Analysis Overview
SHA256
5dd091881b7106b2a1db216e7e5ef06811a0f6b79b08fc7dce67b2f5a6c84917
Threat Level: Known bad
The file 5dd091881b7106b2a1db216e7e5ef06811a0f6b79b08fc7dce67b2f5a6c84917 was found to be: Known bad.
Malicious Activity Summary
ZGRat
Glupteba payload
Detect ZGRat V1
Mystic
Glupteba
SectopRAT
Suspicious use of NtCreateUserProcessOtherParentProcess
SectopRAT payload
RedLine payload
SmokeLoader
RedLine
Detect Mystic stealer payload
Drops file in Drivers directory
Modifies Windows Firewall
Downloads MZ/PE file
Stops running service(s)
Executes dropped EXE
Loads dropped DLL
Checks computer location settings
Adds Run key to start application
Accesses cryptocurrency files/wallets, possible credential harvesting
Suspicious use of SetThreadContext
AutoIT Executable
Detected potential entity reuse from brand paypal.
Launches sc.exe
Unsigned PE
Enumerates physical storage devices
Program crash
Suspicious use of WriteProcessMemory
Suspicious use of SendNotifyMessage
Suspicious behavior: EnumeratesProcesses
Uses Task Scheduler COM API
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Creates scheduled task(s)
Suspicious use of UnmapMainImage
Suspicious behavior: MapViewOfSection
Suspicious use of SetWindowsHookEx
Checks SCSI registry key(s)
Enumerates system info in registry
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2023-11-11 10:58
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2023-11-11 10:58
Reported
2023-11-11 11:01
Platform
win10v2004-20231020-en
Max time kernel
123s
Max time network
155s
Command Line
Signatures
Detect Mystic stealer payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Detect ZGRat V1
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Glupteba
Glupteba payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Mystic
RedLine
RedLine payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
SectopRAT
SectopRAT payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
SmokeLoader
Suspicious use of NtCreateUserProcessOtherParentProcess
| Description | Indicator | Process | Target |
| PID 2088 created 3220 | N/A | C:\Users\Admin\AppData\Local\Temp\latestX.exe | C:\Windows\Explorer.EXE |
| PID 2088 created 3220 | N/A | C:\Users\Admin\AppData\Local\Temp\latestX.exe | C:\Windows\Explorer.EXE |
| PID 2088 created 3220 | N/A | C:\Users\Admin\AppData\Local\Temp\latestX.exe | C:\Windows\Explorer.EXE |
| PID 2088 created 3220 | N/A | C:\Users\Admin\AppData\Local\Temp\latestX.exe | C:\Windows\Explorer.EXE |
ZGRat
Downloads MZ/PE file
Drops file in Drivers directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\System32\drivers\etc\hosts | C:\Users\Admin\AppData\Local\Temp\latestX.exe | N/A |
Modifies Windows Firewall
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\netsh.exe | N/A |
Stops running service(s)
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1873812795-1433807462-1429862679-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\289.exe | N/A |
Executes dropped EXE
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\D2DB.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\D2DB.exe | N/A |
Accesses cryptocurrency files/wallets, possible credential harvesting
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\5dd091881b7106b2a1db216e7e5ef06811a0f6b79b08fc7dce67b2f5a6c84917.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\TE2WV74.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup2 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP002.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\dj6IH98.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup3 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP003.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\Yz6py91.exe | N/A |
AutoIT Executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Detected potential entity reuse from brand paypal.
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 6436 set thread context of 7604 | N/A | C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2zK4690.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
| PID 2224 set thread context of 8052 | N/A | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\8LG807Tw.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
| PID 7364 set thread context of 6392 | N/A | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\9iU3VO5.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
| PID 3432 set thread context of 3744 | N/A | C:\Users\Admin\AppData\Local\Temp\1BEE.exe | C:\Users\Admin\AppData\Local\Temp\1BEE.exe |
| PID 1796 set thread context of 5440 | N/A | C:\Users\Admin\AppData\Local\Temp\toolspub2.exe | C:\Users\Admin\AppData\Local\Temp\toolspub2.exe |
Launches sc.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\sc.exe | N/A |
| N/A | N/A | C:\Windows\System32\sc.exe | N/A |
| N/A | N/A | C:\Windows\System32\sc.exe | N/A |
| N/A | N/A | C:\Windows\System32\sc.exe | N/A |
| N/A | N/A | C:\Windows\System32\sc.exe | N/A |
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\D2DB.exe |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\toolspub2.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\toolspub2.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\toolspub2.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7Mz56UQ.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7Mz56UQ.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7Mz56UQ.exe | N/A |
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SYSTEM32\schtasks.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7Mz56UQ.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\toolspub2.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\D82C.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\1BEE.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\1F88.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\Explorer.EXE | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Broom.exe | N/A |
Suspicious use of UnmapMainImage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\Explorer.EXE | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
C:\Users\Admin\AppData\Local\Temp\5dd091881b7106b2a1db216e7e5ef06811a0f6b79b08fc7dce67b2f5a6c84917.exe
"C:\Users\Admin\AppData\Local\Temp\5dd091881b7106b2a1db216e7e5ef06811a0f6b79b08fc7dce67b2f5a6c84917.exe"
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\TE2WV74.exe
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\TE2WV74.exe
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\dj6IH98.exe
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\dj6IH98.exe
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\Yz6py91.exe
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\Yz6py91.exe
C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1jo01oA3.exe
C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1jo01oA3.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x144,0x174,0x7ffd196c46f8,0x7ffd196c4708,0x7ffd196c4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffd196c46f8,0x7ffd196c4708,0x7ffd196c4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffd196c46f8,0x7ffd196c4708,0x7ffd196c4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffd196c46f8,0x7ffd196c4708,0x7ffd196c4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffd196c46f8,0x7ffd196c4708,0x7ffd196c4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffd196c46f8,0x7ffd196c4708,0x7ffd196c4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffd196c46f8,0x7ffd196c4708,0x7ffd196c4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffd196c46f8,0x7ffd196c4708,0x7ffd196c4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,11506451187950631429,14252305761345198931,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,565239854651006717,1251273256873196211,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2508 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,565239854651006717,1251273256873196211,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2176,15074580762895030527,13461990140592404730,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,565239854651006717,1251273256873196211,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,15074580762895030527,13461990140592404730,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,11506451187950631429,14252305761345198931,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,14597630391946282955,2926305242938457357,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,14597630391946282955,2926305242938457357,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,565239854651006717,1251273256873196211,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,565239854651006717,1251273256873196211,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,32386012653700278,7438968722129498072,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffd196c46f8,0x7ffd196c4708,0x7ffd196c4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,32386012653700278,7438968722129498072,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,565239854651006717,1251273256873196211,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3960 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,565239854651006717,1251273256873196211,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3964 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffd196c46f8,0x7ffd196c4708,0x7ffd196c4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,12876084811478295101,15986677672559829474,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,12876084811478295101,15986677672559829474,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,565239854651006717,1251273256873196211,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4020 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2zK4690.exe
C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2zK4690.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,565239854651006717,1251273256873196211,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4444 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2180,18131092263457021044,10344741557717432581,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,565239854651006717,1251273256873196211,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,565239854651006717,1251273256873196211,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,565239854651006717,1251273256873196211,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,565239854651006717,1251273256873196211,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,565239854651006717,1251273256873196211,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,565239854651006717,1251273256873196211,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6620 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,565239854651006717,1251273256873196211,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6552 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,565239854651006717,1251273256873196211,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,565239854651006717,1251273256873196211,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7048 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,565239854651006717,1251273256873196211,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7516 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,565239854651006717,1251273256873196211,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7516 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,565239854651006717,1251273256873196211,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7600 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,565239854651006717,1251273256873196211,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7620 /prefetch:1
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7Mz56UQ.exe
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7Mz56UQ.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 7604 -ip 7604
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7604 -s 540
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\8LG807Tw.exe
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\8LG807Tw.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,565239854651006717,1251273256873196211,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7244 /prefetch:1
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\9iU3VO5.exe
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\9iU3VO5.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,565239854651006717,1251273256873196211,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7008 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2148,565239854651006717,1251273256873196211,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7924 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,565239854651006717,1251273256873196211,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4804 /prefetch:1
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
C:\Users\Admin\AppData\Local\Temp\D2DB.exe
C:\Users\Admin\AppData\Local\Temp\D2DB.exe
C:\Users\Admin\AppData\Local\Temp\D82C.exe
C:\Users\Admin\AppData\Local\Temp\D82C.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 7440 -ip 7440
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7440 -s 768
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Users\Admin\AppData\Local\Temp\289.exe
C:\Users\Admin\AppData\Local\Temp\289.exe
C:\Users\Admin\AppData\Local\Temp\1BEE.exe
C:\Users\Admin\AppData\Local\Temp\1BEE.exe
C:\Users\Admin\AppData\Local\Temp\InstallSetup5.exe
"C:\Users\Admin\AppData\Local\Temp\InstallSetup5.exe"
C:\Users\Admin\AppData\Local\Temp\1F88.exe
C:\Users\Admin\AppData\Local\Temp\1F88.exe
C:\Users\Admin\AppData\Local\Temp\toolspub2.exe
"C:\Users\Admin\AppData\Local\Temp\toolspub2.exe"
C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe
"C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe"
C:\Users\Admin\AppData\Local\Temp\Broom.exe
C:\Users\Admin\AppData\Local\Temp\Broom.exe
C:\Users\Admin\AppData\Local\Temp\latestX.exe
"C:\Users\Admin\AppData\Local\Temp\latestX.exe"
C:\Users\Admin\AppData\Local\Temp\1BEE.exe
C:\Users\Admin\AppData\Local\Temp\1BEE.exe
C:\Users\Admin\AppData\Local\Temp\toolspub2.exe
"C:\Users\Admin\AppData\Local\Temp\toolspub2.exe"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -ExecutionPolicy Bypass -WindowStyle Hidden -NoProfile -enc QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcACoALABDADoAXABXAGkAbgBkAG8AdwBzAFwATQBpAGMAcgBvAHMAbwBmAHQALgBOAEUAVABcAEYAcgBhAG0AZQB3AG8AcgBrADYANABcAHYANAAuADAALgAzADAAMwAxADkAXABBAGQAZABJAG4AUAByAG8AYwBlAHMAcwAuAGUAeABlACAALQBGAG8AcgBjAGUAOwAgAEEAZABkAC0ATQBwAFAAcgBlAGYAZQByAGUAbgBjAGUAIAAtAEUAeABjAGwAdQBzAGkAbwBuAFAAcgBvAGMAZQBzAHMAIABDADoAXABXAGkAbgBkAG8AdwBzAFwATQBpAGMAcgBvAHMAbwBmAHQALgBOAEUAVABcAEYAcgBhAG0AZQB3AG8AcgBrADYANABcAHYANAAuADAALgAzADAAMwAxADkAXABBAGQAZABJAG4AUAByAG8AYwBlAHMAcwAuAGUAeABlAA==
C:\Users\Admin\AppData\Roaming\Tags\Settings.exe
C:\Users\Admin\AppData\Roaming\Tags\Settings.exe
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramFiles) -Force
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop bits & sc stop dosvc
C:\Windows\System32\sc.exe
sc stop UsoSvc
C:\Windows\System32\sc.exe
sc stop WaaSMedicSvc
C:\Windows\System32\sc.exe
sc stop wuauserv
C:\Windows\System32\sc.exe
sc stop bits
C:\Windows\System32\sc.exe
sc stop dosvc
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c powercfg /x -hibernate-timeout-ac 0 & powercfg /x -hibernate-timeout-dc 0 & powercfg /x -standby-timeout-ac 0 & powercfg /x -standby-timeout-dc 0
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#nvjdnn#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /ru 'System' /tn 'GoogleUpdateTaskMachineQC' /tr '''C:\Program Files\Google\Chrome\updater.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Program Files\Google\Chrome\updater.exe') -Trigger (New-ScheduledTaskTrigger -AtStartup) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'GoogleUpdateTaskMachineQC' -User 'System' -RunLevel 'Highest' -Force; }
C:\Windows\System32\powercfg.exe
powercfg /x -hibernate-timeout-ac 0
C:\Windows\System32\powercfg.exe
powercfg /x -hibernate-timeout-dc 0
C:\Windows\System32\powercfg.exe
powercfg /x -standby-timeout-ac 0
C:\Windows\System32\powercfg.exe
powercfg /x -standby-timeout-dc 0
C:\Users\Admin\AppData\Local\Temp\BB5C.exe
C:\Users\Admin\AppData\Local\Temp\BB5C.exe
C:\Windows\System32\schtasks.exe
C:\Windows\System32\schtasks.exe /run /tn "GoogleUpdateTaskMachineQC"
C:\Program Files\Google\Chrome\updater.exe
"C:\Program Files\Google\Chrome\updater.exe"
C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe
"C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,565239854651006717,1251273256873196211,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7576 /prefetch:2
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Windows\system32\cmd.exe
C:\Windows\Sysnative\cmd.exe /C "netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes"
C:\Windows\system32\netsh.exe
netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegSvcs.exe
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe"
C:\Users\Admin\AppData\Local\Temp\EBE3.exe
C:\Users\Admin\AppData\Local\Temp\EBE3.exe
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Windows\rss\csrss.exe
C:\Windows\rss\csrss.exe
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Windows\SYSTEM32\schtasks.exe
schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR "C:\Windows\rss\csrss.exe" /TN csrss /F
C:\Windows\SYSTEM32\schtasks.exe
schtasks /delete /tn ScheduledUpdate /f
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe"
C:\Users\Admin\AppData\Local\Temp\1CA8.exe
C:\Users\Admin\AppData\Local\Temp\1CA8.exe
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 158.240.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.200:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| NL | 142.250.179.141:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | twitter.com | udp |
| NL | 157.240.247.35:443 | www.facebook.com | tcp |
| US | 104.244.42.65:443 | twitter.com | tcp |
| US | 8.8.8.8:53 | 141.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.paypal.com | udp |
| US | 8.8.8.8:53 | store.steampowered.com | udp |
| US | 151.101.1.21:443 | www.paypal.com | tcp |
| NL | 104.85.0.101:443 | store.steampowered.com | tcp |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| US | 8.8.8.8:53 | www.epicgames.com | udp |
| NL | 23.222.49.98:443 | steamcommunity.com | tcp |
| US | 8.8.8.8:53 | 35.247.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.0.85.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.1.101.151.in-addr.arpa | udp |
| US | 3.227.115.152:443 | www.epicgames.com | tcp |
| NL | 142.250.179.141:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 238.168.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.49.222.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 152.115.227.3.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.39.65.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 146.78.124.51.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | abs.twimg.com | udp |
| US | 8.8.8.8:53 | api.twitter.com | udp |
| US | 8.8.8.8:53 | pbs.twimg.com | udp |
| US | 104.244.42.66:443 | api.twitter.com | tcp |
| US | 8.8.8.8:53 | video.twimg.com | udp |
| US | 93.184.220.70:443 | pbs.twimg.com | tcp |
| US | 8.8.8.8:53 | t.co | udp |
| US | 68.232.34.217:443 | video.twimg.com | tcp |
| US | 104.244.42.133:443 | t.co | tcp |
| US | 8.8.8.8:53 | 70.220.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 66.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.34.232.68.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static.xx.fbcdn.net | udp |
| US | 157.240.5.10:443 | static.xx.fbcdn.net | tcp |
| US | 157.240.5.10:443 | static.xx.fbcdn.net | tcp |
| US | 157.240.5.10:443 | static.xx.fbcdn.net | tcp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| NL | 142.251.36.22:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | 10.5.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static-assets-prod.unrealengine.com | udp |
| US | 8.8.8.8:53 | tracking.epicgames.com | udp |
| US | 34.195.142.151:443 | tracking.epicgames.com | tcp |
| US | 18.239.36.105:443 | static-assets-prod.unrealengine.com | tcp |
| US | 18.239.36.105:443 | static-assets-prod.unrealengine.com | tcp |
| US | 8.8.8.8:53 | www.paypalobjects.com | udp |
| US | 8.8.8.8:53 | community.akamai.steamstatic.com | udp |
| US | 8.8.8.8:53 | store.akamai.steamstatic.com | udp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| NL | 23.72.252.160:443 | community.akamai.steamstatic.com | tcp |
| NL | 23.72.252.160:443 | community.akamai.steamstatic.com | tcp |
| NL | 23.72.252.160:443 | community.akamai.steamstatic.com | tcp |
| NL | 23.72.252.171:443 | store.akamai.steamstatic.com | tcp |
| NL | 23.72.252.171:443 | store.akamai.steamstatic.com | tcp |
| NL | 23.72.252.171:443 | store.akamai.steamstatic.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| NL | 88.221.25.153:80 | apps.identrust.com | tcp |
| NL | 88.221.25.153:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | 22.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 105.36.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 151.142.195.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 25.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.252.72.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 160.252.72.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 153.25.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.208.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| NL | 142.251.36.14:443 | play.google.com | tcp |
| NL | 142.251.36.14:443 | play.google.com | udp |
| US | 192.229.221.25:443 | www.paypalobjects.com | tcp |
| US | 8.8.8.8:53 | 14.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.136.104.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | facebook.com | udp |
| US | 157.240.5.35:443 | facebook.com | tcp |
| US | 8.8.8.8:53 | fbcdn.net | udp |
| US | 157.240.5.35:443 | fbcdn.net | tcp |
| US | 8.8.8.8:53 | fbsbx.com | udp |
| US | 8.8.8.8:53 | 35.5.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | abs.twimg.com | udp |
| NL | 199.232.148.159:443 | abs.twimg.com | tcp |
| NL | 199.232.148.159:443 | abs.twimg.com | tcp |
| US | 8.8.8.8:53 | static.ads-twitter.com | udp |
| NL | 199.232.148.157:443 | static.ads-twitter.com | tcp |
| US | 8.8.8.8:53 | 159.148.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.148.232.199.in-addr.arpa | udp |
| NL | 199.232.148.159:443 | abs.twimg.com | tcp |
| US | 8.8.8.8:53 | c.paypal.com | udp |
| US | 8.8.8.8:53 | www.recaptcha.net | udp |
| NL | 172.217.168.227:443 | www.recaptcha.net | tcp |
| US | 192.55.233.1:443 | tcp | |
| US | 8.8.8.8:53 | t.paypal.com | udp |
| US | 151.101.1.35:443 | t.paypal.com | tcp |
| US | 8.8.8.8:53 | 227.168.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.1.101.151.in-addr.arpa | udp |
| US | 192.55.233.1:443 | tcp | |
| US | 8.8.8.8:53 | b.stats.paypal.com | udp |
| US | 64.4.245.84:443 | b.stats.paypal.com | tcp |
| NL | 172.217.168.227:443 | www.recaptcha.net | udp |
| US | 8.8.8.8:53 | 84.245.4.64.in-addr.arpa | udp |
| RU | 5.42.92.51:19057 | tcp | |
| NL | 23.72.252.171:443 | store.akamai.steamstatic.com | tcp |
| NL | 23.72.252.171:443 | store.akamai.steamstatic.com | tcp |
| NL | 23.72.252.171:443 | store.akamai.steamstatic.com | tcp |
| US | 8.8.8.8:53 | dub.stats.paypal.com | udp |
| US | 64.4.245.84:443 | dub.stats.paypal.com | tcp |
| US | 8.8.8.8:53 | c6.paypal.com | udp |
| US | 151.101.1.35:443 | c6.paypal.com | tcp |
| NL | 23.72.252.160:443 | community.akamai.steamstatic.com | tcp |
| NL | 23.72.252.160:443 | community.akamai.steamstatic.com | tcp |
| NL | 23.72.252.160:443 | community.akamai.steamstatic.com | tcp |
| US | 8.8.8.8:53 | login.steampowered.com | udp |
| NL | 23.222.49.98:443 | login.steampowered.com | tcp |
| US | 8.8.8.8:53 | api.steampowered.com | udp |
| NL | 23.222.49.98:443 | api.steampowered.com | tcp |
| US | 18.239.36.105:443 | static-assets-prod.unrealengine.com | tcp |
| US | 8.8.8.8:53 | talon-website-prod.ecosec.on.epicgames.com | udp |
| US | 172.64.146.120:443 | talon-website-prod.ecosec.on.epicgames.com | tcp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 120.146.64.172.in-addr.arpa | udp |
| RU | 5.42.92.190:80 | 5.42.92.190 | tcp |
| US | 8.8.8.8:53 | 190.92.42.5.in-addr.arpa | udp |
| US | 194.49.94.72:80 | tcp | |
| US | 8.8.8.8:53 | talon-service-prod.ecosec.on.epicgames.com | udp |
| US | 172.64.146.120:443 | talon-service-prod.ecosec.on.epicgames.com | tcp |
| US | 172.64.146.120:443 | talon-service-prod.ecosec.on.epicgames.com | tcp |
| US | 8.8.8.8:53 | js.hcaptcha.com | udp |
| US | 104.19.219.90:443 | js.hcaptcha.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | 254.21.238.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 90.219.19.104.in-addr.arpa | udp |
| NL | 142.250.179.162:443 | googleads.g.doubleclick.net | tcp |
| NL | 142.250.179.162:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | newassets.hcaptcha.com | udp |
| US | 8.8.8.8:53 | rr1---sn-ntqe6nes.googlevideo.com | udp |
| AU | 74.125.152.6:443 | rr1---sn-ntqe6nes.googlevideo.com | tcp |
| AU | 74.125.152.6:443 | rr1---sn-ntqe6nes.googlevideo.com | tcp |
| US | 8.8.8.8:53 | 162.179.250.142.in-addr.arpa | udp |
| AU | 74.125.152.6:443 | rr1---sn-ntqe6nes.googlevideo.com | tcp |
| US | 8.8.8.8:53 | api.hcaptcha.com | udp |
| US | 8.8.8.8:53 | 6.152.125.74.in-addr.arpa | udp |
| AU | 74.125.152.6:443 | rr1---sn-ntqe6nes.googlevideo.com | tcp |
| AU | 74.125.152.6:443 | rr1---sn-ntqe6nes.googlevideo.com | tcp |
| AU | 74.125.152.6:443 | rr1---sn-ntqe6nes.googlevideo.com | tcp |
| AU | 74.125.152.6:443 | rr1---sn-ntqe6nes.googlevideo.com | tcp |
| US | 8.8.8.8:53 | numpersb.fun | udp |
| US | 8.8.8.8:53 | killredls.pw | udp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 8.8.8.8:53 | 57.53.21.104.in-addr.arpa | udp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| RU | 5.42.92.51:19057 | tcp | |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| RU | 5.42.92.190:80 | 5.42.92.190 | tcp |
| NL | 194.169.175.118:80 | 194.169.175.118 | tcp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 8.8.8.8:53 | 118.175.169.194.in-addr.arpa | udp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| US | 104.21.53.57:80 | killredls.pw | tcp |
| RU | 5.42.65.80:80 | 5.42.65.80 | tcp |
| US | 8.8.8.8:53 | 80.65.42.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.179.141:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 194.49.94.11:80 | tcp | |
| RU | 5.42.92.190:80 | 5.42.92.190 | tcp |
| IT | 185.196.9.161:80 | 185.196.9.161 | tcp |
| US | 8.8.8.8:53 | youtube.com | udp |
| NL | 216.58.214.14:443 | youtube.com | tcp |
| US | 8.8.8.8:53 | 161.9.196.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.214.58.216.in-addr.arpa | udp |
| RU | 185.174.136.219:443 | tcp | |
| RU | 5.42.92.51:19057 | tcp | |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| NL | 142.251.39.106:443 | jnn-pa.googleapis.com | tcp |
| NL | 142.251.36.6:443 | static.doubleclick.net | tcp |
| NL | 142.251.39.106:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | 106.39.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.36.251.142.in-addr.arpa | udp |
| RU | 5.42.92.190:80 | 5.42.92.190 | tcp |
| RU | 5.42.64.16:443 | 5.42.64.16 | tcp |
| US | 8.8.8.8:53 | 16.64.42.5.in-addr.arpa | udp |
| US | 194.49.94.11:80 | tcp | |
| RU | 5.42.92.51:19057 | tcp | |
| RU | 5.42.92.190:80 | 5.42.92.190 | tcp |
| RU | 5.42.64.16:443 | tcp | |
| US | 8.8.8.8:53 | 208.143.182.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| NL | 142.251.36.14:443 | play.google.com | udp |
| US | 8.8.8.8:53 | host-file-host6.com | udp |
| US | 8.8.8.8:53 | host-host-file8.com | udp |
| US | 95.214.26.28:80 | host-host-file8.com | tcp |
| US | 8.8.8.8:53 | 28.26.214.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bluepablo.fun | udp |
| US | 104.21.18.41:80 | bluepablo.fun | tcp |
| US | 104.21.18.41:80 | bluepablo.fun | tcp |
| US | 8.8.8.8:53 | 41.18.21.104.in-addr.arpa | udp |
| US | 104.21.18.41:80 | bluepablo.fun | tcp |
| US | 104.21.18.41:80 | bluepablo.fun | tcp |
| US | 104.21.18.41:80 | bluepablo.fun | tcp |
| RU | 5.42.92.190:80 | 5.42.92.190 | tcp |
| US | 104.21.18.41:80 | bluepablo.fun | tcp |
| US | 104.21.18.41:80 | bluepablo.fun | tcp |
| RU | 5.42.64.16:443 | tcp | |
| US | 104.21.18.41:80 | bluepablo.fun | tcp |
| US | 104.21.18.41:80 | bluepablo.fun | tcp |
| US | 104.21.18.41:80 | bluepablo.fun | tcp |
| US | 104.21.18.41:80 | bluepablo.fun | tcp |
| US | 194.49.94.11:80 | tcp | |
| US | 104.21.18.41:80 | bluepablo.fun | tcp |
| US | 104.21.18.41:80 | bluepablo.fun | tcp |
| US | 104.21.18.41:80 | bluepablo.fun | tcp |
| US | 104.21.18.41:80 | bluepablo.fun | tcp |
| US | 104.21.18.41:80 | bluepablo.fun | tcp |
| RU | 5.42.92.51:19057 | tcp | |
| US | 104.21.18.41:80 | bluepablo.fun | tcp |
| US | 104.21.18.41:80 | bluepablo.fun | tcp |
| US | 104.21.18.41:80 | bluepablo.fun | tcp |
| US | 104.21.18.41:80 | bluepablo.fun | tcp |
| US | 104.21.18.41:80 | bluepablo.fun | tcp |
| US | 104.21.18.41:80 | bluepablo.fun | tcp |
| US | 104.21.18.41:80 | bluepablo.fun | tcp |
| US | 104.21.18.41:80 | bluepablo.fun | tcp |
| US | 104.21.18.41:80 | bluepablo.fun | tcp |
| US | 104.21.18.41:80 | bluepablo.fun | tcp |
| US | 104.21.18.41:80 | bluepablo.fun | tcp |
| US | 104.21.18.41:80 | bluepablo.fun | tcp |
| US | 8.8.8.8:53 | a607afb9-cfeb-450b-9c61-9ad52efe99e1.uuid.theupdatetime.org | udp |
| US | 104.21.18.41:80 | bluepablo.fun | tcp |
| US | 104.21.18.41:80 | bluepablo.fun | tcp |
| US | 104.21.18.41:80 | bluepablo.fun | tcp |
| US | 104.21.18.41:80 | bluepablo.fun | tcp |
| US | 104.21.18.41:80 | bluepablo.fun | tcp |
| US | 104.21.18.41:80 | bluepablo.fun | tcp |
| US | 104.21.18.41:80 | bluepablo.fun | tcp |
| RU | 5.42.92.190:80 | 5.42.92.190 | tcp |
| US | 104.21.18.41:80 | bluepablo.fun | tcp |
| US | 104.21.18.41:80 | bluepablo.fun | tcp |
| US | 104.21.18.41:80 | bluepablo.fun | tcp |
| US | 104.21.18.41:80 | bluepablo.fun | tcp |
| US | 104.21.18.41:80 | bluepablo.fun | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\TE2WV74.exe
| MD5 | 30535dbea1a8f20f03764628922ddce8 |
| SHA1 | b78b6322a732371dcd4eac9a11c3622279e12454 |
| SHA256 | ca522fc6114dd4d42fee18bc1fecd4bc67953c0673f28fa80b6256d4e822a111 |
| SHA512 | 6f2d49308404dafbd160b30ffd76f73d815ebbb450fe583721b8c933f4af7f664759b2263620810f4a30ff8b630ee0dbfd987e68e1e57d6aa18d05d104298a5f |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\TE2WV74.exe
| MD5 | 30535dbea1a8f20f03764628922ddce8 |
| SHA1 | b78b6322a732371dcd4eac9a11c3622279e12454 |
| SHA256 | ca522fc6114dd4d42fee18bc1fecd4bc67953c0673f28fa80b6256d4e822a111 |
| SHA512 | 6f2d49308404dafbd160b30ffd76f73d815ebbb450fe583721b8c933f4af7f664759b2263620810f4a30ff8b630ee0dbfd987e68e1e57d6aa18d05d104298a5f |
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\dj6IH98.exe
| MD5 | 441ac2de734e22476928a87387f126c8 |
| SHA1 | 45e8572633cbfc83f5ad0a693bba33bcc7ba6166 |
| SHA256 | d07e15dd90dfde57e0be814287a8137ab18978c8f2441adff65cffd105c8c6e3 |
| SHA512 | 268a6a69bf7c861506ed1768d9ba2ad171ff7a3b96a1672b61e4e43f27c34cc0a8f5e06421ab9838d1a54d4df5e50448279af6b91b0da5c1469304abb274df03 |
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\dj6IH98.exe
| MD5 | 441ac2de734e22476928a87387f126c8 |
| SHA1 | 45e8572633cbfc83f5ad0a693bba33bcc7ba6166 |
| SHA256 | d07e15dd90dfde57e0be814287a8137ab18978c8f2441adff65cffd105c8c6e3 |
| SHA512 | 268a6a69bf7c861506ed1768d9ba2ad171ff7a3b96a1672b61e4e43f27c34cc0a8f5e06421ab9838d1a54d4df5e50448279af6b91b0da5c1469304abb274df03 |
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\Yz6py91.exe
| MD5 | 1b95e5d740ef32aab2088a9443d09c00 |
| SHA1 | 294a970fa95fbc123b701b0b205902cf8825bf47 |
| SHA256 | 212dde2520a4022e15a005cb7049154c89e727e94d7fc2df8cd4fe6962f8fa43 |
| SHA512 | aa0ce6780bec58f78fdb5c98db838e07da46981742eacc92a2b7c45081e2daead372cbe099243a7ad6ab4515b138560825e0678a75fcd02f80432bf115f3a3cf |
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\Yz6py91.exe
| MD5 | 1b95e5d740ef32aab2088a9443d09c00 |
| SHA1 | 294a970fa95fbc123b701b0b205902cf8825bf47 |
| SHA256 | 212dde2520a4022e15a005cb7049154c89e727e94d7fc2df8cd4fe6962f8fa43 |
| SHA512 | aa0ce6780bec58f78fdb5c98db838e07da46981742eacc92a2b7c45081e2daead372cbe099243a7ad6ab4515b138560825e0678a75fcd02f80432bf115f3a3cf |
C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1jo01oA3.exe
| MD5 | 0bc1c5b45eee17ffe42b96d4e73c9e3a |
| SHA1 | 129b4ec2c0d057b9181047a8dfd31fbdb66c04c8 |
| SHA256 | 01a0e7711533d7dc6591c29e2e9ebe1b982ce631605701ab0be3a9332a1e7391 |
| SHA512 | bb183d45d7d58dd80d889316c0104ce51cf98c2fe70614cf72b805d66628a7a459219991dc426dca7cf9424fff2c8483921851cb215d2b80219b695ca8bd0e00 |
C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1jo01oA3.exe
| MD5 | 0bc1c5b45eee17ffe42b96d4e73c9e3a |
| SHA1 | 129b4ec2c0d057b9181047a8dfd31fbdb66c04c8 |
| SHA256 | 01a0e7711533d7dc6591c29e2e9ebe1b982ce631605701ab0be3a9332a1e7391 |
| SHA512 | bb183d45d7d58dd80d889316c0104ce51cf98c2fe70614cf72b805d66628a7a459219991dc426dca7cf9424fff2c8483921851cb215d2b80219b695ca8bd0e00 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6f9bc20747520b37b3f22c169195824e |
| SHA1 | de0472972d51b2d9419ff0d714706bef0c6f81d8 |
| SHA256 | a176ef484b676f39eaefe30f33df548ef0e4e3b34c4651ac3fb4351404d288b0 |
| SHA512 | 179e5be96746cfbcc9483de68527d96464f3ce6cb09dc4b5e546a93c5e1dad36ab842a4cdfa336169af4ca459bdc42a2cac72e577699a455ffb7efd9c1c80f11 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6f9bc20747520b37b3f22c169195824e |
| SHA1 | de0472972d51b2d9419ff0d714706bef0c6f81d8 |
| SHA256 | a176ef484b676f39eaefe30f33df548ef0e4e3b34c4651ac3fb4351404d288b0 |
| SHA512 | 179e5be96746cfbcc9483de68527d96464f3ce6cb09dc4b5e546a93c5e1dad36ab842a4cdfa336169af4ca459bdc42a2cac72e577699a455ffb7efd9c1c80f11 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6f9bc20747520b37b3f22c169195824e |
| SHA1 | de0472972d51b2d9419ff0d714706bef0c6f81d8 |
| SHA256 | a176ef484b676f39eaefe30f33df548ef0e4e3b34c4651ac3fb4351404d288b0 |
| SHA512 | 179e5be96746cfbcc9483de68527d96464f3ce6cb09dc4b5e546a93c5e1dad36ab842a4cdfa336169af4ca459bdc42a2cac72e577699a455ffb7efd9c1c80f11 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6f9bc20747520b37b3f22c169195824e |
| SHA1 | de0472972d51b2d9419ff0d714706bef0c6f81d8 |
| SHA256 | a176ef484b676f39eaefe30f33df548ef0e4e3b34c4651ac3fb4351404d288b0 |
| SHA512 | 179e5be96746cfbcc9483de68527d96464f3ce6cb09dc4b5e546a93c5e1dad36ab842a4cdfa336169af4ca459bdc42a2cac72e577699a455ffb7efd9c1c80f11 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6f9bc20747520b37b3f22c169195824e |
| SHA1 | de0472972d51b2d9419ff0d714706bef0c6f81d8 |
| SHA256 | a176ef484b676f39eaefe30f33df548ef0e4e3b34c4651ac3fb4351404d288b0 |
| SHA512 | 179e5be96746cfbcc9483de68527d96464f3ce6cb09dc4b5e546a93c5e1dad36ab842a4cdfa336169af4ca459bdc42a2cac72e577699a455ffb7efd9c1c80f11 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6dded92ec95cf9f22410bdeac841a00d |
| SHA1 | 83c32c23d53c59d654868f0b2a5c6be0a46249c2 |
| SHA256 | 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e |
| SHA512 | e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6dded92ec95cf9f22410bdeac841a00d |
| SHA1 | 83c32c23d53c59d654868f0b2a5c6be0a46249c2 |
| SHA256 | 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e |
| SHA512 | e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6dded92ec95cf9f22410bdeac841a00d |
| SHA1 | 83c32c23d53c59d654868f0b2a5c6be0a46249c2 |
| SHA256 | 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e |
| SHA512 | e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6dded92ec95cf9f22410bdeac841a00d |
| SHA1 | 83c32c23d53c59d654868f0b2a5c6be0a46249c2 |
| SHA256 | 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e |
| SHA512 | e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6dded92ec95cf9f22410bdeac841a00d |
| SHA1 | 83c32c23d53c59d654868f0b2a5c6be0a46249c2 |
| SHA256 | 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e |
| SHA512 | e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6dded92ec95cf9f22410bdeac841a00d |
| SHA1 | 83c32c23d53c59d654868f0b2a5c6be0a46249c2 |
| SHA256 | 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e |
| SHA512 | e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6dded92ec95cf9f22410bdeac841a00d |
| SHA1 | 83c32c23d53c59d654868f0b2a5c6be0a46249c2 |
| SHA256 | 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e |
| SHA512 | e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6dded92ec95cf9f22410bdeac841a00d |
| SHA1 | 83c32c23d53c59d654868f0b2a5c6be0a46249c2 |
| SHA256 | 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e |
| SHA512 | e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6dded92ec95cf9f22410bdeac841a00d |
| SHA1 | 83c32c23d53c59d654868f0b2a5c6be0a46249c2 |
| SHA256 | 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e |
| SHA512 | e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6dded92ec95cf9f22410bdeac841a00d |
| SHA1 | 83c32c23d53c59d654868f0b2a5c6be0a46249c2 |
| SHA256 | 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e |
| SHA512 | e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6dded92ec95cf9f22410bdeac841a00d |
| SHA1 | 83c32c23d53c59d654868f0b2a5c6be0a46249c2 |
| SHA256 | 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e |
| SHA512 | e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6dded92ec95cf9f22410bdeac841a00d |
| SHA1 | 83c32c23d53c59d654868f0b2a5c6be0a46249c2 |
| SHA256 | 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e |
| SHA512 | e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6dded92ec95cf9f22410bdeac841a00d |
| SHA1 | 83c32c23d53c59d654868f0b2a5c6be0a46249c2 |
| SHA256 | 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e |
| SHA512 | e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8 |
\??\pipe\LOCAL\crashpad_5000_SYNTCTZAHVZPNGZP
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6dded92ec95cf9f22410bdeac841a00d |
| SHA1 | 83c32c23d53c59d654868f0b2a5c6be0a46249c2 |
| SHA256 | 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e |
| SHA512 | e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8 |
\??\pipe\LOCAL\crashpad_568_RBYHZIGFOHCBIUIU
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6dded92ec95cf9f22410bdeac841a00d |
| SHA1 | 83c32c23d53c59d654868f0b2a5c6be0a46249c2 |
| SHA256 | 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e |
| SHA512 | e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6dded92ec95cf9f22410bdeac841a00d |
| SHA1 | 83c32c23d53c59d654868f0b2a5c6be0a46249c2 |
| SHA256 | 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e |
| SHA512 | e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8 |
\??\pipe\LOCAL\crashpad_3692_YKTKAVCJUQISGCCP
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6dded92ec95cf9f22410bdeac841a00d |
| SHA1 | 83c32c23d53c59d654868f0b2a5c6be0a46249c2 |
| SHA256 | 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e |
| SHA512 | e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8 |
\??\pipe\LOCAL\crashpad_4428_BEKMDJXWABFEFLJV
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 48e3ddd89787f31675655a77ec868a27 |
| SHA1 | 7fb4a0b4f90edb667c00c5cc105539ae1edee564 |
| SHA256 | 6590e43702ae8a62a3c53b264aec0c2d62f57cd1520702151620ae66a9788366 |
| SHA512 | dee1e435121d276be528c75159e654fd7680ff84ce00547090f0775d0fd5fb06e319685073c13eb23b11f8511e1b7265fd2222f414166bdf6ceccc942750bbe9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 418d3d1fd90e79e8a7149fae3a73188d |
| SHA1 | dae15f87150cd5557870b0f88e54bf82ee3fd0c8 |
| SHA256 | d25e12ffc20686a2cde5f97a569993b36bf3cd629f403845c65cc13f43344829 |
| SHA512 | 4ce07efd525112b9889c63ac252e62e2a93471b40357dbada5f4fc5a20d11d3843ff4fb86bf16251cd88d956d8c856c0d767e8eecc21a14af199cedc1f9f3773 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6dded92ec95cf9f22410bdeac841a00d |
| SHA1 | 83c32c23d53c59d654868f0b2a5c6be0a46249c2 |
| SHA256 | 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e |
| SHA512 | e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8 |
\??\pipe\LOCAL\crashpad_652_OGGPTPBMUTUCTEZQ
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 48e3ddd89787f31675655a77ec868a27 |
| SHA1 | 7fb4a0b4f90edb667c00c5cc105539ae1edee564 |
| SHA256 | 6590e43702ae8a62a3c53b264aec0c2d62f57cd1520702151620ae66a9788366 |
| SHA512 | dee1e435121d276be528c75159e654fd7680ff84ce00547090f0775d0fd5fb06e319685073c13eb23b11f8511e1b7265fd2222f414166bdf6ceccc942750bbe9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | d6be75989217f1dc0feca9a2a3e4db41 |
| SHA1 | 803d4fe4059cfe05949e0d1182c3d8dddb2a7ae6 |
| SHA256 | 5daa183f35db57c875d3fda1bf639da388b57522e49fe15dc998566f29336e2e |
| SHA512 | bdb51aedad0f16af1f97dd3c73b4cb58afe3b44e2db4c0b10b1679f96011d6f358af6d9cd44269aaf38876903414f3cde43bdca57e1df95a4d0934383491bbc6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | f2115bb63c59f33eba53905e69bd5a70 |
| SHA1 | 12d25f87603401a5c1d3796f102c78ba4e9a0a2b |
| SHA256 | bf797146e71301c41a72c1dba3eb9739bfda5cdd996ca2494beae5260b5deff0 |
| SHA512 | 0e404031d0e90288fe8ba30509c6f7cacfce51369133373c61d329f8a2d6faf516f710e04d67561dbbec732018d128869a2ccba0d54778d15566d791f05b4f76 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 418d3d1fd90e79e8a7149fae3a73188d |
| SHA1 | dae15f87150cd5557870b0f88e54bf82ee3fd0c8 |
| SHA256 | d25e12ffc20686a2cde5f97a569993b36bf3cd629f403845c65cc13f43344829 |
| SHA512 | 4ce07efd525112b9889c63ac252e62e2a93471b40357dbada5f4fc5a20d11d3843ff4fb86bf16251cd88d956d8c856c0d767e8eecc21a14af199cedc1f9f3773 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | d6be75989217f1dc0feca9a2a3e4db41 |
| SHA1 | 803d4fe4059cfe05949e0d1182c3d8dddb2a7ae6 |
| SHA256 | 5daa183f35db57c875d3fda1bf639da388b57522e49fe15dc998566f29336e2e |
| SHA512 | bdb51aedad0f16af1f97dd3c73b4cb58afe3b44e2db4c0b10b1679f96011d6f358af6d9cd44269aaf38876903414f3cde43bdca57e1df95a4d0934383491bbc6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6dded92ec95cf9f22410bdeac841a00d |
| SHA1 | 83c32c23d53c59d654868f0b2a5c6be0a46249c2 |
| SHA256 | 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e |
| SHA512 | e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6dded92ec95cf9f22410bdeac841a00d |
| SHA1 | 83c32c23d53c59d654868f0b2a5c6be0a46249c2 |
| SHA256 | 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e |
| SHA512 | e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 69ffca7f4d6cedec0203a51b9be70cb5 |
| SHA1 | d0dc81deaadddce617783160dbcdc9e149fe7aec |
| SHA256 | f3196928655fc08d11412bb94a07a4b0d592194e054918cd31e1008faf530545 |
| SHA512 | 4f4b7d017d2702646c5cdec15d681dd26a9302065b824f62c67ff2587e3e522ff5df4048c1b821d7798eac939fc6ac213794e17bd4fd7f016496366772a064dc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | f2115bb63c59f33eba53905e69bd5a70 |
| SHA1 | 12d25f87603401a5c1d3796f102c78ba4e9a0a2b |
| SHA256 | bf797146e71301c41a72c1dba3eb9739bfda5cdd996ca2494beae5260b5deff0 |
| SHA512 | 0e404031d0e90288fe8ba30509c6f7cacfce51369133373c61d329f8a2d6faf516f710e04d67561dbbec732018d128869a2ccba0d54778d15566d791f05b4f76 |
\??\pipe\LOCAL\crashpad_3148_SFMAOEPELAEIWHOC
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2zK4690.exe
| MD5 | f29901bb423728e9870066689e343fd0 |
| SHA1 | 12a007f46ea97e534b98b643a1ff130e1e1512c8 |
| SHA256 | 7d879ef44ecbe3f698bb4730c57d04325aec88c0c8a5f982ed7ce4c088f45d09 |
| SHA512 | 604e2b91c9d87fd78073a70096a8d105221a08981a760f986fd0e63bc38e22da376d561964298af449521b8c4aa420c0cf58dbd4b93a7e28fd543d24b53b4c26 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6dded92ec95cf9f22410bdeac841a00d |
| SHA1 | 83c32c23d53c59d654868f0b2a5c6be0a46249c2 |
| SHA256 | 1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e |
| SHA512 | e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 2eae4ba5ce539bd2d905291be04c60ca |
| SHA1 | dd93c66394a7cb73e070761609827ac4d1afb3e0 |
| SHA256 | 8598bf529bc45c39cbac957450af4db51330cf9a365cde3906cd80c77223c13e |
| SHA512 | 51872156925af7f983a7897d4ebf45dca48a937dab4b00b3e5f97c4d4f3f496c5ddad88d67b43f4b37dca824dda29fcdafd6d0df65cd35bd96ed2a665a8172c6 |
C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2zK4690.exe
| MD5 | f29901bb423728e9870066689e343fd0 |
| SHA1 | 12a007f46ea97e534b98b643a1ff130e1e1512c8 |
| SHA256 | 7d879ef44ecbe3f698bb4730c57d04325aec88c0c8a5f982ed7ce4c088f45d09 |
| SHA512 | 604e2b91c9d87fd78073a70096a8d105221a08981a760f986fd0e63bc38e22da376d561964298af449521b8c4aa420c0cf58dbd4b93a7e28fd543d24b53b4c26 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 2eae4ba5ce539bd2d905291be04c60ca |
| SHA1 | dd93c66394a7cb73e070761609827ac4d1afb3e0 |
| SHA256 | 8598bf529bc45c39cbac957450af4db51330cf9a365cde3906cd80c77223c13e |
| SHA512 | 51872156925af7f983a7897d4ebf45dca48a937dab4b00b3e5f97c4d4f3f496c5ddad88d67b43f4b37dca824dda29fcdafd6d0df65cd35bd96ed2a665a8172c6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 69ffca7f4d6cedec0203a51b9be70cb5 |
| SHA1 | d0dc81deaadddce617783160dbcdc9e149fe7aec |
| SHA256 | f3196928655fc08d11412bb94a07a4b0d592194e054918cd31e1008faf530545 |
| SHA512 | 4f4b7d017d2702646c5cdec15d681dd26a9302065b824f62c67ff2587e3e522ff5df4048c1b821d7798eac939fc6ac213794e17bd4fd7f016496366772a064dc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 48e3ddd89787f31675655a77ec868a27 |
| SHA1 | 7fb4a0b4f90edb667c00c5cc105539ae1edee564 |
| SHA256 | 6590e43702ae8a62a3c53b264aec0c2d62f57cd1520702151620ae66a9788366 |
| SHA512 | dee1e435121d276be528c75159e654fd7680ff84ce00547090f0775d0fd5fb06e319685073c13eb23b11f8511e1b7265fd2222f414166bdf6ceccc942750bbe9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 418d3d1fd90e79e8a7149fae3a73188d |
| SHA1 | dae15f87150cd5557870b0f88e54bf82ee3fd0c8 |
| SHA256 | d25e12ffc20686a2cde5f97a569993b36bf3cd629f403845c65cc13f43344829 |
| SHA512 | 4ce07efd525112b9889c63ac252e62e2a93471b40357dbada5f4fc5a20d11d3843ff4fb86bf16251cd88d956d8c856c0d767e8eecc21a14af199cedc1f9f3773 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | d6be75989217f1dc0feca9a2a3e4db41 |
| SHA1 | 803d4fe4059cfe05949e0d1182c3d8dddb2a7ae6 |
| SHA256 | 5daa183f35db57c875d3fda1bf639da388b57522e49fe15dc998566f29336e2e |
| SHA512 | bdb51aedad0f16af1f97dd3c73b4cb58afe3b44e2db4c0b10b1679f96011d6f358af6d9cd44269aaf38876903414f3cde43bdca57e1df95a4d0934383491bbc6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 2eae4ba5ce539bd2d905291be04c60ca |
| SHA1 | dd93c66394a7cb73e070761609827ac4d1afb3e0 |
| SHA256 | 8598bf529bc45c39cbac957450af4db51330cf9a365cde3906cd80c77223c13e |
| SHA512 | 51872156925af7f983a7897d4ebf45dca48a937dab4b00b3e5f97c4d4f3f496c5ddad88d67b43f4b37dca824dda29fcdafd6d0df65cd35bd96ed2a665a8172c6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | f2115bb63c59f33eba53905e69bd5a70 |
| SHA1 | 12d25f87603401a5c1d3796f102c78ba4e9a0a2b |
| SHA256 | bf797146e71301c41a72c1dba3eb9739bfda5cdd996ca2494beae5260b5deff0 |
| SHA512 | 0e404031d0e90288fe8ba30509c6f7cacfce51369133373c61d329f8a2d6faf516f710e04d67561dbbec732018d128869a2ccba0d54778d15566d791f05b4f76 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e7aa7b5e1f54a8e68bc373801924de57 |
| SHA1 | 9ae4657addf29b8504c4740560bd5aa2faf4c747 |
| SHA256 | ef4083b040a6a8e2d48dd5e1d9ba076991b1bfa323bb5e0007b746fb64eb4c86 |
| SHA512 | 8ebf902eafc75a779f1e6863682b2c941daf0856bc4e4428b5d4792ee3b3c1d888a4ceac58ac18eb1d57273b821ecf20d33ba0a6c007290940cc75ccf7a1cd2b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 7ca60565da23c34e200056c5f3aefc45 |
| SHA1 | 8b67763de20e4a8391de019f6da6f14cf31adc4d |
| SHA256 | 338691bb110d1e378cdb8ab525b293e03cc39f9aed89cdfd5a3ec4cebfaada25 |
| SHA512 | a5e0b02e20bdb71a854a32dc21043d073aa4562798e1b51ea9b60685375be1c4cc48fe32ad0a8bace359f2f45e63aec3f85176c7c8734445d79ad95864ba40fd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
memory/7604-277-0x0000000000400000-0x0000000000433000-memory.dmp
memory/7604-278-0x0000000000400000-0x0000000000433000-memory.dmp
memory/7604-279-0x0000000000400000-0x0000000000433000-memory.dmp
memory/7620-282-0x0000000000400000-0x000000000040B000-memory.dmp
memory/7604-283-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 41f182ae2d49bd5c253adfcd1becb034 |
| SHA1 | e11e80adf315d756e31a44f8d2c2b982751d0c02 |
| SHA256 | 4be16de9e97c54091a55591104cf177c89e207e22f4a0a558087998d98609e69 |
| SHA512 | 1401e51739184139d9897fa433ac35d52010e679b479b4f1563bbadfeff984aece82af80803a34edc8b79a7771c63786f67a0aa1a2308ac593cd019cb5cf6453 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | e05436aebb117e9919978ca32bbcefd9 |
| SHA1 | 97b2af055317952ce42308ea69b82301320eb962 |
| SHA256 | cc9bd0953e70356e31a957ad9a9b1926f5e2a9f6a297cdef303ac693a2a86b7f |
| SHA512 | 11328e9514ffaa3c1eab84fae06595d75c8503bd5601adfd806182d46065752885a871b738439b356d1bb2c1ac71fc81e9d46bd2d0daa1b2ba0f40543bf952b9 |
memory/3220-439-0x0000000002CA0000-0x0000000002CB6000-memory.dmp
memory/7620-441-0x0000000000400000-0x000000000040B000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001
| MD5 | 923a543cc619ea568f91b723d9fb1ef0 |
| SHA1 | 6f4ade25559645c741d7327c6e16521e43d7e1f9 |
| SHA256 | bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd |
| SHA512 | a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003
| MD5 | 7d75a9eb3b38b5dd04b8a7ce4f1b87cc |
| SHA1 | 68f598c84936c9720c5ffd6685294f5c94000dff |
| SHA256 | 6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7 |
| SHA512 | cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027
| MD5 | fdbf5bcfbb02e2894a519454c232d32f |
| SHA1 | 5e225710e9560458ac032ab80e24d0f3cb81b87a |
| SHA256 | d9315d0678ac213bbe2c1de27528f82fd40dbff160f5a0c19850f891da29ea1c |
| SHA512 | 9eb86ebb1b50074df9bd94f7660df6f362b5a46411b35ce820740f629f8ef77f0b49a95c5550441a7db2b2638f0ed3d0204cb8f8c76391c05401506833b8c916 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028
| MD5 | 4e08109ee6888eeb2f5d6987513366bc |
| SHA1 | 86340f5fa46d1a73db2031d80699937878da635e |
| SHA256 | bf44187e1683e78d3040bcef6263e25783c6936096ff0a621677d411dd9d1339 |
| SHA512 | 4e477fd9e58676c0e00744dbe3421e528dd2faeca2ab998ebbeb349b35bb3711dcf78d8c9e7adba66b4d681d1982c31cac42024c8b19e19537a5615dac39c661 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 3e83c9beca76f68165575384898c5214 |
| SHA1 | c0dc1750cefef7554fe7968e4f00cf47400c0a72 |
| SHA256 | 4509fa3f19a29c4c3c5091287ee9e723a0f089de4254b435e064970adbf0670e |
| SHA512 | b112431951b9f88c58bb4fefe5bcf998a999d21a903e22d325992cc71122f01d56444e0c1e95d7273bc9df96433ed423a66d2da9f2cc25e4072fb729303d586c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe584ea8.TMP
| MD5 | 2c78012f390960b311682b357d618a06 |
| SHA1 | 9ae4755ec998ecd338450f0d43bedf6072f43d08 |
| SHA256 | ec7e042413403db14251db1e80387ba7c035481fa252fdd890488b4196f4b8b8 |
| SHA512 | b202913ed35b547a025fe0f9ce240ba957a0041cbd8ccae7b58ab6b0135a32ced0dbd97c5a2fc7a9fc8ab7edd43d32d26198a62c8e2d353c34a3b00d929f4a11 |
memory/8052-534-0x0000000000400000-0x000000000043C000-memory.dmp
memory/8052-536-0x0000000074050000-0x0000000074800000-memory.dmp
memory/8052-537-0x0000000007C90000-0x0000000008234000-memory.dmp
memory/8052-538-0x0000000007780000-0x0000000007812000-memory.dmp
memory/8052-541-0x0000000007A10000-0x0000000007A20000-memory.dmp
memory/8052-542-0x0000000007930000-0x000000000793A000-memory.dmp
memory/8052-546-0x0000000008860000-0x0000000008E78000-memory.dmp
memory/8052-547-0x0000000008240000-0x000000000834A000-memory.dmp
memory/8052-548-0x0000000007B60000-0x0000000007B72000-memory.dmp
memory/8052-549-0x0000000007BC0000-0x0000000007BFC000-memory.dmp
memory/8052-550-0x0000000007C00000-0x0000000007C4C000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5f04f34dbded85ed03b5629b12e72c4f |
| SHA1 | 51d5f43ad5bbcc22b37182a140fa32e6594268a7 |
| SHA256 | 67fb93bfe965b94318a4fdc7c07e629321d14c937b6c319286c17344073eb742 |
| SHA512 | b203454186a172c0c338acd15cdd6cdd52fe029d301418436fdb1d7cfda3403e7e98afc9b8fb478098ff89ed312ea32736f0ac576b0a0ff74ef6044da64f007c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000038
| MD5 | 740a924b01c31c08ad37fe04d22af7c5 |
| SHA1 | 34feb0face110afc3a7673e36d27eee2d4edbbff |
| SHA256 | f0e1953b71cc4abbffdd5096d99dfb274688e517c381b15c3446c28a4ac416e0 |
| SHA512 | da7061f944c69245c2f66b0e6a8b5a9bca91bda8a73f99734dcb23db56c5047de796fa7e348ff8840d9ac123436e38a4206408573215b7e5e98942ea6d66bb7c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 4b29282dad7c097fde004f52d7bd7aee |
| SHA1 | fe55ded4fc7cf1d27e850c35e02a74a7f3ff3a74 |
| SHA256 | 21e323af7f0ba03b63b8933d3c005b831041e6f43f9961c53bc12b397b7f026f |
| SHA512 | d38cd210253304188eb8229af30ce3f38b8640537754518cbbe262b6f16c368de31c258fe88ae2e5d5c61732407ea9fcb7588aedf017659f20b76fc1ec97a03e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 65eab379ffbb16b073bbfcc64eae6f99 |
| SHA1 | 7637bfa097b50223b1ae43ce8905c7e72cfece93 |
| SHA256 | 62e3b10b9643e75bbe9068d9292009427749fe2805c675bb85d8a191d9fda267 |
| SHA512 | 03c96423976e896db3aa3a8191bf02e6e01af8d8a9c6a2a16afd00623ee9b2272d798675d2601e2c14c5da1364e638fbeb31311c0e89a53763a251a37a201d28 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 0a162de90d2cbdbadb8c5f662e5d5b8c |
| SHA1 | 607ab211123503db725e46430de863b0c0d12f10 |
| SHA256 | a1decde0c08d61f93db7ce64616a22bf07d664f95f29e55b5236ee40add864a3 |
| SHA512 | 4402318b6a787815333b814aaf4b15d098401f989afd9bc088ed6362b0fe79a5ad030ad4eef74bd4e7d844453e6bf50297edfb3d139eae2b281ce63c95703695 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 9fd3c64e4de6b0d7ecdff58fbfb335ec |
| SHA1 | 61c8a683cfe699ab5c828ec28e9638c5899373a7 |
| SHA256 | 07ee9ea6062d3cf9251b93ae271f3728760e121aaa83823bfaa785c271c23597 |
| SHA512 | 348392e44dcf664da75edda52b18081386d7954bc9729cf0439d897988d14f629d9acf6c7fb3d12651843464e1114ea52c120ec6cab8fdb5da878b1694fcd4b1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 1211241672f9118e6e54094fe1285160 |
| SHA1 | 2c9c451ebd1c9fd88d01cbc2febe825852974eb3 |
| SHA256 | b2da859aaf72bfae79ce067f537a33105a33c29f638297f152f387e7295ee51f |
| SHA512 | 11ec134e8d6d816ebcccff1f0cfb8fff32eb8fc87af26b13d65c9df5ca9dfd22268cf512571ad485121bc4fa6a20341174f9166487e1f1deeb929392889260b4 |
memory/6392-763-0x0000000000400000-0x0000000000488000-memory.dmp
memory/6392-764-0x0000000000400000-0x0000000000488000-memory.dmp
memory/6392-765-0x0000000000400000-0x0000000000488000-memory.dmp
memory/6392-767-0x0000000000400000-0x0000000000488000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 407aa7041e97ccfd91da42dd473fb068 |
| SHA1 | c73795e61de89166842fcb075e079106de953c96 |
| SHA256 | 9d63f7622b7e76779df5e654de0bca5eb5a7958bb53fe5fc81d566d03d472d55 |
| SHA512 | 4c8564f6a98309e463d91c12ea709c75e845f6bf0bb7a5ad8465d4df444a1c2bbd5e7b08c62f6852b7408adc5dcff24f48023609bfa2000e0315f96d04bfb69f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 35dd065f36587ded1e3ef5ab0a80599d |
| SHA1 | b2b8556a53e32d8e7679ba5b846ec11715952cad |
| SHA256 | db1acc42b15d423b2d202362a49aacb29723bc0c8b217c874a1d8cfb04ff04d3 |
| SHA512 | ff1d1ff6ada92c8a66944e096c6baec3c9d7662090b16b54d6c44df853903ec03c0be1c47f358a0a5afc1904fda5c8fa32cb0a65f48ce51959dd3a172d96d854 |
memory/8052-927-0x0000000074050000-0x0000000074800000-memory.dmp
memory/8052-928-0x0000000007A10000-0x0000000007A20000-memory.dmp
memory/7440-933-0x0000000000400000-0x000000000046F000-memory.dmp
memory/7440-934-0x0000000000470000-0x00000000004CA000-memory.dmp
memory/7440-938-0x0000000074050000-0x0000000074800000-memory.dmp
memory/5804-950-0x0000000000B80000-0x0000000000B9E000-memory.dmp
memory/5804-951-0x0000000074050000-0x0000000074800000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | ad2ca62fb7f0f0bc10cd7a0f1c1cb42d |
| SHA1 | 03e39138dfcc4aad7b762996ec12f32a548b8713 |
| SHA256 | 41ee9b8010d2692ca6ce0f4420a5bc51ab63fa8cd3a98ddac26273e95dc971e0 |
| SHA512 | 1fdc58bfe0ba949e871f4d558a62fb802fa0f00ee372fa34d0e8f4da25a04067946a8a32b7ea4c74a29691c86c46897721316ec557001d637ac54946e3c2ec0e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58eaf7.TMP
| MD5 | d68098085a56118821086bf59c48303e |
| SHA1 | 939035a772365f9cca442dab60d32abbd8c9ac15 |
| SHA256 | cef4e9ade49b0afc77cfe3fa7f5b5c20ed173528899fa014aa8e4e6af29c8f6b |
| SHA512 | 491d923641e1313dd9d7514a00a35f08440559b3bb852f1a8b057e5b08f3f459e029b25e64f9c5595eb51a898695563b314d214ce06455a16ebbed7609d7595c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 879f7ade7eb7f4e171fa71011973f893 |
| SHA1 | b72e613273e826b289adb3d3d0abd7391cd714a7 |
| SHA256 | 0b1d6271a79389709080d5d195bc6b477a14c4668f8f16448191181b72c2b58f |
| SHA512 | 1876e433ca6fc2b6d6e113722327f0c2886bb78560ecd297b716f8fbd7f54cc46f8af979929e28f6f0e647a94f176e8cc528563c29e2e217a81a0efd0a197abd |
memory/5804-956-0x0000000002E40000-0x0000000002E50000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\8da771e7-48f7-4fc7-8c60-2f01800fd0ff\index-dir\the-real-index
| MD5 | bb4ec2fd92e86566b7717a5da82c282f |
| SHA1 | e363bfb11de858dcad563fe1e836472175cdf940 |
| SHA256 | d3df6506ddc4ea50b6c5562c622d5fcc2179029f5a696756e3588fb8f57f6451 |
| SHA512 | 47fc860926b805f262d5e205f67f27411ce4c2a95270bc4a94a8e401ca1b7f2d6bcf065b6d19b748fd7292a5aed3b86bf08924c77e26b8fb57ec1c2676d91ad1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\8da771e7-48f7-4fc7-8c60-2f01800fd0ff\index-dir\the-real-index~RFe58f846.TMP
| MD5 | 207b50d651ca51c256475f731bf0e7aa |
| SHA1 | a09c95d6e7e877464d0e5504a8f1e55986a6086a |
| SHA256 | 09d58ef96be39d904a5a23968dd15f5a8250ecc859fc76bd3836664375d3e955 |
| SHA512 | 6d1809bb8c4f23672da0d77085c6f7398e97d8d7045d21555fef19d21d49d68e0ce7b717550569e11c8b9f5a27822aacd39792eca0f65d9c0576385bd136be2b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 52aa61e23dac074b1ba76985e23686e5 |
| SHA1 | 50ece15e8db9a7655b5272a2cd1d430730e0bbf5 |
| SHA256 | de38fb395fcab9c388112de9cb898b9644eec6c9be00d74c9e9a93fe9cf666f1 |
| SHA512 | 9fa65d6b70b5194094599907bf7e22a1dade7aa2d0ee9d4b0b8f4a608898fe694878871f447d64895af560d17960c0f7d4a882c8fa1e8c3e093b6aaa2f5c7b59 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\5049651d-dc42-4cdb-8449-776e6db73930.tmp
| MD5 | 7437dff6da03492c3a059ccaab77d7e6 |
| SHA1 | ed2d62d48017b5befb65900926c31acb3042c586 |
| SHA256 | 273d8ae9515096d521d11a8900ec0befc2c8fdc7c40e765f5b393151dc46b915 |
| SHA512 | 6146e8a9e50c5216b37f0ccc113089e1dc17f63a31428a8c487eca9195f9041af689bfcfbfd72871fe2b3728262101948cb735c10b4e8aba4dd6b1f434f1d9a7 |
memory/7440-988-0x0000000000400000-0x000000000046F000-memory.dmp
memory/7440-994-0x0000000074050000-0x0000000074800000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | dc083fe6bb4f49b2c4ceb5b177f15401 |
| SHA1 | d6e68b46e6acfaebf8daa58fcdf1a70da338382a |
| SHA256 | afb06e101fb6d08940cf36d526e5ab8fe8adde480782b1f5f35293de0d1c80fa |
| SHA512 | dca011b2e05e8a5e2f6cd797f5306bd67644789e40ef75734ffabf6893b4268569dc310d864e36c3b5e775f2d57e30762cb46caf11106303b2b2e1bb4c859c79 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 0f108a41a14e6d4f440caae4d66a29a0 |
| SHA1 | e2f492824775734279f0d5b09242021c192bd1c8 |
| SHA256 | 4dd50758c3a426aafaca74a6953cd703a34abadd5d1839e53321a00db730adda |
| SHA512 | 0c54a247d237144b01b12e917ed68b5b7dede0aef6e5c0e5cd69e79a521f60b455088e76a7a85e3e64f0aa0c04bbc6bc09b6a242fc102dfe72d8b40a77df28ee |
memory/5592-1020-0x0000000074050000-0x0000000074800000-memory.dmp
memory/5592-1021-0x0000000000310000-0x0000000000FAA000-memory.dmp
memory/3432-1030-0x0000016850E80000-0x0000016850F6E000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | a023bff881323491be171d70db316de9 |
| SHA1 | 10b95d6cd339fb23d7f348824de595922d59bf23 |
| SHA256 | 869439d06ecbb35ae06d6f2fb2fb34dde7a0524abc2c4a20732b6336841e11a0 |
| SHA512 | f085395b35551f1ecdf6dd2fe496556787f94caba4d83e2215ef91734505b42a44bcffb7d5ecc88711cf723df388e40e4e8a701ded9d59bd6adf604a0bb81441 |
C:\Users\Admin\AppData\Local\Temp\InstallSetup5.exe
| MD5 | bc3354a4cd405a2f2f98e8b343a7d08d |
| SHA1 | 4880d2a987354a3163461fddd2422e905976c5b2 |
| SHA256 | fffc160a4c555057143383fec606841cd2c319f79f52596e0d27322a677dca0b |
| SHA512 | fe349af0497e2aa6933b1acfea9fecd2c1f16da009a06ac7d7f638353283da3ef04e9c3520d33bae6e15ea6190420a27be97f46e5553a538b661af226c241c6b |
memory/3432-1044-0x000001686B3A0000-0x000001686B480000-memory.dmp
memory/3432-1048-0x000001686B540000-0x000001686B620000-memory.dmp
memory/3432-1049-0x00007FFD15980000-0x00007FFD16441000-memory.dmp
memory/8028-1050-0x0000018F83810000-0x0000018F838B2000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\toolspub2.exe
| MD5 | dcbd05276d11111f2dd2a7edf52e3386 |
| SHA1 | f5dc6d418d9fb2d2cfa4af440ec4ff78da8f11ec |
| SHA256 | cea5245bab036b03f89d549c71f47df8a14854b0de515643bf95319ec5af71d4 |
| SHA512 | 5f1a9c993cd5394e23b39c43cc7479355c922d1ee8ea48109bbad805209dee697e20759257eca9e2f1b75d34a8c4b4c428a736fa8a468dc18de6c44cb6394846 |
memory/3432-1052-0x000001686B620000-0x000001686B6E8000-memory.dmp
memory/8028-1061-0x00007FFD15980000-0x00007FFD16441000-memory.dmp
memory/8028-1063-0x0000018F9DD30000-0x0000018F9DE30000-memory.dmp
memory/3432-1062-0x000001686B7F0000-0x000001686B8B8000-memory.dmp
memory/3432-1064-0x000001686B530000-0x000001686B540000-memory.dmp
memory/3432-1069-0x000001686B8C0000-0x000001686B90C000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe
| MD5 | c067b4583e122ce237ff22e9c2462f87 |
| SHA1 | 8a4545391b205291f0c0ee90c504dc458732f4ed |
| SHA256 | a16dbcd03a7549fbaf7cad1bedd01dcb961a5d43c873f1d1a50892618a06662e |
| SHA512 | 0767cba9f10154b4e28cf6a55b6fc827a96c4fbc88e2d67acd645a0a7a604a3beb63ea58d7febcf8b17de1ea3d2097e76ceac1b36b9fecf9a0945a31a9e211c3 |
C:\Users\Admin\AppData\Local\Temp\latestX.exe
| MD5 | bae29e49e8190bfbbf0d77ffab8de59d |
| SHA1 | 4a6352bb47c7e1666a60c76f9b17ca4707872bd9 |
| SHA256 | f91e4ff7811a5848561463d970c51870c9299a80117a89fb86a698b9f727de87 |
| SHA512 | 9e6cf6519e21143f9b570a878a5ca1bba376256217c34ab676e8d632611d468f277a0d6f946ab8705121002d96a89274f38458affe3df3a3a1c75e336d7d66e2 |
memory/1492-1084-0x0000000000D40000-0x0000000000D41000-memory.dmp
memory/5592-1085-0x0000000074050000-0x0000000074800000-memory.dmp
memory/3744-1088-0x000001EFF4A70000-0x000001EFF4B54000-memory.dmp
memory/8028-1089-0x0000018F85600000-0x0000018F85656000-memory.dmp
memory/3432-1090-0x00007FFD15980000-0x00007FFD16441000-memory.dmp
memory/3744-1086-0x0000000000400000-0x00000000004AA000-memory.dmp
memory/3744-1092-0x000001EFF4A60000-0x000001EFF4A70000-memory.dmp
memory/3744-1091-0x00007FFD15980000-0x00007FFD16441000-memory.dmp
memory/3744-1093-0x000001EFF4A70000-0x000001EFF4B51000-memory.dmp
memory/3744-1094-0x000001EFF4A70000-0x000001EFF4B51000-memory.dmp
memory/3744-1097-0x000001EFF4A70000-0x000001EFF4B51000-memory.dmp
memory/8028-1096-0x0000018F9DE30000-0x0000018F9DE84000-memory.dmp
memory/3744-1099-0x000001EFF4A70000-0x000001EFF4B51000-memory.dmp
memory/3744-1101-0x000001EFF4A70000-0x000001EFF4B51000-memory.dmp
memory/3744-1103-0x000001EFF4A70000-0x000001EFF4B51000-memory.dmp
memory/3744-1105-0x000001EFF4A70000-0x000001EFF4B51000-memory.dmp
memory/3744-1107-0x000001EFF4A70000-0x000001EFF4B51000-memory.dmp
memory/3744-1109-0x000001EFF4A70000-0x000001EFF4B51000-memory.dmp
memory/3744-1111-0x000001EFF4A70000-0x000001EFF4B51000-memory.dmp
memory/3744-1113-0x000001EFF4A70000-0x000001EFF4B51000-memory.dmp
memory/3744-1115-0x000001EFF4A70000-0x000001EFF4B51000-memory.dmp
memory/3744-1118-0x000001EFF4A70000-0x000001EFF4B51000-memory.dmp
memory/3744-1120-0x000001EFF4A70000-0x000001EFF4B51000-memory.dmp
memory/3744-1122-0x000001EFF4A70000-0x000001EFF4B51000-memory.dmp
memory/3744-1124-0x000001EFF4A70000-0x000001EFF4B51000-memory.dmp
memory/3744-1126-0x000001EFF4A70000-0x000001EFF4B51000-memory.dmp
memory/3744-1129-0x000001EFF4A70000-0x000001EFF4B51000-memory.dmp
memory/3744-1131-0x000001EFF4A70000-0x000001EFF4B51000-memory.dmp
memory/3744-1133-0x000001EFF4A70000-0x000001EFF4B51000-memory.dmp
memory/3744-1135-0x000001EFF4A70000-0x000001EFF4B51000-memory.dmp
memory/3744-1137-0x000001EFF4A70000-0x000001EFF4B51000-memory.dmp
memory/3744-1139-0x000001EFF4A70000-0x000001EFF4B51000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 76253003e9eecd3058e3d23d2f393697 |
| SHA1 | 92179ff7da3ef66485dfb25d0817ac5f1ad8aef3 |
| SHA256 | cde2a8f8521fcf93bd9dff672de606f9fe62185444da5c945f437224c92dc8cc |
| SHA512 | 2b31480d7e91b43830ff0a35abb3978f2f53a8b603b4d2c852b97cd448e9fc5c20865c605c4ff99848937aab51c2f97b3780f912c60bb3ecb61adf937be403d8 |
memory/5804-1164-0x0000000074050000-0x0000000074800000-memory.dmp
memory/1796-1169-0x0000000000850000-0x0000000000859000-memory.dmp
memory/1796-1167-0x00000000008C0000-0x00000000009C0000-memory.dmp
memory/5440-1171-0x0000000000400000-0x0000000000409000-memory.dmp
memory/5804-1173-0x0000000002E40000-0x0000000002E50000-memory.dmp
memory/2660-1195-0x0000000002A90000-0x0000000002E94000-memory.dmp
memory/2660-1198-0x0000000002EA0000-0x000000000378B000-memory.dmp
memory/5440-1610-0x0000000000400000-0x0000000000409000-memory.dmp
memory/8028-1933-0x00007FFD15980000-0x00007FFD16441000-memory.dmp
memory/8060-1946-0x00007FFD15980000-0x00007FFD16441000-memory.dmp
memory/8060-1948-0x0000020BEA550000-0x0000020BEA560000-memory.dmp
memory/8060-1950-0x0000020BEA550000-0x0000020BEA560000-memory.dmp
memory/8028-2374-0x0000018F9DF20000-0x0000018F9DF30000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_rtvl5xya.y1x.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/1492-2745-0x0000000000D40000-0x0000000000D41000-memory.dmp
memory/2660-2749-0x0000000000400000-0x0000000000D1C000-memory.dmp
memory/3744-3033-0x00007FFD15980000-0x00007FFD16441000-memory.dmp
memory/3744-3035-0x000001EFF4A60000-0x000001EFF4A70000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 526fdfaa15a90f2383234a49ce3f2415 |
| SHA1 | 9ecf1c53dfbf3cb72b9b34e82683a30af644b08e |
| SHA256 | 9ada4384df8649a5d80b2cd488c14e8e5052a8a8c9c002b93b9a1ae3d80fd2a2 |
| SHA512 | 63bdcfc582aabb905f456c5feb42388c534adc5894fe8db54769ce59bc3a2aa2801c3f7ceab775ababfa014622cdf239332631362c22d1a7875984f3874ab294 |
memory/8028-3048-0x00007FFD15980000-0x00007FFD16441000-memory.dmp
memory/2660-3299-0x0000000002A90000-0x0000000002E94000-memory.dmp
memory/6572-3303-0x00007FFD15980000-0x00007FFD16441000-memory.dmp
memory/6572-3307-0x000001DF3ADE0000-0x000001DF3ADF0000-memory.dmp
memory/1912-3309-0x0000000002D30000-0x0000000002D66000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 657a75f5d99f4bdf21857485f3c0e366 |
| SHA1 | 1881bf0e219eec730b77911ea1ce0e28145c566b |
| SHA256 | 2d5fbcfd6f1b77b8bb9de06b1442383aa8c763b3113157910e2fdf36857637eb |
| SHA512 | dfbb7baf97ed04e518840cadf1e888da25db7e75552402d97ecfcb089df8b9d5a584d7ea2658b00e313ba24f0d52df95a31175d71ea4eab24f08a7e2eaf49b4f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 0ecb6684ac3f14e5b6a6f2d3afa4b256 |
| SHA1 | 4ca485df2ca0ac59d595538bfa723a386d078c34 |
| SHA256 | 58fa82c989e6bf1683296ff7927fd9f5fee7aab57800950cfb671875e3f31858 |
| SHA512 | e9d86d052b1602b87587a94514ba6fc9e0311f87d2aa4b2f83086b01afa3532ea381a3cbdef9ae28c963ecb25d5a1d3e1666351346a2abcd8c70439a64f60288 |