Malware Analysis Report

2024-11-16 13:06

Sample ID 240312-v1anysef3t
Target https://filetransfer.io/data-package/FJGQEiJW#link
Tags
discordrat persistence rat rootkit stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://filetransfer.io/data-package/FJGQEiJW#link was found to be: Known bad.

Malicious Activity Summary

discordrat persistence rat rootkit stealer

Discord RAT

Downloads MZ/PE file

Legitimate hosting services abused for malware hosting/C2

Drops desktop.ini file(s)

Uses Task Scheduler COM API

Suspicious use of WriteProcessMemory

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of AdjustPrivilegeToken

Creates scheduled task(s)

Modifies registry class

Checks processor information in registry

Suspicious use of FindShellTrayWindow

Enumerates system info in registry

Opens file in notepad (likely ransom note)

Suspicious behavior: EnumeratesProcesses

Suspicious use of SendNotifyMessage

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-03-12 17:26

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-03-12 17:26

Reported

2024-03-12 17:33

Platform

win10v2004-20231215-en

Max time kernel

269s

Max time network

299s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://filetransfer.io/data-package/FJGQEiJW#link

Signatures

Discord RAT

stealer rootkit rat persistence discordrat

Downloads MZ/PE file

Drops desktop.ini file(s)

Description Indicator Process Target
File opened for modification C:\Users\Admin\Videos\Captures\desktop.ini C:\Windows\system32\svchost.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A
N/A discord.com N/A N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Windows\system32\svchost.exe N/A

Creates scheduled task(s)

persistence
Description Indicator Process Target
N/A N/A C:\Windows\SYSTEM32\SCHTASKS.exe N/A
N/A N/A C:\Windows\SYSTEM32\SCHTASKS.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1497073144-2389943819-3385106915-1000\{3945813C-3A6E-4C0C-9E82-A21FD4EE53D0} C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1497073144-2389943819-3385106915-1000\{76DCF41D-C865-4CEC-820D-E9112F18CA42} C:\Windows\system32\svchost.exe N/A
Key created \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Opens file in notepad (likely ransom note)

ransomware
Description Indicator Process Target
N/A N/A C:\Windows\system32\NOTEPAD.EXE N/A
N/A N/A C:\Windows\system32\NOTEPAD.EXE N/A
N/A N/A C:\Windows\system32\NOTEPAD.EXE N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeManageVolumePrivilege N/A C:\Windows\System32\svchost.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\Executor\Main\build.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\Downloads\Executor\Main\build.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 5056 wrote to memory of 3752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5056 wrote to memory of 3752 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5056 wrote to memory of 2480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5056 wrote to memory of 2480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5056 wrote to memory of 2480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5056 wrote to memory of 2480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5056 wrote to memory of 2480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5056 wrote to memory of 2480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5056 wrote to memory of 2480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5056 wrote to memory of 2480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5056 wrote to memory of 2480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5056 wrote to memory of 2480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5056 wrote to memory of 2480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5056 wrote to memory of 2480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5056 wrote to memory of 2480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5056 wrote to memory of 2480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5056 wrote to memory of 2480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5056 wrote to memory of 2480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5056 wrote to memory of 2480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5056 wrote to memory of 2480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5056 wrote to memory of 2480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5056 wrote to memory of 2480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5056 wrote to memory of 2480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5056 wrote to memory of 2480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5056 wrote to memory of 2480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5056 wrote to memory of 2480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5056 wrote to memory of 2480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5056 wrote to memory of 2480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5056 wrote to memory of 2480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5056 wrote to memory of 2480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5056 wrote to memory of 2480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5056 wrote to memory of 2480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5056 wrote to memory of 2480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5056 wrote to memory of 2480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5056 wrote to memory of 2480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5056 wrote to memory of 2480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5056 wrote to memory of 2480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5056 wrote to memory of 2480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5056 wrote to memory of 2480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5056 wrote to memory of 2480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5056 wrote to memory of 2480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5056 wrote to memory of 2480 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5056 wrote to memory of 4920 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5056 wrote to memory of 4920 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5056 wrote to memory of 1436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5056 wrote to memory of 1436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5056 wrote to memory of 1436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5056 wrote to memory of 1436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5056 wrote to memory of 1436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5056 wrote to memory of 1436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5056 wrote to memory of 1436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5056 wrote to memory of 1436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5056 wrote to memory of 1436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5056 wrote to memory of 1436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5056 wrote to memory of 1436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5056 wrote to memory of 1436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5056 wrote to memory of 1436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5056 wrote to memory of 1436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5056 wrote to memory of 1436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5056 wrote to memory of 1436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5056 wrote to memory of 1436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5056 wrote to memory of 1436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5056 wrote to memory of 1436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 5056 wrote to memory of 1436 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://filetransfer.io/data-package/FJGQEiJW#link

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa73e346f8,0x7ffa73e34708,0x7ffa73e34718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1940,18135763560839658831,4651401925791755390,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1940,18135763560839658831,4651401925791755390,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2464 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1940,18135763560839658831,4651401925791755390,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2996 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,18135763560839658831,4651401925791755390,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,18135763560839658831,4651401925791755390,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1940,18135763560839658831,4651401925791755390,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5628 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1940,18135763560839658831,4651401925791755390,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5628 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,18135763560839658831,4651401925791755390,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,18135763560839658831,4651401925791755390,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,18135763560839658831,4651401925791755390,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4168 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,18135763560839658831,4651401925791755390,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3516 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,18135763560839658831,4651401925791755390,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,18135763560839658831,4651401925791755390,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,18135763560839658831,4651401925791755390,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4340 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,18135763560839658831,4651401925791755390,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1940,18135763560839658831,4651401925791755390,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6184 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1940,18135763560839658831,4651401925791755390,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6192 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,18135763560839658831,4651401925791755390,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6396 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,18135763560839658831,4651401925791755390,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6364 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,18135763560839658831,4651401925791755390,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5912 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,18135763560839658831,4651401925791755390,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3512 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,18135763560839658831,4651401925791755390,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1804 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1940,18135763560839658831,4651401925791755390,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=2152 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1940,18135763560839658831,4651401925791755390,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6528 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,18135763560839658831,4651401925791755390,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4164 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,18135763560839658831,4651401925791755390,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5924 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,18135763560839658831,4651401925791755390,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6428 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,18135763560839658831,4651401925791755390,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4168 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,18135763560839658831,4651401925791755390,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:1

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x328 0x3cc

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,18135763560839658831,4651401925791755390,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1756 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,18135763560839658831,4651401925791755390,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5964 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,18135763560839658831,4651401925791755390,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3512 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,18135763560839658831,4651401925791755390,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,18135763560839658831,4651401925791755390,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,18135763560839658831,4651401925791755390,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5880 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,18135763560839658831,4651401925791755390,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2468 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,18135763560839658831,4651401925791755390,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6380 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,18135763560839658831,4651401925791755390,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,18135763560839658831,4651401925791755390,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6680 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault5a6b7c6fh9c1fh4339haef4h9fef4c9c184c

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffa73e346f8,0x7ffa73e34708,0x7ffa73e34718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,18135763560839658831,4651401925791755390,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6920 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,3474068967559742615,13667150345316661527,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,3474068967559742615,13667150345316661527,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,18135763560839658831,4651401925791755390,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6884 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,18135763560839658831,4651401925791755390,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k UnistackSvcGroup

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1940,18135763560839658831,4651401925791755390,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7276 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,18135763560839658831,4651401925791755390,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7256 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1940,18135763560839658831,4651401925791755390,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3172 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Temp1_Executor.zip\READ_ME.txt

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Executor\READ_ME.txt

C:\Users\Admin\Downloads\Executor\Main\build.exe

"C:\Users\Admin\Downloads\Executor\Main\build.exe"

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\Executor\Main\buildsigs.bat" "

C:\Windows\system32\NOTEPAD.EXE

"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Executor\READ_ME.txt

C:\Windows\SYSTEM32\SCHTASKS.exe

"SCHTASKS.exe" /create /tn "$77build.exe" /tr "'C:\Users\Admin\Downloads\Executor\Main\build.exe'" /sc onlogon /rl HIGHEST

C:\Users\Admin\Downloads\Executor\Main\build.exe

"C:\Users\Admin\Downloads\Executor\Main\build.exe"

C:\Windows\SYSTEM32\SCHTASKS.exe

"SCHTASKS.exe" /create /tn "$77build.exe" /tr "'C:\Users\Admin\Downloads\Executor\Main\build.exe'" /sc onlogon /rl HIGHEST

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\Executor\Main\buildsigs.bat" "

Network

Country Destination Domain Proto
US 8.8.8.8:53 filetransfer.io udp
US 8.8.8.8:53 138.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 188.114.96.2:443 filetransfer.io tcp
US 188.114.96.2:443 filetransfer.io tcp
US 188.114.96.2:443 filetransfer.io tcp
US 8.8.8.8:53 apps.identrust.com udp
GB 96.17.179.184:80 apps.identrust.com tcp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 2.96.114.188.in-addr.arpa udp
US 8.8.8.8:53 184.179.17.96.in-addr.arpa udp
US 8.8.8.8:53 d1f8f9xcsvx3ha.cloudfront.net udp
FR 13.249.12.178:443 d1f8f9xcsvx3ha.cloudfront.net tcp
US 8.8.8.8:53 178.12.249.13.in-addr.arpa udp
US 8.8.8.8:53 filetransfer.onfastspring.com udp
US 18.211.248.143:443 filetransfer.onfastspring.com tcp
US 8.8.8.8:53 17.201.222.52.in-addr.arpa udp
US 8.8.8.8:53 143.248.211.18.in-addr.arpa udp
US 8.8.8.8:53 40.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 region1.google-analytics.com udp
US 216.239.34.36:443 region1.google-analytics.com tcp
US 8.8.8.8:53 stats.g.doubleclick.net udp
NL 142.250.27.156:443 stats.g.doubleclick.net tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 14.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 156.27.250.142.in-addr.arpa udp
US 8.8.8.8:53 36.34.239.216.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
GB 92.123.128.177:443 www.bing.com tcp
US 8.8.8.8:53 177.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 r.bing.com udp
US 8.8.8.8:53 th.bing.com udp
GB 92.123.128.189:443 th.bing.com tcp
GB 92.123.128.177:443 th.bing.com tcp
GB 92.123.128.177:443 th.bing.com tcp
GB 92.123.128.189:443 th.bing.com tcp
US 8.8.8.8:53 189.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 login.microsoftonline.com udp
US 8.8.8.8:53 discord.com udp
US 8.8.8.8:53 services.bingapis.com udp
US 162.159.128.233:443 discord.com tcp
US 162.159.128.233:443 discord.com tcp
US 162.159.128.233:443 discord.com tcp
US 13.107.5.80:443 services.bingapis.com tcp
US 13.107.5.80:443 services.bingapis.com tcp
US 8.8.8.8:53 80.5.107.13.in-addr.arpa udp
US 8.8.8.8:53 assets-global.website-files.com udp
US 8.8.8.8:53 global.localizecdn.com udp
US 8.8.8.8:53 ajax.googleapis.com udp
FR 52.84.174.81:443 assets-global.website-files.com tcp
FR 52.84.174.81:443 assets-global.website-files.com tcp
US 8.8.8.8:53 35.36.251.142.in-addr.arpa udp
US 8.8.8.8:53 233.128.159.162.in-addr.arpa udp
US 8.8.8.8:53 81.174.84.52.in-addr.arpa udp
US 8.8.8.8:53 42.36.251.142.in-addr.arpa udp
US 104.18.5.175:443 global.localizecdn.com tcp
US 8.8.8.8:53 d3e54v103j8qbb.cloudfront.net udp
FR 52.222.153.83:443 d3e54v103j8qbb.cloudfront.net tcp
US 8.8.8.8:53 175.5.18.104.in-addr.arpa udp
US 8.8.8.8:53 83.153.222.52.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 assets.website-files.com udp
FR 3.162.38.20:443 assets.website-files.com tcp
FR 3.162.38.20:443 assets.website-files.com tcp
FR 3.162.38.20:443 assets.website-files.com tcp
FR 3.162.38.20:443 assets.website-files.com tcp
FR 3.162.38.20:443 assets.website-files.com tcp
FR 3.162.38.20:443 assets.website-files.com tcp
US 8.8.8.8:53 geolocation.onetrust.com udp
US 172.64.155.119:443 geolocation.onetrust.com tcp
US 172.64.155.119:443 geolocation.onetrust.com tcp
US 8.8.8.8:53 119.155.64.172.in-addr.arpa udp
US 8.8.8.8:53 www.youtube.com udp
NL 142.250.179.142:443 www.youtube.com tcp
US 8.8.8.8:53 142.179.250.142.in-addr.arpa udp
SE 40.126.53.19:443 login.microsoftonline.com tcp
US 8.8.8.8:53 19.53.126.40.in-addr.arpa udp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 dl.discordapp.net udp
US 104.18.48.115:443 dl.discordapp.net tcp
US 8.8.8.8:53 115.48.18.104.in-addr.arpa udp
US 8.8.8.8:53 20.38.162.3.in-addr.arpa udp
US 8.8.8.8:53 79.121.231.20.in-addr.arpa udp
US 8.8.8.8:53 roblox.com udp
US 128.116.101.4:80 roblox.com tcp
US 128.116.101.4:80 roblox.com tcp
US 128.116.101.4:443 roblox.com tcp
US 8.8.8.8:53 4.101.116.128.in-addr.arpa udp
US 8.8.8.8:53 www.roblox.com udp
FR 128.116.122.4:443 www.roblox.com tcp
US 8.8.8.8:53 css.rbxcdn.com udp
US 8.8.8.8:53 static.rbxcdn.com udp
US 8.8.8.8:53 js.rbxcdn.com udp
FR 99.86.91.94:443 static.rbxcdn.com tcp
FR 52.222.201.109:443 css.rbxcdn.com tcp
FR 52.222.201.109:443 css.rbxcdn.com tcp
FR 52.222.201.109:443 css.rbxcdn.com tcp
FR 52.222.201.109:443 css.rbxcdn.com tcp
FR 52.222.201.109:443 css.rbxcdn.com tcp
FR 52.222.201.109:443 css.rbxcdn.com tcp
GB 88.221.134.83:443 js.rbxcdn.com tcp
GB 88.221.134.83:443 js.rbxcdn.com tcp
GB 88.221.134.83:443 js.rbxcdn.com tcp
GB 88.221.134.83:443 js.rbxcdn.com tcp
GB 88.221.134.83:443 js.rbxcdn.com tcp
GB 88.221.134.83:443 js.rbxcdn.com tcp
US 8.8.8.8:53 4.122.116.128.in-addr.arpa udp
US 8.8.8.8:53 roblox-api.arkoselabs.com udp
US 172.64.154.86:443 roblox-api.arkoselabs.com tcp
US 8.8.8.8:53 94.91.86.99.in-addr.arpa udp
US 8.8.8.8:53 109.201.222.52.in-addr.arpa udp
US 8.8.8.8:53 83.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 metrics.roblox.com udp
US 8.8.8.8:53 apis.roblox.com udp
FR 128.116.122.4:443 apis.roblox.com tcp
US 8.8.8.8:53 locale.roblox.com udp
US 8.8.8.8:53 apis.rbxcdn.com udp
FR 52.222.201.109:443 css.rbxcdn.com tcp
FR 128.116.122.4:443 locale.roblox.com tcp
US 8.8.8.8:53 auth.roblox.com udp
FR 128.116.122.4:443 auth.roblox.com tcp
FR 128.116.122.4:443 auth.roblox.com tcp
GB 104.77.160.221:443 apis.rbxcdn.com tcp
US 8.8.8.8:53 images.rbxcdn.com udp
FR 128.116.122.4:443 auth.roblox.com tcp
FR 13.32.145.114:443 images.rbxcdn.com tcp
FR 13.32.145.114:443 images.rbxcdn.com tcp
FR 13.32.145.114:443 images.rbxcdn.com tcp
FR 13.32.145.114:443 images.rbxcdn.com tcp
FR 13.32.145.114:443 images.rbxcdn.com tcp
FR 13.32.145.114:443 images.rbxcdn.com tcp
US 8.8.8.8:53 86.154.64.172.in-addr.arpa udp
GB 104.77.160.221:443 apis.rbxcdn.com tcp
FR 52.222.201.109:443 css.rbxcdn.com tcp
US 8.8.8.8:53 ecsv2.roblox.com udp
FR 128.116.122.3:443 ecsv2.roblox.com tcp
FR 128.116.122.3:443 ecsv2.roblox.com tcp
FR 128.116.122.3:443 ecsv2.roblox.com tcp
US 8.8.8.8:53 114.145.32.13.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 221.160.77.104.in-addr.arpa udp
US 8.8.8.8:53 3.122.116.128.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
GB 92.123.128.189:443 th.bing.com tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 18.53.126.40.in-addr.arpa udp
US 8.8.8.8:53 answers.microsoft.com udp
GB 104.124.175.134:443 answers.microsoft.com tcp
GB 104.124.175.134:443 answers.microsoft.com tcp
GB 104.124.175.134:443 answers.microsoft.com tcp
US 8.8.8.8:53 134.175.124.104.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 aadcdn.msftauth.net udp
US 8.8.8.8:53 18.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 aadcdn.msauth.net udp
US 152.199.23.37:443 aadcdn.msftauth.net tcp
US 8.8.8.8:53 37.23.199.152.in-addr.arpa udp
US 8.8.8.8:53 www.microsoft.com udp
GB 92.123.241.137:443 www.microsoft.com tcp
US 13.107.246.64:443 aadcdn.msauth.net tcp
US 13.107.246.64:443 aadcdn.msauth.net tcp
US 13.107.246.64:443 aadcdn.msauth.net tcp
US 8.8.8.8:53 64.246.107.13.in-addr.arpa udp
US 8.8.8.8:53 137.241.123.92.in-addr.arpa udp
US 8.8.8.8:53 wcpstatic.microsoft.com udp
US 8.8.8.8:53 filestore.community.support.microsoft.com udp
US 8.8.8.8:53 js.monitor.azure.com udp
US 8.8.8.8:53 mem.gfx.ms udp
US 13.107.246.64:443 mem.gfx.ms tcp
IE 20.54.108.3:443 filestore.community.support.microsoft.com tcp
GB 92.123.241.137:443 www.microsoft.com tcp
US 13.107.246.64:443 mem.gfx.ms tcp
US 13.107.246.64:443 mem.gfx.ms tcp
US 13.107.246.64:443 mem.gfx.ms tcp
GB 92.123.241.137:443 www.microsoft.com tcp
US 13.107.246.64:443 mem.gfx.ms tcp
US 8.8.8.8:53 3.108.54.20.in-addr.arpa udp
US 8.8.8.8:53 89.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 browser.events.data.microsoft.com udp
US 52.182.143.208:443 browser.events.data.microsoft.com tcp
US 52.182.143.208:443 browser.events.data.microsoft.com tcp
US 13.107.246.64:443 mem.gfx.ms tcp
US 13.107.246.64:443 mem.gfx.ms tcp
US 13.107.246.64:443 mem.gfx.ms tcp
US 13.107.246.64:443 mem.gfx.ms tcp
US 8.8.8.8:53 208.143.182.52.in-addr.arpa udp
US 8.8.8.8:53 login.microsoftonline.com udp
US 8.8.8.8:53 acctcdn.msftauth.net udp
US 8.8.8.8:53 acctcdn.msauth.net udp
US 8.8.8.8:53 logincdn.msftauth.net udp
US 152.199.21.175:443 acctcdn.msftauth.net tcp
US 192.229.221.185:443 logincdn.msftauth.net tcp
US 13.107.246.64:443 acctcdn.msauth.net tcp
US 8.8.8.8:53 acctcdnmsftuswe2.azureedge.net udp
US 8.8.8.8:53 lgincdnmsftuswe2.azureedge.net udp
US 8.8.8.8:53 acctcdnvzeuno.azureedge.net udp
US 8.8.8.8:53 lgincdnvzeuno.azureedge.net udp
US 8.8.8.8:53 175.21.199.152.in-addr.arpa udp
US 8.8.8.8:53 185.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 support.microsoft.com udp
GB 92.123.240.111:443 support.microsoft.com tcp
US 8.8.8.8:53 111.240.123.92.in-addr.arpa udp
US 8.8.8.8:53 cxcs.microsoft.net udp
GB 92.123.128.147:443 www.bing.com tcp
GB 2.20.37.224:443 cxcs.microsoft.net tcp
US 8.8.8.8:53 147.128.123.92.in-addr.arpa udp
US 8.8.8.8:53 224.37.20.2.in-addr.arpa udp
US 8.8.8.8:53 identity.nel.measure.office.net udp
GB 104.77.160.223:443 identity.nel.measure.office.net tcp
US 8.8.8.8:53 223.160.77.104.in-addr.arpa udp
US 8.8.8.8:53 s26.filetransfer.io udp
US 8.8.8.8:53 gateway.discord.gg udp
US 162.159.134.234:443 gateway.discord.gg tcp
US 8.8.8.8:53 234.134.159.162.in-addr.arpa udp
US 8.8.8.8:53 discord.com udp
US 162.159.128.233:443 discord.com tcp
US 8.8.8.8:53 geolocation-db.com udp
DE 159.89.102.253:443 geolocation-db.com tcp
US 162.159.128.233:443 discord.com tcp
US 8.8.8.8:53 253.102.89.159.in-addr.arpa udp
US 162.159.128.233:443 discord.com tcp
US 162.159.134.234:443 gateway.discord.gg tcp
US 162.159.128.233:443 discord.com tcp
DE 159.89.102.253:443 geolocation-db.com tcp
US 162.159.128.233:443 discord.com tcp
US 162.159.128.233:443 discord.com tcp
US 162.159.128.233:443 discord.com tcp
US 162.159.128.233:443 discord.com tcp
US 162.159.128.233:443 discord.com tcp
US 162.159.128.233:443 discord.com tcp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 4d6e17218d9a99976d1a14c6f6944c96
SHA1 9e54a19d6c61d99ac8759c5f07b2f0d5faab447f
SHA256 32e343d2794af8bc6f2f7c905b5df11d53db4ad8922b92ad5e7cc9c856509d93
SHA512 3fa166b3e2d1236298d8dda7071a6fcf2bde283f181b8b0a07c0bb8ba756d6f55fa8a847ca5286d4dbabc6dace67e842a118866320ac01bd5f93cccd3a032e47

\??\pipe\LOCAL\crashpad_5056_WPPROGPANCRHUZCL

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 14728efb093f0ca811eda59198094b0f
SHA1 151025f729edd3166b6751691e9e8852559c0c0c
SHA256 9b48ea3d1b17625cb361e2e2189d29e43cf1d9b38358028abc8af34efd5450c7
SHA512 2002b146c09b69316651f5b10a7f5ab38bac27e91c7edc2af82c1423a2c7c3ab58bd0933498b0aac8161a5fe6a31b52236827003d94ee291ee3a2141204f8e9a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 55889a44ff7bf5957c12546ed61c9a47
SHA1 667a6f08ab976b7df08d262e60c5406d431184d4
SHA256 382f5042bf3c87e3fefaf1441eb1082d30febe49392ea228004cd817b0a07a28
SHA512 3c87ff9d332aca1a4b9f4bc14e4a13b5f4b759526f4887cd4acdf1b5fea1ff242bb60a08b959fa01cb0d51115844c502e1297f034f14cc308af205778becaf44

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 9eb684daa234d3580e1fbf45d65b4dbc
SHA1 4631afb11b4e3aad6f2b5d50515a2b176c88319f
SHA256 5c45ee891a72fda1554bc33e1b8dbb4c9b51a1d0bee23a9725f2b7b510c6f50f
SHA512 2c438e45ed7058fe384aaec60217ce1ebeda928d93be81105b4b265cdf447257afa23a319a9e0b43888bb11a08478fe6e5bf31dd2a034c8053a8388616a19b62

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 285252a2f6327d41eab203dc2f402c67
SHA1 acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\e6d6d957-09cb-4e27-b25c-66b399728554.tmp

MD5 c2ef1d773c3f6f230cedf469f7e34059
SHA1 e410764405adcfead3338c8d0b29371fd1a3f292
SHA256 185450d538a894e4dcf55b428f506f3d7baa86664fbbc67afd6c255b65178521
SHA512 2ef93803da4d630916bed75d678382fd1c72bff1700a1a72e2612431c6d5e11410ced4eaf522b388028aeadb08e8a77513e16594e6ab081f6d6203e4caa7d549

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5c9ba1db1f22a5dd839468705dea7a42
SHA1 dcdd8eedd1ea3dfd6dd301e0a8029acb0b49eaf0
SHA256 06db614ac62e7b8fed9c1b1a584877bb6aa49026d965ba309ebf5d1acb0f52d6
SHA512 831a79f2d192658ee2a9d83c078091ffcd9ac84d243ec2652d8dc4392a2aee8de7b98985e696d5c4977270ddcf7e235c7fcd9416d9e39e1e04065c0a23967c67

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 2d41c672a4d09792f03f0bb130aead73
SHA1 938f0172013e51678454b937415f21ef56bf8caf
SHA256 d57ca0c3adc2d7907b86e62c9a78c1fc6c0fd74ca3f9c250af3354ad1dad570e
SHA512 ffa3f2c25b9fd3eb740e32f9d124e8c9a6a41979fded5b09fa0a7065b80658fda0e3c303ad60beccd673b0a56f0094210b39c1a7c9dd597791ffde67ffc3734d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c37f.TMP

MD5 144455aa378989965eda70cdd712214b
SHA1 baf19dd268b746c806cc056c7538e625da345918
SHA256 a4889e0c5593b52037a3a111eecac7d4c05146091c83b2c607c17a83ffbef8c9
SHA512 deec2eff19c1aaaae33404d93c1850ab32f8bd51a46e7579e9ff48f08950d4f96d0505d059f7026031b6c4cc43daa20d7bb422e7c84d7ed62e7047334262c405

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 fd5ece4d926fc9689c7661691df23128
SHA1 0f30becd472c04b7530f1f9169c622b73bb9ed34
SHA256 385444381ed86d8e7e6de72b2fd07b09eac9b28f8c5b049c6e76f4f5646e1b34
SHA512 da173d71df00e61709ee3cdda12e0d474aec3947ae8b6a90d4fe4b3bd51c520df42645cc7ce526b873294720590f27c8dd32861b0d7e9f7a2965e8940d745042

C:\Users\Admin\Downloads\Unconfirmed 740703.crdownload

MD5 4dca35c78bd0ed3ce99a8d4057753216
SHA1 893d57acce90a7153e453cd93e6f09cef6dc9e00
SHA256 da5d802a17c44605e1c32f3d505709a917ab8f2f3628466dec51d6cef31d3c36
SHA512 5d1f64bb73470096561b816a475d3438ea0513b8c1ab7f87c4494d1a76edc8aced0c7fa34589dbc16b9f58aac2b96e4525ae681139828e4e52cbeebabfcd6a61

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 c1cc49897f2ba5b0bb242e1a530ec2e5
SHA1 b2c0d6dff6d6d4b5b186575f625d3d333a9d395c
SHA256 61a9ceffd026053309a9c2dd93a68091d8366e25199336833073bfeeb353a60d
SHA512 26f1a2442fa68c0bdc084d32935dfe5b53f74b2e7ced69cd20d3aadf842930517182104aad521d4fa962540fecba1c9edb41fe9cfafb31f8d10b117e79da8738

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 7cb4a4471296dba6abd1426ebd0781e0
SHA1 242bb818e8b298ca86fd36f8246d49976dcc177e
SHA256 940ec22350482a1548a1290b9f1c4759a5b9177681af67e861f3fe2cfb1f62ad
SHA512 94e51893672400d8533f2322c176c3ec97ecf64c3acf78eff0836dd61474af15a68be5a3704d15ad333f49d1a0f729a024442d17baddf12ee2fa5461c64a2d0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 7528f0f8e8a0e2a06fa450732d1fed14
SHA1 b088917435324a49b671589bd659b23e111d2a36
SHA256 04beb28bb355227e5fd6638ce54ee9ae1d7b408682f4eee409b9c8ef45b4f916
SHA512 751fdc748e04801471a5a2b154dd5f5ca09bb302b0c9cb82e8cae6d4907ec6496d177f8a24d4590118d2161947cfc2a99518e1c1d06125b39fd0d6d8d548b84e

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 c72bf7b26819362f26471e5d0f3af896
SHA1 c212bb14f4a34d3c497de43323c5595eff78aadc
SHA256 f2a62100159bbbdfb7bfe7495d6da1d6f0446be6a3f8a4e41e817d8ac6882e2f
SHA512 daa6cf670500371e66699ad57e85c18c0b2b939d2be62e17fe842d36e4e810d254f2563c84a45951271d4ba35e9db7faeb72524414f0a37542c0f04ddd4067b6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 cc873550a415ffc843bc1b9e7073a345
SHA1 e2c29ee8586a376a1c3f61a0356af7631eb61d63
SHA256 cd91ee3f9019f9659dc6fd7043a95127c12debb65a01abc8421abd4e30b0c148
SHA512 eb1d97927c9ae0a9918ae474fda9cd554af969b950c37636f7ac9e3071dd76d9e541ffa3972814bf9fea0d1ecab564be6b5477c26509fcb4a6b4b8947131d269

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

MD5 88a552e6be1ac3978c49143983276b3a
SHA1 dbf4f4dc62a3da564b1a87b5191dc9a72a9b9423
SHA256 927121d8118a41fa3460b9ad84daeae59ea60dc9607e462b7e1341bea60da8d5
SHA512 125b13be3d209ff5cc12d8f9f12d01d271cd50c2800059241ebb419167c21adfa9d979ff6b8d88052f5d302e98090b7c8ceff4894b397168d8ba6d8a6204fb9a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

MD5 e51d5a73c3611bb52db26942a6cd26fd
SHA1 8a750003a6fd6321eca6624012d638eb71edb5f3
SHA256 8a35d9b6767a86e337309319ca907cb0837e4b836f82143c58a02ccc94a11e7a
SHA512 597043744a4afab83b63ed43db92bbe813e6003844d5f8beb4d4e7f52cc4e40e3af08621da4eca9407d4ec5db114f03964c4d35bf3b94dac8225bbf007659670

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

MD5 d6b36c7d4b06f140f860ddc91a4c659c
SHA1 ccf16571637b8d3e4c9423688c5bd06167bfb9e9
SHA256 34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92
SHA512 2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

MD5 2e86a72f4e82614cd4842950d2e0a716
SHA1 d7b4ee0c9af735d098bff474632fc2c0113e0b9c
SHA256 c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f
SHA512 7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

MD5 710d7637cc7e21b62fd3efe6aba1fd27
SHA1 8645d6b137064c7b38e10c736724e17787db6cf3
SHA256 c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b
SHA512 19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

MD5 b38fbbd0b5c8e8b4452b33d6f85df7dc
SHA1 386ba241790252df01a6a028b3238de2f995a559
SHA256 b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd
SHA512 546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

MD5 60021246cef1f0978983114d1fd51250
SHA1 b4cd22c3fa223376820c53fab738473732a0682e
SHA256 5cf8acb556090e2c26d420340e174d7948ca191e0334ddb1258da8844d4a2f3f
SHA512 ba1395b1814e266915c44e7b72f6f4d3a9528eb60948a1d9a6b501d129dcee6d8fe22125e569a618c25bd89b9128e088b3ba6c0ebcad3804a128f38f0e614b66

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 42bb702c7998848426d7d8f0cf7434ec
SHA1 33a4039e448a9f755c516b2574d2806282e4a465
SHA256 b39c009c9fe089980c41ba34e9b2e68aa11a92ab75ada34550eefd580b5d3769
SHA512 bf2925e550248048386c7bc52e44e934d7cfdd450e56afc2e8b8a981f528c340f1dcb5d8f0a84ca5dc79f035db99e60b14a730e5b331459580b3777ca94ff564

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 2027461466e48b31791d286860ac5c22
SHA1 e064ebbb754f3d9ee14e609ac234a27e5a1b98e8
SHA256 34533389c6ec0ba9ebd7e028d9acbd9e7c831a0d55ed269c1b9948cbad252144
SHA512 715b283173899127014e4c80482a4d279972b669154e421c1b16b953f152c4cf4b779f5f4846aa2d6f2ac6d797063400d9a871b0b22aa71d58be8491b1b721dc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e85c8bb6bf95939aa892d6046025b89a
SHA1 0c307305e01cedc6197e60e13bd83e8ec6f0aad7
SHA256 efc6aa758d5791669a55dfb794cff0a8771e388a6ba0679154738ff5db8c6b0a
SHA512 b8ed4a8505d8a7aaba347c35a2c8fce067d4f0547ba32a2837ffc76fb79ec8a5d41653b4ee462b45460095ae2806694c59fc0846371efc3e0fe64b35121cda40

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 0dface117a0f41adae5adeb8e8f48479
SHA1 e7bf26ccd4a9812501c5ca47f600a73753f4bbdb
SHA256 799312d2b2fb91674dcb14d6f9ee2dd9fda9d4493982aaea2e7d4d19329cdf4c
SHA512 771511dc62aab0b04a30bb0de076985cd85358663a4a635a7aec43fc720398939ea169bdd27a72de1103890bac5921e069d665811e48a3b1b906e694a4f9a1c1

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 5e3fad128d11816d203b902f06345cad
SHA1 2fc783d64619f45ce5dd0d7510da95602454c734
SHA256 50939d7288c8f4cae156e9877e2e30543c2d9c41a8cb2059a8eca793a86034f9
SHA512 a62b27ea3aad6882768f033eb180a27c5917e7af9010497e73524d991164c348d22051be11dd05f965a10987b56c49c707176546cfa1eb2bcf196e1bf6812907

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 8ca92ec202701ebf2913cbbe0509e24f
SHA1 9a5efe3e12e2c46dcb2fad93fe98f9d18c3f02e6
SHA256 34c5587c3e8b84b3337600695611e4d7fac04c503367169b66382ad21c6e4646
SHA512 aa45b0d8973f5946e6a0541daa884e6b87b40e3fc1d9e628b61c0993c3a8f55abde82184ce88246a6a76f0b876cbb4c36db2dd8a0ed17837b918991dd8a2d270

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 794dad93f9f69c769327e20e87b3ad7a
SHA1 88e92f9dc8885f1c341b9db44cf363573827e928
SHA256 a53576319b54227da931dc6bfa373627a344847ce7aaec29cd1122e937041e73
SHA512 ae287ecd6fa366b7aef938b3e61ec0b1c5ca3f3be7532cd8f2c7a23a1c73619791ed28b66acdb5422263bd530abb6ebbca5e95cafb4232ccce97ec697764ade4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ea917833eeb6e710dc1c3a454bfa1bed
SHA1 e772e425f75edf220917fb840b6f63cf2fca7613
SHA256 8450cc6a6c9ae06d4772fef6972693d5177a6ef0547a5bf7ed153794fce7b504
SHA512 dc2b45cc16541be780296504e02c07b4041cba62c850d1a27af17c2bd7f6e9bece0972e0459139fc36952e0855d309ae2e1c6c612e3f5b7b1f3ee0404d60453b

C:\Users\Admin\Videos\Captures\desktop.ini

MD5 b0d27eaec71f1cd73b015f5ceeb15f9d
SHA1 62264f8b5c2f5034a1e4143df6e8c787165fbc2f
SHA256 86d9f822aeb989755fac82929e8db369b3f5f04117ef96fd76e3d5f920a501d2
SHA512 7b5c9783a0a14b600b156825639d24cbbc000f5066c48ce9fecc195255603fc55129aaaca336d7ce6ad4e941d5492b756562f2c7a1d151fcfc2dabac76f3946c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 acb20d96a5eee861dd72ac274b12c06f
SHA1 fc5457ca656c36b8017d064d17530c8e00ac6d1a
SHA256 17e64ceaf1981338faadf44c096194e5ba723b4d2bdcab42df3a60604ccf2049
SHA512 b319a2da4fa06ea2a766ad2338bf0aec4d6214fbfcf187b0433d72c3bd098202572aa2257761e5881d570b635eed34f36b1730afd98fa8d34b4617a4407f9b59

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 bf574156c25191c7896dc4165b2decd0
SHA1 f765d8d2235d1f780dc440a29576836774fd9e20
SHA256 85aaa321a790fe36657cf6c287f89fdea48269415747663f0820101c88dc1152
SHA512 abfef36c1ce02f058b4d018994ac62e3ab2f97dd0bb76e3c0861dcd7eece5124f78ce62e047e943bfcf7db379bb4627c25cb7ff382c6bc137a526bffe7ea7370

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 651168e5cdfc6222b9778df5a83676b9
SHA1 31b1cf91d17469d9c7b6262a1808c7194b38cbb1
SHA256 7c84e740700f9cc25d5a64fb574a19880eb669b8da0d077cf1a9056629a65d87
SHA512 4fc0314dd4da83cf2e98fbcc6b7e4aaf36c7a6381103228fa31758a6bf99827c878eea69cc94133caae26f1592cbbdd1b65944af4011f9f80d202f1d763ee586

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 4ad5093cf2dbd10cef485fa644c744fa
SHA1 617dbdc20fbcb45034dce209aa868f9c98e274cf
SHA256 781e8f47ba438e6f06a827a142b4abe58a26d062c4802da0c2c6afcaa16ad590
SHA512 7f22f8865582f04e66c4e60f03fa7bc4e388948fc1e4e8fe774bbfc59fb0e542a3185eaafacce7d609ee5da0a1f15fa7d0044e620ffd265bd71afb1c3c8ac91e

memory/5704-1004-0x000001D712540000-0x000001D712550000-memory.dmp

memory/5704-1020-0x000001D712640000-0x000001D712650000-memory.dmp

memory/5704-1036-0x000001D71A930000-0x000001D71A931000-memory.dmp

memory/5704-1038-0x000001D71A960000-0x000001D71A961000-memory.dmp

memory/5704-1039-0x000001D71A960000-0x000001D71A961000-memory.dmp

memory/5704-1040-0x000001D71AA70000-0x000001D71AA71000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 8909ea0cf79fd9f5242e9f6cab0ec9c7
SHA1 a614a6f00155b3b6a0221baf5a37b09baf3744be
SHA256 4d4832378ca0151bafbf992da0d01b08cba676c0c953bf59ebd7cc07a35a3c49
SHA512 21793e333fcb7222352de35151f0bf589a4d4f3b03c86c1f9f90e0189141c91449b3e6af837ae73a5971d428d8b05d237e00827126f8014d4b6800017d4b42f0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 720cb6779499f38bf0fce52ca9d12782
SHA1 2d4b96b49b4b12bf0c2759d0100033beae01ada5
SHA256 063d098523dc910fc29f453dd4c0ac0eaa34aebab5874ecde9dd777e45c8df83
SHA512 023ad38fafd8b74fb5e9b45bbc25b096bc0dd69b7fb0348a1d108c4111bf7d83003a02791b968407e78b028387bcd0d55097d9174f7d7d7a602ea26cc9c6ba4c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 97142a6f879b8ce3300753a11f418eb4
SHA1 af086d2e94588516edf88ff90a517331e2d528e8
SHA256 e643b2df0e77e951e34bbb564738bae406c061ea20e00b9da9e6b2a887f44696
SHA512 4171e64fc420e81e6488ae381d7afcef5553978616dfcbc688847303bbf2cf1702fc27fc6c7af46eaa94f34eaa7a5920d351e216aac53b1a3b40aad07e842751

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5 c3dd5df3c03dacad924b35656319dcc9
SHA1 0c2f598133703f6c2052096a08afaa9e7af3a216
SHA256 68cab5a89c61f80b4b92f82703df6ddc2f52d41213610d6c9dd275508c9b5b85
SHA512 5f42f4d72f4e8143b08dc823e59f81fb9993d5accab7b5ff3a7b9893a509a9b2a7be54f6ee9209b36831f2f35643206a172c137e033a81ac1cfa0f3a35ace008

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 f814e6d69c02fdf3d8cda5d7e3cc2ce1
SHA1 9c68b069a80104245080371b55c9e77ea2733aca
SHA256 ef53ab007dcccea7ea3193d3a953a89cbf29e0b5564d67b19b69628d9d29d69d
SHA512 94bb7cf150d965c17609f361e6b14d75acdf8008f54bc1915a731031de8d538ddac1686d91c7b142026a1604663a2ef8ba97729062b1672dc10eb230bed9b669

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 c9d34872069163f954ccd7922e32ca52
SHA1 00fb9cc310d78e53805e0213933cb327de0ddb7c
SHA256 9350fe9f861109dcce13b7dcdd5a4993eb7767947bd7306b91b9c9430ed45db4
SHA512 b47d09367551c9cb4ae42a96b476696f1679add3595e8244305f0eebee572185fea9bbb6ccac0f3c905832c69a751eaa8359f692e9dc4c2cb406a23a92417ab4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 96b7c15fc0e1ab49acfea9f91a3a8946
SHA1 a238c79a52ed4dab89861aa1aab0e7bb01e32934
SHA256 b36f67ef89f48d0d65d983aade15c2bfc92e6dc1301c26fdd20cc4b5ebcf4054
SHA512 6118ee87221575b4885a92b0c0573f2eaa3d87960f7a345efa67c76e88dae172849d674d591cc358d9f148bacf000288d08b459a9bc0c7021ab3c6fb81d51b5a

memory/5348-1170-0x000001E9148B0000-0x000001E9148C8000-memory.dmp

memory/5348-1171-0x000001E92EF00000-0x000001E92F0C2000-memory.dmp

memory/5348-1172-0x00007FFA5F810000-0x00007FFA602D1000-memory.dmp

memory/5348-1173-0x000001E914C60000-0x000001E914C70000-memory.dmp

memory/5348-1174-0x000001E92F700000-0x000001E92FC28000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 aa513641021ec51b3c83d25ee8a911df
SHA1 0e36b73604d2e3e481e42532553c34aad781e66b
SHA256 d8e7c551764fbafc0f4acced92396183a711a89e836209e3d5e06890f6497f88
SHA512 292e84f7bf3117a8df57bae69201ec4431498595d47c9797665bc7b8e136e62d169609b02ef518bf02f9a566aec29c7c7ecd845aa2f37311a3b7ae9df04ed77d

memory/5348-1184-0x00007FFA5F810000-0x00007FFA602D1000-memory.dmp

memory/5348-1185-0x000001E914C60000-0x000001E914C70000-memory.dmp

memory/5292-1186-0x00007FFA5F810000-0x00007FFA602D1000-memory.dmp

memory/5292-1187-0x000001DAF9A70000-0x000001DAF9A80000-memory.dmp

memory/5292-1188-0x00007FFA5F810000-0x00007FFA602D1000-memory.dmp