Analysis Overview
SHA256
71334cb3df06b322134688d24e5b8620d691a38ac42d72c5c0071b3de563fcb4
Threat Level: Known bad
The file NEAS.71334cb3df06b322134688d24e5b8620d691a38ac42d72c5c0071b3de563fcb4.exe was found to be: Known bad.
Malicious Activity Summary
SectopRAT
SmokeLoader
ZGRat
Glupteba payload
Glupteba
Detect ZGRat V1
RedLine payload
SectopRAT payload
RedLine
Detect Mystic stealer payload
Mystic
Modifies Windows Firewall
Stops running service(s)
Downloads MZ/PE file
Loads dropped DLL
Executes dropped EXE
Checks computer location settings
Adds Run key to start application
Suspicious use of SetThreadContext
AutoIT Executable
Launches sc.exe
Program crash
Enumerates physical storage devices
Unsigned PE
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of UnmapMainImage
Suspicious behavior: EnumeratesProcesses
Enumerates system info in registry
Checks SCSI registry key(s)
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Uses Task Scheduler COM API
Suspicious use of WriteProcessMemory
Suspicious behavior: MapViewOfSection
Suspicious use of SetWindowsHookEx
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2023-11-11 10:19
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2023-11-11 10:19
Reported
2023-11-11 10:22
Platform
win10v2004-20231020-en
Max time kernel
130s
Max time network
173s
Command Line
Signatures
Detect Mystic stealer payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Detect ZGRat V1
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Glupteba
Glupteba payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Mystic
RedLine
RedLine payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
SectopRAT
SectopRAT payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
SmokeLoader
ZGRat
Downloads MZ/PE file
Modifies Windows Firewall
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\netsh.exe | N/A |
Stops running service(s)
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\3F82.exe | N/A |
Executes dropped EXE
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\13CC.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\13CC.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup2 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP002.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\il6TO71.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\NEAS.71334cb3df06b322134688d24e5b8620d691a38ac42d72c5c0071b3de563fcb4.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\oX7aM97.exe | N/A |
AutoIT Executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 216 set thread context of 1244 | N/A | C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\2xX9632.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
| PID 6848 set thread context of 7028 | N/A | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7iW1Jx87.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
| PID 776 set thread context of 6208 | N/A | C:\Users\Admin\AppData\Local\Temp\toolspub2.exe | C:\Users\Admin\AppData\Local\Temp\toolspub2.exe |
| PID 1148 set thread context of 4120 | N/A | C:\Users\Admin\AppData\Local\Temp\4D00.exe | C:\Users\Admin\AppData\Local\Temp\4D00.exe |
Launches sc.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\sc.exe | N/A |
| N/A | N/A | C:\Windows\System32\sc.exe | N/A |
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\13CC.exe |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3SM20sS.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\toolspub2.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\toolspub2.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\toolspub2.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3SM20sS.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3SM20sS.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3SM20sS.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: 33 | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\19D8.exe | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\5389.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\4D00.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Broom.exe | N/A |
Suspicious use of UnmapMainImage
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\NEAS.71334cb3df06b322134688d24e5b8620d691a38ac42d72c5c0071b3de563fcb4.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.71334cb3df06b322134688d24e5b8620d691a38ac42d72c5c0071b3de563fcb4.exe"
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\oX7aM97.exe
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\oX7aM97.exe
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\il6TO71.exe
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\il6TO71.exe
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1xl97kQ5.exe
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1xl97kQ5.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x180,0x184,0x188,0x15c,0x18c,0x7ffb00cc46f8,0x7ffb00cc4708,0x7ffb00cc4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffb00cc46f8,0x7ffb00cc4708,0x7ffb00cc4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x16c,0x170,0x174,0x148,0x178,0x7ffb00cc46f8,0x7ffb00cc4708,0x7ffb00cc4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffb00cc46f8,0x7ffb00cc4708,0x7ffb00cc4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffb00cc46f8,0x7ffb00cc4708,0x7ffb00cc4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffb00cc46f8,0x7ffb00cc4708,0x7ffb00cc4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffb00cc46f8,0x7ffb00cc4708,0x7ffb00cc4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x170,0x174,0x178,0x14c,0x17c,0x7ffb00cc46f8,0x7ffb00cc4708,0x7ffb00cc4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffb00cc46f8,0x7ffb00cc4708,0x7ffb00cc4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x144,0x168,0x16c,0x104,0x170,0x7ffb00cc46f8,0x7ffb00cc4708,0x7ffb00cc4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2196,16952089889257483017,13353985119968581268,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2196,16952089889257483017,13353985119968581268,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2560 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,17192415223056869127,9281595580747476707,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,17192415223056869127,9281595580747476707,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1928,10699591254079011576,16700980322441209338,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2460 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,16952089889257483017,13353985119968581268,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2212 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1928,10699591254079011576,16700980322441209338,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1940 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,2291392232880931591,4848171483171463507,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,2291392232880931591,4848171483171463507,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,1688564792391440565,8822630275609111135,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,1688564792391440565,8822630275609111135,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,1300520911432831144,247340722816498949,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,1300520911432831144,247340722816498949,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,16952089889257483017,13353985119968581268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,16952089889257483017,13353985119968581268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,8516493097350361068,3073051086013021819,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,8516493097350361068,3073051086013021819,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,11384404966947697983,16056548132724519174,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,16952089889257483017,13353985119968581268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4024 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,16952089889257483017,13353985119968581268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3852 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,16952089889257483017,13353985119968581268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4180 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1472,7762468403827029752,514735179999092379,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2068 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,16952089889257483017,13353985119968581268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4332 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,16952089889257483017,13353985119968581268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4556 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,16952089889257483017,13353985119968581268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4840 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,16952089889257483017,13353985119968581268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,16952089889257483017,13353985119968581268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,16952089889257483017,13353985119968581268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,16952089889257483017,13353985119968581268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6408 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,16952089889257483017,13353985119968581268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6312 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\2xX9632.exe
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\2xX9632.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3SM20sS.exe
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3SM20sS.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2196,16952089889257483017,13353985119968581268,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=8652 /prefetch:8
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1244 -s 540
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 1244 -ip 1244
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7iW1Jx87.exe
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7iW1Jx87.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4c0 0x1cc
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1244 -s 540
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2196,16952089889257483017,13353985119968581268,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=8784 /prefetch:8
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,16952089889257483017,13353985119968581268,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9164 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,16952089889257483017,13353985119968581268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8988 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,16952089889257483017,13353985119968581268,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9692 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,16952089889257483017,13353985119968581268,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9692 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,16952089889257483017,13353985119968581268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7780 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,16952089889257483017,13353985119968581268,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7552 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,16952089889257483017,13353985119968581268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9432 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,16952089889257483017,13353985119968581268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6536 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\13CC.exe
C:\Users\Admin\AppData\Local\Temp\13CC.exe
C:\Users\Admin\AppData\Local\Temp\19D8.exe
C:\Users\Admin\AppData\Local\Temp\19D8.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 6468 -ip 6468
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6468 -s 784
C:\Users\Admin\AppData\Local\Temp\3F82.exe
C:\Users\Admin\AppData\Local\Temp\3F82.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,16952089889257483017,13353985119968581268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6680 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\4D00.exe
C:\Users\Admin\AppData\Local\Temp\4D00.exe
C:\Users\Admin\AppData\Local\Temp\5389.exe
C:\Users\Admin\AppData\Local\Temp\5389.exe
C:\Users\Admin\AppData\Local\Temp\InstallSetup5.exe
"C:\Users\Admin\AppData\Local\Temp\InstallSetup5.exe"
C:\Users\Admin\AppData\Local\Temp\toolspub2.exe
"C:\Users\Admin\AppData\Local\Temp\toolspub2.exe"
C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe
"C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe"
C:\Users\Admin\AppData\Local\Temp\Broom.exe
C:\Users\Admin\AppData\Local\Temp\Broom.exe
C:\Users\Admin\AppData\Local\Temp\latestX.exe
"C:\Users\Admin\AppData\Local\Temp\latestX.exe"
C:\Users\Admin\AppData\Local\Temp\toolspub2.exe
"C:\Users\Admin\AppData\Local\Temp\toolspub2.exe"
C:\Users\Admin\AppData\Local\Temp\4D00.exe
C:\Users\Admin\AppData\Local\Temp\4D00.exe
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -ExecutionPolicy Bypass -WindowStyle Hidden -NoProfile -enc QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcACoALABDADoAXABXAGkAbgBkAG8AdwBzAFwATQBpAGMAcgBvAHMAbwBmAHQALgBOAEUAVABcAEYAcgBhAG0AZQB3AG8AcgBrADYANABcAHYANAAuADAALgAzADAAMwAxADkAXABBAGQAZABJAG4AUAByAG8AYwBlAHMAcwAuAGUAeABlACAALQBGAG8AcgBjAGUAOwAgAEEAZABkAC0ATQBwAFAAcgBlAGYAZQByAGUAbgBjAGUAIAAtAEUAeABjAGwAdQBzAGkAbwBuAFAAcgBvAGMAZQBzAHMAIABDADoAXABXAGkAbgBkAG8AdwBzAFwATQBpAGMAcgBvAHMAbwBmAHQALgBOAEUAVABcAEYAcgBhAG0AZQB3AG8AcgBrADYANABcAHYANAAuADAALgAzADAAMwAxADkAXABBAGQAZABJAG4AUAByAG8AYwBlAHMAcwAuAGUAeABlAA==
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,16952089889257483017,13353985119968581268,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6824 /prefetch:2
C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe
"C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Users\Admin\AppData\Roaming\Tags\Settings.exe
C:\Users\Admin\AppData\Roaming\Tags\Settings.exe
C:\Windows\system32\cmd.exe
C:\Windows\Sysnative\cmd.exe /C "netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes"
C:\Windows\system32\netsh.exe
netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes
C:\Users\Admin\AppData\Local\Temp\FB05.exe
C:\Users\Admin\AppData\Local\Temp\FB05.exe
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramFiles) -Force
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop bits & sc stop dosvc
C:\Windows\System32\sc.exe
sc stop UsoSvc
C:\Windows\System32\sc.exe
sc stop WaaSMedicSvc
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 68.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.177.238.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 9.228.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.1.85.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 208.194.73.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| NL | 142.250.179.141:443 | accounts.google.com | tcp |
| US | 157.240.5.35:443 | www.facebook.com | tcp |
| NL | 23.222.49.98:443 | steamcommunity.com | tcp |
| US | 8.8.8.8:53 | twitter.com | udp |
| US | 8.8.8.8:53 | 141.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.5.240.157.in-addr.arpa | udp |
| US | 104.244.42.65:443 | twitter.com | tcp |
| US | 8.8.8.8:53 | store.steampowered.com | udp |
| NL | 104.85.0.101:443 | store.steampowered.com | tcp |
| US | 8.8.8.8:53 | www.epicgames.com | udp |
| US | 18.213.74.63:443 | www.epicgames.com | tcp |
| US | 8.8.8.8:53 | www.paypal.com | udp |
| US | 151.101.1.21:443 | www.paypal.com | tcp |
| NL | 142.250.179.141:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 98.49.222.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.0.85.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 63.74.213.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.39.65.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| NL | 142.250.179.182:443 | i.ytimg.com | tcp |
| US | 8.8.8.8:53 | 182.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 106.208.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | abs.twimg.com | udp |
| US | 8.8.8.8:53 | api.twitter.com | udp |
| US | 8.8.8.8:53 | pbs.twimg.com | udp |
| US | 104.244.42.194:443 | api.twitter.com | tcp |
| US | 8.8.8.8:53 | video.twimg.com | udp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 8.8.8.8:53 | t.co | udp |
| US | 93.184.220.70:443 | pbs.twimg.com | tcp |
| US | 192.229.220.133:443 | video.twimg.com | tcp |
| US | 104.244.42.197:443 | t.co | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 194.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 141.21.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.220.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.220.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.200:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| NL | 142.250.179.162:443 | googleads.g.doubleclick.net | tcp |
| US | 8.8.8.8:53 | 162.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tracking.epicgames.com | udp |
| US | 8.8.8.8:53 | www.paypalobjects.com | udp |
| US | 8.8.8.8:53 | static-assets-prod.unrealengine.com | udp |
| US | 8.8.8.8:53 | store.akamai.steamstatic.com | udp |
| US | 8.8.8.8:53 | static.xx.fbcdn.net | udp |
| US | 8.8.8.8:53 | community.akamai.steamstatic.com | udp |
| US | 151.101.2.133:443 | www.paypalobjects.com | tcp |
| US | 151.101.2.133:443 | www.paypalobjects.com | tcp |
| US | 151.101.2.133:443 | www.paypalobjects.com | tcp |
| US | 54.205.234.65:443 | tracking.epicgames.com | tcp |
| NL | 23.72.252.160:443 | community.akamai.steamstatic.com | tcp |
| NL | 23.72.252.160:443 | community.akamai.steamstatic.com | tcp |
| NL | 23.72.252.160:443 | community.akamai.steamstatic.com | tcp |
| NL | 23.72.252.171:443 | store.akamai.steamstatic.com | tcp |
| NL | 23.72.252.171:443 | store.akamai.steamstatic.com | tcp |
| NL | 23.72.252.171:443 | store.akamai.steamstatic.com | tcp |
| US | 18.239.36.22:443 | static-assets-prod.unrealengine.com | tcp |
| US | 18.239.36.22:443 | static-assets-prod.unrealengine.com | tcp |
| US | 157.240.5.10:443 | static.xx.fbcdn.net | tcp |
| US | 157.240.5.10:443 | static.xx.fbcdn.net | tcp |
| US | 157.240.5.10:443 | static.xx.fbcdn.net | tcp |
| US | 8.8.8.8:53 | static.ads-twitter.com | udp |
| NL | 199.232.148.157:443 | static.ads-twitter.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| NL | 23.72.252.163:80 | apps.identrust.com | tcp |
| NL | 23.72.252.163:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | 133.2.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 160.252.72.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.252.72.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.36.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.5.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.234.205.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.148.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 163.252.72.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | rr5---sn-q4flrnss.googlevideo.com | udp |
| US | 173.194.57.106:443 | rr5---sn-q4flrnss.googlevideo.com | tcp |
| US | 173.194.57.106:443 | rr5---sn-q4flrnss.googlevideo.com | tcp |
| US | 8.8.8.8:53 | 106.57.194.173.in-addr.arpa | udp |
| US | 173.194.57.106:443 | rr5---sn-q4flrnss.googlevideo.com | tcp |
| US | 173.194.57.106:443 | rr5---sn-q4flrnss.googlevideo.com | tcp |
| NL | 142.250.179.182:443 | i.ytimg.com | udp |
| RU | 5.42.92.190:80 | 5.42.92.190 | tcp |
| US | 194.49.94.72:80 | tcp | |
| US | 8.8.8.8:53 | 190.92.42.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 173.194.57.106:443 | rr5---sn-q4flrnss.googlevideo.com | tcp |
| US | 173.194.57.106:443 | rr5---sn-q4flrnss.googlevideo.com | tcp |
| US | 8.8.8.8:53 | i4.ytimg.com | udp |
| DE | 172.217.23.206:443 | i4.ytimg.com | tcp |
| US | 8.8.8.8:53 | yt3.ggpht.com | udp |
| NL | 142.251.36.1:443 | yt3.ggpht.com | tcp |
| NL | 142.251.36.1:443 | yt3.ggpht.com | tcp |
| NL | 142.251.36.1:443 | yt3.ggpht.com | tcp |
| NL | 142.251.36.1:443 | yt3.ggpht.com | udp |
| US | 8.8.8.8:53 | 121.252.72.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.39.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | static.doubleclick.net | udp |
| DE | 172.217.23.202:443 | jnn-pa.googleapis.com | tcp |
| NL | 142.251.36.6:443 | static.doubleclick.net | tcp |
| DE | 172.217.23.202:443 | jnn-pa.googleapis.com | udp |
| US | 8.8.8.8:53 | 202.23.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 6.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.202.248.87.in-addr.arpa | udp |
| NL | 142.250.179.141:443 | accounts.google.com | udp |
| US | 151.101.2.133:443 | www.paypalobjects.com | tcp |
| RU | 5.42.92.51:19057 | tcp | |
| US | 8.8.8.8:53 | youtube.com | udp |
| NL | 216.58.214.14:443 | youtube.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | 14.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | facebook.com | udp |
| US | 157.240.5.35:443 | facebook.com | tcp |
| US | 8.8.8.8:53 | fbcdn.net | udp |
| US | 157.240.5.35:443 | fbcdn.net | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| NL | 157.240.247.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | fbsbx.com | udp |
| US | 8.8.8.8:53 | 35.247.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.recaptcha.net | udp |
| NL | 172.217.168.227:443 | www.recaptcha.net | tcp |
| US | 8.8.8.8:53 | c.paypal.com | udp |
| US | 8.8.8.8:53 | 59.128.231.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.168.217.172.in-addr.arpa | udp |
| US | 192.55.233.1:443 | tcp | |
| NL | 172.217.168.227:443 | www.recaptcha.net | udp |
| US | 192.55.233.1:443 | tcp | |
| US | 8.8.8.8:53 | b.stats.paypal.com | udp |
| US | 64.4.245.84:443 | b.stats.paypal.com | tcp |
| US | 8.8.8.8:53 | t.paypal.com | udp |
| US | 151.101.1.35:443 | t.paypal.com | tcp |
| US | 8.8.8.8:53 | dub.stats.paypal.com | udp |
| US | 64.4.245.84:443 | dub.stats.paypal.com | tcp |
| US | 8.8.8.8:53 | 84.245.4.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 35.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.epicgames.com | udp |
| US | 52.2.199.143:443 | www.epicgames.com | tcp |
| US | 8.8.8.8:53 | 143.199.2.52.in-addr.arpa | udp |
| US | 18.239.36.22:443 | static-assets-prod.unrealengine.com | tcp |
| NL | 23.72.252.160:443 | community.akamai.steamstatic.com | tcp |
| US | 8.8.8.8:53 | c6.paypal.com | udp |
| US | 151.101.1.35:443 | c6.paypal.com | tcp |
| US | 8.8.8.8:53 | rr5---sn-5hne6ns6.googlevideo.com | udp |
| NL | 209.85.226.106:443 | rr5---sn-5hne6ns6.googlevideo.com | tcp |
| NL | 209.85.226.106:443 | rr5---sn-5hne6ns6.googlevideo.com | tcp |
| NL | 209.85.226.106:443 | rr5---sn-5hne6ns6.googlevideo.com | udp |
| US | 8.8.8.8:53 | 106.226.85.209.in-addr.arpa | udp |
| US | 104.244.42.194:443 | api.twitter.com | tcp |
| US | 104.244.42.194:443 | api.twitter.com | tcp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| RU | 5.42.92.190:80 | 5.42.92.190 | tcp |
| NL | 194.169.175.118:80 | 194.169.175.118 | tcp |
| US | 8.8.8.8:53 | 118.175.169.194.in-addr.arpa | udp |
| US | 8.8.8.8:53 | store.akamai.steamstatic.com | udp |
| US | 8.8.8.8:53 | community.akamai.steamstatic.com | udp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| NL | 23.72.252.169:443 | community.akamai.steamstatic.com | tcp |
| NL | 23.72.252.169:443 | community.akamai.steamstatic.com | tcp |
| NL | 23.72.252.171:443 | store.akamai.steamstatic.com | tcp |
| NL | 23.72.252.171:443 | store.akamai.steamstatic.com | tcp |
| NL | 23.72.252.171:443 | store.akamai.steamstatic.com | tcp |
| RU | 5.42.65.80:80 | 5.42.65.80 | tcp |
| US | 8.8.8.8:53 | 169.252.72.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.65.42.5.in-addr.arpa | udp |
| US | 194.49.94.11:80 | tcp | |
| US | 8.8.8.8:53 | api.steampowered.com | udp |
| NL | 23.222.49.98:443 | api.steampowered.com | tcp |
| US | 8.8.8.8:53 | login.steampowered.com | udp |
| NL | 23.222.49.98:443 | login.steampowered.com | tcp |
| US | 8.8.8.8:53 | talon-website-prod.ecosec.on.epicgames.com | udp |
| US | 104.18.41.136:443 | talon-website-prod.ecosec.on.epicgames.com | tcp |
| US | 8.8.8.8:53 | 136.41.18.104.in-addr.arpa | udp |
| NL | 172.217.168.227:443 | www.recaptcha.net | udp |
| US | 8.8.8.8:53 | talon-service-prod.ecosec.on.epicgames.com | udp |
| US | 104.18.41.136:443 | talon-service-prod.ecosec.on.epicgames.com | tcp |
| US | 104.18.41.136:443 | talon-service-prod.ecosec.on.epicgames.com | tcp |
| US | 8.8.8.8:53 | js.hcaptcha.com | udp |
| US | 104.19.219.90:443 | js.hcaptcha.com | tcp |
| RU | 5.42.92.51:19057 | tcp | |
| US | 8.8.8.8:53 | 90.219.19.104.in-addr.arpa | udp |
| RU | 5.42.92.190:80 | 5.42.92.190 | tcp |
| IT | 185.196.9.161:80 | 185.196.9.161 | tcp |
| US | 8.8.8.8:53 | 161.9.196.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | newassets.hcaptcha.com | udp |
| US | 8.8.8.8:53 | 226.168.217.172.in-addr.arpa | udp |
| RU | 185.174.136.219:443 | tcp | |
| US | 8.8.8.8:53 | api2.hcaptcha.com | udp |
| US | 194.49.94.11:80 | tcp | |
| US | 8.8.8.8:53 | 23.173.189.20.in-addr.arpa | udp |
| RU | 5.42.92.51:19057 | tcp | |
| RU | 5.42.92.190:80 | 5.42.92.190 | tcp |
| RU | 5.42.64.16:443 | tcp | |
| US | 8.8.8.8:53 | 16.64.42.5.in-addr.arpa | udp |
| NL | 142.250.179.141:443 | accounts.google.com | udp |
| NL | 142.250.179.162:443 | googleads.g.doubleclick.net | udp |
| RU | 5.42.92.190:80 | 5.42.92.190 | tcp |
| RU | 5.42.64.16:443 | tcp | |
| US | 194.49.94.11:80 | tcp | |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
| US | 204.79.197.200:443 | tse1.mm.bing.net | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\oX7aM97.exe
| MD5 | c2e3d0d2acdfc790d6c323ba0af80f97 |
| SHA1 | 5b0ea386ac2bcdfecd19c459ed976a50e84e16e4 |
| SHA256 | 3bab105a40d772459dbf2ba6c66e3849728507cc9a35649f34868b215a69b66e |
| SHA512 | f07fca63d94c10863a33cf183a4432f937b15af62032912577701e51f6c59d4cbe8eb0b0344f974113a1830ad103abb01c0e6ec7273eb03456a403e5018db848 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\oX7aM97.exe
| MD5 | c2e3d0d2acdfc790d6c323ba0af80f97 |
| SHA1 | 5b0ea386ac2bcdfecd19c459ed976a50e84e16e4 |
| SHA256 | 3bab105a40d772459dbf2ba6c66e3849728507cc9a35649f34868b215a69b66e |
| SHA512 | f07fca63d94c10863a33cf183a4432f937b15af62032912577701e51f6c59d4cbe8eb0b0344f974113a1830ad103abb01c0e6ec7273eb03456a403e5018db848 |
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\il6TO71.exe
| MD5 | 632bbe6db761faece1b82bf42f088939 |
| SHA1 | 026065750d1808344373fd7ea7821058f810ef45 |
| SHA256 | 785f022f77f5d66b74f1e7c737ee891b796ec606b2dc2c12ee971f94ca2f2da2 |
| SHA512 | 030d920581367af0398ebbfa06b6a5afaecf343c289cb11d5eac6717c5afe8a4affd8306e2878d25322bc9479e4b030155f037182cfc671aa4e4afda9e9d8d7f |
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\il6TO71.exe
| MD5 | 632bbe6db761faece1b82bf42f088939 |
| SHA1 | 026065750d1808344373fd7ea7821058f810ef45 |
| SHA256 | 785f022f77f5d66b74f1e7c737ee891b796ec606b2dc2c12ee971f94ca2f2da2 |
| SHA512 | 030d920581367af0398ebbfa06b6a5afaecf343c289cb11d5eac6717c5afe8a4affd8306e2878d25322bc9479e4b030155f037182cfc671aa4e4afda9e9d8d7f |
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1xl97kQ5.exe
| MD5 | 7271948f09d1f3b488a60b31d61612d5 |
| SHA1 | 5b6f82e87beed7312d80ae602a1c4812889dffdc |
| SHA256 | ea2cdc7d8f6b9d00f2a7fa51fa890de7b15f2ed2cd72a66f8999c3cb3d107ee9 |
| SHA512 | b55ddf1c7d9def34dbcbb56e493d857d737c4786c20e892606ebb9ebb4f3b7463fdcaa3cffaf954352f64d6ab5e0feabf2ad9e6b210ab239906e7771569a5285 |
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1xl97kQ5.exe
| MD5 | 7271948f09d1f3b488a60b31d61612d5 |
| SHA1 | 5b6f82e87beed7312d80ae602a1c4812889dffdc |
| SHA256 | ea2cdc7d8f6b9d00f2a7fa51fa890de7b15f2ed2cd72a66f8999c3cb3d107ee9 |
| SHA512 | b55ddf1c7d9def34dbcbb56e493d857d737c4786c20e892606ebb9ebb4f3b7463fdcaa3cffaf954352f64d6ab5e0feabf2ad9e6b210ab239906e7771569a5285 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 16e56f576d6ace85337e8c07ec00c0bf |
| SHA1 | 5c9579bb4975c93a69d1336eed5f05013dc35b9c |
| SHA256 | 7796a7ba79148fc3cb46e4bbca48094376371ca9dd66f0810f7797c5e24158f5 |
| SHA512 | 69e89f39fa6438a74a48985387cd2e3e003858b0855ee6cd03abf6967674503b98b90573c784b4cf785b9cca594d3c8762f92def24e2bf51374ef5a00921e5e2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 16e56f576d6ace85337e8c07ec00c0bf |
| SHA1 | 5c9579bb4975c93a69d1336eed5f05013dc35b9c |
| SHA256 | 7796a7ba79148fc3cb46e4bbca48094376371ca9dd66f0810f7797c5e24158f5 |
| SHA512 | 69e89f39fa6438a74a48985387cd2e3e003858b0855ee6cd03abf6967674503b98b90573c784b4cf785b9cca594d3c8762f92def24e2bf51374ef5a00921e5e2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 16e56f576d6ace85337e8c07ec00c0bf |
| SHA1 | 5c9579bb4975c93a69d1336eed5f05013dc35b9c |
| SHA256 | 7796a7ba79148fc3cb46e4bbca48094376371ca9dd66f0810f7797c5e24158f5 |
| SHA512 | 69e89f39fa6438a74a48985387cd2e3e003858b0855ee6cd03abf6967674503b98b90573c784b4cf785b9cca594d3c8762f92def24e2bf51374ef5a00921e5e2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 16e56f576d6ace85337e8c07ec00c0bf |
| SHA1 | 5c9579bb4975c93a69d1336eed5f05013dc35b9c |
| SHA256 | 7796a7ba79148fc3cb46e4bbca48094376371ca9dd66f0810f7797c5e24158f5 |
| SHA512 | 69e89f39fa6438a74a48985387cd2e3e003858b0855ee6cd03abf6967674503b98b90573c784b4cf785b9cca594d3c8762f92def24e2bf51374ef5a00921e5e2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 16e56f576d6ace85337e8c07ec00c0bf |
| SHA1 | 5c9579bb4975c93a69d1336eed5f05013dc35b9c |
| SHA256 | 7796a7ba79148fc3cb46e4bbca48094376371ca9dd66f0810f7797c5e24158f5 |
| SHA512 | 69e89f39fa6438a74a48985387cd2e3e003858b0855ee6cd03abf6967674503b98b90573c784b4cf785b9cca594d3c8762f92def24e2bf51374ef5a00921e5e2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 16e56f576d6ace85337e8c07ec00c0bf |
| SHA1 | 5c9579bb4975c93a69d1336eed5f05013dc35b9c |
| SHA256 | 7796a7ba79148fc3cb46e4bbca48094376371ca9dd66f0810f7797c5e24158f5 |
| SHA512 | 69e89f39fa6438a74a48985387cd2e3e003858b0855ee6cd03abf6967674503b98b90573c784b4cf785b9cca594d3c8762f92def24e2bf51374ef5a00921e5e2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 16e56f576d6ace85337e8c07ec00c0bf |
| SHA1 | 5c9579bb4975c93a69d1336eed5f05013dc35b9c |
| SHA256 | 7796a7ba79148fc3cb46e4bbca48094376371ca9dd66f0810f7797c5e24158f5 |
| SHA512 | 69e89f39fa6438a74a48985387cd2e3e003858b0855ee6cd03abf6967674503b98b90573c784b4cf785b9cca594d3c8762f92def24e2bf51374ef5a00921e5e2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 0629525c94f6548880f5f3a67846755e |
| SHA1 | 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423 |
| SHA256 | 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee |
| SHA512 | f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 0629525c94f6548880f5f3a67846755e |
| SHA1 | 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423 |
| SHA256 | 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee |
| SHA512 | f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 0629525c94f6548880f5f3a67846755e |
| SHA1 | 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423 |
| SHA256 | 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee |
| SHA512 | f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 0629525c94f6548880f5f3a67846755e |
| SHA1 | 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423 |
| SHA256 | 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee |
| SHA512 | f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 0629525c94f6548880f5f3a67846755e |
| SHA1 | 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423 |
| SHA256 | 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee |
| SHA512 | f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 0629525c94f6548880f5f3a67846755e |
| SHA1 | 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423 |
| SHA256 | 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee |
| SHA512 | f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 0629525c94f6548880f5f3a67846755e |
| SHA1 | 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423 |
| SHA256 | 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee |
| SHA512 | f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 0629525c94f6548880f5f3a67846755e |
| SHA1 | 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423 |
| SHA256 | 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee |
| SHA512 | f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 0629525c94f6548880f5f3a67846755e |
| SHA1 | 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423 |
| SHA256 | 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee |
| SHA512 | f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 0629525c94f6548880f5f3a67846755e |
| SHA1 | 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423 |
| SHA256 | 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee |
| SHA512 | f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 0629525c94f6548880f5f3a67846755e |
| SHA1 | 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423 |
| SHA256 | 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee |
| SHA512 | f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 0629525c94f6548880f5f3a67846755e |
| SHA1 | 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423 |
| SHA256 | 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee |
| SHA512 | f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 0629525c94f6548880f5f3a67846755e |
| SHA1 | 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423 |
| SHA256 | 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee |
| SHA512 | f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 0629525c94f6548880f5f3a67846755e |
| SHA1 | 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423 |
| SHA256 | 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee |
| SHA512 | f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 0629525c94f6548880f5f3a67846755e |
| SHA1 | 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423 |
| SHA256 | 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee |
| SHA512 | f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 0629525c94f6548880f5f3a67846755e |
| SHA1 | 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423 |
| SHA256 | 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee |
| SHA512 | f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 0629525c94f6548880f5f3a67846755e |
| SHA1 | 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423 |
| SHA256 | 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee |
| SHA512 | f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 0629525c94f6548880f5f3a67846755e |
| SHA1 | 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423 |
| SHA256 | 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee |
| SHA512 | f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa |
\??\pipe\LOCAL\crashpad_1776_WAMELYFTFIWBXJEI
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
\??\pipe\LOCAL\crashpad_3404_XGEUDCGZACAKLLHC
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 0629525c94f6548880f5f3a67846755e |
| SHA1 | 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423 |
| SHA256 | 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee |
| SHA512 | f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa |
\??\pipe\LOCAL\crashpad_696_UFZBWWMOYNTBMLDX
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
\??\pipe\LOCAL\crashpad_5020_HZZSAZWBHBLAVCQE
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
\??\pipe\LOCAL\crashpad_1936_CGYOMTHOHVFXDHZK
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
\??\pipe\LOCAL\crashpad_2848_WGCXMEGBMUDZBLBG
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 0629525c94f6548880f5f3a67846755e |
| SHA1 | 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423 |
| SHA256 | 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee |
| SHA512 | f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | e73c5a001faa152d5017e634d91cf808 |
| SHA1 | b0251cebc09a21f4873d15069db59b6ded816759 |
| SHA256 | 02d5bc55e8f60ab33dadd2c7004a7118fd2c1cfed1de75d31642ee923ec61fd6 |
| SHA512 | 8572aaf3575ab308d8ba588ac10138e80277c6bf9efea31cbfcecbbf6e72fb3102318da68075a4942da09134f24125c8bcab6589809e617198e692ec83749516 |
\??\pipe\LOCAL\crashpad_3652_TFFQNFRHAIJYSCYT
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | c7e937105128f87649d266fce4e0929f |
| SHA1 | ae71af1b56454b62cb94552fab1631f40645ab85 |
| SHA256 | a3b930002233338834fdbaee4b833b4a9e5fb724e6d01d5c748cc842b6299355 |
| SHA512 | e8dbcbaf0d26c8f149a41d5c0d5e66cc368db12feeb7263255ceaaeb2eee60030ae2b1804c2f4c4cf5e9d2bfa06faa32f504c9f323d1bf9d24c31c1e468b75e3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\1c790172-f973-4526-bff7-24429e63ef99.tmp
| MD5 | ba6904d3e4a8c4cb468e1dbc7810e1b5 |
| SHA1 | a7924fd90410478682ad978e0c12b3fe68dc71c4 |
| SHA256 | 88632a565a8cac92c1fc22a421edeff8790b77c439ddb5186abc70a4ccf4853c |
| SHA512 | cbb1311640a6c403178d4c9ad8da83b90cfaf4e8e614dbac2ed6d79a51b12a77c647430e5937a1002b91cec3ce6f37cb3b44434431171c53f9a9e8851fa341c1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | edb0f0a710d60662f049871e4f9ec011 |
| SHA1 | bf0ee0a4e090a4687e2c127a6fc5c2839d44647f |
| SHA256 | fed6d5b89a24ce4275a0b2f2edd5b73084165a54f9393bc962c00b0ef718290d |
| SHA512 | 52f31e85fadb7a2ff145746b4a3148db02dd97a1ec12c31a9d3fbfad71767525c111b43cb606a177e19c4c91de1e7100c2f8e755e98b34561a46b598e0cdddce |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 22ac765c2c74f1c59fa64452264a9e74 |
| SHA1 | ca019603beb73e3e630ea09d515a436a6d96d588 |
| SHA256 | 4b71e5d2f21f775449d19799ac59a3e41b0d7a7e154b6ecbe5126aea4c57cea4 |
| SHA512 | 59f9b33bc96d9c58eaf64244d69d0f92c6e159979251b8abaf1cb187d3cb036a6ea512a8842786df09eedf980ff08bc674a1dfa0a5f0b5236431a5813841e940 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\8925003f-d1da-4ea8-99ac-d7c20c487129.tmp
| MD5 | edb0f0a710d60662f049871e4f9ec011 |
| SHA1 | bf0ee0a4e090a4687e2c127a6fc5c2839d44647f |
| SHA256 | fed6d5b89a24ce4275a0b2f2edd5b73084165a54f9393bc962c00b0ef718290d |
| SHA512 | 52f31e85fadb7a2ff145746b4a3148db02dd97a1ec12c31a9d3fbfad71767525c111b43cb606a177e19c4c91de1e7100c2f8e755e98b34561a46b598e0cdddce |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | ba6904d3e4a8c4cb468e1dbc7810e1b5 |
| SHA1 | a7924fd90410478682ad978e0c12b3fe68dc71c4 |
| SHA256 | 88632a565a8cac92c1fc22a421edeff8790b77c439ddb5186abc70a4ccf4853c |
| SHA512 | cbb1311640a6c403178d4c9ad8da83b90cfaf4e8e614dbac2ed6d79a51b12a77c647430e5937a1002b91cec3ce6f37cb3b44434431171c53f9a9e8851fa341c1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 0629525c94f6548880f5f3a67846755e |
| SHA1 | 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423 |
| SHA256 | 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee |
| SHA512 | f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\7e20e493-0f41-4090-b173-9129ee4a0d4c.tmp
| MD5 | 22ac765c2c74f1c59fa64452264a9e74 |
| SHA1 | ca019603beb73e3e630ea09d515a436a6d96d588 |
| SHA256 | 4b71e5d2f21f775449d19799ac59a3e41b0d7a7e154b6ecbe5126aea4c57cea4 |
| SHA512 | 59f9b33bc96d9c58eaf64244d69d0f92c6e159979251b8abaf1cb187d3cb036a6ea512a8842786df09eedf980ff08bc674a1dfa0a5f0b5236431a5813841e940 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | c9c98977eaac78b92439416e4f49bda7 |
| SHA1 | 4d81416a6a2f0aa632e74517a95ddd086dabdfae |
| SHA256 | fdce0cfd65aeeffca1101cbeb32b9dd5fb5578bff01a0318522ead1da0bb8646 |
| SHA512 | 49ecd8de85fbc527664bee9d4c67dabb11856456155c3bee8e06b6b2f4b2f3e716cfca61ad732bb23f1435cd087d080273bc7a3d573453d2d4eb0871583c22f7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | c9c98977eaac78b92439416e4f49bda7 |
| SHA1 | 4d81416a6a2f0aa632e74517a95ddd086dabdfae |
| SHA256 | fdce0cfd65aeeffca1101cbeb32b9dd5fb5578bff01a0318522ead1da0bb8646 |
| SHA512 | 49ecd8de85fbc527664bee9d4c67dabb11856456155c3bee8e06b6b2f4b2f3e716cfca61ad732bb23f1435cd087d080273bc7a3d573453d2d4eb0871583c22f7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | c7e937105128f87649d266fce4e0929f |
| SHA1 | ae71af1b56454b62cb94552fab1631f40645ab85 |
| SHA256 | a3b930002233338834fdbaee4b833b4a9e5fb724e6d01d5c748cc842b6299355 |
| SHA512 | e8dbcbaf0d26c8f149a41d5c0d5e66cc368db12feeb7263255ceaaeb2eee60030ae2b1804c2f4c4cf5e9d2bfa06faa32f504c9f323d1bf9d24c31c1e468b75e3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | e73c5a001faa152d5017e634d91cf808 |
| SHA1 | b0251cebc09a21f4873d15069db59b6ded816759 |
| SHA256 | 02d5bc55e8f60ab33dadd2c7004a7118fd2c1cfed1de75d31642ee923ec61fd6 |
| SHA512 | 8572aaf3575ab308d8ba588ac10138e80277c6bf9efea31cbfcecbbf6e72fb3102318da68075a4942da09134f24125c8bcab6589809e617198e692ec83749516 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 5211185f5fd20c3257fc25b006267fa9 |
| SHA1 | 9f87eb2534d822a66a970bba41efd635e39bcb10 |
| SHA256 | 7d692ce9ccee457549a5d1cfdeab2010f2b00e654363e291693307ef39c988b9 |
| SHA512 | cc14cb9b7f42b3357aaf4a54b8a116beac1ddec4e213005f3d859d73c35c9a1cb93ef2203282afe77ad0e31c2792c3887630d51d8c8c9238bec97614d6c77a3b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 0629525c94f6548880f5f3a67846755e |
| SHA1 | 40ef667fc04bb1c0ae4bf2c17ded88594f0f4423 |
| SHA256 | 812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee |
| SHA512 | f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 5211185f5fd20c3257fc25b006267fa9 |
| SHA1 | 9f87eb2534d822a66a970bba41efd635e39bcb10 |
| SHA256 | 7d692ce9ccee457549a5d1cfdeab2010f2b00e654363e291693307ef39c988b9 |
| SHA512 | cc14cb9b7f42b3357aaf4a54b8a116beac1ddec4e213005f3d859d73c35c9a1cb93ef2203282afe77ad0e31c2792c3887630d51d8c8c9238bec97614d6c77a3b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 7960fdf65f027f1bd16b43400ced69af |
| SHA1 | d7b15d2ff7b58238893998b567a7081826de4df9 |
| SHA256 | a6bfaf1e9f4b2bebeb636bf43a124adf926e3ab25a9e9808a035fe2769037280 |
| SHA512 | 720d50e79f8a61ac32470f7567f1a77e9b102ead8e0068f724d7456d656671196327dfcb9664e293465c119057e222ce8e84ade44a1ac15744cddf56c2461c8e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 7960fdf65f027f1bd16b43400ced69af |
| SHA1 | d7b15d2ff7b58238893998b567a7081826de4df9 |
| SHA256 | a6bfaf1e9f4b2bebeb636bf43a124adf926e3ab25a9e9808a035fe2769037280 |
| SHA512 | 720d50e79f8a61ac32470f7567f1a77e9b102ead8e0068f724d7456d656671196327dfcb9664e293465c119057e222ce8e84ade44a1ac15744cddf56c2461c8e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | c9c98977eaac78b92439416e4f49bda7 |
| SHA1 | 4d81416a6a2f0aa632e74517a95ddd086dabdfae |
| SHA256 | fdce0cfd65aeeffca1101cbeb32b9dd5fb5578bff01a0318522ead1da0bb8646 |
| SHA512 | 49ecd8de85fbc527664bee9d4c67dabb11856456155c3bee8e06b6b2f4b2f3e716cfca61ad732bb23f1435cd087d080273bc7a3d573453d2d4eb0871583c22f7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 22ac765c2c74f1c59fa64452264a9e74 |
| SHA1 | ca019603beb73e3e630ea09d515a436a6d96d588 |
| SHA256 | 4b71e5d2f21f775449d19799ac59a3e41b0d7a7e154b6ecbe5126aea4c57cea4 |
| SHA512 | 59f9b33bc96d9c58eaf64244d69d0f92c6e159979251b8abaf1cb187d3cb036a6ea512a8842786df09eedf980ff08bc674a1dfa0a5f0b5236431a5813841e940 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | e73c5a001faa152d5017e634d91cf808 |
| SHA1 | b0251cebc09a21f4873d15069db59b6ded816759 |
| SHA256 | 02d5bc55e8f60ab33dadd2c7004a7118fd2c1cfed1de75d31642ee923ec61fd6 |
| SHA512 | 8572aaf3575ab308d8ba588ac10138e80277c6bf9efea31cbfcecbbf6e72fb3102318da68075a4942da09134f24125c8bcab6589809e617198e692ec83749516 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | edb0f0a710d60662f049871e4f9ec011 |
| SHA1 | bf0ee0a4e090a4687e2c127a6fc5c2839d44647f |
| SHA256 | fed6d5b89a24ce4275a0b2f2edd5b73084165a54f9393bc962c00b0ef718290d |
| SHA512 | 52f31e85fadb7a2ff145746b4a3148db02dd97a1ec12c31a9d3fbfad71767525c111b43cb606a177e19c4c91de1e7100c2f8e755e98b34561a46b598e0cdddce |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | c7e937105128f87649d266fce4e0929f |
| SHA1 | ae71af1b56454b62cb94552fab1631f40645ab85 |
| SHA256 | a3b930002233338834fdbaee4b833b4a9e5fb724e6d01d5c748cc842b6299355 |
| SHA512 | e8dbcbaf0d26c8f149a41d5c0d5e66cc368db12feeb7263255ceaaeb2eee60030ae2b1804c2f4c4cf5e9d2bfa06faa32f504c9f323d1bf9d24c31c1e468b75e3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e1732a3bde8067ae0e14b25530118adc |
| SHA1 | 14289cb9a29497c1cc035744923ef81b68b71fe5 |
| SHA256 | 0b6b44360f784b9efc743ddf2a5f5ea808642eb87e0c44bd58583c042e864964 |
| SHA512 | a9a822eacd4b79d91bff8242e5b5ff06c92b76e3bd4d98c9dd55ced48331a221ab799555e11f08be292303718bbcbaf3b19a3c2b03a718de8f5f87962333daae |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | ba6904d3e4a8c4cb468e1dbc7810e1b5 |
| SHA1 | a7924fd90410478682ad978e0c12b3fe68dc71c4 |
| SHA256 | 88632a565a8cac92c1fc22a421edeff8790b77c439ddb5186abc70a4ccf4853c |
| SHA512 | cbb1311640a6c403178d4c9ad8da83b90cfaf4e8e614dbac2ed6d79a51b12a77c647430e5937a1002b91cec3ce6f37cb3b44434431171c53f9a9e8851fa341c1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | d65fe831213a7294932b9989f031aff3 |
| SHA1 | 4dc5daae05abb06c5ee4a62bc3bd000cd413820f |
| SHA256 | 7adcb136fe5f3883c8841e36e1acc87a9a3af2bce439159945cfe993b910bfd9 |
| SHA512 | 9f947d84b8ea79aa95be3584a2a311076199372f26055b84eb9d642abb0701522bd611c7adb5cb1827bfa31973067df750575bb1dabb5f9983af5868e448d54d |
memory/1244-388-0x0000000000400000-0x0000000000433000-memory.dmp
memory/1244-395-0x0000000000400000-0x0000000000433000-memory.dmp
memory/1244-398-0x0000000000400000-0x0000000000433000-memory.dmp
memory/1244-396-0x0000000000400000-0x0000000000433000-memory.dmp
memory/5468-400-0x0000000000400000-0x000000000040B000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a3fb0463843f1262ed353edd4ff68abb |
| SHA1 | 568477ddedca5c8c7e5d7281d1f65c72387be6b3 |
| SHA256 | fd02b0e78c05b674cc851acc28e8a8c35edfb89a5e00ca1355632c58a961bf7b |
| SHA512 | 806bc54b431f30040dd62d44615afa8057bc075eb48a4c7a022f32687a11f45ca52f41397e804d1afb4c06d2fce72733d863539b79d54b9a315bcf5923188008 |
memory/3320-422-0x0000000002870000-0x0000000002886000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | a07cf7869b11236bf5b81ff3dc947ec5 |
| SHA1 | b60acdc1aa3b420f65d4841bd60d2751956f68c7 |
| SHA256 | a860dbd24ce0419f3159217c1cd24741071f9acf5d583246d0e993b8faa6e5a1 |
| SHA512 | 53aa634459f2fd63622bd29f3e164599216675662a3f709e13401c8b44e8da23b3d73c17f05ef55af532032dca2425e2c58c1948aa9cbb44b7cd9abd1d793cb2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5858aa.TMP
| MD5 | 9b965a381f166e8aafb7f1b863a12ea7 |
| SHA1 | 31bd65a3791b2edc93aae2790d446dfbe07931f8 |
| SHA256 | 211ecd8886623d9ba21ae55ad5e347c8efdd3cbd4112e3dff54a10ee9b073c54 |
| SHA512 | ae4ce7a309e91881f31c4cea27ced4a68a0a3c486fb1fa763a1023e027a451dbcfa7e66a838977da47d6cab2f529307814edb75513f0d1d1ca2c8f567e7a31f6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | bfe118faabff464424de3c582c21370c |
| SHA1 | c1e0410f6a3f56e6671b776fde13a00b657a61b8 |
| SHA256 | a98980833542b5250d017ab2a84b4998e21deb8f91a73f35a0af1592f8a6802f |
| SHA512 | daeca686f7291c18b1944b0c5860a7829af24ee4c4b8a256fe58cede1c5e3248bc989386eeedc64605c20fc5873750493d296c00e529628773475f7a4181e52e |
memory/5468-491-0x0000000000400000-0x000000000040B000-memory.dmp
C:\Users\Admin\AppData\Roaming\htvijjd
| MD5 | b938034561ab089d7047093d46deea8f |
| SHA1 | d778c32cc46be09b107fa47cf3505ba5b748853d |
| SHA256 | 260784b1afd8b819cb6ccb91f01090942375e527abdc060dd835992d88c04161 |
| SHA512 | 4909585c112fba3575e07428679fd7add07453e11169f33922faca2012d8e8fa6dfb763d991c68d3b4bbc6e78b6f37d2380c502daada325d73c7fff6c647769b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 5b74d324fdb44ed34271805a387e6b13 |
| SHA1 | 8b3ad27b09c23e0bf5eadf8ab1b1915a4b8d5c42 |
| SHA256 | 4a9b1a1401368cdbc1b0a1d1d396f2e0ff508158ff00197a7abfd501f2399570 |
| SHA512 | 057f1ac2fb3eb18ac7e4bdbe690b7f3afb23299cf04584bef5a1bbff7be679fb76cdccf6af15c532c7db4fd3ff2a0fa6e37a38df28e3bdeee9651a6978bd3c02 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe589d93.TMP
| MD5 | 44252ef66458c3342bc1791ac1068b2e |
| SHA1 | 08e945f188e93f35e5706df824124d38703a097a |
| SHA256 | 8b77093e14b90ab9b7d753e0a1ad8653c1bd6cff4cb18549708e92aac4347388 |
| SHA512 | 996082197147962f435e1ad767b278debf68ad506d0cd9b1a8bc2a0cfa90ce33558faadd1e9d2b6f98764c95c869e221145911b9be9071b8f558876feca79e58 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | fd20981c7184673929dfcab50885629b |
| SHA1 | 14c2437aad662b119689008273844bac535f946c |
| SHA256 | 28b7a1e7b492fff3e5268a6cd480721f211ceb6f2f999f3698b3b8cbd304bb22 |
| SHA512 | b99520bbca4d2b39f8bedb59944ad97714a3c9b8a87393719f1cbc40ed63c5834979f49346d31072c4d354c612ab4db9bf7f16e7c15d6802c9ea507d8c46af75 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | e503a3d72c8df807e7c12e84994c246d |
| SHA1 | c49880ffb2698227b39bc8db510df2357b41a9ca |
| SHA256 | 2899e5b624e61fe20b3c87e1fc50ba9a9fb90c6caaa072c174bcfa6f4e299877 |
| SHA512 | 204e497e32f34e4fdd9ac62431e85f9d9c3861a9dc012cab6a1c0e39cd0506c64f1a40c847721233449fe40276dbbde60ce88a9d1929541969790f9b9f22bd8f |
memory/7028-621-0x0000000000400000-0x000000000043C000-memory.dmp
memory/7028-636-0x0000000074150000-0x0000000074900000-memory.dmp
memory/7028-709-0x0000000008120000-0x00000000086C4000-memory.dmp
memory/7028-731-0x0000000007C10000-0x0000000007CA2000-memory.dmp
memory/7028-764-0x0000000007BD0000-0x0000000007BE0000-memory.dmp
memory/7028-765-0x0000000007C00000-0x0000000007C0A000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f
| MD5 | 7d75a9eb3b38b5dd04b8a7ce4f1b87cc |
| SHA1 | 68f598c84936c9720c5ffd6685294f5c94000dff |
| SHA256 | 6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7 |
| SHA512 | cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013
| MD5 | fdbf5bcfbb02e2894a519454c232d32f |
| SHA1 | 5e225710e9560458ac032ab80e24d0f3cb81b87a |
| SHA256 | d9315d0678ac213bbe2c1de27528f82fd40dbff160f5a0c19850f891da29ea1c |
| SHA512 | 9eb86ebb1b50074df9bd94f7660df6f362b5a46411b35ce820740f629f8ef77f0b49a95c5550441a7db2b2638f0ed3d0204cb8f8c76391c05401506833b8c916 |
memory/7028-786-0x0000000008CF0000-0x0000000009308000-memory.dmp
memory/7028-792-0x0000000007F40000-0x000000000804A000-memory.dmp
memory/7028-793-0x0000000007E70000-0x0000000007E82000-memory.dmp
memory/7028-794-0x0000000007ED0000-0x0000000007F0C000-memory.dmp
memory/7028-795-0x0000000008050000-0x000000000809C000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000031
| MD5 | 4e08109ee6888eeb2f5d6987513366bc |
| SHA1 | 86340f5fa46d1a73db2031d80699937878da635e |
| SHA256 | bf44187e1683e78d3040bcef6263e25783c6936096ff0a621677d411dd9d1339 |
| SHA512 | 4e477fd9e58676c0e00744dbe3421e528dd2faeca2ab998ebbeb349b35bb3711dcf78d8c9e7adba66b4d681d1982c31cac42024c8b19e19537a5615dac39c661 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 530f5c8b12e437171ffbc95652c49f62 |
| SHA1 | 566a97d806cce3aa08c66554abdf1ad4ecadedb0 |
| SHA256 | f742b4772bd98207b1db06f8a16f3f3df87fd39ddd56e6ea9afcc363ac66a00c |
| SHA512 | e6525ba6dd5476e801e1d6ef2697b6629ef5d88d18f26a598999134dcb963bb5f5de293eb6cdd2eaec37618f47290b226de4325d87c0460fd2e5e30c9647c6af |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | a41b2468b6d05a21ae86c71726a3d6fb |
| SHA1 | 6b0f4b18a5ba01216a0e3bb5b42eefc911f6a5b2 |
| SHA256 | f8fef3895b41363b91231b091aef3cd39aae99be21ebd4e98f633e56121ab09e |
| SHA512 | d0cfb6db19012f69093a9c7a0b840bd0f5cebd9756d380c515b5d461bedd64d2aeb737a11100eb44292a7ca46d3a9c765135d48dd6ffff7bfb9aa0976e197fd0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e2f505efb805e3da18bb73d7cfb6414f |
| SHA1 | bea986451cf7f2238c29f6e4081fbb0e32a5dab2 |
| SHA256 | e479b38ed008f331c4f7caca89820e65bf7b8afe5cd5083af328a17519c5c3ea |
| SHA512 | 6e8e7594d3279986d4ef98eacf884aff6733de7b5052f1b0bb0d6f6ddb4cf1502c3a234c4feff0e845c78a399ac349487ed3bde3892ea697277895a8e4b293fe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe590efa.TMP
| MD5 | edc6952ebd0fd5862ffb711012019c8e |
| SHA1 | 9116f95a22a60ad5fd535c6c6b07e3783aff293e |
| SHA256 | 41ca37ab5af99197fedede8957e526d882084443c11e8b1e1caf66502daff405 |
| SHA512 | d4260ba0afdf6d480e6ca70ac3a8abdd4948ce3762a3a93e00fb9782cabb6a9cb1dd760feb183a157e4a9bc40a788a08f0fde6a9c73c2db5d9b1869c3653a6f4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | f6fe336d10ad35039bc1583790fb86b4 |
| SHA1 | 823e1e30e406ee9d1c3b82ddc6d097e03f5fc0a3 |
| SHA256 | 063824b4feaabf2959b09b529d27ccc3cff0efe030471a24a0531d46ba86136a |
| SHA512 | 73c779ce2f91960b0e5942f6894f3b9088d8219ab254d4375778c4a68e0c1a20529f94cad2d02d99f1867f28247eb5139590c6a29ba4dd2a87fca369bfbae8c5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ecd81401e2e92a8017b457ef7b18cc98 |
| SHA1 | d6968b70ee7e4931419f53fd805e11af40c6a14c |
| SHA256 | 31c4be9e81b9235f76cae6b2e4058027578d926259b3b3193dc8ec8ceedb5999 |
| SHA512 | a97909280e505ae853f8fcc517ad471814f5a4dd4a98ae1c551fd3914dd2552e892eadd2da5f658ed64f904fb78f00f965bef7fc16c42db08facad0db66b32cd |
memory/6468-1070-0x0000000000400000-0x000000000046F000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 378c33f4d191369ea8e1e4d9a2db4887 |
| SHA1 | 788e64fd2d638baf91f70b14120dfad0882843b0 |
| SHA256 | f0deee095f5530ba83b3bae267d2c3b8a37974a37ea0b6fc3909f17883c63048 |
| SHA512 | d38a77c78daee2b342b925debd920ceb5fe0c3cefeb47bc22b040826bac982f267a670cbc016c05b40ace7b7fa3e2158ed7e5732c58a5e1233a5b72fd1e92c01 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 7a42ca5073d42923ca344e5a0f7e3a7b |
| SHA1 | 3f0d37c54d8d79c2859ae8f309d53bcd7fcbabf1 |
| SHA256 | 025e73be297e1c8886c74b954ac2d734d101a1c5ccb32ef374396ddd749587e0 |
| SHA512 | 43bf9a3b215c4464b7573247fc2d2bc4c0297a46b85fbb7f22256853b057b9fd00a4ba3d0ffe2bbaf1dab80b2871cfc3d995fe8f0fe0d672184e98b33c10da4b |
memory/6468-1072-0x0000000000560000-0x00000000005BA000-memory.dmp
memory/6468-1090-0x0000000074150000-0x0000000074900000-memory.dmp
memory/6760-1109-0x0000000000610000-0x000000000062E000-memory.dmp
memory/7028-1108-0x0000000074150000-0x0000000074900000-memory.dmp
memory/6760-1110-0x0000000074150000-0x0000000074900000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\4e5d7080-327c-4ef8-9c5c-ec088e5819f6\index-dir\the-real-index
| MD5 | 69289fb45c5e6ed78f78932a49b67970 |
| SHA1 | 06f3a19b7587dd557153bd86f6858852b08dd026 |
| SHA256 | f982f80a1f511e25256d50f761561115a1580d79c7c39f407e495953c630aa2f |
| SHA512 | ca8e315ff4ea0a483dd134bc3368c2a0b80b77e4f2cc764423ff94274967f4c30b16e70bfcca1d0c6f41314080b928e8f26b8e854776d6f1a1655c9884f36550 |
memory/7028-1120-0x0000000007BD0000-0x0000000007BE0000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\4e5d7080-327c-4ef8-9c5c-ec088e5819f6\index-dir\the-real-index~RFe59214a.TMP
| MD5 | 005a32233f7bced87b035177879d8e69 |
| SHA1 | 8bb0c6954c37cd18dde511f643d21ee822a23cdf |
| SHA256 | cdaa39f39a242c8b02be3bde1ae07e4c14f531c1a45e48cd16a7fb7ae6342a5e |
| SHA512 | 18acd46928637b85774b50da55eec03c125e0ef649b763333e2db252d44ff4368b6aaca635ce83af7e57a92b9dcbd203856095e7037e7fc1037241e431300fc7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | de2a136556de72a854f1bd7b0153ac3e |
| SHA1 | 434ccdf693b705df4690969bb36b246c0aafebb0 |
| SHA256 | eabb6e97b697300ec16e3595f1c63a362a6d819fe02418c87b0d9a1b408535fc |
| SHA512 | ed078f3b2348b619af14aebba22ed8814bca473e6df8e05f782e6a037b7a3f806a207088c41f5ccc3d934c66e217c9fde430ef4d7245d8e1c6b60ea4a8147686 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\56ac6e0e-eb46-4aa3-9ad4-c3084e48d016\index-dir\the-real-index
| MD5 | 8cab096c0194e7d3968abc82470ce376 |
| SHA1 | 48744a2fc01eb890df0dab03e7aefed263585bc4 |
| SHA256 | 452b9c16ee5bd6966b007e1d4337e9e200952962bc08c4a7375f208a0e02e21f |
| SHA512 | 429305bfa2737584914ebd2704f9bcedc0efe2347209c32834f7550b72bc41de99bdca892b2439e530bd5c1a5cbf33879907f8853191bda57d2cc799b12189f9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\56ac6e0e-eb46-4aa3-9ad4-c3084e48d016\index-dir\the-real-index~RFe592f63.TMP
| MD5 | 99d5f7b118d9220f0b6f6c0ef18112e3 |
| SHA1 | 982b4f4af67998595b9c4a8363a7efe2c4ff6e66 |
| SHA256 | 4b98783de729a6bdb2f301667de4d725383ce4723f4a943114cd9c5511c5e292 |
| SHA512 | 21f2bf24875805c01e967628c589c6b85492e8a648e59e377bfdb1249f622aeafebd54b76fafbf674b5d22035de109d0ed005f1cedaf49c3d5c87008ef8e947f |
memory/6468-1187-0x0000000074150000-0x0000000074900000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000042
| MD5 | 740a924b01c31c08ad37fe04d22af7c5 |
| SHA1 | 34feb0face110afc3a7673e36d27eee2d4edbbff |
| SHA256 | f0e1953b71cc4abbffdd5096d99dfb274688e517c381b15c3446c28a4ac416e0 |
| SHA512 | da7061f944c69245c2f66b0e6a8b5a9bca91bda8a73f99734dcb23db56c5047de796fa7e348ff8840d9ac123436e38a4206408573215b7e5e98942ea6d66bb7c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\c98e85b4-eab5-438c-a2c3-f4d02a0c2c5b\index
| MD5 | 54cb446f628b2ea4a5bce5769910512e |
| SHA1 | c27ca848427fe87f5cf4d0e0e3cd57151b0d820d |
| SHA256 | fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d |
| SHA512 | 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt
| MD5 | e398aa9afacd9016f50a84e552ceeaf6 |
| SHA1 | 8b88e7467b12ad869dc9b8c7c5de3cd5897d8732 |
| SHA256 | 0492c9419c5cff21b7d3e16fecfab7d5aab5e91a80cec90d178a3a4baf9bd8d8 |
| SHA512 | f40ba67345978a777e41d4b3a5b8ec7c55976c503c1df5ff8eb25df87939e3a6b2149966f90a580794a16bdaeb85450bb7648349909fc967d2589d044e076687 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt
| MD5 | fb192b8d232c557a250e150b23cf53a2 |
| SHA1 | bc3fa5b6f50a76fbdcc5c54e57552dc9a6050d6c |
| SHA256 | 05512c341d93aa2c4fa17d8d1c4193ba048f5fe7e3f398b5e5b88fad65933d8d |
| SHA512 | 7f55871c5229e2a32883c61d4b7cc3863a69af68313909005470104653e263fd9fa7c34ed00804f3c2feaf46a636b86fa602ea9a3b76de84b20471bbde2be43f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ba28059485fdd19938e2fb1dcebd225b |
| SHA1 | c728afbfad8d8832f1037c9cedcc78234aac541b |
| SHA256 | 8faf90e58834e5ecc052899e990b1db74a1407bab23d2475001fa33ee6ae6dbf |
| SHA512 | c0ca12aa35102a88d81342d7f6527ef208c624fcf058466b9f6c8b5ad8e9967458b8b3b3437772fc16a962d5721fd767d4674fd32f33cc55a1384ff528da2ddd |
memory/1992-1284-0x0000000074150000-0x0000000074900000-memory.dmp
memory/1992-1285-0x0000000000EF0000-0x0000000001B8A000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 147c873b2d44426b920dae2ab6bb621f |
| SHA1 | 83f55cee75689e533f4fd0fce27bda177f8c9dd0 |
| SHA256 | af8e2c585f3a0a123f36e1c4c45057cc4e7d419051c2970353128cb4609ab34a |
| SHA512 | c887cba809f3c6594490942e5a10de40f63edf733ecb9b2a90aaea9d46daaa1fc35830395e2e8d7884a14514e59177287140bc71e7017f10fcf0365a18c8e9b2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 71e492caabc6bbdbf901089f9ab759c8 |
| SHA1 | 19336c808a1ad0fe0be72932fdd8e6ce4133dea9 |
| SHA256 | 32e48b04b3751eadd4ae703a0a1ba65b9ead3327aa1433605db511425385c4e1 |
| SHA512 | 8026206c5c8aadcee84183412fcdfab2e2169c0d91372dd63bba39b7ab52f486a8a601da9e74a776c9791565a65451e381af2b863d99df95f0dbd220a1f76ead |
memory/1148-1310-0x0000027C7D230000-0x0000027C7D31E000-memory.dmp
memory/6340-1332-0x000002E2CDA10000-0x000002E2CDAB2000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\InstallSetup5.exe
| MD5 | bc3354a4cd405a2f2f98e8b343a7d08d |
| SHA1 | 4880d2a987354a3163461fddd2422e905976c5b2 |
| SHA256 | fffc160a4c555057143383fec606841cd2c319f79f52596e0d27322a677dca0b |
| SHA512 | fe349af0497e2aa6933b1acfea9fecd2c1f16da009a06ac7d7f638353283da3ef04e9c3520d33bae6e15ea6190420a27be97f46e5553a538b661af226c241c6b |
memory/1148-1342-0x0000027C7F760000-0x0000027C7F840000-memory.dmp
memory/1148-1345-0x0000027C7F930000-0x0000027C7FA10000-memory.dmp
memory/6340-1346-0x000002E2E7F50000-0x000002E2E8050000-memory.dmp
memory/1148-1360-0x00007FFAFC890000-0x00007FFAFD351000-memory.dmp
memory/6340-1362-0x00007FFAFC890000-0x00007FFAFD351000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\toolspub2.exe
| MD5 | dcbd05276d11111f2dd2a7edf52e3386 |
| SHA1 | f5dc6d418d9fb2d2cfa4af440ec4ff78da8f11ec |
| SHA256 | cea5245bab036b03f89d549c71f47df8a14854b0de515643bf95319ec5af71d4 |
| SHA512 | 5f1a9c993cd5394e23b39c43cc7479355c922d1ee8ea48109bbad805209dee697e20759257eca9e2f1b75d34a8c4b4c428a736fa8a468dc18de6c44cb6394846 |
memory/1148-1371-0x0000027C7F920000-0x0000027C7F930000-memory.dmp
memory/1148-1373-0x0000027C7FA10000-0x0000027C7FAD8000-memory.dmp
memory/6340-1370-0x000002E2CDE70000-0x000002E2CDE80000-memory.dmp
memory/1148-1381-0x0000027C7FBE0000-0x0000027C7FCA8000-memory.dmp
memory/1148-1391-0x0000027C7F8B0000-0x0000027C7F8FC000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe
| MD5 | c067b4583e122ce237ff22e9c2462f87 |
| SHA1 | 8a4545391b205291f0c0ee90c504dc458732f4ed |
| SHA256 | a16dbcd03a7549fbaf7cad1bedd01dcb961a5d43c873f1d1a50892618a06662e |
| SHA512 | 0767cba9f10154b4e28cf6a55b6fc827a96c4fbc88e2d67acd645a0a7a604a3beb63ea58d7febcf8b17de1ea3d2097e76ceac1b36b9fecf9a0945a31a9e211c3 |
memory/6340-1397-0x000002E2E8050000-0x000002E2E80A6000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\latestX.exe
| MD5 | bae29e49e8190bfbbf0d77ffab8de59d |
| SHA1 | 4a6352bb47c7e1666a60c76f9b17ca4707872bd9 |
| SHA256 | f91e4ff7811a5848561463d970c51870c9299a80117a89fb86a698b9f727de87 |
| SHA512 | 9e6cf6519e21143f9b570a878a5ca1bba376256217c34ab676e8d632611d468f277a0d6f946ab8705121002d96a89274f38458affe3df3a3a1c75e336d7d66e2 |
memory/776-1423-0x0000000000AC0000-0x0000000000BC0000-memory.dmp
memory/776-1424-0x0000000000960000-0x0000000000969000-memory.dmp
memory/6208-1427-0x0000000000400000-0x0000000000409000-memory.dmp
memory/6720-1426-0x0000000002A10000-0x0000000002E0E000-memory.dmp
memory/6760-1431-0x0000000074150000-0x0000000074900000-memory.dmp
memory/1992-1442-0x0000000074150000-0x0000000074900000-memory.dmp
memory/6720-1443-0x0000000002F10000-0x00000000037FB000-memory.dmp
memory/6720-1444-0x0000000000400000-0x0000000000D1C000-memory.dmp
memory/6208-1445-0x0000000000400000-0x0000000000409000-memory.dmp
memory/6760-1446-0x00000000027C0000-0x00000000027D0000-memory.dmp
memory/4120-1450-0x0000000000400000-0x00000000004AA000-memory.dmp
memory/3572-1451-0x0000000000D80000-0x0000000000D81000-memory.dmp
memory/4120-1454-0x000001E57DCB0000-0x000001E57DCC0000-memory.dmp
memory/4120-1453-0x000001E565280000-0x000001E565364000-memory.dmp
memory/1148-1455-0x00007FFAFC890000-0x00007FFAFD351000-memory.dmp
memory/6340-1447-0x000002E2E80B0000-0x000002E2E8104000-memory.dmp
memory/4120-1456-0x00007FFAFC890000-0x00007FFAFD351000-memory.dmp
memory/4120-1457-0x000001E565280000-0x000001E565361000-memory.dmp
memory/4120-1458-0x000001E565280000-0x000001E565361000-memory.dmp
memory/4120-1460-0x000001E565280000-0x000001E565361000-memory.dmp
memory/4120-1462-0x000001E565280000-0x000001E565361000-memory.dmp
memory/4120-1464-0x000001E565280000-0x000001E565361000-memory.dmp
memory/4120-1466-0x000001E565280000-0x000001E565361000-memory.dmp
memory/4120-1468-0x000001E565280000-0x000001E565361000-memory.dmp
memory/4120-1470-0x000001E565280000-0x000001E565361000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | ec609d862afcaf841982a0d4864bd475 |
| SHA1 | 63695557a2676504db8142bd220cc4f9a6879b59 |
| SHA256 | cc93008acdb49ffc61348edf071a5940b634636e13792f719da9a6527e0fb7d7 |
| SHA512 | d5cae001e6f9875e3446009281c002c1c6780c24b8377d7fc2c02c72d381c9ada849dc6ebd50c9305a220363297557ade55527403e5ba596781a204cfef62ffa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | 38618218ee55bcfaa0491ba5f7d3adb1 |
| SHA1 | 6274bd9cfa32907b97f30f375f6e08eae82f9c76 |
| SHA256 | 65a803304224c1e24d4bab2be200d52a972029e74d17b32bad11371cc05da151 |
| SHA512 | 2c237ad841e62ca782bf1a902f7b1d795c3da28dc3b819ea14e75853632be6e29e509b3c442bb6aa3cedb167f49b891f417d21cdb1a2ae4b8d223ccd98c959ae |
memory/4120-1507-0x000001E565280000-0x000001E565361000-memory.dmp
memory/4120-1509-0x000001E565280000-0x000001E565361000-memory.dmp
memory/4120-1511-0x000001E565280000-0x000001E565361000-memory.dmp
memory/4120-1515-0x000001E565280000-0x000001E565361000-memory.dmp
memory/4120-1520-0x000001E565280000-0x000001E565361000-memory.dmp
memory/3320-1522-0x0000000002D50000-0x0000000002D66000-memory.dmp
memory/4120-1523-0x000001E565280000-0x000001E565361000-memory.dmp
memory/4120-1528-0x000001E565280000-0x000001E565361000-memory.dmp
memory/6208-1524-0x0000000000400000-0x0000000000409000-memory.dmp
memory/4120-1531-0x000001E565280000-0x000001E565361000-memory.dmp
memory/4120-1533-0x000001E565280000-0x000001E565361000-memory.dmp
memory/4120-1535-0x000001E565280000-0x000001E565361000-memory.dmp
memory/4120-1537-0x000001E565280000-0x000001E565361000-memory.dmp
memory/4120-1539-0x000001E565280000-0x000001E565361000-memory.dmp
memory/4120-1541-0x000001E565280000-0x000001E565361000-memory.dmp
memory/4120-1543-0x000001E565280000-0x000001E565361000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\c09128ba-94c6-4c7e-aa69-31a37fe4129a\index-dir\the-real-index
| MD5 | ea8807fc1f1c40687132edb68eda942f |
| SHA1 | a6cc0fea62eb3001622e0c7f22e60fb477ec57b6 |
| SHA256 | 36851768ee33ca159a2fe19d6be364155613ff96ec32b227d980baf986ca2814 |
| SHA512 | bb17b55df99044ff18696006b9200f7577f4eb55d26834d6fc48faa51692d49e77b576c8d9323fb64ca4ac2b09d67cb763b58c0bc85223f8025c5e00f6cb067d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\c09128ba-94c6-4c7e-aa69-31a37fe4129a\index-dir\the-real-index~RFe59a3b8.TMP
| MD5 | 452803d3494723357d0eafbf15d231e1 |
| SHA1 | 903ec47846b784721f8062986baf0e4a40c08805 |
| SHA256 | 9fd1683e309c12f4b605d2f9cb3d5ef6511a0062b41ded8697931ede816fb6a7 |
| SHA512 | e71c62e30b7c32d56a7bbd1236fc6945d026390a8a51a5479576183672c81b68ab85326edba07513f3d4c1ab0f463072061344d947880415655b408295f350c9 |
memory/7300-1792-0x00000000052D0000-0x0000000005306000-memory.dmp
memory/7300-1793-0x00000000052C0000-0x00000000052D0000-memory.dmp
memory/7300-1791-0x0000000074150000-0x0000000074900000-memory.dmp
memory/7300-1800-0x0000000005940000-0x0000000005F68000-memory.dmp
memory/6340-1803-0x00007FFAFC890000-0x00007FFAFD351000-memory.dmp
memory/6340-1805-0x000002E2CDE70000-0x000002E2CDE80000-memory.dmp
memory/7300-1816-0x0000000005FB0000-0x0000000005FD2000-memory.dmp
memory/7300-1819-0x0000000006070000-0x00000000060D6000-memory.dmp
memory/7300-1821-0x0000000006210000-0x0000000006276000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_21x4mbkd.qii.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/7300-1834-0x0000000006280000-0x00000000065D4000-memory.dmp
memory/7300-1836-0x0000000006880000-0x000000000689E000-memory.dmp
memory/7300-1867-0x00000000077F0000-0x0000000007834000-memory.dmp
memory/7300-1887-0x00000000052C0000-0x00000000052D0000-memory.dmp
memory/7300-1894-0x0000000007BA0000-0x0000000007C16000-memory.dmp
memory/7300-1903-0x00000000082A0000-0x000000000891A000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 495e2ef8b9177b4c9f5a1e3734713764 |
| SHA1 | bddbe7003355d293656653a4698223542277481e |
| SHA256 | f78cdba63a2b11f594c49cb39753c964a18997d57ad9f2e03fc39f5023731b6a |
| SHA512 | db9d1d2695e122c990ab8c99a3d0d04f5c67d1676891070db91e5c94d7b0f8241d010115864c8c4d33a97ee702e9008af2bb7a56bca4a52c1df8da567ccd47af |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | d02bc39a7b16cc6de613d3652b453d4b |
| SHA1 | 0df6d9d045821df13a84b7d3270b7502fd4deb86 |
| SHA256 | 4755c412820381720df49843545c3c7cc8cec9a784db21241762afaec58ffa28 |
| SHA512 | 90f1113bd654202c7ae7e5eb79616fbdae46b2afe6d9993b7b9c2ce574df5ed5db0901f6ec136fead7befb690d3e0fd724e9b70a7281bfd9d437b4807d484e04 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 57f467fe6a9d83b85b9bf095111da79d |
| SHA1 | dc135b3bea9e7c027288b1d4acc3ded41678bef5 |
| SHA256 | 0bfcccd1dc7852e549d7466785a29073f3c4cb4d8bdc1ed8986649fbf75ca9ed |
| SHA512 | c6131c1ffdcacaa79cc18b11d70585323ae180317c5a7d6ac689578fdcbc9eec6b0c5545b3ecc80ae454716e0adb6de197263a09a90e76ed9b9b52869da0725e |