaf3c5 |
| SHA256 | d3effbeee1babe87697c39dab95237973aef8f4755a273b3a04b6585d927f7f3 |
| SHA512 | 275b997c5819b5c360b1f5f1a8239e6f7e1631a0c75677a4d428c8a25e03400314e8eca58f54af524fb93c3b609b7c47e60ae05a7ba874651ed58b54281a2ed5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 46054de962eba3a13390db44fe3aa80f |
| SHA1 | a9578a5983551487370c19f2d6580c735cc65696 |
| SHA256 | 51b4c8d5dbea11ba92eef54e2d6348be724e4467fe2193466a39b3b262c86bec |
| SHA512 | 3520036013a0a9416bfe98e2cb94f4b51c740bb288a80909afd48369535ca96c3c2decc295993e9e8855e1f42d6863df017f8fd11154c0aa0388bffe613c678e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1b35abf20ec6a2b9a0e4e01bbcdca768 |
| SHA1 | a7b6a9a2364142fb9418349f8f60df5899bb113e |
| SHA256 | 002c97c0de0d86c6feb444f819489d9db1c4cdd58c1c67bcb868a63e5a696404 |
| SHA512 | 4033b490bf969ea02d51c9ed9a5a2966e3bf26e578927d51913ce6150962fb7d2da6cfbc570f6729cb1cdae2d581d159ecd3656c355c2de727fdfef33741a7c0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 7f6b30fda2d5c99fcde25aa2880fe97d |
| SHA1 | 4c0c9c582e1e646465a7741a8bc2535141222448 |
| SHA256 | 6ad0b7402f9ae75b9b7e64fc2d58e0357121f73bbd238795b85163e52ed504c7 |
| SHA512 | 074a5d0a677e19407631ea6887747038102e38b53b14ce2bb52ebf28fb41cacac1bf8aaeae99feeeb23f99e4377467426f3539c6154e4874a0078575610b524f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | e11b6a096eadbedb36df5c2a4c306ae7 |
| SHA1 | 03412ea92bc9c697a02417f609b5c8ad6033c698 |
| SHA256 | 060a1aca5f1b3cd2aa34cf99f8c64170f285fbc57c4faa16ddbfa0a203530096 |
| SHA512 | 7d8f89008f058b6e4acfbe079c3cb2828496671ec912753135246d017e1cf1f628e8eeb99e1fc403d98e748ef964b34e303044672c4cfd51fe43672cc6800701 |
C:\Users\Admin\Downloads\YouAreAnIdiot.sln
| MD5 | 76b06b4f32c1a1d1cbd3767a11b9fdc1 |
| SHA1 | 4da3da200a68c940c9f20edbbeaa159cbf910d90 |
| SHA256 | c23dcd400f98fc07f2f24411d681cc27cb3ddd4df4834d6456e0adbe9ad59697 |
| SHA512 | 00974bb7139e60160175b209b4eb9ce73f93ea9e316adfe2d8595ada00b1f6d0bf7de6795aa6bdde5bca0a22a8395a368d69aba04265134fa2c06af7fdbf650d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 391a035a8eb5096f287d6387c8b361ff |
| SHA1 | 4a640635e11332c69f121cfafdb32deeb47fe43c |
| SHA256 | ee477bd85620732df0ca9d64ad92aa96d9dbb399f633116923b945190061d4ae |
| SHA512 | 6150e5a9e27c75c0acb84868e57cf05b9019f81639e56df5ad2cc732ea029207f0802cab0833b7755d619e41733b307081a9a134c21739855f1e1bf89ccc5c9b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 50bda4e4c2c37838e1b3061cedd85def |
| SHA1 | 74448ec8aa4abacbccd56b081397b2bc5fdda80d |
| SHA256 | 0e5da229a7e76db51ef98f49be5d1b102b342d2b4165ae5bbd4f16687f652b19 |
| SHA512 | 3c989f8b4ea871c08b1ff4e082a79c568e52418307890067ffaf39563429726c8a78bdd2f73136c4854fe873a8ff37cb2585ee6c4709d2cf08572a983ddee00f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 61695f61137bbe68cff6cd0a1fb705c6 |
| SHA1 | 1db399d4ea6bf776b6688ad7eb0a3e97ae7a473e |
| SHA256 | 64e08fb246251fb6c2812c84b59ad3496696ec8b85757db42f5fc917a4f474a6 |
| SHA512 | b1b5f5e003c88f08d4e694b8142c7935b1e12a74696594643c263ea0245fc31220f79a19706dde3a106d9c884d18163841d1bf5fd8705fef5673711b3281cb36 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\datareporting\glean\pending_pings\2b20705a-5f86-4ce1-a455-3d1cf8202a34
| MD5 | eab11c54725ad960901bce80b0e59886 |
| SHA1 | 871ebbc1775d539f93782923867a9a432cba6a0a |
| SHA256 | 125056240c5cdc06283278e45b99dd7c232706f1b258c7d4d46f09841b8a93ff |
| SHA512 | 04e15ee85f7d579e58773d969822e5bddd092482626dc9ee90b817a5e3ff952d9c0d91220e5f310ef6c235788861a50938136700ebc8db09fe340de965fba13c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\datareporting\glean\pending_pings\61be411a-4b51-4490-80d7-36b772ead8cf
| MD5 | 26f85b0c53226c77ffea75a620af9947 |
| SHA1 | f1152af02fe65d666941ea8e4378a662a496ad03 |
| SHA256 | 096a94a5ded14fd1f9a5e67d1a8d791f9fcabd3eb76633377bba1a4dba30fe0a |
| SHA512 | cbde78243c83a91a84a48ce04fffed0d35242ebd7ae8d011319f49dbfe715733b8daa4e605db304ac66d4c75391c6064f3654e5b4cf87f223d30b081f564bf3d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\datareporting\glean\db\data.safe.bin
| MD5 | ec60c203f452038c1f596e9d212f678d |
| SHA1 | 27b406b0783127237a2fa0f7193285703f21a112 |
| SHA256 | b30b4285510fdbd2747fef3182a57359aeecfbbd686002faf23024c482af512a |
| SHA512 | 04c9ecd3eeed860870ab7214b8097289582a6cb0db262a1d6a158fd45b84698045e016714c62fd280614bb245b779fd92cfcf8ee8f4c06b3375499af7d6a5ab9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | cfd8fefa203d469805bc877068fa18ff |
| SHA1 | 88abe1ac978221c7bd497696362656d7f27ea925 |
| SHA256 | d92749c161935fd52521a95b9408a9b6476d79def1e3dba627d5a5bebcebf98d |
| SHA512 | 6c616810143da9817b3696b63e17b46fb9f7f65566aeb78cc4f040681da4ae15cb9e68655a6c40266e520b09bd1c683cc69551c7e8031e0e32dd3b1b41b7d7a7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\prefs-1.js
| MD5 | f67f80b8bf6f132d8b69dc0a5885531a |
| SHA1 | 27834732d142dd5d9a2d192b92b6f13fc159ca1c |
| SHA256 | dbd052089b80ca26ae47f50777f88f9eddcc67967f87c80dff6e0d6eaada42ac |
| SHA512 | 7938c98cf14e54cf6ad4370c1cae01e472e73b313a6953923964973144e0e0877e8f352364ce6d0520e25149fca3ebd5bc01c9ea2c7b47e281cc5565b57b6699 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\prefs.js
| MD5 | 1c52338385f86b28bb16f91843e6e1b2 |
| SHA1 | b3f959c6edee446345f9905264a2cc0537fa6f07 |
| SHA256 | a0597cd50a82e19cc399327dd5a7013a9bd3a6c17b6981629242ac4a36f4d13a |
| SHA512 | 05f6f924938812b2460615952486775c69395e84eb2007a099782739315e48866ca760054bdca82127a078f1206d9335dee98f842de81e59cea8b128d1acbcbf |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\sessionstore.jsonlz4
| MD5 | 854fb93e1c6f2979c5568f859ac419ee |
| SHA1 | dcdcd2a0db7b66106aaa52740ae1b5b8d61cd570 |
| SHA256 | 14b8d7d95ad3bb4517278d9e6c14b7b8b26a627b3fdeae3b6a0c952675dbad30 |
| SHA512 | f3f25839be366a2789a6b0527d9845cc7089f20df9d1069190d27ffd14d66b4cef7d0365cd010bcf07b7d885d15cf2ffbcde7a2ecb88ad2613a75d2e5681e2ba |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | d515a1b79da956e7d6586738b8d5b004 |
| SHA1 | edffe60f285a1aa1fd58a7f11b720cbb537e5637 |
| SHA256 | 181ec284425fdb3cd84fdbea7b792ca66cee92c733d7c18d0cf142efbf9c3da5 |
| SHA512 | 844a1f79da1bc74f19f4774c6ce492ed018ff670df60dfd2b4586c5cd53b30eb1cf3b659ec85ab6a41bb517231ff4d148fd3c61352b346faf982e088110e6db1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009
| MD5 | bbc7e5859c0d0757b3b1b15e1b11929d |
| SHA1 | 59df2c56b3c79ac1de9b400ddf3c5a693fa76c2d |
| SHA256 | 851c67fbabfda5b3151a6f73f283f7f0634cd1163719135a8de25c0518234fc2 |
| SHA512 | f1fecb77f4cdfe7165cc1f2da042048fd94033ca4e648e50ebc4171c806c3c174666bb321c6dda53f2f175dc310ad2459e8f01778acaee6e7c7606497c0a1dea |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a
| MD5 | bc9faa8bb6aae687766b2db2e055a494 |
| SHA1 | 34b2395d1b6908afcd60f92cdd8e7153939191e4 |
| SHA256 | 4a725d21a3c98f0b9c5763b0a0796818d341579817af762448e1be522bc574ed |
| SHA512 | 621386935230595c3a00b9c53ea25daa78c2823d32085e22363dc438150f1cb6b3d50be5c58665886fac2286ae63bf1f62c8803cb38a0cac201c82ee2db975c4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011
| MD5 | 8b2813296f6e3577e9ac2eb518ac437e |
| SHA1 | 6c8066353b4d463018aa1e4e9bb9bf2e9a7d9a86 |
| SHA256 | befb3b0471067ac66b93fcdba75c11d743f70a02bb9f5eef7501fa874686319d |
| SHA512 | a1ed4d23dfbe981bf749c2008ab55a3d76e8f41801a09475e7e0109600f288aa20036273940e8ba70a172dec57eec56fe7c567cb941ba71edae080f2fdcc1e0c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010
| MD5 | e562aa584409a79d9174919c1065f2e3 |
| SHA1 | d9dd1d50ab52b6b475baaf995eddbdb37545c2a7 |
| SHA256 | 786d1ba73e48a4e2d26cff209e77a859c0f71e7cabff025db82f6e6fd7013507 |
| SHA512 | 834825915c3f6273fd34ca174f3000d308fd2b7c3a081d4ebe9ea390e49e39e64e329ba369d6402cefe2595ad5a3718f99525c69b7a2e48eacde965ef6b2906f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f
| MD5 | 24ab2f3a8c26685b6be9d07b5ef7df00 |
| SHA1 | cd316ec3208392f5b2846e668337938511998388 |
| SHA256 | 54364a48157dd6f58c16da41f7cf4e0ea32c2ccf432e5b0623b87223c8c3696b |
| SHA512 | efab865d8590020d7069146b82d66a3e35d586a8672eaa4de3d3cd158680fd20aa7cc4520cae3a59ff10569e1ac9c295c171e27d3f364cf1ef3642cc696b9c89 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e
| MD5 | ed8322298d06f491f494f5e8c388e69c |
| SHA1 | dd1c8c0595ce620796e61b7c832127d657b5099e |
| SHA256 | 1d64b5180af2d9f5091394e9438cb25adf84ab3073a0d1e6ceb2376a94e77275 |
| SHA512 | f79c93c22fb38a2d2a00995b1d0e3944e037c23f11362b8f2468b4d9808c8377b2484831a34e84f2f3d86934d3ae369a635f1459776d4d9b353fb6dc757134d0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013
| MD5 | 063fe934b18300c766e7279114db4b67 |
| SHA1 | d7e71855cf6e8d1e7fbaa763223857f50cd1d4bd |
| SHA256 | 8745914e0214bcd9d2e6a841f0679a81084ef3fc3d99125876bee26653f4253e |
| SHA512 | 9d0dfc21306b3a56c2ecdf1265392271969e3765e161e117c8765125b34793e24458217cf6514b364f351f47e65baaaf5856be0d13406a789f844d6ba8c7075f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d
| MD5 | 93ab4cf70b3aa1641a4b258c3fe03f24 |
| SHA1 | cba2ddecb8e019e6e5a91dcf867c6d6094f39b63 |
| SHA256 | d6c2f9f2bb35841cdb53abb660544e6e6f44e39d6542323992cc1c63e998fa16 |
| SHA512 | 70fa907afd9b52ed54a3cf755e394c40a3ff7a83041540b435cba47d889c1c9401afc9fb23a5e879d85bed42fd5df40cd7540d428b3ee7a9cdc278a314770884 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012
| MD5 | e3c321ef088d2b913659c2c1d004be2d |
| SHA1 | b3c22a8b4e51c97ea9a0ea82f898adc88fc74499 |
| SHA256 | 8d0c890ef816f03ebd62e0389e50def14b6362812bd0d5cb75cc9feaa67e08cd |
| SHA512 | abeec3d8df3e3c12e4d5a737b66677088abd3a0466f8c3c3848e662e2623fcff90108d6f50ce77968dadf457ea2f97809cd1f44b2efab0cff3b65e3ab388b1eb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014
| MD5 | ce9fe310a8b8ed92ae2c8472ff3b59ca |
| SHA1 | 59b1ef50b9181ea7b2ff15c6b3aee5b5b9d1e637 |
| SHA256 | 886630a4fffcd5467a13460abee5fe70b262befa51b6353ea902a02e8ce112a1 |
| SHA512 | 31c68e2fd65c6bad73ec409e6ddd9b1593bd3ad92ed5af979752ab4cd41bcc2f896a9be992c6ceeb232db9687c57c0abd3e35185c1e84199e6e87aeae84d099b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015
| MD5 | 77a781823d1c1a1f70513ffeda9e996d |
| SHA1 | 60776ceeb79ed41e7cd49b1ee07b1e09ff846f25 |
| SHA256 | b093599957b103def2cc82ffd2d42d57a98292ace5a6596e3e4439a6cce063b2 |
| SHA512 | 9aa66273ad419e1fc4ee825ec9e9fea4297139eca060572d3f59ed9bccbf2e1dbd03a006a0a35c6d37196e8297ec9a49fb787f0a31c3772b17911603eca62aac |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b
| MD5 | 233bac65b1e572d177982c004427b11a |
| SHA1 | ff3e3b78ebe6738929314282b6539c254cacdd41 |
| SHA256 | 1083412d99a19f9037474da7547c0c3b708dfcfba94f8130f194dccc18bf929a |
| SHA512 | 8e39f2e028dfa55caedd2b19ceb0f0193a60afefc1e7025c6a2b61d23329c537df8ed35370ecf89d175cbf31a503e1d0acebaa0b68b98b4eaef40ba228f826d9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | c6a596358000e9e1488b3bb70dcaad6d |
| SHA1 | d4d8a4c6c6a1dde5cbae389ab6469feada7773f3 |
| SHA256 | d85832bcc765ae764d7e9c6d39897c9a161283ce1e80ad0a01f4a55f3da7cb66 |
| SHA512 | 91064e8b777e2b1b404960831c2ebbdce9757f70a5e35064707b8d274abe5a50d1727ceae3fcbdf539afc84839147ed4a854894a9aacfee2bb84d63e3b1bbcff |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8d68a574e7e46a012c2afa6d4284988c |
| SHA1 | 917f42f3ffd46bd2748ca0cc48a600a40d726925 |
| SHA256 | f0a419278cd5a7baf18f9320280e28dee0611535a119273eec3dc53c66643b8b |
| SHA512 | 64d1914e2ffe6f46c82a810c708b7a5afe595d0280214ced91d5fcd6cf56268e9f3e2e5a96e66e63379e1f3bc81243d7bc45f64c1dd3b26ef43d31331e297829 |
C:\Users\Admin\Downloads\Unconfirmed 272924.crdownload
| MD5 | 8f5a2b3154aba26acf5440fd3034326c |
| SHA1 | b4d508ee783dc1f1a2cf9147cc1e5729470e773b |
| SHA256 | fc7e799742a1c64361a8a9c3fecdf44f9db85f0bf57f4fb5712519d12ba4c5ac |
| SHA512 | 01c052c71a2f97daf76c91765e3ee6ec46ca7cb67b162c2fc668ef5ee35399622496c95568dedffbaf72524f70f6afcfe90f567fbb653a93d800664b046cd5f2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 8dc6fe69c5ff032b466ff05c72e53731 |
| SHA1 | 506f39fd000a406f6ad50c2252fcba9d62c9475b |
| SHA256 | 7d88705b0bff1b436d908ce3371478d68bda943efaf87a5a3f03b8df988d2637 |
| SHA512 | fd438642b33f1932a9029555a2ddac58c59f3d0372b8c27e6d542fbd94b2ca632e79de0ec0677f770ce2f5e6066ecd5a78d8bb5959cdf10ec6fff2309ef92876 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 950fb38b16067834efbc141a902b101a |
| SHA1 | b87ea1686f62823012338bfe7c69b78527c1b9d5 |
| SHA256 | 952cd752e82703664494c53eaff28a3547eb3269b0c2c7abe8a80d0d2ebbb664 |
| SHA512 | 38dcb0505378f61a764f5d2bac54e40331372fedd65826e984185b7337671be25d87bf2faafe0f354bf411804852d35f5f977e2f9ff17a5aa7ac3d6b36cb589b |
C:\Users\Admin\AppData\Local\Temp\A1A5.tmp\A1A6.tmp\A1A7.vbs
| MD5 | a0679dce64fcf875f4208b823d4b85c0 |
| SHA1 | 85abe3673db82bfe5b2c207dc98648e32afffea0 |
| SHA256 | 85a07013575a6a890c7b1d26adaa52f17616c4cca673617aa1fc0992aa29dda1 |
| SHA512 | 1e2740a09acc5b0d679acfd740feb3556638f1b6029078668bbb7e067b356fcecf23c5b317b02888822cc180c0eb5cb7e2caf63d92a74515ebc5a1031d80f3a6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 671d712a7790d38dcdfb86a051109e3f |
| SHA1 | ec1d2a22a3c2843b7747f10787c6d68e24b1a8de |
| SHA256 | fb260190cfb53a58a256ddef1427cfc7f5d06c300666bde479582937e82af19f |
| SHA512 | f5a6763194b8fad6b7681ddd3a349692bd9c699146c8e7d594b43d96ba4dc8f5eb1bb65c7ff91a006f275a0bd92a7561658f8e566d85dae7f31674eb1c019b24 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | f6b7111452f936886802bcb01779f25f |
| SHA1 | a7b7cdea9ebe9d3566893ec9c62f6825ab0f653f |
| SHA256 | cac3c146a6082cbbea32b52b54ea46aa816b7cc928f950d45c9ab11b7816374b |
| SHA512 | 3795625fe48c423269145b8ad8b02b9f5cf813c0f1efd935cb5c3e0773a4f637a227cb8f49b5cfda310073c6f81c374118f635c71681264dca2821d5b367ae1b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 77ef48ada8e4c019ecbb967cf1410060 |
| SHA1 | d6ebcf1ef31e2d215ba56964096c9c3e7091e561 |
| SHA256 | bcdbaa818cc48da400a13cf68073dd491a4e96c528d91f867eb1aac958204ed7 |
| SHA512 | 5e07de4ae122f5a3d548f066d4b3b41ad11a28d16b111133705c87488edf8826cc892180673658739cdbc7f7b5e087cf29b1155c82fa0357414fc65b4fc08c7d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 7cd246cae83131e927ed260f1697c1c6 |
| SHA1 | b48e7601d0a83a6bef1537c8b1ee9857a5b17e76 |
| SHA256 | 6173b39e6f903a422912d705c4586ae39b03198de53fcb98030e83746424d6fa |
| SHA512 | 4e41fba623d17f2577a59f714d11a2ddc45dd971b51570295e19929aad65d99bde7364d3342ae579f73df83a033dccab100547f816d698b8e9c8ebf18a94a9ae |
C:\Users\Admin\Desktop\YOUDIED 5.txt
| MD5 | 05d30a59150a996af1258cdc6f388684 |
| SHA1 | c773b24888976c889284365dd0b584f003141f38 |
| SHA256 | c5e98b515636d1d7b2cd13326b70968b322469dbbe8c76fc7a84e236c1b579c9 |
| SHA512 | 2144cd74536bc663d6031d7c718db64fd246346750304a8ceef5b58cd135d6ea061c43c9150334ee292c7367ff4991b118080152b8ebc9c5630b6c5186872a3a |
C:\Users\Admin\AppData\Local\Temp\A1A5.tmp\mbr.exe
| MD5 | 74be3afd732dc010c8266326cc32127b |
| SHA1 | a91802c200f10c09ff9a0679c274bbe55ecb7b41 |
| SHA256 | 03fe34795ad0f91fc8eb8c9ebe8094541e4fb4d7095095f8b48f345c2a6d0f0c |
| SHA512 | 68fa03d640680e37614feccb56f4d41180724cb7c08ba25f9bea3830a44c03d635664d8e0255ab2d05d3613498f4a4dd4398b7971a2cb1c9ae3be93f944946e5 |
C:\Users\Admin\AppData\Local\Temp\A1A5.tmp\tools.cmd
| MD5 | 288bebe9f904e6fabe4de67bd7897445 |
| SHA1 | 0587ce2d936600a9eb142c6197fe12a0c3e8472f |
| SHA256 | cf965fcc5a7ca4d9245c706c88b4d5013fb84be27b0ec262facccfadf14bdca2 |
| SHA512 | 7db8e7c1318bcab7cef2c02484a82f347a630443a644b546a5cc339a5a848d1a3e915255f9c357de6ee26817a55d1091d80e2a8e97f66afa5686b3d11ee56c3c |
memory/3056-1735-0x0000000000400000-0x00000000004D8000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\A1A5.tmp\bg.bmp
| MD5 | a605dbeda4f89c1569dd46221c5e85b5 |
| SHA1 | 5f28ce1e1788a083552b9ac760e57d278467a1f9 |
| SHA256 | 77897f44096311ddb6d569c2a595eca3967c645f24c274318a51e5346816eb8e |
| SHA512 | e4afa652f0133d51480f1d249c828600d02f024aa2cccfb58a0830a9d0c6ee56906736e6d87554ed25c4e69252536cb7379b60b2867b647966269c965b538610 |
C:\Users\Admin\AppData\Local\Temp\A1A5.tmp\gdifuncs.exe
| MD5 | c47c6a5111193af2c9337634b773d2d3 |
| SHA1 | 036604921b67bbad60c7823482e5e6cb268ded14 |
| SHA256 | 7c4f20624dd062a6c71d845d05c6328d5a903ca96398e2902506591b231ed585 |
| SHA512 | 56698b7b2edc0f94d0f7172c853cbe67ac682d132df768659ebca0c169091acb36ffd0a6874c26e2fb35117061c91c9eca4312532ba778312e3d63cc77ce1262 |
C:\Users\Admin\AppData\Local\Temp\A1A5.tmp\mainbgtheme.wav
| MD5 | 1b185a156cfc1ddeff939bf62672516b |
| SHA1 | fd8b803400036f42c8d20ae491e2f1f040a1aed5 |
| SHA256 | e147a3c7a333cbc90e1bf9c08955d191ce83f33542297121635c1d79ecfdfa36 |
| SHA512 | 41b33930e3efe628dae39083ef616baaf6ceb46056a94ab21b4b67eec490b0442a4211eaab79fce1f75f40ecdc853d269c82b5c5389081102f11e0f2f6503ae7 |
C:\Users\Admin\AppData\Local\Temp\A1A5.tmp\jeffpopup.exe
| MD5 | 4151b988c9d5c550ccb6c3b49bf551d4 |
| SHA1 | 10ff979be4a5bbacaf208bdbb8236b940208eed1 |
| SHA256 | 5ec45cc1a109f556d0cd44ba48d3bf11af556ee66dd8b78c94d3ef0e93735e8e |
| SHA512 | c73947b534741c29340550066cd1a6b7cbb4387f3be8303f2d1d0cb21c6f430e0415c27daabc82d32570f421934db78dc840403de18aef09d5a4f0cbe4350e4d |
C:\Users\Admin\AppData\Local\Temp\A1A5.tmp\bobcreep.exe
| MD5 | 219cd85d93a4ed65a481f353a3de5376 |
| SHA1 | a38ab77caf5417765d5595b2fcd859c6354bf079 |
| SHA256 | 00c9fdc8b877c7fb8365709155ab28cb3dac282ae7ec9fc9d47a78b408e0d13f |
| SHA512 | 367644e3bc3310207b5863b09688269c38a55540b8c87e71d66771c954d37d561ed09f3ee11b36c4c8f4a48b618b2e8debae3d93ff684d15305f93a3ade6b3d9 |
memory/2104-1755-0x0000000073570000-0x0000000073D20000-memory.dmp
memory/2104-1754-0x0000000000E90000-0x0000000001392000-memory.dmp
memory/2104-1756-0x0000000006240000-0x00000000067E4000-memory.dmp
memory/2104-1757-0x0000000005D70000-0x0000000005E02000-memory.dmp
memory/2104-1758-0x0000000006000000-0x0000000006010000-memory.dmp
memory/2104-1759-0x0000000006230000-0x000000000623A000-memory.dmp
memory/2104-1760-0x0000000006000000-0x0000000006010000-memory.dmp
memory/2104-1762-0x0000000006000000-0x0000000006010000-memory.dmp
memory/2104-1763-0x0000000006000000-0x0000000006010000-memory.dmp
memory/2104-1764-0x0000000073570000-0x0000000073D20000-memory.dmp
memory/2104-1765-0x0000000006000000-0x0000000006010000-memory.dmp
memory/2104-1767-0x0000000006000000-0x0000000006010000-memory.dmp
memory/2104-1768-0x0000000006000000-0x0000000006010000-memory.dmp
memory/2104-1769-0x0000000006000000-0x0000000006010000-memory.dmp
memory/2104-1771-0x0000000006000000-0x0000000006010000-memory.dmp