Analysis Overview
SHA256
38ce15ff72fe07a74ac9e4692fac7c0b964ca3c4f6def07d942fd94ecfd80981
Threat Level: Likely malicious
The file piggy.png was found to be: Likely malicious.
Malicious Activity Summary
Downloads MZ/PE file
Executes dropped EXE
Legitimate hosting services abused for malware hosting/C2
Program crash
Enumerates physical storage devices
Suspicious use of AdjustPrivilegeToken
Delays execution with timeout.exe
Modifies registry class
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
Modifies data under HKEY_USERS
Enumerates system info in registry
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
NTFS ADS
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-07-02 06:00
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-07-02 06:00
Reported
2024-07-02 06:00
Platform
win7-20240611-en
Max time kernel
4s
Max time network
1s
Command Line
Signatures
Enumerates physical storage devices
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\System32\rundll32.exe | N/A |
Processes
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen C:\Users\Admin\AppData\Local\Temp\piggy.png
Network
Files
memory/2204-0-0x0000000000320000-0x0000000000321000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-07-02 06:00
Reported
2024-07-02 06:04
Platform
win10v2004-20240611-en
Max time kernel
259s
Max time network
261s
Command Line
Signatures
Downloads MZ/PE file
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\YouAreAnIdiot.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\YouAreAnIdiot.exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\Downloads\YouAreAnIdiot.exe |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\Downloads\YouAreAnIdiot.exe |
Delays execution with timeout.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\timeout.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "205" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040" | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00 | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM | C:\Windows\system32\LogonUI.exe | N/A |
| Set value (int) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271" | C:\Windows\system32\LogonUI.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent | C:\Windows\system32\LogonUI.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-200405930-3877336739-3533750831-1000\{7FC90798-0FC0-49B2-81E1-172BA14B74CE} | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 459868.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 192640.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | C:\Windows\system32\shutdown.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\system32\shutdown.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\LogonUI.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\piggy.png
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc9c4046f8,0x7ffc9c404708,0x7ffc9c404718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,3933908913516965084,18287703331200377584,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,3933908913516965084,18287703331200377584,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,3933908913516965084,18287703331200377584,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2196 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3933908913516965084,18287703331200377584,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3933908913516965084,18287703331200377584,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3933908913516965084,18287703331200377584,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3933908913516965084,18287703331200377584,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4676 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,3933908913516965084,18287703331200377584,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3560 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,3933908913516965084,18287703331200377584,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3560 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3933908913516965084,18287703331200377584,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3556 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3933908913516965084,18287703331200377584,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3492 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3933908913516965084,18287703331200377584,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3933908913516965084,18287703331200377584,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3933908913516965084,18287703331200377584,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2148,3933908913516965084,18287703331200377584,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5388 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2148,3933908913516965084,18287703331200377584,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5428 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3933908913516965084,18287703331200377584,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3933908913516965084,18287703331200377584,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3933908913516965084,18287703331200377584,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2148,3933908913516965084,18287703331200377584,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6268 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3933908913516965084,18287703331200377584,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2284 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2148,3933908913516965084,18287703331200377584,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:8
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\Love.bat" "
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,3933908913516965084,18287703331200377584,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6256 /prefetch:2
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\Love.bat" "
C:\Windows\system32\timeout.exe
timeout 10
C:\Windows\system32\shutdown.exe
shutdown -s -t 100
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3933908913516965084,18287703331200377584,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3933908913516965084,18287703331200377584,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3933908913516965084,18287703331200377584,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1080 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2148,3933908913516965084,18287703331200377584,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6704 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2148,3933908913516965084,18287703331200377584,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5940 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3933908913516965084,18287703331200377584,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6508 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,3933908913516965084,18287703331200377584,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Users\Admin\Downloads\YouAreAnIdiot.exe
"C:\Users\Admin\Downloads\YouAreAnIdiot.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3456 -ip 3456
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3456 -s 1200
C:\Users\Admin\Downloads\YouAreAnIdiot.exe
"C:\Users\Admin\Downloads\YouAreAnIdiot.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 5856 -ip 5856
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5856 -s 1172
C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa38dc055 /state1:0x41c64e6d
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 13.107.21.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.21.107.13.in-addr.arpa | udp |
| NL | 23.62.61.97:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 68.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| NL | 23.62.61.155:443 | www.bing.com | tcp |
| NL | 23.62.61.155:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 155.61.62.23.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| NL | 23.62.61.97:443 | r.bing.com | tcp |
| NL | 23.62.61.155:443 | r.bing.com | tcp |
| NL | 23.62.61.155:443 | r.bing.com | tcp |
| NL | 23.62.61.97:443 | r.bing.com | tcp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| NL | 20.190.160.20:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | 20.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | services.bingapis.com | udp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.5.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | 73.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 185.199.111.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 104.18.33.89:443 | www2.bing.com | tcp |
| US | 104.18.33.89:443 | www2.bing.com | tcp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.111.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.109.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 89.33.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 185.199.109.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 140.82.112.22:443 | collector.github.com | tcp |
| US | 140.82.112.22:443 | collector.github.com | tcp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 22.112.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.121.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.111.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 235.17.178.52.in-addr.arpa | udp |
| NL | 23.62.61.194:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 194.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| NL | 23.62.61.171:443 | r.bing.com | tcp |
| US | 8.8.8.8:53 | 171.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | b704c9ca0493bd4548ac9c69dc4a4f27 |
| SHA1 | a3e5e54e630dabe55ca18a798d9f5681e0620ba7 |
| SHA256 | 2ebd5229b9dc642afba36a27c7ac12d90196b1c50985c37e94f4c17474e15411 |
| SHA512 | 69c8116fb542b344a8c55e2658078bd3e0d3564b1e4c889b072dbc99d2b070dacbc4394dedbc22a4968a8cf9448e71f69ec71ded018c1bacc0e195b3b3072d32 |
\??\pipe\LOCAL\crashpad_4056_JIPZPUJZHJVRXEZH
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 477462b6ad8eaaf8d38f5e3a4daf17b0 |
| SHA1 | 86174e670c44767c08a39cc2a53c09c318326201 |
| SHA256 | e6bbd4933b9baa1df4bb633319174de07db176ec215e71c8568d27c5c577184d |
| SHA512 | a0acc2ef7fd0fcf413572eeb94d1e38aa6a682195cc03d6eaaaa0bc9e5f4b2c0033da0b835f4617aebc52069d0a10b52fc31ed53c2fe7943a480b55b7481dd4e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | cca6c9df58fa079ada911d58ac48e55b |
| SHA1 | 03ce8456e8683c8c41716cf68de4666382d0c32f |
| SHA256 | 134cf6ae6b03da8971fe77b0b7423c9fbcb7464848d8181499bdfbbb8ce68f03 |
| SHA512 | 169b0b927b60888d86b8373a9e52e14aafcee8af0686a847da2917759fbbff755c47a3bedde96b36fe16c6226adae1d4af4f573c16b5f88937ce17518efd655d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 74468a51b0c26d1830874d18db76156a |
| SHA1 | bdd943b086ae58359c7d0874afa2c99dd0a9acf5 |
| SHA256 | 7498479b316320425886defcf273171f2cd12a3635d930be87eea17f4e328b58 |
| SHA512 | d7e28f314fbdd4509d17f1597fff42ea97ff82e914afe42761c4343a17f45ac5ae636f7def35c0227b9da87a06271b0f444daa4f26855a8ed9d5f3812ce88239 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | bb7daeb6d729d6b1b5677eae6bf15564 |
| SHA1 | 27c8e449937c4c4faf42e698b24523c5b449b191 |
| SHA256 | 6bd9af755c0b687f89b744844edb98e6de6f0fe3b6661e09c6718dd12e2a8cce |
| SHA512 | c94fbed8462d3ed98c3d58771bae65bd916f0c4248e6fb45ecf41fa6bf24e4e9313a4fcf62e80e8b537808389a8d7d2f70ad0b488e195ed22ed4f7af69a93bd9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2d071372ccf3bad2323b217427f3e13b |
| SHA1 | 646909ef16d0666a016a16bb219b79ecfc5c0fb7 |
| SHA256 | 72f170119aa01365305fa97d60422996f286710ffda7d5be7c63ea25d2cf0d8b |
| SHA512 | ef7c253a7a974580cee1408734d1095c4fa55f5eed778e1c566716c5a594b9459dbb9c426da953ff094b64c928a5d30f9c2d36222eb6462c7c8b7cd49803097c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5802ab.TMP
| MD5 | 7483f4ac1355ee687b7e750ac2ebb261 |
| SHA1 | 34448845374a081970552cbb3fe10002559650ad |
| SHA256 | 22101ad5bf9c9123359e89afcfed67f65d213b724aa7975297df149b59ebabcb |
| SHA512 | df09404c3145645ec4cfe0b250797126b461d455d73ba79f5c0bad2d06c7c81f34337348096a4ef211096e802b4055d1cf80924060cefaac533a272a2639571f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 21386a34087e4db0df82b9c4bfa14be8 |
| SHA1 | 5cd543d7a82b468eb39ee22f3af470dcb3d55a34 |
| SHA256 | 7316a44e00aaf5fd427806bd15924f23738fcdd0e1943a7c06a5b366155cede9 |
| SHA512 | 98925a801a8834989d6c7148f2f1d1972ee5764834c162465a4ed8e928da8ccdd0cdd3be76168df1024fa220d199f289930f53e48860152dd110cd86ea81e079 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013
| MD5 | 0f3de113dc536643a187f641efae47f4 |
| SHA1 | 729e48891d13fb7581697f5fee8175f60519615e |
| SHA256 | 9bef33945e76bc0012cdbd9941eab34f9472aca8e0ddbbaea52658423dc579f8 |
| SHA512 | 8332bf7bd97ec1ebfc8e7fcf75132ca3f6dfd820863f2559ab22ac867aa882921f2b208ab76a6deb2e6fa2907bb0244851023af6c9960a77d3ad4101b314797f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | a6de6b0be3bc303ca81e280547658261 |
| SHA1 | d92d7e47960560e1160de8f3e072b2c833867287 |
| SHA256 | a8a4f4bb09a1b3578bc35c71ccaeef4cbc3fe97ef47e347ea53d38c8ecc55648 |
| SHA512 | bf13fd21abafc5556fc60521933835a0c98f9564975a1b7848f1d2f534c9ad36f95aa5c2e657f2272614f81157f152d342897943ce57b24b85bd5c86cf8156d4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1285a3e2fc974eb1c5765cba5cc1a437 |
| SHA1 | 3d0f90b8812a452d0be59fd1151483186d4b1706 |
| SHA256 | 65225da8efdb4a25e67ce13ef8328ceb7507a6a6b2693d0fb7d51e9f72454bcf |
| SHA512 | 37777998f8ebf311e683cb78d7ebaaba059d4ec72d3a052e146320e78db67d951f3d309df3b8706023f1beb6aa5910524192ee4a74134a967b13a2bb75c9b5cf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 067ee14c10a63127e7454ec062047f07 |
| SHA1 | b96046e1a6f2a617bec44c3f4519fe548062a0fc |
| SHA256 | 1dcad47a2e50285745dd966dd42f5601f3643a30718c3094fe5c2f5e2e7138d3 |
| SHA512 | a791baa99ae504f1ed40d761bae1f21111c6c88c3504574e942e5c477e5c8e443c4350c3d49f92fd4eb1ac131b49d690ce92fcd2f91a5a842773e7719889eac3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011
| MD5 | f31a1ab9f483d9db21349522e39dd16e |
| SHA1 | 01a275d7fc1c4f578fa506c8e0bf9b7787dd4806 |
| SHA256 | 463800c9ec072ae72a4f6fdc1f2f779c792cb7ceb6f57c7d1231eabefad2bd9d |
| SHA512 | cab9bf13c36b854bef939e1d09c8d896caf1d7c20f6948f70f27eaf2869e49c8b9be728b4c95926ba869a987516a79d3193d416b0582b7570a58269c8caa7603 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f
| MD5 | 669b1563b95fce26d9ddc3c7e9bdc538 |
| SHA1 | 275e4ae2606a0da908003b77ea06b24ea8b66214 |
| SHA256 | d46765072d87d9892a0f6f8f9849eafe0abecee9d662e99f8b45d8c5b22ac667 |
| SHA512 | 09e066f5a1974927b2cb607a8b953f2732928c7347f65cdfcdb573170840562de6eae091a61108827b3ae0799c16bfbd41d858ee1a8bc57d9bb1fac814438302 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010
| MD5 | 628ba8d31375849e0943894669cd033c |
| SHA1 | 4fa6d50a37fa2dadec892474d3e713ef9de2d8a1 |
| SHA256 | 80e3440c312f921afe33a7d4a3d11d1d2dc7162f8f50b748b796f424441d10d6 |
| SHA512 | d4406493dc8767c479460f3039b038866549feebf392280384da08adbcad2e871720d046220cb67ebe3ab75c14e06a31df2fa7c0f2c17f91eda26ba0a709d27f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019
| MD5 | 0e52c094a93d5bcd8875cce575d7da9a |
| SHA1 | de9ecbf399f77a497c96c1a4b3509153ad9751a2 |
| SHA256 | abafb66ae53e45e075a02ab40e19bc2dbb0126d83f4da5f1fbd3bed1a4b4fdce |
| SHA512 | b2cbb5075eb1cf84b9b24c2a2f3165675496d506d5e98a8868c18514c5740c366b5a29a925dcf6f6cacdb8ce6e39eb8673b15ebb55c5e9078e0d7eff631905cb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f4eb1577559d9e46d10a978bff788a75 |
| SHA1 | 64161e7c7b7401d367a98ba6a71f8f7dd59ac25c |
| SHA256 | 85f0cb0a043922c856b6aac35b63967571e5c3f47238dec8deb088fd92f26837 |
| SHA512 | 8d5d06727732bd99b732039d15906f024b0fa51030c0fcccebfaec91bcb6758d650b9340ab45942a8d99b59e72ffd0d67a1ccb5dbe7a9ec0d6748542409fb273 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 5e5773d7248f8c29424c7d0996a4303a |
| SHA1 | a2db8da7b0cdcc150f0ae87d1c55cf8bbf975513 |
| SHA256 | 53dcc2b98f38aad2fea19e222939fb5ad80a832f95f3224c0d6e7321d01011e8 |
| SHA512 | 794a19a807cb84910eb8f09e27d8ac30607b64533850883572dd8aeb9ba8521cc4ed823f9baa0492315e16869be4f3a49c342cc649ba0b12143f7d9cd98f3916 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | bd9d25de7d2b1de9e33190a8c6ea88f1 |
| SHA1 | 38443e21f7601ebe3c9731749b35375867bae0ec |
| SHA256 | 36423977df64ad8913e2325dc3ffeb366e5248189f1d18a1451e19ae7c1160d1 |
| SHA512 | 422e1f5719cff9289a6477893e0dd2b96d4f70888630da5c0b4da76270fcc1a186534a3bbb609f36bbe3f37376805e176b40c385e9795c4bcd5828bbd2a99807 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ec0f84f95215d943_0
| MD5 | 6ade418cde69a079793135e76efcba04 |
| SHA1 | fa78240fa1ac4307225d8b4211ca8dba93245938 |
| SHA256 | e5c7bbac8e7847f981c6f2c0221872b0e2f8973ee41ad137b0f0079fb04e6c69 |
| SHA512 | bfd66bad0aa2e648ab63c0c530f5c4bbbebe4407c8a9ddff139b4030a10c7ece24a8af663449da7f5ea1a160099fa0cdf41e59fa2131b90605bd7a7060c5fc55 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d
| MD5 | 5c7ca5f69170c3af85aaedaad13d29f3 |
| SHA1 | f508ae82d28596ccb0c032024b4ecb0f47f77422 |
| SHA256 | 9e32c92c0dbbca6ab7b65713c17f92324d020b84cc3a93b9213411f2d4ae821c |
| SHA512 | e93b64594677e275a35ccb655f2474332222b533a5f9e6c15945fd1821c52eeb365cb8bc7811786ed1cff1dea29dfe1c85ff666545c619fbdf53c2b57fea5dd3 |
C:\Users\Admin\Downloads\Unconfirmed 459868.crdownload
| MD5 | 0c248dcbe812d54aaac203162190edb5 |
| SHA1 | 1392069ef7f3d5ec826b2d61d3056b264a945521 |
| SHA256 | 07cc1cab6935312f39de3ae2734be3fcd4b41c9c4af8429e66650460cc74b471 |
| SHA512 | d69a8199af9a3473a28f14129fa136f2ff0e435229ebae7159a46df3026816df65f1c08011f3ec18115ec58898ed4db594ad689e0bc6822113183afdab2b78f0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | c4c10a21ebd68c087c73a42493a97aec |
| SHA1 | c35464eda4004db4cc60c040e92b940271a6670c |
| SHA256 | ccb6602ea1157a405cf40b6961ee8738a411cb3136cbdf35776f5d5b760eb210 |
| SHA512 | cb56321fc1c2d5e3dbae0e333df54e2e3fc4ed8d87cf9657763f915ebd330becc2a11ddd96f679eaeb661e667179be857cd4c1c3aef08f795e81aeeabd597e2c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 00e643b09efea97d9e9a6f6cf4c95798 |
| SHA1 | 86e728e5f1ada1899fb6da4ba70fa069390a2a55 |
| SHA256 | 667ad638535eb77d90add99d71b9af539f7eb50df2bee7a2b4f9010f9b2e4d29 |
| SHA512 | 002446eedc62e618679c8527eb83f51691666872851e06cd54c4148c73343be9387d9df488c78a05ab107125f1b6e0445a7b9826cc05b2b6cf2fa6ee663af548 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 63e9ce31cf646af08bea3d015d188c50 |
| SHA1 | 9c1a32a5d7bd6272e3e3fc72b28874d2bb8626e7 |
| SHA256 | f12a42d9a5e4871b988215640462926208e9b10bb33c3c014489fd4c9e216d5f |
| SHA512 | 0988a1d42ac37aa22614d0a1a71c438a323e14d5f67550a75e45349695b3e1018977d5d818bf22de147e7c5b4f0d68c8bb4143e52c763e2dfe38a79bb16d9364 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | cb3c5c82d10eb65de6f57e88ba556991 |
| SHA1 | c92f26a4aa8e3ca9211d56ba71234e859cbc024a |
| SHA256 | 81ed58f2698d31e542b83ae3297ebb49d952e63711e247ddae116566962bed50 |
| SHA512 | daa4dc2c200e71cb617dbfdd78c08847c94d47ed47f6c907fd9b5a72cf10b40f19ad9b2d1ad3ef5821c37b43c56ce392de08288590798feef92fcd559b11462a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 114c72f78dbf33a1030ab8560d48842f |
| SHA1 | 6bb415436b663981d91d2572a859cb653af049fc |
| SHA256 | a62a540eac7231012b7f9363f0c4e90eeb184ac29009de1c30b3dff52e1872f8 |
| SHA512 | 00b5007b6805199528e7aeeb65b877238498498edc1c7fb61579ad4f67a602cc1753992cfadf5a63f62a053cc53956436109aff56220ba0f5f97497877b2538a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003
| MD5 | d6b36c7d4b06f140f860ddc91a4c659c |
| SHA1 | ccf16571637b8d3e4c9423688c5bd06167bfb9e9 |
| SHA256 | 34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92 |
| SHA512 | 2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002
| MD5 | 9e3f75f0eac6a6d237054f7b98301754 |
| SHA1 | 80a6cb454163c3c11449e3988ad04d6ad6d2b432 |
| SHA256 | 33a84dec02c65acb6918a1ae82afa05664ee27ad2f07760e8b008636510fd5bf |
| SHA512 | 5cea53f27a4fdbd32355235c90ce3d9b39f550a1b070574cbc4ea892e9901ab0acace0f8eeb5814515ca6ff2970bc3cc0559a0c87075ac4bb3251bc8eaee6236 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005
| MD5 | 59cb232c37a25811223c1101b7aaf371 |
| SHA1 | 6290c495c0acfbc1931b2d4290e5e780e2397994 |
| SHA256 | 156f9d51bef921526c82613f57aed91f7a498452f1c9a33e9adb502304b9eae1 |
| SHA512 | 85a87d653b551cb1edc64a61348f632217d33cab3eac1e636c2235c15a2f3fd13479151f787af1047d891f4b9449669d11296298da36ac96f087a29df011761e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004
| MD5 | 2e86a72f4e82614cd4842950d2e0a716 |
| SHA1 | d7b4ee0c9af735d098bff474632fc2c0113e0b9c |
| SHA256 | c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f |
| SHA512 | 7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006
| MD5 | 56d57bc655526551f217536f19195495 |
| SHA1 | 28b430886d1220855a805d78dc5d6414aeee6995 |
| SHA256 | f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4 |
| SHA512 | 7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007
| MD5 | b38fbbd0b5c8e8b4452b33d6f85df7dc |
| SHA1 | 386ba241790252df01a6a028b3238de2f995a559 |
| SHA256 | b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd |
| SHA512 | 546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008
| MD5 | 620dd00003f691e6bda9ff44e1fc313f |
| SHA1 | aaf106bb2767308c1056dee17ab2e92b9374fb00 |
| SHA256 | eea7813cba41e7062794087d5d4c820d7b30b699af3ec37cb545665940725586 |
| SHA512 | 3e245851bfa901632ea796ddd5c64b86eda217ec5cd0587406f5c28328b5cb98c5d8089d868e409e40560c279332ba85dd8ce1159ae98e8588e35ed61da2f006 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 2bc34953eae68ce6ae82dc1d98b592ce |
| SHA1 | 2169fc639e70f07fe6e1b220fa561d5bd389c5c8 |
| SHA256 | a960ec8d106aa6ef4c01189a171a579bbb99c41c4fcdb2b6a97f269838a8fc89 |
| SHA512 | fa7027b65583e769339a3a68dde87e7bdaff599c9e2e5e10b82e6013c3928d6aa1d66da46e4a30685b38687357c2c7d3e49d74c8ee992d8a535b70dede213546 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 2de5262e57c6e191fd1ef1dfa27d3fc0 |
| SHA1 | 0c259cb15a42313f816f3b7e71a5ace8bdc36269 |
| SHA256 | 96096c2da41428948b84bdad0d14bb7d02c3407641fd52744b9c1da8f99f0809 |
| SHA512 | a1e9260a66f0665a2c52f5556334b94ed4e95ee5aebe4969142bc0db37ac9e62af73c6253c4915c70b21f015468b9f9c55efe3d643a84cf889a1f514c6d4d68c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\44a5fd93-a2d7-4ad4-aaf4-773a79b38912.tmp
| MD5 | 245ac78a6602452aa0200951a4481a78 |
| SHA1 | 5a082865703a8f7b83645b1e58df8358ac623c60 |
| SHA256 | 71b068f9a3353bfa21dc934665ea672977590d1dc9dde12c01e6f9236e5e1b80 |
| SHA512 | 05144be38ec7cdb9b34d07113c4741826118ca1de45a82564e9c6dcaec1f641e29edc3b7abe9438f08e934b8c685f9523a71e411a08c70a77ae634628397d202 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 2d2715976268c0c6ad4f44e101318be9 |
| SHA1 | bcdd4e4157f33c40919397350eb5c035e572cb54 |
| SHA256 | c4fb7283edf9ecb01d4c843b3950957290e9b9ced53cf637a1c9e351cb32bed1 |
| SHA512 | 9550fdf5040badfaa50495e6ba50a8a565f09374ec0e031bc67d1cef7ee6d8d0c548a110decf7e11b9cca630ca02e021d8e50f2c4bc0e78d58f390eb36853a94 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 08a75e6e4db9b3db37aa450756fbbbc8 |
| SHA1 | ed98ee02780ffdbf4702e4496b349dc83ae42bdc |
| SHA256 | 560a4d0c537d4495716f93bebf8d81b3f002d1dc45d23620cd584d1f7cc09f72 |
| SHA512 | 9a710302edb20c74f6c5e467018bffac096f85f3fecf8f6dc0eee1f1dc722fd6c5aab04f661a754bd35417262f9395d0421f69c1ec17209191d1b6402830ca54 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | aa56dd72837296a834bc912a4cabc4af |
| SHA1 | cab98e4ecac531fe751ce005bb9cf307aa94d6ae |
| SHA256 | c29350218756fa59e807682e6569e31b83714bc52e69e7029fa15fd50bd5f9ef |
| SHA512 | 9da84038b222aef7da573865b734e36c50cbe5ae5ebeccf6bf6b7203c001a638ffeaa1b870552ed5a30e06973106338aaa4c7165624f8fbf1254fa4f995895fa |
C:\Users\Admin\Downloads\Unconfirmed 192640.crdownload
| MD5 | e263c5b306480143855655233f76dc5a |
| SHA1 | e7dcd6c23c72209ee5aa0890372de1ce52045815 |
| SHA256 | 1f69810b8fe71e30a8738278adf09dd982f7de0ab9891d296ce7ea61b3fa4f69 |
| SHA512 | e95981eae02d0a8bf44493c64cca8b7e50023332e91d75164735a1d0e38138f358100c93633ff3a0652e1c12a5155cba77d81e01027422d7d5f71000eafb4113 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 40f033bb4c86e4e1e804097c0c815026 |
| SHA1 | 54201dcfa6f90b39098347dd6bfce25fdd7b863d |
| SHA256 | 99070b7098e9886292708247a6c6914db3f57a132f41e8ba3c70c19d91d15c87 |
| SHA512 | 49fbbe70f9a7cf4607cf510179dea141213b02fd0e640641b250ea138d6e4b7b18774c44710b7bddba0abb742cfecd1166217672b333c939855b50cd3f69072b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | f6c7f7535f5f83868a8219ce33133421 |
| SHA1 | 3b33b3b28038fe60c282f06f26a97db866825984 |
| SHA256 | d7791f4c927b9abecdc6f47fa4f647e5a009a3eec410619e0ab459a4a95fa011 |
| SHA512 | afae4d3f608d7db4419de80e846f65b590d7bba2cbd458c1719eaa5597db54c8a6a18a4fa5272d91e6410afb1c7483f6e81b3fb9b78b4cb411f3a1489336f4b1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 8546bac390c773c3241828a158218557 |
| SHA1 | 7004c862cccde6f4fbbbb8e42a510b829661b77a |
| SHA256 | 19bf7d0f6a6b16a7e9f5aea2ded4407733a7243ef66248dd675ca26645519186 |
| SHA512 | e29a292809d995e0735f805b92e6709acfa11f71db64cd738f37c551e2c38484c2c97c3c515789da2ee7858f94cef9999d169bdc359eec17d43b9cc996741ecd |
memory/3456-1228-0x0000000000900000-0x0000000000972000-memory.dmp
memory/3456-1229-0x0000000005300000-0x000000000539C000-memory.dmp
memory/3456-1230-0x0000000005A00000-0x0000000005FA4000-memory.dmp
memory/3456-1231-0x0000000005450000-0x00000000054E2000-memory.dmp
memory/3456-1232-0x0000000005400000-0x000000000540A000-memory.dmp
memory/3456-1233-0x00000000055B0000-0x0000000005606000-memory.dmp