Analysis Overview
SHA256
bf747d7d7e3824b80a05d2988b5163729fb1b8c280f4ea5e2d638ab421f5c9d4
Threat Level: Known bad
The file 2a514d14cf0c18516696437e608ab3e2.exe was found to be: Known bad.
Malicious Activity Summary
SmokeLoader
SectopRAT
Mystic
Glupteba
Detect ZGRat V1
RedLine payload
Glupteba payload
Detect Mystic stealer payload
ZGRat
RedLine
SectopRAT payload
Stops running service(s)
Modifies Windows Firewall
Downloads MZ/PE file
Loads dropped DLL
Executes dropped EXE
Checks computer location settings
Accesses cryptocurrency files/wallets, possible credential harvesting
Adds Run key to start application
Suspicious use of SetThreadContext
Detected potential entity reuse from brand paypal.
AutoIT Executable
Launches sc.exe
Program crash
Unsigned PE
Enumerates physical storage devices
Suspicious behavior: MapViewOfSection
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious behavior: EnumeratesProcesses
Uses Task Scheduler COM API
Checks SCSI registry key(s)
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Creates scheduled task(s)
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2023-11-11 09:51
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2023-11-11 09:51
Reported
2023-11-11 09:53
Platform
win10v2004-20231025-en
Max time kernel
95s
Max time network
155s
Command Line
Signatures
Detect Mystic stealer payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Detect ZGRat V1
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Glupteba
Glupteba payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Mystic
RedLine
RedLine payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
SectopRAT
SectopRAT payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
SmokeLoader
ZGRat
Downloads MZ/PE file
Modifies Windows Firewall
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\netsh.exe | N/A |
Stops running service(s)
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\8068.exe | N/A |
Executes dropped EXE
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\6174.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\6174.exe | N/A |
Accesses cryptocurrency files/wallets, possible credential harvesting
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\2a514d14cf0c18516696437e608ab3e2.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\fp8nT60.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup2 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP002.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\EX1WW49.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup3 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP003.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\Vw0sh07.exe | N/A |
AutoIT Executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Detected potential entity reuse from brand paypal.
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 5384 set thread context of 8760 | N/A | C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2wP3939.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
| PID 8336 set thread context of 5896 | N/A | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\8Ki226gq.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
| PID 5920 set thread context of 7116 | N/A | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\9BC6lJ8.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
| PID 8680 set thread context of 2244 | N/A | C:\Users\Admin\AppData\Local\Temp\858A.exe | C:\Users\Admin\AppData\Local\Temp\858A.exe |
| PID 6536 set thread context of 2768 | N/A | C:\Users\Admin\AppData\Local\Temp\toolspub2.exe | C:\Users\Admin\AppData\Local\Temp\toolspub2.exe |
Launches sc.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\sc.exe | N/A |
| N/A | N/A | C:\Windows\System32\sc.exe | N/A |
| N/A | N/A | C:\Windows\System32\sc.exe | N/A |
| N/A | N/A | C:\Windows\System32\sc.exe | N/A |
| N/A | N/A | C:\Windows\System32\sc.exe | N/A |
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\6174.exe |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7ze53RP.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\toolspub2.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\toolspub2.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\toolspub2.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7ze53RP.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7ze53RP.exe | N/A |
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SYSTEM32\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SYSTEM32\schtasks.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7ze53RP.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\toolspub2.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: 33 | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\631B.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\858A.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\8A4D.exe | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Broom.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\2a514d14cf0c18516696437e608ab3e2.exe
"C:\Users\Admin\AppData\Local\Temp\2a514d14cf0c18516696437e608ab3e2.exe"
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\fp8nT60.exe
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\fp8nT60.exe
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\EX1WW49.exe
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\EX1WW49.exe
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\Vw0sh07.exe
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\Vw0sh07.exe
C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1vo97PU2.exe
C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1vo97PU2.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffb31e346f8,0x7ffb31e34708,0x7ffb31e34718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffb31e346f8,0x7ffb31e34708,0x7ffb31e34718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffb31e346f8,0x7ffb31e34708,0x7ffb31e34718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffb31e346f8,0x7ffb31e34708,0x7ffb31e34718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x178,0x17c,0x180,0x154,0x184,0x7ffb31e346f8,0x7ffb31e34708,0x7ffb31e34718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffb31e346f8,0x7ffb31e34708,0x7ffb31e34718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffb31e346f8,0x7ffb31e34708,0x7ffb31e34718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffb31e346f8,0x7ffb31e34708,0x7ffb31e34718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffb31e346f8,0x7ffb31e34708,0x7ffb31e34718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffb31e346f8,0x7ffb31e34708,0x7ffb31e34718
C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2wP3939.exe
C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2wP3939.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1936,15379516225370582574,12252588999406563069,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1940 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,3019979442079864369,13515529056563600567,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,3019979442079864369,13515529056563600567,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,3410441459685676580,12357350623229365772,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,3410441459685676580,12357350623229365772,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1936,15379516225370582574,12252588999406563069,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2412 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,463939226358734684,4832993297275288425,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,3410441459685676580,12357350623229365772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,3410441459685676580,12357350623229365772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,8304889813731581924,9755139864988982942,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,8304889813731581924,9755139864988982942,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,12922749195441462281,13090158348867830002,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,12922749195441462281,13090158348867830002,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,3410441459685676580,12357350623229365772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3876 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,7364513516025641415,11516962212006509719,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,3410441459685676580,12357350623229365772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4060 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,1612715867014143264,9772175875002631079,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,3410441459685676580,12357350623229365772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3892 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,7364513516025641415,11516962212006509719,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,463939226358734684,4832993297275288425,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2172,3410441459685676580,12357350623229365772,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,12601827699848080062,18158257754142171365,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,12601827699848080062,18158257754142171365,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,3410441459685676580,12357350623229365772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4392 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,3410441459685676580,12357350623229365772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3828 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,3410441459685676580,12357350623229365772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4936 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,3410441459685676580,12357350623229365772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,3410441459685676580,12357350623229365772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,3410441459685676580,12357350623229365772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,3410441459685676580,12357350623229365772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6336 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,3410441459685676580,12357350623229365772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6480 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2172,3410441459685676580,12357350623229365772,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4772 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x30c 0x420
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 176 -p 8760 -ip 8760
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7ze53RP.exe
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7ze53RP.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2172,3410441459685676580,12357350623229365772,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6960 /prefetch:8
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8760 -s 540
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,3410441459685676580,12357350623229365772,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3824 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,3410441459685676580,12357350623229365772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,3410441459685676580,12357350623229365772,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7284 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,3410441459685676580,12357350623229365772,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7284 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,3410441459685676580,12357350623229365772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7056 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\8Ki226gq.exe
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\8Ki226gq.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,3410441459685676580,12357350623229365772,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7860 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,3410441459685676580,12357350623229365772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8020 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,3410441459685676580,12357350623229365772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8080 /prefetch:1
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\9BC6lJ8.exe
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\9BC6lJ8.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,3410441459685676580,12357350623229365772,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\6174.exe
C:\Users\Admin\AppData\Local\Temp\6174.exe
C:\Users\Admin\AppData\Local\Temp\631B.exe
C:\Users\Admin\AppData\Local\Temp\631B.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 7316 -ip 7316
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7316 -s 784
C:\Users\Admin\AppData\Local\Temp\8068.exe
C:\Users\Admin\AppData\Local\Temp\8068.exe
C:\Users\Admin\AppData\Local\Temp\858A.exe
C:\Users\Admin\AppData\Local\Temp\858A.exe
C:\Users\Admin\AppData\Local\Temp\InstallSetup5.exe
"C:\Users\Admin\AppData\Local\Temp\InstallSetup5.exe"
C:\Users\Admin\AppData\Local\Temp\8A4D.exe
C:\Users\Admin\AppData\Local\Temp\8A4D.exe
C:\Users\Admin\AppData\Local\Temp\toolspub2.exe
"C:\Users\Admin\AppData\Local\Temp\toolspub2.exe"
C:\Users\Admin\AppData\Local\Temp\Broom.exe
C:\Users\Admin\AppData\Local\Temp\Broom.exe
C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe
"C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe"
C:\Users\Admin\AppData\Local\Temp\858A.exe
C:\Users\Admin\AppData\Local\Temp\858A.exe
C:\Users\Admin\AppData\Local\Temp\latestX.exe
"C:\Users\Admin\AppData\Local\Temp\latestX.exe"
C:\Users\Admin\AppData\Local\Temp\toolspub2.exe
"C:\Users\Admin\AppData\Local\Temp\toolspub2.exe"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -ExecutionPolicy Bypass -WindowStyle Hidden -NoProfile -enc QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcACoALABDADoAXABXAGkAbgBkAG8AdwBzAFwATQBpAGMAcgBvAHMAbwBmAHQALgBOAEUAVABcAEYAcgBhAG0AZQB3AG8AcgBrADYANABcAHYANAAuADAALgAzADAAMwAxADkAXABBAGQAZABJAG4AUAByAG8AYwBlAHMAcwAuAGUAeABlACAALQBGAG8AcgBjAGUAOwAgAEEAZABkAC0ATQBwAFAAcgBlAGYAZQByAGUAbgBjAGUAIAAtAEUAeABjAGwAdQBzAGkAbwBuAFAAcgBvAGMAZQBzAHMAIABDADoAXABXAGkAbgBkAG8AdwBzAFwATQBpAGMAcgBvAHMAbwBmAHQALgBOAEUAVABcAEYAcgBhAG0AZQB3AG8AcgBrADYANABcAHYANAAuADAALgAzADAAMwAxADkAXABBAGQAZABJAG4AUAByAG8AYwBlAHMAcwAuAGUAeABlAA==
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe
"C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Users\Admin\AppData\Roaming\Tags\Settings.exe
C:\Users\Admin\AppData\Roaming\Tags\Settings.exe
C:\Windows\system32\cmd.exe
C:\Windows\Sysnative\cmd.exe /C "netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes"
C:\Windows\system32\netsh.exe
netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramFiles) -Force
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Users\Admin\AppData\Local\Temp\266F.exe
C:\Users\Admin\AppData\Local\Temp\266F.exe
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop bits & sc stop dosvc
C:\Windows\System32\sc.exe
sc stop UsoSvc
C:\Windows\System32\sc.exe
sc stop WaaSMedicSvc
C:\Windows\System32\sc.exe
sc stop wuauserv
C:\Windows\System32\sc.exe
sc stop bits
C:\Windows\System32\sc.exe
sc stop dosvc
C:\Windows\rss\csrss.exe
C:\Windows\rss\csrss.exe
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#nvjdnn#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /ru 'System' /tn 'GoogleUpdateTaskMachineQC' /tr '''C:\Program Files\Google\Chrome\updater.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Program Files\Google\Chrome\updater.exe') -Trigger (New-ScheduledTaskTrigger -AtStartup) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'GoogleUpdateTaskMachineQC' -User 'System' -RunLevel 'Highest' -Force; }
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c powercfg /x -hibernate-timeout-ac 0 & powercfg /x -hibernate-timeout-dc 0 & powercfg /x -standby-timeout-ac 0 & powercfg /x -standby-timeout-dc 0
C:\Windows\System32\powercfg.exe
powercfg /x -hibernate-timeout-ac 0
C:\Windows\System32\powercfg.exe
powercfg /x -hibernate-timeout-dc 0
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,3410441459685676580,12357350623229365772,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4852 /prefetch:2
C:\Windows\System32\powercfg.exe
powercfg /x -standby-timeout-ac 0
C:\Windows\System32\powercfg.exe
powercfg /x -standby-timeout-dc 0
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Windows\System32\schtasks.exe
C:\Windows\System32\schtasks.exe /run /tn "GoogleUpdateTaskMachineQC"
C:\Program Files\Google\Chrome\updater.exe
"C:\Program Files\Google\Chrome\updater.exe"
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe"
C:\Windows\SYSTEM32\schtasks.exe
schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR "C:\Windows\rss\csrss.exe" /TN csrss /F
C:\Windows\SYSTEM32\schtasks.exe
schtasks /delete /tn ScheduledUpdate /f
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Users\Admin\AppData\Local\Temp\6F60.exe
C:\Users\Admin\AppData\Local\Temp\6F60.exe
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe
C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe taskmgr.exe C:\Users\Admin\AppData\Local\Temp\csrss\injector\NtQuerySystemInformationHook.dll
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInUtil.exe
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe"
C:\Users\Admin\AppData\Local\Temp\9E8F.exe
C:\Users\Admin\AppData\Local\Temp\9E8F.exe
C:\Windows\SYSTEM32\schtasks.exe
schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR "C:\Windows\rss\csrss.exe" /TN csrss /F
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.24.238.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.240.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.200:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 39.142.81.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | store.steampowered.com | udp |
| NL | 142.250.179.141:443 | accounts.google.com | tcp |
| NL | 104.85.0.101:443 | store.steampowered.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| NL | 157.240.247.35:443 | www.facebook.com | tcp |
| NL | 23.222.49.98:443 | steamcommunity.com | tcp |
| US | 8.8.8.8:53 | www.epicgames.com | udp |
| US | 8.8.8.8:53 | www.paypal.com | udp |
| US | 44.212.195.210:443 | www.epicgames.com | tcp |
| US | 8.8.8.8:53 | twitter.com | udp |
| US | 151.101.1.21:443 | www.paypal.com | tcp |
| US | 8.8.8.8:53 | 208.194.73.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 141.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.0.85.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.49.222.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.247.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.195.212.44.in-addr.arpa | udp |
| US | 104.244.42.193:443 | twitter.com | tcp |
| NL | 142.250.179.141:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| NL | 142.250.179.182:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | 21.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 193.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.39.65.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 182.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.208.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| NL | 142.250.179.130:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | rr5---sn-q4flrn7r.googlevideo.com | udp |
| US | 209.85.165.106:443 | rr5---sn-q4flrn7r.googlevideo.com | tcp |
| US | 209.85.165.106:443 | rr5---sn-q4flrn7r.googlevideo.com | tcp |
| NL | 142.250.179.130:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 130.179.250.142.in-addr.arpa | udp |
| NL | 142.250.179.182:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | 106.165.85.209.in-addr.arpa | udp |
| US | 209.85.165.106:443 | rr5---sn-q4flrn7r.googlevideo.com | tcp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| NL | 142.251.36.1:443 | yt3.ggpht.com | tcp |
| US | 209.85.165.106:443 | rr5---sn-q4flrn7r.googlevideo.com | tcp |
| NL | 142.251.36.1:443 | yt3.ggpht.com | udp |
| US | 8.8.8.8:53 | i3.ytimg.com | udp |
| GB | 216.58.208.110:443 | i3.ytimg.com | tcp |
| US | 209.85.165.106:443 | rr5---sn-q4flrn7r.googlevideo.com | tcp |
| US | 209.85.165.106:443 | rr5---sn-q4flrn7r.googlevideo.com | tcp |
| US | 8.8.8.8:53 | 1.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.39.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.208.58.216.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 195.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| NL | 142.250.179.170:443 | jnn-pa.googleapis.com | tcp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| NL | 142.251.36.6:443 | static.doubleclick.net | tcp |
| NL | 142.250.179.170:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | 170.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | abs.twimg.com | udp |
| US | 8.8.8.8:53 | api.twitter.com | udp |
| US | 8.8.8.8:53 | pbs.twimg.com | udp |
| US | 104.244.42.130:443 | api.twitter.com | tcp |
| US | 8.8.8.8:53 | video.twimg.com | udp |
| NL | 199.232.148.159:443 | pbs.twimg.com | tcp |
| NL | 199.232.148.159:443 | pbs.twimg.com | tcp |
| US | 8.8.8.8:53 | t.co | udp |
| US | 192.229.220.133:443 | video.twimg.com | tcp |
| US | 104.244.42.69:443 | t.co | tcp |
| NL | 199.232.148.159:443 | pbs.twimg.com | tcp |
| US | 8.8.8.8:53 | store.akamai.steamstatic.com | udp |
| NL | 23.72.252.171:443 | store.akamai.steamstatic.com | tcp |
| NL | 23.72.252.171:443 | store.akamai.steamstatic.com | tcp |
| NL | 23.72.252.171:443 | store.akamai.steamstatic.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| NL | 88.221.25.153:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | static.xx.fbcdn.net | udp |
| US | 8.8.8.8:53 | community.akamai.steamstatic.com | udp |
| US | 157.240.5.10:443 | static.xx.fbcdn.net | tcp |
| US | 157.240.5.10:443 | static.xx.fbcdn.net | tcp |
| US | 157.240.5.10:443 | static.xx.fbcdn.net | tcp |
| NL | 23.72.252.169:443 | community.akamai.steamstatic.com | tcp |
| NL | 23.72.252.169:443 | community.akamai.steamstatic.com | tcp |
| NL | 23.72.252.169:443 | community.akamai.steamstatic.com | tcp |
| US | 8.8.8.8:53 | tracking.epicgames.com | udp |
| US | 54.205.234.65:443 | tracking.epicgames.com | tcp |
| US | 8.8.8.8:53 | static-assets-prod.unrealengine.com | udp |
| US | 18.239.36.103:443 | static-assets-prod.unrealengine.com | tcp |
| US | 18.239.36.103:443 | static-assets-prod.unrealengine.com | tcp |
| US | 8.8.8.8:53 | 159.148.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 130.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.220.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.252.72.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.25.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.5.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.252.72.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.36.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.234.205.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static.ads-twitter.com | udp |
| NL | 199.232.148.157:443 | static.ads-twitter.com | tcp |
| US | 8.8.8.8:53 | www.paypalobjects.com | udp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 8.8.8.8:53 | 157.148.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | youtube.com | udp |
| NL | 216.58.214.14:443 | youtube.com | tcp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 8.8.8.8:53 | 14.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | facebook.com | udp |
| US | 157.240.5.35:443 | facebook.com | tcp |
| US | 8.8.8.8:53 | fbcdn.net | udp |
| US | 157.240.5.35:443 | fbcdn.net | tcp |
| US | 8.8.8.8:53 | 35.5.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | fbsbx.com | udp |
| US | 8.8.8.8:53 | www.recaptcha.net | udp |
| NL | 142.250.179.163:443 | www.recaptcha.net | tcp |
| US | 8.8.8.8:53 | 163.179.250.142.in-addr.arpa | udp |
| NL | 142.250.179.163:443 | www.recaptcha.net | udp |
| RU | 5.42.92.51:19057 | tcp | |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | rr1---sn-5hneknee.googlevideo.com | udp |
| NL | 74.125.8.70:443 | rr1---sn-5hneknee.googlevideo.com | tcp |
| NL | 74.125.8.70:443 | rr1---sn-5hneknee.googlevideo.com | tcp |
| NL | 74.125.8.70:443 | rr1---sn-5hneknee.googlevideo.com | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.8.125.74.in-addr.arpa | udp |
| NL | 23.72.252.169:443 | community.akamai.steamstatic.com | tcp |
| NL | 23.72.252.169:443 | community.akamai.steamstatic.com | tcp |
| NL | 23.72.252.169:443 | community.akamai.steamstatic.com | tcp |
| US | 8.8.8.8:53 | 254.177.238.8.in-addr.arpa | udp |
| NL | 142.250.179.141:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 34.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | c.paypal.com | udp |
| US | 192.55.233.1:443 | tcp | |
| US | 8.8.8.8:53 | t.paypal.com | udp |
| US | 151.101.1.35:443 | t.paypal.com | tcp |
| US | 192.55.233.1:443 | tcp | |
| US | 8.8.8.8:53 | play.google.com | udp |
| RU | 5.42.92.190:80 | 5.42.92.190 | tcp |
| US | 8.8.8.8:53 | 35.1.101.151.in-addr.arpa | udp |
| US | 194.49.94.72:80 | tcp | |
| US | 8.8.8.8:53 | 190.92.42.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | numpersb.fun | udp |
| US | 8.8.8.8:53 | killredls.pw | udp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| NL | 23.72.252.171:443 | store.akamai.steamstatic.com | tcp |
| NL | 23.72.252.171:443 | store.akamai.steamstatic.com | tcp |
| NL | 23.72.252.171:443 | store.akamai.steamstatic.com | tcp |
| US | 8.8.8.8:53 | b.stats.paypal.com | udp |
| US | 64.4.245.84:443 | b.stats.paypal.com | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 8.8.8.8:53 | login.steampowered.com | udp |
| NL | 23.222.49.98:443 | login.steampowered.com | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 8.8.8.8:53 | 38.209.67.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.245.4.64.in-addr.arpa | udp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 8.8.8.8:53 | dub.stats.paypal.com | udp |
| US | 64.4.245.84:443 | dub.stats.paypal.com | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 8.8.8.8:53 | c6.paypal.com | udp |
| US | 151.101.1.35:443 | c6.paypal.com | tcp |
| US | 8.8.8.8:53 | api.steampowered.com | udp |
| NL | 23.222.49.98:443 | api.steampowered.com | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 18.239.36.103:443 | static-assets-prod.unrealengine.com | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| RU | 5.42.92.51:19057 | tcp | |
| US | 104.244.42.130:443 | api.twitter.com | tcp |
| US | 104.244.42.130:443 | api.twitter.com | tcp |
| US | 8.8.8.8:53 | talon-website-prod.ecosec.on.epicgames.com | udp |
| US | 172.64.146.120:443 | talon-website-prod.ecosec.on.epicgames.com | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 8.8.8.8:53 | 120.146.64.172.in-addr.arpa | udp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 8.8.8.8:53 | talon-service-prod.ecosec.on.epicgames.com | udp |
| US | 104.18.41.136:443 | talon-service-prod.ecosec.on.epicgames.com | tcp |
| US | 8.8.8.8:53 | sentry.io | udp |
| US | 35.186.247.156:443 | sentry.io | tcp |
| US | 104.18.41.136:443 | talon-service-prod.ecosec.on.epicgames.com | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 8.8.8.8:53 | js.hcaptcha.com | udp |
| US | 104.19.218.90:443 | js.hcaptcha.com | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 8.8.8.8:53 | 136.41.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.247.186.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.218.19.104.in-addr.arpa | udp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 8.8.8.8:53 | newassets.hcaptcha.com | udp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 8.8.8.8:53 | api.hcaptcha.com | udp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| NL | 142.250.179.182:443 | i.ytimg.com | udp |
| US | 8.8.8.8:53 | rr3---sn-5hnekn7z.googlevideo.com | udp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| NL | 74.125.100.104:443 | rr3---sn-5hnekn7z.googlevideo.com | udp |
| US | 8.8.8.8:53 | 104.100.125.74.in-addr.arpa | udp |
| US | 172.67.209.38:80 | killredls.pw | tcp |
| RU | 5.42.92.190:80 | 5.42.92.190 | tcp |
| NL | 194.169.175.118:80 | 194.169.175.118 | tcp |
| US | 8.8.8.8:53 | 118.175.169.194.in-addr.arpa | udp |
| RU | 5.42.65.80:80 | 5.42.65.80 | tcp |
| US | 8.8.8.8:53 | 80.65.42.5.in-addr.arpa | udp |
| US | 194.49.94.11:80 | tcp | |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| RU | 5.42.92.190:80 | 5.42.92.190 | tcp |
| IT | 185.196.9.161:80 | 185.196.9.161 | tcp |
| US | 8.8.8.8:53 | 161.9.196.185.in-addr.arpa | udp |
| RU | 185.174.136.219:443 | tcp | |
| RU | 5.42.92.51:19057 | tcp | |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 194.49.94.11:80 | tcp | |
| RU | 5.42.92.190:80 | 5.42.92.190 | tcp |
| RU | 5.42.64.16:443 | tcp | |
| US | 8.8.8.8:53 | 16.64.42.5.in-addr.arpa | udp |
| RU | 5.42.92.51:19057 | tcp | |
| RU | 5.42.92.190:80 | 5.42.92.190 | tcp |
| RU | 5.42.64.16:443 | tcp | |
| US | 194.49.94.11:80 | tcp | |
| US | 8.8.8.8:53 | bluepablo.fun | udp |
| US | 104.21.18.41:80 | bluepablo.fun | tcp |
| US | 8.8.8.8:53 | host-file-host6.com | udp |
| US | 8.8.8.8:53 | host-host-file8.com | udp |
| US | 8.8.8.8:53 | 41.18.21.104.in-addr.arpa | udp |
| US | 104.21.18.41:80 | bluepablo.fun | tcp |
| US | 95.214.26.28:80 | host-host-file8.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| NL | 172.217.168.194:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 28.26.214.95.in-addr.arpa | udp |
| US | 104.21.18.41:80 | bluepablo.fun | tcp |
| US | 104.21.18.41:80 | bluepablo.fun | tcp |
| US | 104.21.18.41:80 | bluepablo.fun | tcp |
| US | 104.21.18.41:80 | bluepablo.fun | tcp |
| US | 8.8.8.8:53 | 194.168.217.172.in-addr.arpa | udp |
| US | 104.21.18.41:80 | bluepablo.fun | tcp |
| US | 104.21.18.41:80 | bluepablo.fun | tcp |
| US | 104.21.18.41:80 | bluepablo.fun | tcp |
| US | 104.21.18.41:80 | bluepablo.fun | tcp |
| US | 104.21.18.41:80 | bluepablo.fun | tcp |
| US | 104.21.18.41:80 | bluepablo.fun | tcp |
| US | 104.21.18.41:80 | bluepablo.fun | tcp |
| US | 8.8.8.8:53 | 9cbcbaaf-1c45-4ab0-a3e9-e08d278fa709.uuid.theupdatetime.org | udp |
| US | 104.21.18.41:80 | bluepablo.fun | tcp |
| US | 104.21.18.41:80 | bluepablo.fun | tcp |
| US | 104.21.18.41:80 | bluepablo.fun | tcp |
| US | 104.21.18.41:80 | bluepablo.fun | tcp |
| US | 104.21.18.41:80 | bluepablo.fun | tcp |
| RU | 5.42.92.51:19057 | tcp | |
| US | 104.21.18.41:80 | bluepablo.fun | tcp |
| US | 104.21.18.41:80 | bluepablo.fun | tcp |
| US | 104.21.18.41:80 | bluepablo.fun | tcp |
| RU | 5.42.92.190:80 | 5.42.92.190 | tcp |
| US | 104.21.18.41:80 | bluepablo.fun | tcp |
| RU | 5.42.64.16:443 | tcp | |
| US | 104.21.18.41:80 | bluepablo.fun | tcp |
| US | 104.21.18.41:80 | bluepablo.fun | tcp |
| US | 104.21.18.41:80 | bluepablo.fun | tcp |
| US | 104.21.18.41:80 | bluepablo.fun | tcp |
| US | 104.21.18.41:80 | bluepablo.fun | tcp |
| US | 104.21.18.41:80 | bluepablo.fun | tcp |
| US | 104.21.18.41:80 | bluepablo.fun | tcp |
| US | 104.21.18.41:80 | bluepablo.fun | tcp |
| US | 104.21.18.41:80 | bluepablo.fun | tcp |
| US | 104.21.18.41:80 | bluepablo.fun | tcp |
| US | 104.21.18.41:80 | bluepablo.fun | tcp |
| US | 104.21.18.41:80 | bluepablo.fun | tcp |
| US | 104.21.18.41:80 | bluepablo.fun | tcp |
| US | 104.21.18.41:80 | bluepablo.fun | tcp |
| US | 104.21.18.41:80 | bluepablo.fun | tcp |
| US | 104.21.18.41:80 | bluepablo.fun | tcp |
| US | 104.21.18.41:80 | bluepablo.fun | tcp |
| US | 104.21.18.41:80 | bluepablo.fun | tcp |
| US | 104.21.18.41:80 | bluepablo.fun | tcp |
| BG | 91.92.247.247:39001 | tcp | |
| US | 104.21.18.41:80 | bluepablo.fun | tcp |
| US | 104.21.18.41:80 | bluepablo.fun | tcp |
| US | 8.8.8.8:53 | 247.247.92.91.in-addr.arpa | udp |
| US | 104.21.18.41:80 | bluepablo.fun | tcp |
| US | 104.21.18.41:80 | bluepablo.fun | tcp |
| RU | 5.42.92.190:80 | 5.42.92.190 | tcp |
| US | 104.21.18.41:80 | bluepablo.fun | tcp |
| US | 104.21.18.41:80 | bluepablo.fun | tcp |
| US | 194.49.94.11:80 | tcp | |
| US | 104.21.18.41:80 | bluepablo.fun | tcp |
| US | 104.21.18.41:80 | bluepablo.fun | tcp |
| US | 104.21.18.41:80 | bluepablo.fun | tcp |
| US | 104.21.18.41:80 | bluepablo.fun | tcp |
| US | 104.21.18.41:80 | bluepablo.fun | tcp |
| US | 104.21.18.41:80 | bluepablo.fun | tcp |
| US | 104.21.18.41:80 | bluepablo.fun | tcp |
| US | 8.8.8.8:53 | server16.theupdatetime.org | udp |
| US | 8.8.8.8:53 | cdn.discordapp.com | udp |
| US | 8.8.8.8:53 | stun.sipgate.net | udp |
| US | 162.159.135.233:443 | cdn.discordapp.com | tcp |
| US | 3.33.249.248:3478 | stun.sipgate.net | udp |
Files
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\fp8nT60.exe
| MD5 | c5c2c575a75b0234bbe73e0620d90ae5 |
| SHA1 | f5a459925eb94b9d0cf569bb8118e643ed8ef05e |
| SHA256 | c2ad1cdc76cb19b234b87118a393d8439cb4c120387ab23da297725505b820ee |
| SHA512 | 29dff264f7dc92e3ec2891f8f879eb038057d192f4ad941a685510ca7aed33bf0c71cad5cb28c3a65b1702e2527af28ae90be91e4cd1767e48c4b1aa3cb0ae0e |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\fp8nT60.exe
| MD5 | c5c2c575a75b0234bbe73e0620d90ae5 |
| SHA1 | f5a459925eb94b9d0cf569bb8118e643ed8ef05e |
| SHA256 | c2ad1cdc76cb19b234b87118a393d8439cb4c120387ab23da297725505b820ee |
| SHA512 | 29dff264f7dc92e3ec2891f8f879eb038057d192f4ad941a685510ca7aed33bf0c71cad5cb28c3a65b1702e2527af28ae90be91e4cd1767e48c4b1aa3cb0ae0e |
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\EX1WW49.exe
| MD5 | b6c248eb8fe7e3e3d754b17e06c92456 |
| SHA1 | abb0ac737ffe5fd88ddec173788b955a6c16f96b |
| SHA256 | 6bfeee1df2e155af9d6cd8a9f0866f2cddf8d28b695b420650bc22d892d5bf99 |
| SHA512 | 85c380812a852bbf93213bb4d659b045b5abe54869ebf9b067d128bf7afecc70ce8696361106525f0202b56141769ddc559c71ca44fdac44275993636d45a93a |
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\EX1WW49.exe
| MD5 | b6c248eb8fe7e3e3d754b17e06c92456 |
| SHA1 | abb0ac737ffe5fd88ddec173788b955a6c16f96b |
| SHA256 | 6bfeee1df2e155af9d6cd8a9f0866f2cddf8d28b695b420650bc22d892d5bf99 |
| SHA512 | 85c380812a852bbf93213bb4d659b045b5abe54869ebf9b067d128bf7afecc70ce8696361106525f0202b56141769ddc559c71ca44fdac44275993636d45a93a |
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\Vw0sh07.exe
| MD5 | 66805fa223ffdc9e021494db6a611d56 |
| SHA1 | f6ff72d1bfe4dd3896fd216916b3aac52b325a8d |
| SHA256 | 954aea71f8ecf0ffed78491957d1671ee00e95671cd1184e42c0e3ae4121a010 |
| SHA512 | 4e85e7fb9b8b08dba3fd69ccdb2fd553cedd05cf3547b31c24a73ac456010053148fc75492dc986cb681a87a98dda2620691a74caec2287f6351f91e831f1849 |
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\Vw0sh07.exe
| MD5 | 66805fa223ffdc9e021494db6a611d56 |
| SHA1 | f6ff72d1bfe4dd3896fd216916b3aac52b325a8d |
| SHA256 | 954aea71f8ecf0ffed78491957d1671ee00e95671cd1184e42c0e3ae4121a010 |
| SHA512 | 4e85e7fb9b8b08dba3fd69ccdb2fd553cedd05cf3547b31c24a73ac456010053148fc75492dc986cb681a87a98dda2620691a74caec2287f6351f91e831f1849 |
C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1vo97PU2.exe
| MD5 | 9bf25e0a4b86bd8d1023c204a3b1babe |
| SHA1 | adadb580c702b1e9a32d6d1f436156a0be51e111 |
| SHA256 | db394924809b29893776109e2ca54a85384fede995145d984db302ef416e9566 |
| SHA512 | 118c0d827736ca781dbf6da2445ac28500e247c581307a282a93ab11622237ce8c72067de01cf519429a276a2d14a436d591bcd286cf48b6d28452c4d12396f6 |
C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1vo97PU2.exe
| MD5 | 9bf25e0a4b86bd8d1023c204a3b1babe |
| SHA1 | adadb580c702b1e9a32d6d1f436156a0be51e111 |
| SHA256 | db394924809b29893776109e2ca54a85384fede995145d984db302ef416e9566 |
| SHA512 | 118c0d827736ca781dbf6da2445ac28500e247c581307a282a93ab11622237ce8c72067de01cf519429a276a2d14a436d591bcd286cf48b6d28452c4d12396f6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a7f568a3d32bd441e85bc1511092fbe0 |
| SHA1 | 89fbee8e2eb6d74cc3ad66ae3ba6c7f25dce33d2 |
| SHA256 | 0d60fa886bcba8089cbdc944265c78bddf1a77f28820f5314eba6c83f44c913a |
| SHA512 | 8fc5e847481d2bfbb6c0d70a1f152c43fe152d4c4aa8ec61988136945da0af944e4643adafad64a754b9b7f4d117e368916140e8275fc7568e150a98fe570779 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a7f568a3d32bd441e85bc1511092fbe0 |
| SHA1 | 89fbee8e2eb6d74cc3ad66ae3ba6c7f25dce33d2 |
| SHA256 | 0d60fa886bcba8089cbdc944265c78bddf1a77f28820f5314eba6c83f44c913a |
| SHA512 | 8fc5e847481d2bfbb6c0d70a1f152c43fe152d4c4aa8ec61988136945da0af944e4643adafad64a754b9b7f4d117e368916140e8275fc7568e150a98fe570779 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a7f568a3d32bd441e85bc1511092fbe0 |
| SHA1 | 89fbee8e2eb6d74cc3ad66ae3ba6c7f25dce33d2 |
| SHA256 | 0d60fa886bcba8089cbdc944265c78bddf1a77f28820f5314eba6c83f44c913a |
| SHA512 | 8fc5e847481d2bfbb6c0d70a1f152c43fe152d4c4aa8ec61988136945da0af944e4643adafad64a754b9b7f4d117e368916140e8275fc7568e150a98fe570779 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a7f568a3d32bd441e85bc1511092fbe0 |
| SHA1 | 89fbee8e2eb6d74cc3ad66ae3ba6c7f25dce33d2 |
| SHA256 | 0d60fa886bcba8089cbdc944265c78bddf1a77f28820f5314eba6c83f44c913a |
| SHA512 | 8fc5e847481d2bfbb6c0d70a1f152c43fe152d4c4aa8ec61988136945da0af944e4643adafad64a754b9b7f4d117e368916140e8275fc7568e150a98fe570779 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a7f568a3d32bd441e85bc1511092fbe0 |
| SHA1 | 89fbee8e2eb6d74cc3ad66ae3ba6c7f25dce33d2 |
| SHA256 | 0d60fa886bcba8089cbdc944265c78bddf1a77f28820f5314eba6c83f44c913a |
| SHA512 | 8fc5e847481d2bfbb6c0d70a1f152c43fe152d4c4aa8ec61988136945da0af944e4643adafad64a754b9b7f4d117e368916140e8275fc7568e150a98fe570779 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a7f568a3d32bd441e85bc1511092fbe0 |
| SHA1 | 89fbee8e2eb6d74cc3ad66ae3ba6c7f25dce33d2 |
| SHA256 | 0d60fa886bcba8089cbdc944265c78bddf1a77f28820f5314eba6c83f44c913a |
| SHA512 | 8fc5e847481d2bfbb6c0d70a1f152c43fe152d4c4aa8ec61988136945da0af944e4643adafad64a754b9b7f4d117e368916140e8275fc7568e150a98fe570779 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a7f568a3d32bd441e85bc1511092fbe0 |
| SHA1 | 89fbee8e2eb6d74cc3ad66ae3ba6c7f25dce33d2 |
| SHA256 | 0d60fa886bcba8089cbdc944265c78bddf1a77f28820f5314eba6c83f44c913a |
| SHA512 | 8fc5e847481d2bfbb6c0d70a1f152c43fe152d4c4aa8ec61988136945da0af944e4643adafad64a754b9b7f4d117e368916140e8275fc7568e150a98fe570779 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | aed593b08b94f34dd8f68fd369652ac2 |
| SHA1 | 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95 |
| SHA256 | 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7 |
| SHA512 | 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | aed593b08b94f34dd8f68fd369652ac2 |
| SHA1 | 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95 |
| SHA256 | 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7 |
| SHA512 | 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | aed593b08b94f34dd8f68fd369652ac2 |
| SHA1 | 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95 |
| SHA256 | 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7 |
| SHA512 | 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | aed593b08b94f34dd8f68fd369652ac2 |
| SHA1 | 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95 |
| SHA256 | 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7 |
| SHA512 | 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | aed593b08b94f34dd8f68fd369652ac2 |
| SHA1 | 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95 |
| SHA256 | 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7 |
| SHA512 | 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | aed593b08b94f34dd8f68fd369652ac2 |
| SHA1 | 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95 |
| SHA256 | 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7 |
| SHA512 | 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | aed593b08b94f34dd8f68fd369652ac2 |
| SHA1 | 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95 |
| SHA256 | 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7 |
| SHA512 | 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | aed593b08b94f34dd8f68fd369652ac2 |
| SHA1 | 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95 |
| SHA256 | 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7 |
| SHA512 | 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | aed593b08b94f34dd8f68fd369652ac2 |
| SHA1 | 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95 |
| SHA256 | 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7 |
| SHA512 | 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | aed593b08b94f34dd8f68fd369652ac2 |
| SHA1 | 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95 |
| SHA256 | 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7 |
| SHA512 | 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | aed593b08b94f34dd8f68fd369652ac2 |
| SHA1 | 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95 |
| SHA256 | 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7 |
| SHA512 | 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | aed593b08b94f34dd8f68fd369652ac2 |
| SHA1 | 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95 |
| SHA256 | 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7 |
| SHA512 | 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | aed593b08b94f34dd8f68fd369652ac2 |
| SHA1 | 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95 |
| SHA256 | 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7 |
| SHA512 | 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | aed593b08b94f34dd8f68fd369652ac2 |
| SHA1 | 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95 |
| SHA256 | 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7 |
| SHA512 | 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | aed593b08b94f34dd8f68fd369652ac2 |
| SHA1 | 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95 |
| SHA256 | 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7 |
| SHA512 | 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | aed593b08b94f34dd8f68fd369652ac2 |
| SHA1 | 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95 |
| SHA256 | 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7 |
| SHA512 | 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137 |
C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2wP3939.exe
| MD5 | f62afb2d70f446113643481619334228 |
| SHA1 | 498f9156c452973d76059b0dabd5a77143dd4b0e |
| SHA256 | ffd023ca5334144e97b1019be4eb9f95a867d472835688638d3278681ac5f5f4 |
| SHA512 | c8658c9f30ba6afb07926206f765262fe7c69c603d176679192890aa5649cb25ff2a1d14b97395bea67e8066037f0571a4ca58ac36174cc4226e65276c26e770 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | aed593b08b94f34dd8f68fd369652ac2 |
| SHA1 | 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95 |
| SHA256 | 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7 |
| SHA512 | 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | aed593b08b94f34dd8f68fd369652ac2 |
| SHA1 | 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95 |
| SHA256 | 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7 |
| SHA512 | 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137 |
\??\pipe\LOCAL\crashpad_2380_TWRPMJMSVQBNXSQA
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
\??\pipe\LOCAL\crashpad_1224_KKADQZHGNFYYJVTD
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
\??\pipe\LOCAL\crashpad_2800_MSRKYEBWGEMFBPPY
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
\??\pipe\LOCAL\crashpad_1968_XBQJSNBZBKLFQXIL
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
\??\pipe\LOCAL\crashpad_3884_BAGKCQNLWAHRKXKH
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | aed593b08b94f34dd8f68fd369652ac2 |
| SHA1 | 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95 |
| SHA256 | 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7 |
| SHA512 | 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137 |
C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2wP3939.exe
| MD5 | f62afb2d70f446113643481619334228 |
| SHA1 | 498f9156c452973d76059b0dabd5a77143dd4b0e |
| SHA256 | ffd023ca5334144e97b1019be4eb9f95a867d472835688638d3278681ac5f5f4 |
| SHA512 | c8658c9f30ba6afb07926206f765262fe7c69c603d176679192890aa5649cb25ff2a1d14b97395bea67e8066037f0571a4ca58ac36174cc4226e65276c26e770 |
\??\pipe\LOCAL\crashpad_4552_TNXKQCPFZWTDYJXL
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
\??\pipe\LOCAL\crashpad_3500_PZWVWZYQHYYTEWGS
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | aed593b08b94f34dd8f68fd369652ac2 |
| SHA1 | 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95 |
| SHA256 | 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7 |
| SHA512 | 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | aed593b08b94f34dd8f68fd369652ac2 |
| SHA1 | 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95 |
| SHA256 | 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7 |
| SHA512 | 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 12abe26f5eaf3296216da4ce64b654f1 |
| SHA1 | e89b6e1cf6e497a0e038fc83bf3cbd24bfd768bd |
| SHA256 | cf8b81b65f74e0b24afa7d71c4b7a59f9456870830015aa6b7316a090c928c47 |
| SHA512 | ded90f9944aa765958d95ed9b8100577fcacf7662da220686db8178a16058cde09f59fc2da968488cb482f1121b89d652a96537cf76406a5019c0da8a5fc9362 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | c83c1019f917275dcdc49e4444ad1104 |
| SHA1 | 5825eff338be1873f3ce2972e05a6f8f66bf1ec0 |
| SHA256 | 25499411bd89d071abb2a1fd59322ae297807fec3327984fa581ae2692d25f51 |
| SHA512 | b4bb637a6c577d0a61969306d5956e5c3a01e1241bc2df21293fa1b8df365bc026c6ab26a38de1da336bd3cbc25a545953cdcbb99e744c2dfcd92283ebe7f234 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\713bdac9-1e61-42b6-9582-670d1cfa1ed4.tmp
| MD5 | eeefe5a6e1b4934f20ec033205c9cf31 |
| SHA1 | 118143ba3f0b8baa44f76eaaa6606cd210ed81d0 |
| SHA256 | 907a515895e80aee4f98570eac98df28fd7d2428eab6ca48f4aa1da45b8e2074 |
| SHA512 | 58ed0458276a2853cf68dfa16c1ea664497b9b173b5c0835196a0ce55334ff5de1cc83b868700b28521e1d448ce8fe7bf1c6276888e21ee57847fbeba5dc0aea |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | c83c1019f917275dcdc49e4444ad1104 |
| SHA1 | 5825eff338be1873f3ce2972e05a6f8f66bf1ec0 |
| SHA256 | 25499411bd89d071abb2a1fd59322ae297807fec3327984fa581ae2692d25f51 |
| SHA512 | b4bb637a6c577d0a61969306d5956e5c3a01e1241bc2df21293fa1b8df365bc026c6ab26a38de1da336bd3cbc25a545953cdcbb99e744c2dfcd92283ebe7f234 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 1fddecc861436ac7558356339b8fde2f |
| SHA1 | 89e44218a3960d3df7c8ec38977aa102d1bd37b3 |
| SHA256 | 15afccd278146e1688167679c54a58dfe1ea4e505c7b530fbbec1820806d057c |
| SHA512 | a30b4db26e02c8dfc7d92dc965c8c6ebce399bab158df7edc83a4bfefcd41b1da14d5d8c0bc415fe5cfc08ad77f4ed7f47e8e747a55d7669ea0bcb03641995fb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | eeefe5a6e1b4934f20ec033205c9cf31 |
| SHA1 | 118143ba3f0b8baa44f76eaaa6606cd210ed81d0 |
| SHA256 | 907a515895e80aee4f98570eac98df28fd7d2428eab6ca48f4aa1da45b8e2074 |
| SHA512 | 58ed0458276a2853cf68dfa16c1ea664497b9b173b5c0835196a0ce55334ff5de1cc83b868700b28521e1d448ce8fe7bf1c6276888e21ee57847fbeba5dc0aea |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\419441f5-3212-4186-82f7-daa688c191cc.tmp
| MD5 | 1a976dc06e28bcd7eaa58253efd70529 |
| SHA1 | 5a5e28fb68dca7732f3ae4c56f229b22510ad7b8 |
| SHA256 | 25e9d663efa8005f9329829d0be3233aa2ad174710bab5696b47d23cb5dce2b7 |
| SHA512 | 01f13bfb88b3f5fa4a7067b085af68aaaebb67293b319dcde2cf6d9de94c9ac76211b4f0be600c11efcc838e63e84e59cd3167fb1da9ecfa8f8e0715647da737 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 47797ee8a4d8f48eba73bffc6ec99146 |
| SHA1 | 0ce2cf9ddc1e9be5fe5bbb6b7527adc129cfe2cb |
| SHA256 | f6f6c66b5ec92a900f973a96d9cffa742d9d53212f7438f987043fe9ba9202dc |
| SHA512 | cb683c657481f07173c11458484c14e5abd0515a8f7ce512d5824323a976c2f9f854ba09068d3972036d8301532fdab1f062f00b23af8f95056e24985b10253d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | aed593b08b94f34dd8f68fd369652ac2 |
| SHA1 | 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95 |
| SHA256 | 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7 |
| SHA512 | 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 338720597a7945781986f5cb506890a5 |
| SHA1 | f95668e049991eaa90f110a5d063a7a78696fff4 |
| SHA256 | c96aa156f7532b5f880e2e14786f489a06b01573284d241e85fa8525e0774a78 |
| SHA512 | 4855222d952f59fbddeb688ff5bd0a89ac04b2edabd75639c1f6acb7fff4b9fdbfbbc55e2583d6dc82cb7286f5fb25b648476cd4228b0de619db0fb54f2eb994 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\041867a0-5976-4450-bbda-ea316838717e.tmp
| MD5 | 47797ee8a4d8f48eba73bffc6ec99146 |
| SHA1 | 0ce2cf9ddc1e9be5fe5bbb6b7527adc129cfe2cb |
| SHA256 | f6f6c66b5ec92a900f973a96d9cffa742d9d53212f7438f987043fe9ba9202dc |
| SHA512 | cb683c657481f07173c11458484c14e5abd0515a8f7ce512d5824323a976c2f9f854ba09068d3972036d8301532fdab1f062f00b23af8f95056e24985b10253d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 338720597a7945781986f5cb506890a5 |
| SHA1 | f95668e049991eaa90f110a5d063a7a78696fff4 |
| SHA256 | c96aa156f7532b5f880e2e14786f489a06b01573284d241e85fa8525e0774a78 |
| SHA512 | 4855222d952f59fbddeb688ff5bd0a89ac04b2edabd75639c1f6acb7fff4b9fdbfbbc55e2583d6dc82cb7286f5fb25b648476cd4228b0de619db0fb54f2eb994 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\7503b777-56ad-4242-a620-5622f598fc63.tmp
| MD5 | 1fddecc861436ac7558356339b8fde2f |
| SHA1 | 89e44218a3960d3df7c8ec38977aa102d1bd37b3 |
| SHA256 | 15afccd278146e1688167679c54a58dfe1ea4e505c7b530fbbec1820806d057c |
| SHA512 | a30b4db26e02c8dfc7d92dc965c8c6ebce399bab158df7edc83a4bfefcd41b1da14d5d8c0bc415fe5cfc08ad77f4ed7f47e8e747a55d7669ea0bcb03641995fb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 12abe26f5eaf3296216da4ce64b654f1 |
| SHA1 | e89b6e1cf6e497a0e038fc83bf3cbd24bfd768bd |
| SHA256 | cf8b81b65f74e0b24afa7d71c4b7a59f9456870830015aa6b7316a090c928c47 |
| SHA512 | ded90f9944aa765958d95ed9b8100577fcacf7662da220686db8178a16058cde09f59fc2da968488cb482f1121b89d652a96537cf76406a5019c0da8a5fc9362 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | b9975db8336c0c2a42a59a054247e6b2 |
| SHA1 | dde1152508a2afdf59af5654849498ba77723f36 |
| SHA256 | dd619557d97ce20f38064732540d182c3bc21db63e630af717d626169bb6a717 |
| SHA512 | 9b7b5ebc72e46f447b4985ce6710cb06d80aeb0e1345c75afb8afe9bd3826440d96c54a19d9342129ec666b9f06acc4314c38087385c815fbc712d13c8f440e7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | b9975db8336c0c2a42a59a054247e6b2 |
| SHA1 | dde1152508a2afdf59af5654849498ba77723f36 |
| SHA256 | dd619557d97ce20f38064732540d182c3bc21db63e630af717d626169bb6a717 |
| SHA512 | 9b7b5ebc72e46f447b4985ce6710cb06d80aeb0e1345c75afb8afe9bd3826440d96c54a19d9342129ec666b9f06acc4314c38087385c815fbc712d13c8f440e7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 1a976dc06e28bcd7eaa58253efd70529 |
| SHA1 | 5a5e28fb68dca7732f3ae4c56f229b22510ad7b8 |
| SHA256 | 25e9d663efa8005f9329829d0be3233aa2ad174710bab5696b47d23cb5dce2b7 |
| SHA512 | 01f13bfb88b3f5fa4a7067b085af68aaaebb67293b319dcde2cf6d9de94c9ac76211b4f0be600c11efcc838e63e84e59cd3167fb1da9ecfa8f8e0715647da737 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | aed593b08b94f34dd8f68fd369652ac2 |
| SHA1 | 3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95 |
| SHA256 | 5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7 |
| SHA512 | 16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 12abe26f5eaf3296216da4ce64b654f1 |
| SHA1 | e89b6e1cf6e497a0e038fc83bf3cbd24bfd768bd |
| SHA256 | cf8b81b65f74e0b24afa7d71c4b7a59f9456870830015aa6b7316a090c928c47 |
| SHA512 | ded90f9944aa765958d95ed9b8100577fcacf7662da220686db8178a16058cde09f59fc2da968488cb482f1121b89d652a96537cf76406a5019c0da8a5fc9362 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | c83c1019f917275dcdc49e4444ad1104 |
| SHA1 | 5825eff338be1873f3ce2972e05a6f8f66bf1ec0 |
| SHA256 | 25499411bd89d071abb2a1fd59322ae297807fec3327984fa581ae2692d25f51 |
| SHA512 | b4bb637a6c577d0a61969306d5956e5c3a01e1241bc2df21293fa1b8df365bc026c6ab26a38de1da336bd3cbc25a545953cdcbb99e744c2dfcd92283ebe7f234 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 1a976dc06e28bcd7eaa58253efd70529 |
| SHA1 | 5a5e28fb68dca7732f3ae4c56f229b22510ad7b8 |
| SHA256 | 25e9d663efa8005f9329829d0be3233aa2ad174710bab5696b47d23cb5dce2b7 |
| SHA512 | 01f13bfb88b3f5fa4a7067b085af68aaaebb67293b319dcde2cf6d9de94c9ac76211b4f0be600c11efcc838e63e84e59cd3167fb1da9ecfa8f8e0715647da737 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 38f8e0e3652237ab2c1b52e73c8120ec |
| SHA1 | 5580bc29d9c3d1d26d828a4bda7ae4dc94c90c71 |
| SHA256 | 0a95b5df55aa6587adbce84d6afa46a1a0810bae951f220c89bc1652c0a700ae |
| SHA512 | e712cf4de12c1554f38245ac37bad4f3b7ca17f6a07543db40fb761b6384de7b96dad1a7e2ff04b562491d65e9fd3a8deef5d25d801e6857321967abfb6ec742 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 75a3f576fad3976a52b0a7c090a44bef |
| SHA1 | e65b440d4eb741936fa8d7c97cec106b32eb749c |
| SHA256 | 1cdb25cd3625d2ac3556a2abbd2eba0db38e755e4b5621f9b7bc16b6e0ddad91 |
| SHA512 | 64c41ea8958c490084c7a70b9babc808b79c4021f789241395acf9fd18051d01f9cb96044d21a96fa767a7503909917cc11d5dedf48a25e5a2e175c6fa74976b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 29c48946964fc266d0fa50050856174f |
| SHA1 | fe3dde4bbc5c053c1514105227f2aef019ad6242 |
| SHA256 | 68be12034dd8d3eff097d0617b17cdce1f659da65ac36017a28be6ab41ca0402 |
| SHA512 | 24d7529012f888ddc12202d87942fb78ea91b03a3a329ffa351c0ceeba1b8e8f8d755290cb12664d444dc2986aad54fac756c075804fb8dd6a2bb33aba06aa30 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 405a1a6befa933e31ee837e6db6e736c |
| SHA1 | 7cf53f31d4681327f7ebfabf3d266193bfe4511b |
| SHA256 | 324bc744ad1e525c91c35f5e2e0bb542bc4ac8dfd36709f1f1dfb8088b3fb707 |
| SHA512 | 3468f6831b58630ef910b2121e561c22d71440a1e384bce2b80f3a5c797aa584b26505c2cddb35884be223deb6206390311df794e95385ce274226dc0c4ebd0b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | fc9875821d53dffe2a0a3d31fe99653b |
| SHA1 | 39b8c85977b5e8a39b5d75054b684fe2a7fdd28d |
| SHA256 | fa1c56aca9e467197776a80109176ac96bed95d8b4cbb75a980a07d8de83868f |
| SHA512 | e8182355ab234c2d7988dfdd1fdb74f747455b2f3ca447f6afd7bea3c54dad2d1b39353a6d97a5640a44f024dd514f707ef2f192bd3934d69b4175d6ac8a6c12 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 0010943304bc5aef93ccc9699473c33b |
| SHA1 | a5e6a3a1e07a2a2dac6ac14ac35603514b4745c0 |
| SHA256 | 7a4eee0cea16014e5bcf44c27f18839b8dd78cc63a728f5d80004b166929ba75 |
| SHA512 | 7550a10037d86950942692bdf41b3c7ffc57374646d666a13e0ab801bf3ce8f270b208da22f4f09f8ceffd81514de4fd500fed69cce280d71cce99e69cb9150f |
memory/8760-537-0x0000000000400000-0x0000000000433000-memory.dmp
memory/8760-545-0x0000000000400000-0x0000000000433000-memory.dmp
memory/8760-552-0x0000000000400000-0x0000000000433000-memory.dmp
memory/8760-563-0x0000000000400000-0x0000000000433000-memory.dmp
memory/8956-573-0x0000000000400000-0x000000000040B000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 132edd3000ea1e732a75646fa61cba8c |
| SHA1 | 845e37e0df61461f11ee87c54334d4a13a0d5e28 |
| SHA256 | 3aa39b27af3cfa54dd667019fa3e7fbe2528d6adf8140343899f539ec6cc29d6 |
| SHA512 | ef24bf5c494dadc9b3644349bbadf5f537130b07ed4f5b8b21ca6ca5018add1b0ce3f97b382618ec87361dd093fc3cd0cd4c700a81291e788e98e2be9038b055 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | e2565e589c9c038c551766400aefc665 |
| SHA1 | 77893bb0d295c2737e31a3f539572367c946ab27 |
| SHA256 | 172017da29bce2bfe0c8b4577a9b8e7a97a0585fd85697f51261f39b28877e80 |
| SHA512 | 5a33ce3d048f2443c5d1aee3922693decc19c4d172aff0b059b31af3b56aa5e413902f9a9634e5ee874b046ae63a0531985b0361467b62e977dcff7fc9913c4d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
memory/8956-835-0x0000000000400000-0x000000000040B000-memory.dmp
memory/3136-834-0x0000000000B90000-0x0000000000BA6000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | f0c9173350f23e42db698db4bab5b57c |
| SHA1 | 2635f4df69cb25d15895811784acbb9e04668342 |
| SHA256 | 7c727d9fa88afedeff6252e6ecfeb239cc27f4a517d6f0eb2afadc21164009a4 |
| SHA512 | 9e0444146bc75c9ddbba865a1f4efafe49c025706bad70fcc113d882650834e3c76486ae975aa169040de568b91c55c52294093b2882d9a505b275cd0f5b31eb |
memory/5896-879-0x0000000000400000-0x000000000043C000-memory.dmp
memory/5896-883-0x0000000074A10000-0x00000000751C0000-memory.dmp
memory/5896-884-0x0000000008280000-0x0000000008824000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000033
| MD5 | 923a543cc619ea568f91b723d9fb1ef0 |
| SHA1 | 6f4ade25559645c741d7327c6e16521e43d7e1f9 |
| SHA256 | bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd |
| SHA512 | a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555 |
memory/5896-893-0x0000000007CD0000-0x0000000007D62000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000035
| MD5 | 7d75a9eb3b38b5dd04b8a7ce4f1b87cc |
| SHA1 | 68f598c84936c9720c5ffd6685294f5c94000dff |
| SHA256 | 6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7 |
| SHA512 | cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000040
| MD5 | fdbf5bcfbb02e2894a519454c232d32f |
| SHA1 | 5e225710e9560458ac032ab80e24d0f3cb81b87a |
| SHA256 | d9315d0678ac213bbe2c1de27528f82fd40dbff160f5a0c19850f891da29ea1c |
| SHA512 | 9eb86ebb1b50074df9bd94f7660df6f362b5a46411b35ce820740f629f8ef77f0b49a95c5550441a7db2b2638f0ed3d0204cb8f8c76391c05401506833b8c916 |
memory/5896-904-0x0000000007EE0000-0x0000000007EF0000-memory.dmp
memory/5896-905-0x0000000007E60000-0x0000000007E6A000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f8fd25e4da2dc6f374b844598b29ce71 |
| SHA1 | 2ade040b935b58f3b18bd9e4e59df7ecfa3b470e |
| SHA256 | 8bccfdc04889f0a2c63c473b8fb4d1fc05b8e23a974a906cdd3e8f21965cfdd5 |
| SHA512 | fd74cc26e4c2b2cbdb4a4774a27b077e6b205130b766629330bb0ec681a4c590584078af508af7019c8be4f38e2bce878ef1ae9bfe891abe47ab30762ac5252c |
memory/5896-919-0x0000000008E50000-0x0000000009468000-memory.dmp
memory/5896-920-0x0000000008020000-0x000000000812A000-memory.dmp
memory/5896-921-0x0000000007F50000-0x0000000007F62000-memory.dmp
memory/5896-922-0x0000000007FB0000-0x0000000007FEC000-memory.dmp
memory/5896-923-0x0000000008130000-0x000000000817C000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000034
| MD5 | 4e08109ee6888eeb2f5d6987513366bc |
| SHA1 | 86340f5fa46d1a73db2031d80699937878da635e |
| SHA256 | bf44187e1683e78d3040bcef6263e25783c6936096ff0a621677d411dd9d1339 |
| SHA512 | 4e477fd9e58676c0e00744dbe3421e528dd2faeca2ab998ebbeb349b35bb3711dcf78d8c9e7adba66b4d681d1982c31cac42024c8b19e19537a5615dac39c661 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | f592d9de0409816e7e84a127727ebd88 |
| SHA1 | 6d2ef5c9d80f17d5207b5d26b57339de3df3751f |
| SHA256 | 5d381435c265a35bb9ba1fb7f0a30e7c9aacd6221325cf68a8c191739547482b |
| SHA512 | 39b090d18dc38006748a01ea0c94d1a8008edbd57cf22bf440fed0ecd769448167fad81f7c55b1cfcfa38f584770ef2b143b763b55f23f12da2aa280d6be2bd1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57d63c.TMP
| MD5 | e52a1c38e5dc394e3608cf71f4e788a0 |
| SHA1 | a2fb5fdc14e5cdcf36568b314045d152711d512b |
| SHA256 | ef6df7fa0c6c9e94c7cd7321500ed8ae00250b029cf6b7cb8ff6acf44a692833 |
| SHA512 | beeff7c71c08605c3eb84f72a2f1158891296b0af77198afc139b6be0bc0e09f1d484640903fd423e53da34b5d6d2decf07e9c114c8a0c2742188c4c5c7489cd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\08272db9-5b6c-4dbf-8556-34af1fbcfd1a\index-dir\the-real-index
| MD5 | 74e50883b3f8c65e6ca88bd066858185 |
| SHA1 | 1c7f12268555da4cf3de0e8da2f817dbefae743f |
| SHA256 | 1fff6d83674f66932f67fc1338169c97d845a7d3bcaa4c0dbe88181e57605219 |
| SHA512 | 08f1c490e27b8cb58608a1932848ff58177b6938205451606c691ddd150667de718d8efe52483827b3c6d37aa7216bf624d35e58fbe86e8d8be31b9492fc6dbc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\08272db9-5b6c-4dbf-8556-34af1fbcfd1a\index-dir\the-real-index~RFe57e5eb.TMP
| MD5 | ab3c8d9cfd89f597987940161166fea9 |
| SHA1 | 449a8130955b980eaeb333cb11214e5446e9a644 |
| SHA256 | 85cbb31d842f4cbfdb741fff0025ac6a13b63fa7b8b94debe923c8a9275237e9 |
| SHA512 | 308f02a87cf9783d2048d940e1dc6d8849ae46817a793e2c998d9706b0ab364c9a0bb822f87c7f1ba80da8583cbaa75b3406639b624f48ca37d7e05d7a03a41b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | a4f6865aff8208d8350a9822b52f1531 |
| SHA1 | 0fedc0e4cee3d10e46b262d528870fbebc4177c6 |
| SHA256 | 64e771e1024da47a575c20ea2e6b699adfa6da4f17b713853f7b848985484969 |
| SHA512 | 94a7b768e075d61b26b58a7d3b4e0eed27741ed3f84f48b74c75c2340f7c984e0637175604f48f672297bcd0a082c927af3b51568ace19ef1dbfe5982cd15930 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e6a7.TMP
| MD5 | 1bd20117cc22a0aa40606e8293659473 |
| SHA1 | f81b009adc9f5ba644cc1d12978e82673d8e535e |
| SHA256 | 5cb8291fd55eac19a5a33ae473c6dc158e94d517d78b26e236fa8556c8038acd |
| SHA512 | 7b704aaa8b33b7ec59dd00ca74ba7a4923289d6a52e495f3fd6bdf2bb7647fc05099588648d679bdb67cbf031becfbaf885f43167410237683d8e5b0306536f8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\07020084-ae25-4bed-a463-2237a49e6268\index-dir\the-real-index
| MD5 | e2ee01daddb4c319c05c040bfc8d7c0a |
| SHA1 | 9ec76d1c3a3764f1cb38ab2c56c8f335e595adaa |
| SHA256 | 74949103be652f5b4d9a59f9d170bd92c3cbc973122835b0758881a136b5b3b9 |
| SHA512 | fdbbf3244a876855b8bd881ee5d2b03611d0114e0eadd4a8ec93768f908e6601d807df3d0fe7d4f4e75c738fcd1e0e106975a353f7080bab2d73bf2b02c96b2c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\07020084-ae25-4bed-a463-2237a49e6268\index-dir\the-real-index~RFe57e8f8.TMP
| MD5 | 34512000393a7e9092399ced3cf53763 |
| SHA1 | 0a57904d750531bf3868797e710902cedf5a601c |
| SHA256 | 1be59d35841fe7375e66806870fa8cd019f468b21d73a94c06b6a2102a069d97 |
| SHA512 | 0b5f4e5df4faa1f77495c8dd8af47b3221ced8f68e09bf8e6a756d448ceca1bc79e1dbd88be26ab0c0684f8389ba9108f5910a24b6c642dad91b48fd652498d0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | cb801fa189d027d2f5bbad49b64832f5 |
| SHA1 | e4a1203570e97a1ec3f713cb47aaafc05fc615dd |
| SHA256 | 3a959284392a823704c2f193338d918772f2f9052d7d34101713a94d000d5efa |
| SHA512 | b4912f4621d3ad9e5bf5e836caf9a36a773a0ff5ec84eab2155e06097d607235174c8ede52d4638bab1e7a737ea36cd70c11acfbaab0a9551124c771a00297f9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003f
| MD5 | 740a924b01c31c08ad37fe04d22af7c5 |
| SHA1 | 34feb0face110afc3a7673e36d27eee2d4edbbff |
| SHA256 | f0e1953b71cc4abbffdd5096d99dfb274688e517c381b15c3446c28a4ac416e0 |
| SHA512 | da7061f944c69245c2f66b0e6a8b5a9bca91bda8a73f99734dcb23db56c5047de796fa7e348ff8840d9ac123436e38a4206408573215b7e5e98942ea6d66bb7c |
memory/7116-1061-0x0000000000400000-0x0000000000488000-memory.dmp
memory/7116-1062-0x0000000000400000-0x0000000000488000-memory.dmp
memory/7116-1063-0x0000000000400000-0x0000000000488000-memory.dmp
memory/7116-1065-0x0000000000400000-0x0000000000488000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 413e293853b7f5de707cfcda6e966d5d |
| SHA1 | 24da6893a4874d518a590d32862c25bbc34e6e21 |
| SHA256 | 6b911a697a77df0d4f96db41f0eb760dcebb81e9223f2ab2e5ec3c9bebe1dc5c |
| SHA512 | 2df1b9382856b7ddf4ad8e0dc386055a49005eae44ffcac3912ee46cddd948f9aee012101b1ef42b8eb0c4f5e6fff2c8c47155f19070da65b18c45c6ae6bf1c7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 6e91f53c510a1fe9a963ed085ac5b670 |
| SHA1 | 7b4677df2f0d345cd8421d5d8e5fd21e2b9cc053 |
| SHA256 | 4dfb74c7e36127f793d782371e4dbaec3a93f3286f83df7c68b33c30e8a1fb8f |
| SHA512 | be93bfece4326899175b23cc4256c52c2d16e1baaf9c02dc27685b15621e77268424e359397e5b7f3f629667b86cef0ca763e6ad36563c7b2a29988f69c09734 |
memory/5896-1145-0x0000000074A10000-0x00000000751C0000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\5907b299-bdc8-4148-bd11-d8638e2749f9\index
| MD5 | 54cb446f628b2ea4a5bce5769910512e |
| SHA1 | c27ca848427fe87f5cf4d0e0e3cd57151b0d820d |
| SHA256 | fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d |
| SHA512 | 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt
| MD5 | ce48ed1187d40bdf8ebd816111047e6a |
| SHA1 | c5ec4565f0456e5c07eb24f8867f2567e0722115 |
| SHA256 | 46757daa1d4052056466328e9156524c64f335194c40cbb3563caf22f2d8cc71 |
| SHA512 | 1fd91b2380324488cb590186193c0c365a20a0ed5be54d94378894a29a0253f4945ca2d895c27b917b20d10be83525fbe03250185221b81b2de5a2cf87269a80 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt~RFe5838ed.TMP
| MD5 | b02010ba4630c7a1d07d1797903a9b5e |
| SHA1 | c8bb661ebe8054ba0327deb8a24078f915d332e7 |
| SHA256 | 1e901e2d798da1f5247d5a80782e909acf8a43505478c02f9ce52a8300488e5f |
| SHA512 | 53e2a9f2a189e3d8cfe02566662a1947b6dd2cb1297904b55c4b12f1e94bd93d828aec86b86c683f0ac0b7d2c3279727d7a57e0d7139970270e305655b010e9f |
memory/5896-1270-0x0000000007EE0000-0x0000000007EF0000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 845a7688dea118180cc7a7ebeff3209e |
| SHA1 | 3d3a61014399828435bf763db4264051ee493f39 |
| SHA256 | 404801487b908f95bf14f315b176719a1120b694aa26eee9363fc2690961388e |
| SHA512 | b64389ce834f7152f3e4940ab4227a1dc972641b9076af5a806220125c9732c28dcc67a8c6c28b548c15f6b2fe14e998a7ed2fd8df2dac4246e05c6cd936bf73 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 48beac1b7d038aca70c2e1262e0ad7ea |
| SHA1 | 5e64658907585cf8a0398fd419519b5638686e26 |
| SHA256 | 539e7d5f37a2f221a927c9d5a3ae36f5d91a39a824fe32a51139e2f79e208d48 |
| SHA512 | 3e823d06575d90d899bce9b0b645218bfd0c082ede1301336046a7c356b3873d4849c25c3920139c9c8ebb6e39eac88b9f6469b322f4dbfb3f3b0aea0b8ac00a |
memory/7316-1598-0x0000000000400000-0x000000000046F000-memory.dmp
memory/7316-1600-0x0000000000540000-0x000000000059A000-memory.dmp
memory/7316-1607-0x0000000074A10000-0x00000000751C0000-memory.dmp
memory/8308-1608-0x0000000000A70000-0x0000000000A8E000-memory.dmp
memory/8308-1609-0x0000000074A10000-0x00000000751C0000-memory.dmp
memory/8308-1610-0x0000000005470000-0x0000000005480000-memory.dmp
memory/7316-1614-0x0000000074A10000-0x00000000751C0000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | da53740646b72cc3bd59a1f403a061e5 |
| SHA1 | b4f0f4bfea3c5bf172ba27805e0177dce9236fed |
| SHA256 | bfbd969f7e09fe4a9f6fc73b2b034c810e5f12182396a90605407813c2a92713 |
| SHA512 | 86e502e74e342f3d70d86711489369632022d33c4aa4a4c4464944e4308a29b77e407545501fe80e1043d9021828bcdf5b5c6a1dad6ae05e3e8328a9a03c0f8a |
memory/8664-1679-0x0000000074A10000-0x00000000751C0000-memory.dmp
memory/8664-1684-0x0000000000D30000-0x00000000019CA000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | ce009a1e0dd7bd9acbb33215945fcd07 |
| SHA1 | e09f4f8617d511cd5ab1c56fef78bb8c75593adb |
| SHA256 | f692b71e697a2111dea5c9aeac3ba7399295a3e2abee7ffa05ca7c2b615af0b0 |
| SHA512 | a070290b540bf316cb86da0187a7f007f6cf27dcacb1085294404d178f7f7042148b3a711e453aaf3250f5cc9feff332f34fbba94639d1cc705b9264438251f4 |
memory/8680-1703-0x0000029E42B80000-0x0000029E42C6E000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\5afe5a52-034b-4e5f-8acc-e3b0a586eb3a\index-dir\the-real-index
| MD5 | c523407382a10224223f845f7c5961de |
| SHA1 | 52d372183fa59c52fc315a8c1d3b18b4d5a2cf4c |
| SHA256 | a1dd51f052032a3821aa8343289a5625bd46ce02b50d32eb1d4b71e79ee838e2 |
| SHA512 | a014f1dc315f12998764dd0676dcda051bb3c84f5fb14cf8bd8c774c5cb189fdfb281e77aaa2b8fe6768335d0387b84fa9a285038bcb1e5446e6796041cc39b9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\5afe5a52-034b-4e5f-8acc-e3b0a586eb3a\index-dir\the-real-index~RFe58897e.TMP
| MD5 | 2ea42d780165ab0896872a2f71fad826 |
| SHA1 | 57dfb71812cceef760abdcbfaa6a348f1f4e3448 |
| SHA256 | d54a06613cf2ca806ea520ae50fe06832948a42faf902cf301074b70c04b7b2f |
| SHA512 | b9ba38ed95849c62d2910e64b808cf9292aaab4cf4da4effe9440866c1d699922e6e5d064cc02a4dc5e225f8c62aca7c72852bcd11bda69090f697b5ea2a4127 |
C:\Users\Admin\AppData\Local\Temp\InstallSetup5.exe
| MD5 | bc3354a4cd405a2f2f98e8b343a7d08d |
| SHA1 | 4880d2a987354a3163461fddd2422e905976c5b2 |
| SHA256 | fffc160a4c555057143383fec606841cd2c319f79f52596e0d27322a677dca0b |
| SHA512 | fe349af0497e2aa6933b1acfea9fecd2c1f16da009a06ac7d7f638353283da3ef04e9c3520d33bae6e15ea6190420a27be97f46e5553a538b661af226c241c6b |
memory/8680-1728-0x0000029E5D0A0000-0x0000029E5D180000-memory.dmp
memory/6944-1733-0x0000026B671F0000-0x0000026B67292000-memory.dmp
memory/8680-1732-0x0000029E5D1F0000-0x0000029E5D2D0000-memory.dmp
memory/8680-1734-0x00007FFB2C2F0000-0x00007FFB2CDB1000-memory.dmp
memory/8680-1736-0x0000029E5D2D0000-0x0000029E5D398000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\toolspub2.exe
| MD5 | dcbd05276d11111f2dd2a7edf52e3386 |
| SHA1 | f5dc6d418d9fb2d2cfa4af440ec4ff78da8f11ec |
| SHA256 | cea5245bab036b03f89d549c71f47df8a14854b0de515643bf95319ec5af71d4 |
| SHA512 | 5f1a9c993cd5394e23b39c43cc7479355c922d1ee8ea48109bbad805209dee697e20759257eca9e2f1b75d34a8c4b4c428a736fa8a468dc18de6c44cb6394846 |
memory/6944-1744-0x0000026B69830000-0x0000026B69930000-memory.dmp
memory/6944-1746-0x00007FFB2C2F0000-0x00007FFB2CDB1000-memory.dmp
memory/8680-1745-0x0000029E5D4A0000-0x0000029E5D568000-memory.dmp
memory/8680-1748-0x0000029E44920000-0x0000029E44930000-memory.dmp
memory/8680-1749-0x0000029E5D570000-0x0000029E5D5BC000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe
| MD5 | c067b4583e122ce237ff22e9c2462f87 |
| SHA1 | 8a4545391b205291f0c0ee90c504dc458732f4ed |
| SHA256 | a16dbcd03a7549fbaf7cad1bedd01dcb961a5d43c873f1d1a50892618a06662e |
| SHA512 | 0767cba9f10154b4e28cf6a55b6fc827a96c4fbc88e2d67acd645a0a7a604a3beb63ea58d7febcf8b17de1ea3d2097e76ceac1b36b9fecf9a0945a31a9e211c3 |
memory/8856-1766-0x0000000000DE0000-0x0000000000DE1000-memory.dmp
memory/6944-1768-0x0000026B676F0000-0x0000026B67746000-memory.dmp
memory/2244-1767-0x0000000000400000-0x00000000004AA000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\latestX.exe
| MD5 | bae29e49e8190bfbbf0d77ffab8de59d |
| SHA1 | 4a6352bb47c7e1666a60c76f9b17ca4707872bd9 |
| SHA256 | f91e4ff7811a5848561463d970c51870c9299a80117a89fb86a698b9f727de87 |
| SHA512 | 9e6cf6519e21143f9b570a878a5ca1bba376256217c34ab676e8d632611d468f277a0d6f946ab8705121002d96a89274f38458affe3df3a3a1c75e336d7d66e2 |
memory/2244-1771-0x000002805E610000-0x000002805E6F4000-memory.dmp
memory/8680-1773-0x00007FFB2C2F0000-0x00007FFB2CDB1000-memory.dmp
memory/8664-1775-0x0000000074A10000-0x00000000751C0000-memory.dmp
memory/2244-1774-0x00007FFB2C2F0000-0x00007FFB2CDB1000-memory.dmp
memory/2244-1776-0x000002805E600000-0x000002805E610000-memory.dmp
memory/6944-1777-0x0000026B68FA0000-0x0000026B68FF4000-memory.dmp
memory/2244-1779-0x000002805E610000-0x000002805E6F1000-memory.dmp
memory/2244-1778-0x000002805E610000-0x000002805E6F1000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 08b607128ba6e5ecf38ca107687d8017 |
| SHA1 | 603cc66c83394906df1c52c0e451dcf60fffa6f3 |
| SHA256 | 74c69171382145b967ed983e98e188633613095792202a65969b804b2e8fe7dc |
| SHA512 | 3265c1cd97a8a3352aad24908565890102353506a9189a115464ca5704bc55c36171b180660dd88ca9471432da5098e57483b98cfd70dc08262563217d3f24df |
memory/2244-1790-0x000002805E610000-0x000002805E6F1000-memory.dmp
memory/2244-1792-0x000002805E610000-0x000002805E6F1000-memory.dmp
memory/2244-1794-0x000002805E610000-0x000002805E6F1000-memory.dmp
memory/2244-1796-0x000002805E610000-0x000002805E6F1000-memory.dmp
memory/2244-1798-0x000002805E610000-0x000002805E6F1000-memory.dmp
memory/2244-1800-0x000002805E610000-0x000002805E6F1000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 406654c5cabbbb8caa05f0091b1209f9 |
| SHA1 | 936f9e7665b75165504f7565b73cc345b70d257f |
| SHA256 | 5eb4a7f1036a7f72e4a7636f5720bf0565ae2fd4d3f3f308a891aad67a402155 |
| SHA512 | e4c105a9eb914d97f0dd24d0b3ef7fa0fbaf9f9c0e32564ec70001630c66e6dc654f45b07f3b46eddc450eb083c309c090bc63096455848443a6d053ccd6e443 |
memory/2244-1808-0x000002805E610000-0x000002805E6F1000-memory.dmp
memory/2244-1811-0x000002805E610000-0x000002805E6F1000-memory.dmp
memory/2244-1813-0x000002805E610000-0x000002805E6F1000-memory.dmp
memory/2244-1815-0x000002805E610000-0x000002805E6F1000-memory.dmp
memory/2244-1817-0x000002805E610000-0x000002805E6F1000-memory.dmp
memory/2244-1819-0x000002805E610000-0x000002805E6F1000-memory.dmp
memory/2244-1821-0x000002805E610000-0x000002805E6F1000-memory.dmp
memory/2244-1823-0x000002805E610000-0x000002805E6F1000-memory.dmp
memory/2244-1825-0x000002805E610000-0x000002805E6F1000-memory.dmp
memory/2244-1827-0x000002805E610000-0x000002805E6F1000-memory.dmp
memory/2244-1829-0x000002805E610000-0x000002805E6F1000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 1c474f1e9f2241bb43dd02b45ed8a524 |
| SHA1 | c8a644eb9e33cc6c0d3ddf07595b7ca0ec038040 |
| SHA256 | 9b1bcc13c543982abe741c43ce90ac199fbfe084b0b6ef4a968ebb05ee36dba9 |
| SHA512 | 604ca41e7dcccd6a88280f7068b119d4d919fca1aeb2db7d6301353415d3b0fd9c7b678c3bb92f723a49b0f2eb6c573fa4e5cca5c33805751dcb6959fa4e75a6 |
memory/2244-1840-0x000002805E610000-0x000002805E6F1000-memory.dmp
memory/2244-1842-0x000002805E610000-0x000002805E6F1000-memory.dmp
memory/2244-1844-0x000002805E610000-0x000002805E6F1000-memory.dmp
memory/2768-1847-0x0000000000400000-0x0000000000409000-memory.dmp
memory/6536-1849-0x0000000000B80000-0x0000000000C80000-memory.dmp
memory/6536-1851-0x00000000022D0000-0x00000000022D9000-memory.dmp
memory/8308-1845-0x0000000074A10000-0x00000000751C0000-memory.dmp
memory/8308-1856-0x0000000005470000-0x0000000005480000-memory.dmp
memory/2768-1854-0x0000000000400000-0x0000000000409000-memory.dmp
memory/9044-1877-0x0000000002A70000-0x0000000002E6F000-memory.dmp
memory/9044-1886-0x0000000002E70000-0x000000000375B000-memory.dmp
memory/6944-1892-0x00007FFB2C2F0000-0x00007FFB2CDB1000-memory.dmp
memory/9044-1897-0x0000000000400000-0x0000000000D1C000-memory.dmp
memory/5652-1980-0x00007FFB2C2F0000-0x00007FFB2CDB1000-memory.dmp
memory/5652-1982-0x0000026882790000-0x00000268827A0000-memory.dmp
memory/5652-1983-0x0000026882790000-0x00000268827A0000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_xe2yuybk.uex.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/4184-2001-0x0000000004900000-0x0000000004936000-memory.dmp
memory/6944-2002-0x0000026B699B0000-0x0000026B699C0000-memory.dmp
memory/4184-2005-0x0000000004F70000-0x0000000005598000-memory.dmp
memory/4184-2007-0x0000000074A10000-0x00000000751C0000-memory.dmp
memory/4184-2009-0x00000000048F0000-0x0000000004900000-memory.dmp
memory/8856-2011-0x0000000000DE0000-0x0000000000DE1000-memory.dmp
memory/4184-2016-0x0000000004ED0000-0x0000000004EF2000-memory.dmp
memory/2768-2027-0x0000000000400000-0x0000000000409000-memory.dmp
memory/4184-2034-0x00000000057D0000-0x0000000005836000-memory.dmp
memory/4184-2036-0x00000000058B0000-0x0000000005916000-memory.dmp
memory/5652-2038-0x000002689AE10000-0x000002689AE32000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | a92fbb0d855b33319009f7d2ba0b6527 |
| SHA1 | 351b81487546b1fa39a35a9fd5f27423f27007f9 |
| SHA256 | 43c2adc3f12c1c4c7129bd9d87986c4461044f604ddf87de5732276627b91a02 |
| SHA512 | 27e27a340b46e124fc15aa551febafa4e5dab8216c4f9dace06c4bfec6a842c896d87f4d675097b69c9a222a09b79a4ef3e2bd0d3701beeeda5b55463c604a85 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | abc62cc291b3449735ac94a931eca840 |
| SHA1 | 204f482a0c0b72cddb50cd185603b315b18fd776 |
| SHA256 | ac61932c72e476bbf4c54d9c1d54bbb97ddfa1d1b2796a0eaa9a09e407ea6144 |
| SHA512 | 168a3fa03faa9491bddea028f1477357e0f3fedfee35cd2579488d90526635924a7f3212a122e16c8e775ebdab53d58a8c8102f61d33b4bf13007979379b5abc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 5a0153519d8765df62d170dcde781e84 |
| SHA1 | c4c0193497f46a532e2f4c4e16444fc7d1073ef2 |
| SHA256 | 3f7bf046702533f9a845f2696c59288d24d92d676c6f0f8eca004bea408acae4 |
| SHA512 | b8f0e0ee061f118f81594090fd2c0920b5d2cad8efcff4527b05754b832161b7237996c7c13aaf778780a5157ec38a883d4a616294bbd1522d02918a54241d7a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 196e721e6cbcbd7fea597a59c54a610b |
| SHA1 | 7550f265cb2ca4a4767e866c075b41897a6b0d08 |
| SHA256 | c5d46fe142560178200814c4fe83fd6fa0e5d2ada9216c60a2a99d26cb4dec61 |
| SHA512 | dcbf9b126297b5eb0c1ed6c841e8b927fee32f39dcde2f0531aa66bef09ffd8f31d7d3c089fd5679b789bf6a3f6d1b7820b135bc0449bb340bd3318fb5f3325a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | fc784a18a9fc0d05c2a702dcbc8843d9 |
| SHA1 | c52d8be7e0131be566540616f5cfc8d48b0ee873 |
| SHA256 | c511e18714f71346e7ee492b6db81b15749242d65adc7aae09498edf7b14c95d |
| SHA512 | 26445fa7c90dbb9546b9683c02c8d89704a14525dd248085e1c5d85a0ac3a441228c92e061637d47349baee58ce1b450eb292e24e60d6c03e1746202c32df383 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | ad8da77e132307b538efeeed6764790f |
| SHA1 | 256677b17c6779d82a40e410bf9286abc887f8dd |
| SHA256 | 97df07a0a42356a43c59ddea44cc4d5b496de24fc7434ba541b5373f44304c9b |
| SHA512 | 1a4b9f003d029f9f22438c042ec95330afb48a3f2928262ff082a9ab1726b9b4f75c1f7067ea2ac762a13dbb2560c135efa345dc024767a7d71097e73b15fbb4 |