Analysis Overview
Threat Level: Known bad
The file https://filetransfer.io/data-package/FJGQEiJW#link was found to be: Known bad.
Malicious Activity Summary
Discord RAT
Downloads MZ/PE file
Legitimate hosting services abused for malware hosting/C2
Drops desktop.ini file(s)
Uses Task Scheduler COM API
Suspicious use of WriteProcessMemory
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Creates scheduled task(s)
Modifies registry class
Checks processor information in registry
Suspicious use of FindShellTrayWindow
Enumerates system info in registry
Opens file in notepad (likely ransom note)
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-03-12 17:26
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-03-12 17:26
Reported
2024-03-12 17:33
Platform
win10v2004-20231215-en
Max time kernel
269s
Max time network
299s
Command Line
Signatures
Discord RAT
Downloads MZ/PE file
Drops desktop.ini file(s)
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Videos\Captures\desktop.ini | C:\Windows\system32\svchost.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\system32\svchost.exe | N/A |
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SYSTEM32\SCHTASKS.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\SCHTASKS.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1497073144-2389943819-3385106915-1000\{3945813C-3A6E-4C0C-9E82-A21FD4EE53D0} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1497073144-2389943819-3385106915-1000\{76DCF41D-C865-4CEC-820D-E9112F18CA42} | C:\Windows\system32\svchost.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Opens file in notepad (likely ransom note)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\svchost.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Downloads\Executor\Main\build.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\Downloads\Executor\Main\build.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://filetransfer.io/data-package/FJGQEiJW#link
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa73e346f8,0x7ffa73e34708,0x7ffa73e34718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1940,18135763560839658831,4651401925791755390,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1940,18135763560839658831,4651401925791755390,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2464 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1940,18135763560839658831,4651401925791755390,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2996 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,18135763560839658831,4651401925791755390,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,18135763560839658831,4651401925791755390,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1940,18135763560839658831,4651401925791755390,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5628 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1940,18135763560839658831,4651401925791755390,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5628 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,18135763560839658831,4651401925791755390,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,18135763560839658831,4651401925791755390,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,18135763560839658831,4651401925791755390,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4168 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,18135763560839658831,4651401925791755390,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3516 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,18135763560839658831,4651401925791755390,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,18135763560839658831,4651401925791755390,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,18135763560839658831,4651401925791755390,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4340 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,18135763560839658831,4651401925791755390,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1940,18135763560839658831,4651401925791755390,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6184 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1940,18135763560839658831,4651401925791755390,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6192 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,18135763560839658831,4651401925791755390,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6396 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,18135763560839658831,4651401925791755390,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6364 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,18135763560839658831,4651401925791755390,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5912 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,18135763560839658831,4651401925791755390,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3512 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,18135763560839658831,4651401925791755390,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1804 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1940,18135763560839658831,4651401925791755390,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=2152 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1940,18135763560839658831,4651401925791755390,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6528 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,18135763560839658831,4651401925791755390,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4164 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,18135763560839658831,4651401925791755390,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5924 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,18135763560839658831,4651401925791755390,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6428 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,18135763560839658831,4651401925791755390,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4168 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,18135763560839658831,4651401925791755390,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:1
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x328 0x3cc
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,18135763560839658831,4651401925791755390,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1756 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,18135763560839658831,4651401925791755390,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5964 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,18135763560839658831,4651401925791755390,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3512 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,18135763560839658831,4651401925791755390,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,18135763560839658831,4651401925791755390,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,18135763560839658831,4651401925791755390,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5880 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,18135763560839658831,4651401925791755390,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2468 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,18135763560839658831,4651401925791755390,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6380 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,18135763560839658831,4651401925791755390,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,18135763560839658831,4651401925791755390,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6680 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault5a6b7c6fh9c1fh4339haef4h9fef4c9c184c
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffa73e346f8,0x7ffa73e34708,0x7ffa73e34718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,18135763560839658831,4651401925791755390,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6920 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,3474068967559742615,13667150345316661527,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,3474068967559742615,13667150345316661527,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,18135763560839658831,4651401925791755390,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6884 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,18135763560839658831,4651401925791755390,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1940,18135763560839658831,4651401925791755390,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7276 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,18135763560839658831,4651401925791755390,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7256 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1940,18135763560839658831,4651401925791755390,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3172 /prefetch:8
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Temp1_Executor.zip\READ_ME.txt
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Executor\READ_ME.txt
C:\Users\Admin\Downloads\Executor\Main\build.exe
"C:\Users\Admin\Downloads\Executor\Main\build.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\Executor\Main\buildsigs.bat" "
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Executor\READ_ME.txt
C:\Windows\SYSTEM32\SCHTASKS.exe
"SCHTASKS.exe" /create /tn "$77build.exe" /tr "'C:\Users\Admin\Downloads\Executor\Main\build.exe'" /sc onlogon /rl HIGHEST
C:\Users\Admin\Downloads\Executor\Main\build.exe
"C:\Users\Admin\Downloads\Executor\Main\build.exe"
C:\Windows\SYSTEM32\SCHTASKS.exe
"SCHTASKS.exe" /create /tn "$77build.exe" /tr "'C:\Users\Admin\Downloads\Executor\Main\build.exe'" /sc onlogon /rl HIGHEST
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\Executor\Main\buildsigs.bat" "
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | filetransfer.io | udp |
| US | 8.8.8.8:53 | 138.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 188.114.96.2:443 | filetransfer.io | tcp |
| US | 188.114.96.2:443 | filetransfer.io | tcp |
| US | 188.114.96.2:443 | filetransfer.io | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| GB | 96.17.179.184:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.96.114.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 184.179.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | d1f8f9xcsvx3ha.cloudfront.net | udp |
| FR | 13.249.12.178:443 | d1f8f9xcsvx3ha.cloudfront.net | tcp |
| US | 8.8.8.8:53 | 178.12.249.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | filetransfer.onfastspring.com | udp |
| US | 18.211.248.143:443 | filetransfer.onfastspring.com | tcp |
| US | 8.8.8.8:53 | 17.201.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 143.248.211.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | region1.google-analytics.com | udp |
| US | 216.239.34.36:443 | region1.google-analytics.com | tcp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| NL | 142.250.27.156:443 | stats.g.doubleclick.net | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 14.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.27.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| GB | 92.123.128.177:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 177.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| GB | 92.123.128.189:443 | th.bing.com | tcp |
| GB | 92.123.128.177:443 | th.bing.com | tcp |
| GB | 92.123.128.177:443 | th.bing.com | tcp |
| GB | 92.123.128.189:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | 189.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 8.8.8.8:53 | services.bingapis.com | udp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 8.8.8.8:53 | 80.5.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | assets-global.website-files.com | udp |
| US | 8.8.8.8:53 | global.localizecdn.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| FR | 52.84.174.81:443 | assets-global.website-files.com | tcp |
| FR | 52.84.174.81:443 | assets-global.website-files.com | tcp |
| US | 8.8.8.8:53 | 35.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.128.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.174.84.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 42.36.251.142.in-addr.arpa | udp |
| US | 104.18.5.175:443 | global.localizecdn.com | tcp |
| US | 8.8.8.8:53 | d3e54v103j8qbb.cloudfront.net | udp |
| FR | 52.222.153.83:443 | d3e54v103j8qbb.cloudfront.net | tcp |
| US | 8.8.8.8:53 | 175.5.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.153.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | assets.website-files.com | udp |
| FR | 3.162.38.20:443 | assets.website-files.com | tcp |
| FR | 3.162.38.20:443 | assets.website-files.com | tcp |
| FR | 3.162.38.20:443 | assets.website-files.com | tcp |
| FR | 3.162.38.20:443 | assets.website-files.com | tcp |
| FR | 3.162.38.20:443 | assets.website-files.com | tcp |
| FR | 3.162.38.20:443 | assets.website-files.com | tcp |
| US | 8.8.8.8:53 | geolocation.onetrust.com | udp |
| US | 172.64.155.119:443 | geolocation.onetrust.com | tcp |
| US | 172.64.155.119:443 | geolocation.onetrust.com | tcp |
| US | 8.8.8.8:53 | 119.155.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| NL | 142.250.179.142:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | 142.179.250.142.in-addr.arpa | udp |
| SE | 40.126.53.19:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | 19.53.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.142.211.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dl.discordapp.net | udp |
| US | 104.18.48.115:443 | dl.discordapp.net | tcp |
| US | 8.8.8.8:53 | 115.48.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.38.162.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.121.231.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | roblox.com | udp |
| US | 128.116.101.4:80 | roblox.com | tcp |
| US | 128.116.101.4:80 | roblox.com | tcp |
| US | 128.116.101.4:443 | roblox.com | tcp |
| US | 8.8.8.8:53 | 4.101.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.roblox.com | udp |
| FR | 128.116.122.4:443 | www.roblox.com | tcp |
| US | 8.8.8.8:53 | css.rbxcdn.com | udp |
| US | 8.8.8.8:53 | static.rbxcdn.com | udp |
| US | 8.8.8.8:53 | js.rbxcdn.com | udp |
| FR | 99.86.91.94:443 | static.rbxcdn.com | tcp |
| FR | 52.222.201.109:443 | css.rbxcdn.com | tcp |
| FR | 52.222.201.109:443 | css.rbxcdn.com | tcp |
| FR | 52.222.201.109:443 | css.rbxcdn.com | tcp |
| FR | 52.222.201.109:443 | css.rbxcdn.com | tcp |
| FR | 52.222.201.109:443 | css.rbxcdn.com | tcp |
| FR | 52.222.201.109:443 | css.rbxcdn.com | tcp |
| GB | 88.221.134.83:443 | js.rbxcdn.com | tcp |
| GB | 88.221.134.83:443 | js.rbxcdn.com | tcp |
| GB | 88.221.134.83:443 | js.rbxcdn.com | tcp |
| GB | 88.221.134.83:443 | js.rbxcdn.com | tcp |
| GB | 88.221.134.83:443 | js.rbxcdn.com | tcp |
| GB | 88.221.134.83:443 | js.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | 4.122.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | roblox-api.arkoselabs.com | udp |
| US | 172.64.154.86:443 | roblox-api.arkoselabs.com | tcp |
| US | 8.8.8.8:53 | 94.91.86.99.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 109.201.222.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | metrics.roblox.com | udp |
| US | 8.8.8.8:53 | apis.roblox.com | udp |
| FR | 128.116.122.4:443 | apis.roblox.com | tcp |
| US | 8.8.8.8:53 | locale.roblox.com | udp |
| US | 8.8.8.8:53 | apis.rbxcdn.com | udp |
| FR | 52.222.201.109:443 | css.rbxcdn.com | tcp |
| FR | 128.116.122.4:443 | locale.roblox.com | tcp |
| US | 8.8.8.8:53 | auth.roblox.com | udp |
| FR | 128.116.122.4:443 | auth.roblox.com | tcp |
| FR | 128.116.122.4:443 | auth.roblox.com | tcp |
| GB | 104.77.160.221:443 | apis.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | images.rbxcdn.com | udp |
| FR | 128.116.122.4:443 | auth.roblox.com | tcp |
| FR | 13.32.145.114:443 | images.rbxcdn.com | tcp |
| FR | 13.32.145.114:443 | images.rbxcdn.com | tcp |
| FR | 13.32.145.114:443 | images.rbxcdn.com | tcp |
| FR | 13.32.145.114:443 | images.rbxcdn.com | tcp |
| FR | 13.32.145.114:443 | images.rbxcdn.com | tcp |
| FR | 13.32.145.114:443 | images.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | 86.154.64.172.in-addr.arpa | udp |
| GB | 104.77.160.221:443 | apis.rbxcdn.com | tcp |
| FR | 52.222.201.109:443 | css.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | ecsv2.roblox.com | udp |
| FR | 128.116.122.3:443 | ecsv2.roblox.com | tcp |
| FR | 128.116.122.3:443 | ecsv2.roblox.com | tcp |
| FR | 128.116.122.3:443 | ecsv2.roblox.com | tcp |
| US | 8.8.8.8:53 | 114.145.32.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 221.160.77.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.122.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| GB | 92.123.128.189:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.53.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | answers.microsoft.com | udp |
| GB | 104.124.175.134:443 | answers.microsoft.com | tcp |
| GB | 104.124.175.134:443 | answers.microsoft.com | tcp |
| GB | 104.124.175.134:443 | answers.microsoft.com | tcp |
| US | 8.8.8.8:53 | 134.175.124.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | aadcdn.msftauth.net | udp |
| US | 8.8.8.8:53 | 18.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | aadcdn.msauth.net | udp |
| US | 152.199.23.37:443 | aadcdn.msftauth.net | tcp |
| US | 8.8.8.8:53 | 37.23.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 92.123.241.137:443 | www.microsoft.com | tcp |
| US | 13.107.246.64:443 | aadcdn.msauth.net | tcp |
| US | 13.107.246.64:443 | aadcdn.msauth.net | tcp |
| US | 13.107.246.64:443 | aadcdn.msauth.net | tcp |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.241.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | filestore.community.support.microsoft.com | udp |
| US | 8.8.8.8:53 | js.monitor.azure.com | udp |
| US | 8.8.8.8:53 | mem.gfx.ms | udp |
| US | 13.107.246.64:443 | mem.gfx.ms | tcp |
| IE | 20.54.108.3:443 | filestore.community.support.microsoft.com | tcp |
| GB | 92.123.241.137:443 | www.microsoft.com | tcp |
| US | 13.107.246.64:443 | mem.gfx.ms | tcp |
| US | 13.107.246.64:443 | mem.gfx.ms | tcp |
| US | 13.107.246.64:443 | mem.gfx.ms | tcp |
| GB | 92.123.241.137:443 | www.microsoft.com | tcp |
| US | 13.107.246.64:443 | mem.gfx.ms | tcp |
| US | 8.8.8.8:53 | 3.108.54.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | browser.events.data.microsoft.com | udp |
| US | 52.182.143.208:443 | browser.events.data.microsoft.com | tcp |
| US | 52.182.143.208:443 | browser.events.data.microsoft.com | tcp |
| US | 13.107.246.64:443 | mem.gfx.ms | tcp |
| US | 13.107.246.64:443 | mem.gfx.ms | tcp |
| US | 13.107.246.64:443 | mem.gfx.ms | tcp |
| US | 13.107.246.64:443 | mem.gfx.ms | tcp |
| US | 8.8.8.8:53 | 208.143.182.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| US | 8.8.8.8:53 | acctcdn.msftauth.net | udp |
| US | 8.8.8.8:53 | acctcdn.msauth.net | udp |
| US | 8.8.8.8:53 | logincdn.msftauth.net | udp |
| US | 152.199.21.175:443 | acctcdn.msftauth.net | tcp |
| US | 192.229.221.185:443 | logincdn.msftauth.net | tcp |
| US | 13.107.246.64:443 | acctcdn.msauth.net | tcp |
| US | 8.8.8.8:53 | acctcdnmsftuswe2.azureedge.net | udp |
| US | 8.8.8.8:53 | lgincdnmsftuswe2.azureedge.net | udp |
| US | 8.8.8.8:53 | acctcdnvzeuno.azureedge.net | udp |
| US | 8.8.8.8:53 | lgincdnvzeuno.azureedge.net | udp |
| US | 8.8.8.8:53 | 175.21.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 185.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | support.microsoft.com | udp |
| GB | 92.123.240.111:443 | support.microsoft.com | tcp |
| US | 8.8.8.8:53 | 111.240.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cxcs.microsoft.net | udp |
| GB | 92.123.128.147:443 | www.bing.com | tcp |
| GB | 2.20.37.224:443 | cxcs.microsoft.net | tcp |
| US | 8.8.8.8:53 | 147.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 224.37.20.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | identity.nel.measure.office.net | udp |
| GB | 104.77.160.223:443 | identity.nel.measure.office.net | tcp |
| US | 8.8.8.8:53 | 223.160.77.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | s26.filetransfer.io | udp |
| US | 8.8.8.8:53 | gateway.discord.gg | udp |
| US | 162.159.134.234:443 | gateway.discord.gg | tcp |
| US | 8.8.8.8:53 | 234.134.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 8.8.8.8:53 | geolocation-db.com | udp |
| DE | 159.89.102.253:443 | geolocation-db.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 8.8.8.8:53 | 253.102.89.159.in-addr.arpa | udp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.134.234:443 | gateway.discord.gg | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| DE | 159.89.102.253:443 | geolocation-db.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4d6e17218d9a99976d1a14c6f6944c96 |
| SHA1 | 9e54a19d6c61d99ac8759c5f07b2f0d5faab447f |
| SHA256 | 32e343d2794af8bc6f2f7c905b5df11d53db4ad8922b92ad5e7cc9c856509d93 |
| SHA512 | 3fa166b3e2d1236298d8dda7071a6fcf2bde283f181b8b0a07c0bb8ba756d6f55fa8a847ca5286d4dbabc6dace67e842a118866320ac01bd5f93cccd3a032e47 |
\??\pipe\LOCAL\crashpad_5056_WPPROGPANCRHUZCL
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 14728efb093f0ca811eda59198094b0f |
| SHA1 | 151025f729edd3166b6751691e9e8852559c0c0c |
| SHA256 | 9b48ea3d1b17625cb361e2e2189d29e43cf1d9b38358028abc8af34efd5450c7 |
| SHA512 | 2002b146c09b69316651f5b10a7f5ab38bac27e91c7edc2af82c1423a2c7c3ab58bd0933498b0aac8161a5fe6a31b52236827003d94ee291ee3a2141204f8e9a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 55889a44ff7bf5957c12546ed61c9a47 |
| SHA1 | 667a6f08ab976b7df08d262e60c5406d431184d4 |
| SHA256 | 382f5042bf3c87e3fefaf1441eb1082d30febe49392ea228004cd817b0a07a28 |
| SHA512 | 3c87ff9d332aca1a4b9f4bc14e4a13b5f4b759526f4887cd4acdf1b5fea1ff242bb60a08b959fa01cb0d51115844c502e1297f034f14cc308af205778becaf44 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9eb684daa234d3580e1fbf45d65b4dbc |
| SHA1 | 4631afb11b4e3aad6f2b5d50515a2b176c88319f |
| SHA256 | 5c45ee891a72fda1554bc33e1b8dbb4c9b51a1d0bee23a9725f2b7b510c6f50f |
| SHA512 | 2c438e45ed7058fe384aaec60217ce1ebeda928d93be81105b4b265cdf447257afa23a319a9e0b43888bb11a08478fe6e5bf31dd2a034c8053a8388616a19b62 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\e6d6d957-09cb-4e27-b25c-66b399728554.tmp
| MD5 | c2ef1d773c3f6f230cedf469f7e34059 |
| SHA1 | e410764405adcfead3338c8d0b29371fd1a3f292 |
| SHA256 | 185450d538a894e4dcf55b428f506f3d7baa86664fbbc67afd6c255b65178521 |
| SHA512 | 2ef93803da4d630916bed75d678382fd1c72bff1700a1a72e2612431c6d5e11410ced4eaf522b388028aeadb08e8a77513e16594e6ab081f6d6203e4caa7d549 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5c9ba1db1f22a5dd839468705dea7a42 |
| SHA1 | dcdd8eedd1ea3dfd6dd301e0a8029acb0b49eaf0 |
| SHA256 | 06db614ac62e7b8fed9c1b1a584877bb6aa49026d965ba309ebf5d1acb0f52d6 |
| SHA512 | 831a79f2d192658ee2a9d83c078091ffcd9ac84d243ec2652d8dc4392a2aee8de7b98985e696d5c4977270ddcf7e235c7fcd9416d9e39e1e04065c0a23967c67 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 2d41c672a4d09792f03f0bb130aead73 |
| SHA1 | 938f0172013e51678454b937415f21ef56bf8caf |
| SHA256 | d57ca0c3adc2d7907b86e62c9a78c1fc6c0fd74ca3f9c250af3354ad1dad570e |
| SHA512 | ffa3f2c25b9fd3eb740e32f9d124e8c9a6a41979fded5b09fa0a7065b80658fda0e3c303ad60beccd673b0a56f0094210b39c1a7c9dd597791ffde67ffc3734d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c37f.TMP
| MD5 | 144455aa378989965eda70cdd712214b |
| SHA1 | baf19dd268b746c806cc056c7538e625da345918 |
| SHA256 | a4889e0c5593b52037a3a111eecac7d4c05146091c83b2c607c17a83ffbef8c9 |
| SHA512 | deec2eff19c1aaaae33404d93c1850ab32f8bd51a46e7579e9ff48f08950d4f96d0505d059f7026031b6c4cc43daa20d7bb422e7c84d7ed62e7047334262c405 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | fd5ece4d926fc9689c7661691df23128 |
| SHA1 | 0f30becd472c04b7530f1f9169c622b73bb9ed34 |
| SHA256 | 385444381ed86d8e7e6de72b2fd07b09eac9b28f8c5b049c6e76f4f5646e1b34 |
| SHA512 | da173d71df00e61709ee3cdda12e0d474aec3947ae8b6a90d4fe4b3bd51c520df42645cc7ce526b873294720590f27c8dd32861b0d7e9f7a2965e8940d745042 |
C:\Users\Admin\Downloads\Unconfirmed 740703.crdownload
| MD5 | 4dca35c78bd0ed3ce99a8d4057753216 |
| SHA1 | 893d57acce90a7153e453cd93e6f09cef6dc9e00 |
| SHA256 | da5d802a17c44605e1c32f3d505709a917ab8f2f3628466dec51d6cef31d3c36 |
| SHA512 | 5d1f64bb73470096561b816a475d3438ea0513b8c1ab7f87c4494d1a76edc8aced0c7fa34589dbc16b9f58aac2b96e4525ae681139828e4e52cbeebabfcd6a61 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | c1cc49897f2ba5b0bb242e1a530ec2e5 |
| SHA1 | b2c0d6dff6d6d4b5b186575f625d3d333a9d395c |
| SHA256 | 61a9ceffd026053309a9c2dd93a68091d8366e25199336833073bfeeb353a60d |
| SHA512 | 26f1a2442fa68c0bdc084d32935dfe5b53f74b2e7ced69cd20d3aadf842930517182104aad521d4fa962540fecba1c9edb41fe9cfafb31f8d10b117e79da8738 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7cb4a4471296dba6abd1426ebd0781e0 |
| SHA1 | 242bb818e8b298ca86fd36f8246d49976dcc177e |
| SHA256 | 940ec22350482a1548a1290b9f1c4759a5b9177681af67e861f3fe2cfb1f62ad |
| SHA512 | 94e51893672400d8533f2322c176c3ec97ecf64c3acf78eff0836dd61474af15a68be5a3704d15ad333f49d1a0f729a024442d17baddf12ee2fa5461c64a2d0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 7528f0f8e8a0e2a06fa450732d1fed14 |
| SHA1 | b088917435324a49b671589bd659b23e111d2a36 |
| SHA256 | 04beb28bb355227e5fd6638ce54ee9ae1d7b408682f4eee409b9c8ef45b4f916 |
| SHA512 | 751fdc748e04801471a5a2b154dd5f5ca09bb302b0c9cb82e8cae6d4907ec6496d177f8a24d4590118d2161947cfc2a99518e1c1d06125b39fd0d6d8d548b84e |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | c72bf7b26819362f26471e5d0f3af896 |
| SHA1 | c212bb14f4a34d3c497de43323c5595eff78aadc |
| SHA256 | f2a62100159bbbdfb7bfe7495d6da1d6f0446be6a3f8a4e41e817d8ac6882e2f |
| SHA512 | daa6cf670500371e66699ad57e85c18c0b2b939d2be62e17fe842d36e4e810d254f2563c84a45951271d4ba35e9db7faeb72524414f0a37542c0f04ddd4067b6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | cc873550a415ffc843bc1b9e7073a345 |
| SHA1 | e2c29ee8586a376a1c3f61a0356af7631eb61d63 |
| SHA256 | cd91ee3f9019f9659dc6fd7043a95127c12debb65a01abc8421abd4e30b0c148 |
| SHA512 | eb1d97927c9ae0a9918ae474fda9cd554af969b950c37636f7ac9e3071dd76d9e541ffa3972814bf9fea0d1ecab564be6b5477c26509fcb4a6b4b8947131d269 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f
| MD5 | 88a552e6be1ac3978c49143983276b3a |
| SHA1 | dbf4f4dc62a3da564b1a87b5191dc9a72a9b9423 |
| SHA256 | 927121d8118a41fa3460b9ad84daeae59ea60dc9607e462b7e1341bea60da8d5 |
| SHA512 | 125b13be3d209ff5cc12d8f9f12d01d271cd50c2800059241ebb419167c21adfa9d979ff6b8d88052f5d302e98090b7c8ceff4894b397168d8ba6d8a6204fb9a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010
| MD5 | e51d5a73c3611bb52db26942a6cd26fd |
| SHA1 | 8a750003a6fd6321eca6624012d638eb71edb5f3 |
| SHA256 | 8a35d9b6767a86e337309319ca907cb0837e4b836f82143c58a02ccc94a11e7a |
| SHA512 | 597043744a4afab83b63ed43db92bbe813e6003844d5f8beb4d4e7f52cc4e40e3af08621da4eca9407d4ec5db114f03964c4d35bf3b94dac8225bbf007659670 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e
| MD5 | d6b36c7d4b06f140f860ddc91a4c659c |
| SHA1 | ccf16571637b8d3e4c9423688c5bd06167bfb9e9 |
| SHA256 | 34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92 |
| SHA512 | 2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012
| MD5 | 2e86a72f4e82614cd4842950d2e0a716 |
| SHA1 | d7b4ee0c9af735d098bff474632fc2c0113e0b9c |
| SHA256 | c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f |
| SHA512 | 7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011
| MD5 | 710d7637cc7e21b62fd3efe6aba1fd27 |
| SHA1 | 8645d6b137064c7b38e10c736724e17787db6cf3 |
| SHA256 | c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b |
| SHA512 | 19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013
| MD5 | b38fbbd0b5c8e8b4452b33d6f85df7dc |
| SHA1 | 386ba241790252df01a6a028b3238de2f995a559 |
| SHA256 | b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd |
| SHA512 | 546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014
| MD5 | 60021246cef1f0978983114d1fd51250 |
| SHA1 | b4cd22c3fa223376820c53fab738473732a0682e |
| SHA256 | 5cf8acb556090e2c26d420340e174d7948ca191e0334ddb1258da8844d4a2f3f |
| SHA512 | ba1395b1814e266915c44e7b72f6f4d3a9528eb60948a1d9a6b501d129dcee6d8fe22125e569a618c25bd89b9128e088b3ba6c0ebcad3804a128f38f0e614b66 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 42bb702c7998848426d7d8f0cf7434ec |
| SHA1 | 33a4039e448a9f755c516b2574d2806282e4a465 |
| SHA256 | b39c009c9fe089980c41ba34e9b2e68aa11a92ab75ada34550eefd580b5d3769 |
| SHA512 | bf2925e550248048386c7bc52e44e934d7cfdd450e56afc2e8b8a981f528c340f1dcb5d8f0a84ca5dc79f035db99e60b14a730e5b331459580b3777ca94ff564 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 2027461466e48b31791d286860ac5c22 |
| SHA1 | e064ebbb754f3d9ee14e609ac234a27e5a1b98e8 |
| SHA256 | 34533389c6ec0ba9ebd7e028d9acbd9e7c831a0d55ed269c1b9948cbad252144 |
| SHA512 | 715b283173899127014e4c80482a4d279972b669154e421c1b16b953f152c4cf4b779f5f4846aa2d6f2ac6d797063400d9a871b0b22aa71d58be8491b1b721dc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e85c8bb6bf95939aa892d6046025b89a |
| SHA1 | 0c307305e01cedc6197e60e13bd83e8ec6f0aad7 |
| SHA256 | efc6aa758d5791669a55dfb794cff0a8771e388a6ba0679154738ff5db8c6b0a |
| SHA512 | b8ed4a8505d8a7aaba347c35a2c8fce067d4f0547ba32a2837ffc76fb79ec8a5d41653b4ee462b45460095ae2806694c59fc0846371efc3e0fe64b35121cda40 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 0dface117a0f41adae5adeb8e8f48479 |
| SHA1 | e7bf26ccd4a9812501c5ca47f600a73753f4bbdb |
| SHA256 | 799312d2b2fb91674dcb14d6f9ee2dd9fda9d4493982aaea2e7d4d19329cdf4c |
| SHA512 | 771511dc62aab0b04a30bb0de076985cd85358663a4a635a7aec43fc720398939ea169bdd27a72de1103890bac5921e069d665811e48a3b1b906e694a4f9a1c1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 5e3fad128d11816d203b902f06345cad |
| SHA1 | 2fc783d64619f45ce5dd0d7510da95602454c734 |
| SHA256 | 50939d7288c8f4cae156e9877e2e30543c2d9c41a8cb2059a8eca793a86034f9 |
| SHA512 | a62b27ea3aad6882768f033eb180a27c5917e7af9010497e73524d991164c348d22051be11dd05f965a10987b56c49c707176546cfa1eb2bcf196e1bf6812907 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 8ca92ec202701ebf2913cbbe0509e24f |
| SHA1 | 9a5efe3e12e2c46dcb2fad93fe98f9d18c3f02e6 |
| SHA256 | 34c5587c3e8b84b3337600695611e4d7fac04c503367169b66382ad21c6e4646 |
| SHA512 | aa45b0d8973f5946e6a0541daa884e6b87b40e3fc1d9e628b61c0993c3a8f55abde82184ce88246a6a76f0b876cbb4c36db2dd8a0ed17837b918991dd8a2d270 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 794dad93f9f69c769327e20e87b3ad7a |
| SHA1 | 88e92f9dc8885f1c341b9db44cf363573827e928 |
| SHA256 | a53576319b54227da931dc6bfa373627a344847ce7aaec29cd1122e937041e73 |
| SHA512 | ae287ecd6fa366b7aef938b3e61ec0b1c5ca3f3be7532cd8f2c7a23a1c73619791ed28b66acdb5422263bd530abb6ebbca5e95cafb4232ccce97ec697764ade4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ea917833eeb6e710dc1c3a454bfa1bed |
| SHA1 | e772e425f75edf220917fb840b6f63cf2fca7613 |
| SHA256 | 8450cc6a6c9ae06d4772fef6972693d5177a6ef0547a5bf7ed153794fce7b504 |
| SHA512 | dc2b45cc16541be780296504e02c07b4041cba62c850d1a27af17c2bd7f6e9bece0972e0459139fc36952e0855d309ae2e1c6c612e3f5b7b1f3ee0404d60453b |
C:\Users\Admin\Videos\Captures\desktop.ini
| MD5 | b0d27eaec71f1cd73b015f5ceeb15f9d |
| SHA1 | 62264f8b5c2f5034a1e4143df6e8c787165fbc2f |
| SHA256 | 86d9f822aeb989755fac82929e8db369b3f5f04117ef96fd76e3d5f920a501d2 |
| SHA512 | 7b5c9783a0a14b600b156825639d24cbbc000f5066c48ce9fecc195255603fc55129aaaca336d7ce6ad4e941d5492b756562f2c7a1d151fcfc2dabac76f3946c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | acb20d96a5eee861dd72ac274b12c06f |
| SHA1 | fc5457ca656c36b8017d064d17530c8e00ac6d1a |
| SHA256 | 17e64ceaf1981338faadf44c096194e5ba723b4d2bdcab42df3a60604ccf2049 |
| SHA512 | b319a2da4fa06ea2a766ad2338bf0aec4d6214fbfcf187b0433d72c3bd098202572aa2257761e5881d570b635eed34f36b1730afd98fa8d34b4617a4407f9b59 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | bf574156c25191c7896dc4165b2decd0 |
| SHA1 | f765d8d2235d1f780dc440a29576836774fd9e20 |
| SHA256 | 85aaa321a790fe36657cf6c287f89fdea48269415747663f0820101c88dc1152 |
| SHA512 | abfef36c1ce02f058b4d018994ac62e3ab2f97dd0bb76e3c0861dcd7eece5124f78ce62e047e943bfcf7db379bb4627c25cb7ff382c6bc137a526bffe7ea7370 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 651168e5cdfc6222b9778df5a83676b9 |
| SHA1 | 31b1cf91d17469d9c7b6262a1808c7194b38cbb1 |
| SHA256 | 7c84e740700f9cc25d5a64fb574a19880eb669b8da0d077cf1a9056629a65d87 |
| SHA512 | 4fc0314dd4da83cf2e98fbcc6b7e4aaf36c7a6381103228fa31758a6bf99827c878eea69cc94133caae26f1592cbbdd1b65944af4011f9f80d202f1d763ee586 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 4ad5093cf2dbd10cef485fa644c744fa |
| SHA1 | 617dbdc20fbcb45034dce209aa868f9c98e274cf |
| SHA256 | 781e8f47ba438e6f06a827a142b4abe58a26d062c4802da0c2c6afcaa16ad590 |
| SHA512 | 7f22f8865582f04e66c4e60f03fa7bc4e388948fc1e4e8fe774bbfc59fb0e542a3185eaafacce7d609ee5da0a1f15fa7d0044e620ffd265bd71afb1c3c8ac91e |
memory/5704-1004-0x000001D712540000-0x000001D712550000-memory.dmp
memory/5704-1020-0x000001D712640000-0x000001D712650000-memory.dmp
memory/5704-1036-0x000001D71A930000-0x000001D71A931000-memory.dmp
memory/5704-1038-0x000001D71A960000-0x000001D71A961000-memory.dmp
memory/5704-1039-0x000001D71A960000-0x000001D71A961000-memory.dmp
memory/5704-1040-0x000001D71AA70000-0x000001D71AA71000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 8909ea0cf79fd9f5242e9f6cab0ec9c7 |
| SHA1 | a614a6f00155b3b6a0221baf5a37b09baf3744be |
| SHA256 | 4d4832378ca0151bafbf992da0d01b08cba676c0c953bf59ebd7cc07a35a3c49 |
| SHA512 | 21793e333fcb7222352de35151f0bf589a4d4f3b03c86c1f9f90e0189141c91449b3e6af837ae73a5971d428d8b05d237e00827126f8014d4b6800017d4b42f0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 720cb6779499f38bf0fce52ca9d12782 |
| SHA1 | 2d4b96b49b4b12bf0c2759d0100033beae01ada5 |
| SHA256 | 063d098523dc910fc29f453dd4c0ac0eaa34aebab5874ecde9dd777e45c8df83 |
| SHA512 | 023ad38fafd8b74fb5e9b45bbc25b096bc0dd69b7fb0348a1d108c4111bf7d83003a02791b968407e78b028387bcd0d55097d9174f7d7d7a602ea26cc9c6ba4c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 97142a6f879b8ce3300753a11f418eb4 |
| SHA1 | af086d2e94588516edf88ff90a517331e2d528e8 |
| SHA256 | e643b2df0e77e951e34bbb564738bae406c061ea20e00b9da9e6b2a887f44696 |
| SHA512 | 4171e64fc420e81e6488ae381d7afcef5553978616dfcbc688847303bbf2cf1702fc27fc6c7af46eaa94f34eaa7a5920d351e216aac53b1a3b40aad07e842751 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
| MD5 | c3dd5df3c03dacad924b35656319dcc9 |
| SHA1 | 0c2f598133703f6c2052096a08afaa9e7af3a216 |
| SHA256 | 68cab5a89c61f80b4b92f82703df6ddc2f52d41213610d6c9dd275508c9b5b85 |
| SHA512 | 5f42f4d72f4e8143b08dc823e59f81fb9993d5accab7b5ff3a7b9893a509a9b2a7be54f6ee9209b36831f2f35643206a172c137e033a81ac1cfa0f3a35ace008 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | f814e6d69c02fdf3d8cda5d7e3cc2ce1 |
| SHA1 | 9c68b069a80104245080371b55c9e77ea2733aca |
| SHA256 | ef53ab007dcccea7ea3193d3a953a89cbf29e0b5564d67b19b69628d9d29d69d |
| SHA512 | 94bb7cf150d965c17609f361e6b14d75acdf8008f54bc1915a731031de8d538ddac1686d91c7b142026a1604663a2ef8ba97729062b1672dc10eb230bed9b669 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | c9d34872069163f954ccd7922e32ca52 |
| SHA1 | 00fb9cc310d78e53805e0213933cb327de0ddb7c |
| SHA256 | 9350fe9f861109dcce13b7dcdd5a4993eb7767947bd7306b91b9c9430ed45db4 |
| SHA512 | b47d09367551c9cb4ae42a96b476696f1679add3595e8244305f0eebee572185fea9bbb6ccac0f3c905832c69a751eaa8359f692e9dc4c2cb406a23a92417ab4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 96b7c15fc0e1ab49acfea9f91a3a8946 |
| SHA1 | a238c79a52ed4dab89861aa1aab0e7bb01e32934 |
| SHA256 | b36f67ef89f48d0d65d983aade15c2bfc92e6dc1301c26fdd20cc4b5ebcf4054 |
| SHA512 | 6118ee87221575b4885a92b0c0573f2eaa3d87960f7a345efa67c76e88dae172849d674d591cc358d9f148bacf000288d08b459a9bc0c7021ab3c6fb81d51b5a |
memory/5348-1170-0x000001E9148B0000-0x000001E9148C8000-memory.dmp
memory/5348-1171-0x000001E92EF00000-0x000001E92F0C2000-memory.dmp
memory/5348-1172-0x00007FFA5F810000-0x00007FFA602D1000-memory.dmp
memory/5348-1173-0x000001E914C60000-0x000001E914C70000-memory.dmp
memory/5348-1174-0x000001E92F700000-0x000001E92FC28000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | aa513641021ec51b3c83d25ee8a911df |
| SHA1 | 0e36b73604d2e3e481e42532553c34aad781e66b |
| SHA256 | d8e7c551764fbafc0f4acced92396183a711a89e836209e3d5e06890f6497f88 |
| SHA512 | 292e84f7bf3117a8df57bae69201ec4431498595d47c9797665bc7b8e136e62d169609b02ef518bf02f9a566aec29c7c7ecd845aa2f37311a3b7ae9df04ed77d |
memory/5348-1184-0x00007FFA5F810000-0x00007FFA602D1000-memory.dmp
memory/5348-1185-0x000001E914C60000-0x000001E914C70000-memory.dmp
memory/5292-1186-0x00007FFA5F810000-0x00007FFA602D1000-memory.dmp
memory/5292-1187-0x000001DAF9A70000-0x000001DAF9A80000-memory.dmp
memory/5292-1188-0x00007FFA5F810000-0x00007FFA602D1000-memory.dmp